The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has classified a high-severity vulnerability in Microsoft SharePoint, identified as CVE-2024-38094, as part of its Known Exploited Vulnerabilities catalog following indications of active exploitation. This deserialization vulnerability, which carries a CVSS score of 7.2, permits authenticated attackers with Site Owner permissions to inject arbitrary code into SharePoint Server. Microsoft has addressed this issue in its July 2024 Patch Tuesday updates. The concern is amplified by the existence of proof-of-concept exploits in the public domain, despite no confirmed real-world incidents. CISA requires Federal Civilian Executive Branch agencies to implement the security updates by November 12, 2024.

CISA Warns of Critical Microsoft SharePoint Vulnerability Amid Active Exploitation The Hacker News

Vanderbilt University Medical Center (VUMC) employees are encountering a rise in "vhishing," a sophisticated scam that uses AI-generated voice messages to mimic trusted individuals and deceive victims into revealing sensitive information or making financial transactions. This form of voice phishing employs advanced AI techniques, including deep learning algorithms, to create highly convincing impersonations, making it difficult for targets to discern the fraud. The consequences of falling for such scams can be severe, leading to significant financial loss and identity theft. To address these threats, VUMC is working on strategies to educate employees about the risks associated with AI voice scams.

Vanderbilt Medical Center Employees Targeted by Sophisticated AI Voice Scams Vanderbilt University Medical Center

David Finn, Executive Vice President of Governance, Risk, and Compliance at First Health Advisory, underscores the critical need for healthcare organizations to effectively manage cybersecurity risks, particularly as ransomware attacks rise. He emphasizes that assessing risks should involve input from multiple stakeholders, not just IT teams, to gain a comprehensive understanding of how cybersecurity impacts patient care and operations. Finn advocates for a robust incident response plan, regular security training for all staff, and basic cyber hygiene practices, while also promoting collaboration with public and private sectors to enhance threat intelligence sharing.

Strengthening Cyber Resilience: Finn Urges Healthcare to Combat Ransomware Threats Health IT Answers

Sentara Health has partnered with Hampton City Schools to launch telehealth clinics in schools, offering on-site acute primary care for students and staff. The clinics, staffed by a licensed practical nurse and a virtual advanced practice provider, enable remote physical exams using advanced technology. This initiative is intended to improve access to healthcare, reduce student absenteeism, and lessen the burden on parents needing to take time off work for medical appointments. Currently operational at George P. Phenix PreK-8 School, there are plans for future expansion to more schools in the area.

Sentara Health Launches Telehealth Clinics in Hampton Schools for Student Care WAVY