Wiz researchers have identified significant security vulnerabilities in AI infrastructure platforms such as Hugging Face, Replicate, and SAP AI Core, which could allow attackers to access sensitive user data. At the Black Hat USA 2024 conference, researchers Hillai Ben-Sasson and Sagi Tzadik demonstrated how they breached these platforms using malicious models and container escape techniques to cross-tenant barriers. They discovered that current containerization methods are inadequate for secure data isolation. While providers have been responsive in addressing reported issues, the researchers stressed the need for better sandboxing and isolation standards. Overall, the rapid adoption of AI often overlooks security, introducing additional risks due to the use of numerous tools and open-source resources without proper security validation.

Wiz researchers hacked into leading AI infrastructure providers techtarget

Healthcare providers in Illinois, Florida, and Puerto Rico have confirmed data breaches resulting from cyberattacks. Roseland Community Hospital in Illinois reported unauthorized access to its IT network on June 2, 2024, affecting at least 500 individuals' protected health information. In Puerto Rico, Hospital Auxilio Mutuo experienced a network server breach in September 2023, with ongoing investigations suggesting at least 500 individuals were impacted. PRM Management Company in Florida detected a breach in an email account involving patient data, with unauthorized access between January and June 2024. Each entity is in the process of notifying affected individuals and strengthening cybersecurity measures.

Illinois, Florida, and Puerto Rico Healthcare Providers Confirm Data Breaches The HIPAA Journal

Epic Systems, a major health-care software vendor, announced that patients will now be able to securely release their health data to various apps of their choosing, granting them greater control over their medical information. This development marks a significant technological advancement in the healthcare sector. Epic has been collaborating with the federal government to establish TEFCA, which sets the legal and technical standards for widespread patient data sharing.

Your health records are coming to new apps. Here's why CNBC

The White House is developing a new cyber insurance policy proposal aimed at addressing catastrophic cyber incidents, as announced at the Black Hat cybersecurity conference. National Cyber Director Harry Coker revealed that his office, in collaboration with the Department of Treasury’s federal insurance office and the Cybersecurity and Infrastructure Security Agency (CISA), is set to release the proposal by the end of the year. The initiative, part of the broader National Cybersecurity Strategy, seeks to manage risk, stabilize the insurance market against catastrophic cyber threats, and improve national cybersecurity resilience. Current efforts focus on challenges related to actuarial data and understanding stakeholder needs within the insurance industry.

White House working on cyber insurance policy proposal for ‘catastrophic’ incidents The Record from Recorded Future News