The Cybersecurity and Infrastructure Security Agency (CISA) is set to fully implement an automated vulnerability warning system by the end of the year, designed to notify organizations about software vulnerabilities being leveraged by ransomware groups. This initiative, which is currently in its pilot stage and falls under the mandates of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, seeks to diminish ransomware attacks by encouraging the patching of vulnerable systems before they are compromised. Announced by CISA Director Jen Easterly, the program has already issued over 2,000 warnings since its inception last year and integrates CISA's inventory of exploited vulnerabilities and common misconfigurations tied to ransomware incidents. This effort is in response to the growing threat of ransomware attacks, exemplified by a recent significant breach that affected the U.S. healthcare system, highlighting the urgency of addressing such vulnerabilities.

CISA ransomware warning program set to fully launch by end of 2024 CyberScoop

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued guidance indicating that it has not yet received mandatory HIPAA breach reports from Change Healthcare or its parent company UnitedHealth Group (UHG) following a significant cyberattack. The guidance underscores the requirement for HIPAA-covered entities and their vendors to report breaches of protected health information (PHI) within 60 days of discovery for incidents affecting 500 or more individuals. The notice also discusses the obligations of these entities to notify affected individuals and outlines the unclear timeline for when Change Healthcare and UHG discovered the breach and the extent of their notification responsibilities. Further, HHS has initiated an investigation into the incident due to its broad impact on patient privacy and healthcare provider operations, emphasizing the importance of compliance with HIPAA rules in the wake of the cyberattack's implications.

Feds Issue Guide for Change Health Breach Reporting Duties BankInfoSecurity

A division head of the Russian Federal Security Service (FSB) was sentenced to nine years in a penal colony for accepting a $1.7 million bribe to overlook the activities of a cybercrime group involved in hacking thousands of e-commerce sites, selling stolen payment card details online. Russian authorities dismantled this operation in 2022, arresting six members and seizing several carding shops, including Trump’s Dumps, which promised to "make credit card fraud great again." The IT firm Get-net LLC, linked to one of the arrested and leased services to the FSB, was implicated in the registration of the seized domains. Following an investigation that revealed the FSB head’s promise to transfer and potentially dismiss the hackers' case—a promise he couldn't fulfill—the case unraveled, leading to his arrest alongside the seizure of significant assets. The article also touches on historical attacks by these cybercriminals exploiting vulnerabilities in e-commerce platforms to steal and sell credit card information.

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme Krebs on Security

Hugging Face has introduced Open Medical-LLM, a benchmark for evaluating generative AI models in healthcare. This initiative, developed with Open Life Science AI and the University of Edinburgh, amalgamates various existing test sets to assess AI performance on medical tasks, aiming to improve patient care by identifying models' strengths and weaknesses. While the benchmark is positioned as a robust tool, experts emphasize the significant difference between test environments and actual clinical settings, suggesting that these AI models should complement, not replace, medical professionals in practice.

Hugging Face releases a benchmark for testing generative AI on health tasks | TechCrunch publication

The Cybersecurity and Infrastructure Security Agency (CISA) is set to fully implement an automated vulnerability warning system by the end of the year, designed to notify organizations about software vulnerabilities being leveraged by ransomware groups. This initiative, which is currently in its pilot stage and falls under the mandates of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, seeks to diminish ransomware attacks by encouraging the patching of vulnerable systems before they are compromised. Announced by CISA Director Jen Easterly, the program has already issued over 2,000 warnings since its inception last year and integrates CISA's inventory of exploited vulnerabilities and common misconfigurations tied to ransomware incidents. This effort is in response to the growing threat of ransomware attacks, exemplified by a recent significant breach that affected the U.S. healthcare system, highlighting the urgency of addressing such vulnerabilities.

CISA ransomware warning program set to fully launch by end of 2024 CyberScoop

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued guidance indicating that it has not yet received mandatory HIPAA breach reports from Change Healthcare or its parent company UnitedHealth Group (UHG) following a significant cyberattack. The guidance underscores the requirement for HIPAA-covered entities and their vendors to report breaches of protected health information (PHI) within 60 days of discovery for incidents affecting 500 or more individuals. The notice also discusses the obligations of these entities to notify affected individuals and outlines the unclear timeline for when Change Healthcare and UHG discovered the breach and the extent of their notification responsibilities. Further, HHS has initiated an investigation into the incident due to its broad impact on patient privacy and healthcare provider operations, emphasizing the importance of compliance with HIPAA rules in the wake of the cyberattack's implications.

Feds Issue Guide for Change Health Breach Reporting Duties BankInfoSecurity

A division head of the Russian Federal Security Service (FSB) was sentenced to nine years in a penal colony for accepting a $1.7 million bribe to overlook the activities of a cybercrime group involved in hacking thousands of e-commerce sites, selling stolen payment card details online. Russian authorities dismantled this operation in 2022, arresting six members and seizing several carding shops, including Trump’s Dumps, which promised to "make credit card fraud great again." The IT firm Get-net LLC, linked to one of the arrested and leased services to the FSB, was implicated in the registration of the seized domains. Following an investigation that revealed the FSB head’s promise to transfer and potentially dismiss the hackers' case—a promise he couldn't fulfill—the case unraveled, leading to his arrest alongside the seizure of significant assets. The article also touches on historical attacks by these cybercriminals exploiting vulnerabilities in e-commerce platforms to steal and sell credit card information.

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme Krebs on Security

Hugging Face has introduced Open Medical-LLM, a benchmark for evaluating generative AI models in healthcare. This initiative, developed with Open Life Science AI and the University of Edinburgh, amalgamates various existing test sets to assess AI performance on medical tasks, aiming to improve patient care by identifying models' strengths and weaknesses. While the benchmark is positioned as a robust tool, experts emphasize the significant difference between test environments and actual clinical settings, suggesting that these AI models should complement, not replace, medical professionals in practice.

Hugging Face releases a benchmark for testing generative AI on health tasks | TechCrunch publication