The National Institute of Standards and Technology (NIST) has finalized and released three new encryption standards aimed at strengthening cryptographic defenses against potential cyber threats posed by quantum computers. These standards, which took about eight years to develop, are designed for general encryption and digital signatures, and address future risks where quantum computing could compromise current encryption methods. The standards utilize algorithms selected in a 2022 competition, including CRYSTALS-Kyber for encryption and CRYSTALS-Dilithium and Sphincs+ for digital signatures. Organizations are encouraged to begin integrating these standards promptly to safeguard long-term data security against future quantum threats. Further draft standards and evaluations for additional algorithms are also underway.

NIST releases three encryption standards to prepare for future quantum attacks fedscoop

Cybersecurity threats from external actors like Russia, China, North Korea, and Iran are significant, but insider threats, which involve individuals within the organization or third-party partners with authorized access, require equal attention. While tools such as Data Loss Prevention and email sanitization, alongside AI innovations, are valuable, the most crucial defense against insider threats is cultivating a positive organizational culture. Insider threats can be intentional, driven by motives like personal vendetta or financial gain, or unintentional, often stemming from employee negligence. A strong security culture, supported by leadership setting positive examples, transparent communication, team-oriented approaches, and clear policies, can empower employees to take ownership of their role in protecting the organization. Emphasizing ethical behavior and a collective mission fosters a resilient defense against insider threats.

The best defense against insider threats – culture paulconnelly

Governor Roy Cooper and Health and Human Services Secretary Kody H. Kinsley announced that all 99 eligible hospitals in North Carolina have joined a state program aimed at relieving medical debt for nearly 2 million residents, with an anticipated impact of approximately $4 billion. The initiative, leveraging the Healthcare Access and Stabilization Program (HASP), will implement policies to alleviate existing debts and prevent future accruals, particularly benefiting low- and middle-income individuals. Participating hospitals will focus on automatic charity care qualification for certain public benefits enrollees and enforce debt forgiveness for Medicaid recipients by mid-2025, along with other measures to curtail aggressive debt collection practices.

North Carolina Hospitals Sign On to Relieve Medical Debt publication

Cyberattacks on healthcare organizations represent a significant risk to patient care and safety, affecting not just individual hospitals but entire communities. Particularly disruptive are ransomware attacks on third-party providers, as these critical vendors support essential hospital functions. The 2023 attack on UnitedHealth Group's Change Healthcare by the Russian ransomware group ALPHV BlackCat exemplifies the extensive impact such attacks can have. Healthcare organizations are advised to enhance their third-party risk management programs through structured strategies, including rigorous risk assessments and incident response planning. Preparedness is crucial as cybercriminals increasingly target these third-party "hubs" to maximize disruption across "spoke" health entities.

Third-Party Cyber Risk Impacts the Health Care Sector the Most. Here’s How to Prepare. | AHA News AHA