The article discusses the financial investments eight hospitals and health systems are making in electronic health record (EHR) systems. It details the expenses ranging from Health First's planned $160 million for an Epic EHR system to AdventHealth's $660 million recently completed Epic implementation. Additionally, various hospitals like Kona Community and Kohala Hospital received federal funding worth $2.5 million for their EHR systems, while systems like MultiCare Health System are planning to spend around $50 million for upgrading EHR at newly acquired facilities. The report emphasizes the significant financial commitments involved in either upgrading or installing new EHR systems to enhance operational efficiency and patient care.

How much 8 health systems are paying for EHRs publication

The U.S. Office for Civil Rights (OCR) has issued a Dear Colleague letter and initiated a comprehensive investigation into Change Healthcare and UnitedHealth Group (UHG) following a significant cybersecurity incident, analyzing the possible breach of protected health information (PHI) and compliance with HIPAA regulations. The investigation also extends to entities associated with Change Healthcare and UHG, underscoring the importance of maintaining business associate agreements and the necessity for timely breach notifications. OCR has provided various resources to aid healthcare entities in improving cybersecurity measures and complying with the HIPAA Security Rule, emphasizing the necessity of risk analysis and breach protocols to protect patient information.

Change Healthcare Cybersecurity Incident Frequently Asked Questions publication

Today's workplace complexities have blurred the lines between standard and privileged user accounts, with many non-administrative roles requiring access to sensitive data and applications. CyberArk's CEO, Matt Cohen, emphasizes that any identity can become privileged under certain circumstances, highlighting the shifting nature of cyber security threats. Hackers exploit outdated authentication methods, with over half of workforce identities having access to critical systems, according to CyberArk's Amita Potnis. This situation necessitates a move beyond traditional security measures to modern Identity and Access Management (IAM) solutions that enforce least privilege access and manage all user accounts, mitigating risks associated with elevated privileges. The article discusses various scenarios where regular users gain unintended privileges, and how attackers exploit these "privilege creeps." To combat these vulnerabilities, organizations are encouraged to implement stronger authentication protocols, such as Multi-Factor Authentication (MFA) and Single Sign-On (SSO), and adopt a zero-trust network model and AI-assisted IAM platforms to ensure secure and appropriate access.

The evolution of privilege: How to secure your organization in an era of escalating workforce privileges SC Magazine

In January 2024, MITRE Corporation reported a security breach instigated by a state-sponsored hacking group that exploited two zero-day vulnerabilities in Ivanti VPNs. The breach was initially detected due to unusual activity in an unclassified network environment used for research and development, prompting an immediate investigation. Although the breach did not compromise MITRE's core enterprise network or its affiliates, the attackers were able to maneuver through the network and access sensitive data by using sophisticated methods to bypass security measures, including multi-factor authentication. The incident has prompted notifications to impacted parties and collaborations with authorities as MITRE works to establish secure operational alternatives while advocating for improved cybersecurity defenses across the industry.

MITRE says state hackers breached its network via Ivanti zero-days Bleeping Computer