The White House is developing a new cyber insurance policy proposal aimed at addressing catastrophic cyber incidents, as announced at the Black Hat cybersecurity conference. National Cyber Director Harry Coker revealed that his office, in collaboration with the Department of Treasury’s federal insurance office and the Cybersecurity and Infrastructure Security Agency (CISA), is set to release the proposal by the end of the year. The initiative, part of the broader National Cybersecurity Strategy, seeks to manage risk, stabilize the insurance market against catastrophic cyber threats, and improve national cybersecurity resilience. Current efforts focus on challenges related to actuarial data and understanding stakeholder needs within the insurance industry.

White House working on cyber insurance policy proposal for ‘catastrophic’ incidents The Record from Recorded Future News

Court documents reveal that federal and state investigations are underway into Prospect Medical Holdings, a 16-hospital system accused of defrauding the government and failing to protect personal information prior to a ransomware attack last year. The investigations, which involve the U.S. Department of Justice, Connecticut Attorney General, and Connecticut Commissioner of Consumer Protection, are part of a larger legal conflict with Yale New Haven Health over a $435 million hospital sale. The DOJ has issued Civil Investigative Demands linked to potential violations of the False Claims Act, while Connecticut officials are focused on cybersecurity lapses and potentially deceptive hospital funding practices. Prospect denies all allegations.

Unsealed court filings offer details of DOJ investigation into Prospect Medical HealthCare Dive

The article highlights the pitfalls of focusing too much on the identities of cybercriminal groups in enterprise security strategies. Experts, including Andy Piazza from Palo Alto Networks Unit 42 and Jen Easterly from the Cybersecurity and Infrastructure Security Agency, argue that mythologizing threat actors can detract from more effective practices like improving detection, response capabilities, and patch management. They suggest that instead of emphasizing the names and narratives of cyberattacks, defenders should concentrate on practical measures to reduce risk. Crowdsourcing efforts from cybersecurity vendors, such as CrowdStrike's symbolic representations of threat groups, aim to elevate cybersecurity discourse but can inadvertently glamorize the adversaries they seek to neutralize.

It’s time to stop thinking of threat groups as supervillains, experts say Cybersecurity Dive

Since 2021, the Assistant Secretary for Technology Policy and Office of the National Coordinator for Health IT (ASTP) and the American Board of Family Medicine (ABFM) have collaborated to develop survey questions to understand family physicians' experiences with health IT in primary care. Through a cooperative agreement involving UCSF, these surveys informed policy decisions and research. In 2022 and 2023, ABFM included these questions in their Continuous Certification Questionnaire, achieving a high response rate by embedding them in the recertification process. Despite differing respondent demographics between various surveys, trends in health IT usage and challenges were notably consistent. A key difference was the higher documentation burden reported by ABFM respondents. The survey questions were refined over the cooperative agreement's third year, with new data currently under analysis and available for request from ABFM.

New Data Available on How Physicians Experience Interoperability HealthIT.gov