A federal judge has advised the dismissal of a lawsuit against the Catholic hospital chain CommonSpirit for a 2022 cyberattack and data breach affecting nearly 624,000 people, marking the second such dismissal related to this breach. Plaintiffs in these cases have struggled to establish standing, failing to demonstrate concrete harm resulting from the breach. This pattern follows a broader trend where health data breach lawsuits often falter on standing issues, despite some recent successes in similar cases against other entities. This situation highlights the challenges plaintiffs face in proving direct harm from data breaches, amid increasing litigation and substantial settlements in other instances of health data breaches.

Judge Advises Dismissal of CommonSpirit Breach Lawsuit BankInfoSecurity

The Cyber Safety Review Board (CSRB) issued a critical report on the Microsoft Exchange Online intrusion by a Chinese threat actor in Summer 2023, which compromised email accounts of U.S. federal agencies and officials, attributing the breach to Microsoft's significant security lapses. Highlighting the risk such monoculture poses to national security, the report suggests that while the cybersecurity efforts of the private sector should be encouraged, the federal government must also address its reliance on single vendors which exacerbates vulnerabilities. The article criticizes Microsoft's corporate culture for not prioritizing security and its payment model that puts basic security features behind a premium paywall, underscoring the broader implications for public and private sector cybersecurity. Further, it mentions potential legislative efforts to enforce cybersecurity standards and the government's procurement power as tools to drive improvements in vendor security practices.

Revising the Cyber Monoculture Risk – Takeaways and Considerations from the CRSB Report - Disruptive Competition Project Project Disco

The Cybersecurity and Infrastructure Security Agency (CISA) has reported positive outcomes from its Ransomware Vulnerability Warning Pilot program, launched in January 2023, aimed at notifying organizations about vulnerabilities in their internet-connected devices potentially exploitable by ransomware attackers. This initiative, a response to cyber incident reporting legislation signed by President Joe Biden in 2022 and executed by the Joint Ransomware Task Force (co-led by CISA and the FBI), has made significant strides by alerting 1,754 organizations last year, leading to remedial actions in nearly half of these cases. The program focuses on a wide range of sectors, with a significant number of notifications sent to government facilities and healthcare organizations, and has been instrumental in reducing risk exposure by targeting vulnerabilities that may not have been recognized or addressed by the organizations otherwise. Through extensive vulnerability scanning, CISA has identified millions of potential risks, narrowing them down to those actively exploited by ransomware groups, thereby increasing operational costs for these criminals and contributing to cybersecurity deterrence efforts.

More than 800 vulnerabilities resolved through CISA ransomware notification pilot The Record

At the Oracle Health Conference, Eduardo Conrado, President at Ascension, discussed the top four priorities for national systems in which technology can add significant value, in a fireside chat with David Feinberg, MD. Highlighting areas such as workforce management, administrative burdens, and capacity concerns, Conrado emphasized the importance of effective development and change management in implementing technology solutions in healthcare. This conversation aligns with current trends and ongoing discussions in the healthcare sector about enhancing efficiency and service delivery.

[Video] John Moore III on LinkedIn: #ohs2024 #healthcare Publication

A federal judge has advised the dismissal of a lawsuit against the Catholic hospital chain CommonSpirit for a 2022 cyberattack and data breach affecting nearly 624,000 people, marking the second such dismissal related to this breach. Plaintiffs in these cases have struggled to establish standing, failing to demonstrate concrete harm resulting from the breach. This pattern follows a broader trend where health data breach lawsuits often falter on standing issues, despite some recent successes in similar cases against other entities. This situation highlights the challenges plaintiffs face in proving direct harm from data breaches, amid increasing litigation and substantial settlements in other instances of health data breaches.

Judge Advises Dismissal of CommonSpirit Breach Lawsuit BankInfoSecurity

The Cyber Safety Review Board (CSRB) issued a critical report on the Microsoft Exchange Online intrusion by a Chinese threat actor in Summer 2023, which compromised email accounts of U.S. federal agencies and officials, attributing the breach to Microsoft's significant security lapses. Highlighting the risk such monoculture poses to national security, the report suggests that while the cybersecurity efforts of the private sector should be encouraged, the federal government must also address its reliance on single vendors which exacerbates vulnerabilities. The article criticizes Microsoft's corporate culture for not prioritizing security and its payment model that puts basic security features behind a premium paywall, underscoring the broader implications for public and private sector cybersecurity. Further, it mentions potential legislative efforts to enforce cybersecurity standards and the government's procurement power as tools to drive improvements in vendor security practices.

Revising the Cyber Monoculture Risk – Takeaways and Considerations from the CRSB Report - Disruptive Competition Project Project Disco

The Cybersecurity and Infrastructure Security Agency (CISA) has reported positive outcomes from its Ransomware Vulnerability Warning Pilot program, launched in January 2023, aimed at notifying organizations about vulnerabilities in their internet-connected devices potentially exploitable by ransomware attackers. This initiative, a response to cyber incident reporting legislation signed by President Joe Biden in 2022 and executed by the Joint Ransomware Task Force (co-led by CISA and the FBI), has made significant strides by alerting 1,754 organizations last year, leading to remedial actions in nearly half of these cases. The program focuses on a wide range of sectors, with a significant number of notifications sent to government facilities and healthcare organizations, and has been instrumental in reducing risk exposure by targeting vulnerabilities that may not have been recognized or addressed by the organizations otherwise. Through extensive vulnerability scanning, CISA has identified millions of potential risks, narrowing them down to those actively exploited by ransomware groups, thereby increasing operational costs for these criminals and contributing to cybersecurity deterrence efforts.

More than 800 vulnerabilities resolved through CISA ransomware notification pilot The Record

At the Oracle Health Conference, Eduardo Conrado, President at Ascension, discussed the top four priorities for national systems in which technology can add significant value, in a fireside chat with David Feinberg, MD. Highlighting areas such as workforce management, administrative burdens, and capacity concerns, Conrado emphasized the importance of effective development and change management in implementing technology solutions in healthcare. This conversation aligns with current trends and ongoing discussions in the healthcare sector about enhancing efficiency and service delivery.

[Video] John Moore III on LinkedIn: #ohs2024 #healthcare Publication