Hospitals are increasingly reliant on internet-connected devices for patient care, but this dependency makes them targets for cyberattacks. Cybersecurity expert Beau Woods stresses the necessity of cybersecurity funding, as attacks can impede treatment and force patient transfers. Such incidents have surged, with attacks on organizations like Change Healthcare and Ascension causing significant disruptions. To combat this, the Biden administration has announced tech companies will provide free or discounted cybersecurity services to underfunded hospitals. However, experts worry that these temporary measures may not offer a long-term solution, highlighting the ongoing vulnerability of smaller hospitals. Cyberattack simulations underscore the importance of preparedness in ensuring patient safety.

After health care attacks, tech giants will help small hospitals with cyber defenses NPR

The U.S. Department of Health and Human Services (HHS) has undertaken a major reorganization to streamline its technology, cybersecurity, data, and artificial intelligence (AI) strategies and policies. This move consolidates various functions, previously handled by multiple offices, into a more centralized structure under the Office of the Chief Technology Officer, Chief Data Officer, and Chief AI Officer, now named the Assistant Secretary for Technology Policy (ASTP). This reorganization aims to enhance policy guidance, resource allocation, and operational efficiency, ensuring HHS can adapt to future technological advancements. Key cybersecurity functions have also been consolidated under the Administration for Strategic Preparedness and Response (ASPR). This structural overhaul is designed to enhance collaboration both within the department and with external partners, addressing the strategic importance of technology and data in fulfilling HHS's mission.

Health and Human Services rearranges its technology furniture Federal News Network

Security experts are urging Windows administrators to immediately patch a critical remote code execution vulnerability in the Windows TCP/IP stack (CVE-2024-38063), which can be exploited without user interaction. Microsoft has issued a high-severity bulletin, assigning this vulnerability a CVSS score of 9.8/10, and highlighted the ease with which attackers could craft exploits. The flaw, discovered by Chinese researcher Xiao Wei, could allow an attacker to send specially crafted IPv6 packets to a target machine, enabling remote code execution. As part of its recent Patch Tuesday release, Microsoft addressed this and six other actively exploited zero-days, underscoring the need for prompt action to mitigate these significant security risks.

Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw SecurityWeek

As generative AI hype begins to wane, IT leaders are advised to recalibrate their strategies by focusing on specialized AI models and setting more realistic goals. The need to integrate a variety of AI forms, rather than solely relying on generative AI, is becoming increasingly apparent. This shift will enable organizations to harness the full potential of AI technologies more effectively.

Is the gen AI bubble due to burst? CIOs face rethink ahead CIO