The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a report highlighting significant shortcomings in cybersecurity practices within a U.S. civilian executive branch agency. The report follows a 2023 red-teaming exercise where CISA employed tactics resembling those of nation-state threat actors and successfully compromised the agency's network, gaining access through a known Solaris vulnerability and phished Windows credentials. The red team remained undetected for a significant period, even managing to eavesdrop on the blue team's communications. Key recommendations from CISA include streamlining incident response, avoiding dependence on known indicators of compromise, and enhancing log monitoring and analysis for better attack comprehension and defense.

CISA sees red over government cybersecurity exercise scmagazine

**Healthcare Breaches and New Guidance**

The healthcare industry continues to face significant challenges in managing cyber risks, as evidenced by recent data breaches such as the unprecedented cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group. Despite existing regulatory frameworks like HIPAA and ample guidance from entities like HHS-OCR and NIST, healthcare organizations struggle to mitigate cyber threats due to factors such as misdelivery of information, misuse of privileges, and rapidly evolving technology landscapes. Recent guidance, including NIST's updated Resource Guide and HHS's cybersecurity strategy, aims to improve the sector's cybersecurity posture, but concerns remain about the adequacy and implementation of these measures in effectively managing cybersecurity risks.

Healthcare Breaches and New Guidance - The CPA Journal The CPA Journal

The digital health sector experienced a massive surge in venture funding during the pandemic, fueled by the belief that telehealth would dominate future healthcare delivery. However, despite significant investments, the valuation and profitability of digital health companies have plummeted since 2021, with very few companies achieving profitability. Recent large investment rounds in new health tech ventures, such as K-Health and Headway, raise questions about their potential for profitability and differentiation from existing companies. The sector faces uncertainty as investors continue to pour money into it despite poor market performance and limited profitable exits.

Digital Health: There is No Exit – The Health Care Blog Publication

EvolutionaryScale has introduced ESM3, a large protein language model, to design new fluorescent molecules, with applications potentially extending into drug development and sustainability. The company, founded by former Meta scientists, secured $142 million in funding to advance its work. ESM3 was trained on over 2.7 billion protein sequences and has demonstrated its capability by redesigning green fluorescent protein (GFP) variants. Although the model’s open-source version omits sensitive sequences, its extensive computational requirements place full replication beyond the reach of most academic labs. EvolutionaryScale aims to apply ESM3 to diverse scientific challenges, including plastic-eating enzymes and new protein-based drugs.

Ex-Meta scientists debut gigantic AI protein design model Nature