McLaren Port Huron Hospital reverted to using paper records following a ransomware attack on Aug. 6 that disrupted the IT systems of McLaren Health Care, impacting 13 of its facilities. Although IT systems are now restored, the hospital faces delays in patient care and is working to catch up on missed appointments by the end of the week. The transfer of patient information from paper back into electronic systems is expected to take several weeks.

Cyberattack forced Michigan hospital to use paper records for 1st time in 20 years, CEO says Becker's Hospital Review

A recent report from Sophos has highlighted significant updates to the Poortry/BurntCigar toolkit, a tool used by ransomware groups to compromise endpoint protection software. Originally identified for terminating endpoint detection and response (EDR) processes, the toolkit now has the capability to completely wipe EDR software from systems. The toolkit uses a malicious kernel driver and loader, heavily obfuscated to evade detection, and it has been utilized by ransomware gangs such as Cuba, BlackCat, and LockBit. Following Microsoft's closure of a loophole allowing custom kernel-level driver signing, developers have adapted by using methods like Signature Timestamp Forging and obtaining valid leaked certificates. These adaptations have enabled the toolkit to function akin to a rootkit, enhancing its evasion capabilities and making it a more formidable threat to IT defenses.

Tool used by ransomware groups now seen killing EDR: Report CSO Online

In his article, Jon Oltsik outlines "5 Best Practices for Running a Successful Threat-Informed Defense in Cybersecurity," emphasizing the importance of tailoring cybersecurity strategies to specific threats. He discusses the need for establishing a threat intelligence lifecycle, using threat intelligence for exposure management, driving detection engineering, promoting threat hunting, and pursuing continuous testing. These practices involve continuous improvement and alignment of resources to manage vulnerabilities effectively, write and refine detection rules, automate compromise detection, and conduct ongoing testing to identify gaps in defenses. Oltsik highlights that while challenging, adopting a threat-informed defense can lead to improved security efficacy and organizational efficiency.

5 best practices for running a successful threat-informed defense in cybersecurity publication

Academic health systems in the U.S. are increasingly acquiring rural and community hospitals to address financial challenges and maintain care access. Strategic partnerships offer smaller organizations sustainability while benefiting academic systems’ goals. MyMichigan Health, for example, recently acquired three hospitals from Ascension. CEO Lydia Watson emphasizes cultural alignment and strategic growth over scale, considering factors like clinical quality, financial stability, community benefits, and leadership fit. UCSF Health similarly acquired two hospitals from Dignity Health for $100 million, with CEO Suresh Gunasekaran highlighting vision alignment, academic mission, and workforce commitment as crucial factors in partnerships. Both health systems focus on strategic acquisitions to enhance care quality and community services.

The right time to grow, per 2 CEOs Becker's Hospital Review