Cybersecurity experts warn that organizations face increased risks when their security teams are reduced during holidays or vacations, as attackers often exploit these times to target corporate communication platforms and impersonate trusted colleagues. This vulnerability is exacerbated by junior staff being less acquainted with security protocols and the challenges of maintaining service-level agreements. Notable incidents, such as the Log4j vulnerability discovery during a holiday, highlight the importance of timely responses and operational safeguards. To mitigate these risks, organizations should develop detailed staffing plans, train employees on verification methods for urgent requests, and consider automation and restrictions on changes to critical systems during low-resource periods.

Cybersecurity Risks Surge as Teams Thin Out During Holidays Dark Reading

Ascension, a major U.S. healthcare system, reported a data breach affecting around 5.6 million patients and employees due to a ransomware attack attributed to the Black Basta group. The attack, which occurred in May, compromised sensitive personal and health information, prompting Ascension to notify affected individuals and offer two years of free identity theft protection. The breach, linked to an employee's accidental download of malware, disrupted their MyChart electronic health records system, while Ascension has initiated investigations and notified law enforcement agencies.

Major Ransomware Attack Exposes Data of 5.6 Million Ascension Patients BleepingComputer

The U.S. Department of Health and Human Services (HHS) has issued a warning for healthcare organizations to improve the cybersecurity of operational technology (OT) and Internet of Medical Things (IoMT) devices, which are increasingly targeted by cybercriminals. The advisory highlights that while regulatory focus has been on medical devices, other connected systems such as HVAC and elevators also present security risks due to outdated software and insufficient cybersecurity measures. HHS notes that many of these devices lack vendor support and operate in environments that hinder necessary updates, making them vulnerable to attacks that could compromise patient safety and sensitive data. Recent analyses indicate that both targeted and non-targeted attacks exploit these vulnerabilities, raising concerns about the potential for ransomware incidents involving OT and IoMT devices.

HHS Urges Healthcare Sector to Bolster Cybersecurity for Medical Devices BankInfoSecurity

Graham Walker, MD, expressed his excitement about an interview with Eric Topol, MD, and Mark Cuban, focusing on Cuban's critical views of Pharmacy Benefit Managers (PBMs) and their profit-driven rebate system, which complicates healthcare expenses for sick employees. He credits Eric Bricker, MD, for illuminating the financial complexities of PBMs and encourages healthcare executives, especially those from self-insured companies, to watch the full interview for clarity. Additionally, Walker highlights Cuban's Cost Plus Drug Company, which operates efficiently with a small team to manufacture sterile injectables at an 8.5% markup, addressing the current supply shortages.

Mark Cuban Critiques PBM Profits, Advocates for Healthcare Transparency LinkedIn