The U.S. is moving closer to enforcing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which mandates critical infrastructure entities to report significant cyber incidents within 72 hours and ransom payments within 24 hours, aiming to bolster national security and public safety. These regulations are designed to enable a more coordinated response to cyber threats, allowing for the rapid deployment of assistance and sharing of threat information across sectors to prevent further attacks. While the rule aims to protect and strengthen critical infrastructure against digital threats, concerns have been raised about the additional compliance burdens it places on organizations, especially those with limited security personnel and resources. The industry is also encouraged to submit their feedback during a 60-day public commentary period before the regulations are finalized.

Critical infrastructure cyberattack reporting rules proposed The Register

The White House Office of Management and Budget (OMB) has issued its first government-wide policy to address and mitigate the risks associated with the use of artificial intelligence (AI), aligning with President Biden's Executive Order on AI. This policy sets a foundation for federal agencies to responsibly harness AI technology while ensuring public safety, privacy, equity, and civil rights. It mandates actionable safeguards for AI applications in various sectors including health, education, and employment, emphasizing human oversight and public transparency. Additionally, the policy promotes AI innovation within the federal government, encourages the growth of the AI workforce through hiring initiatives and training programs, and strengthens AI governance by establishing Chief AI Officers and AI Governance Boards. These measures aim to position the U.S. as a leader in responsible AI innovation and utilization, reflecting a commitment to accountability, oversight, and engaging with the public and private sector to uphold best practices in AI development and deployment.

FACT SHEET: Vice President Harris Announces OMB Policy to Advance Governance, Innovation, and Risk Management in Federal Agencies’ Use of Artificial Intelligence Whitehouse.gov

Steward Health Care has agreed to sell its national physician network to Optum, a UnitedHealth Group subsidiary, as part of efforts to improve its financial situation. The deal requires review by the Massachusetts Health Policy Commission and could face further scrutiny from state or federal authorities. Optum is set to acquire primary care doctors and clinicians in nine states from a Steward affiliate. The transaction's impact on healthcare costs, quality, access, and equity will be closely examined. Concerns have been raised about the implications for healthcare delivery and costs in Massachusetts and nationally. This move is noted amid broader discussions on the role of for-profit companies in healthcare and their responsibility to ensure access and affordability.

Steward Health Care strikes deal to sell its nationwide physician network to Optum Yahoo Finance

In a recent surge of phishing activities, Apple customers have become targets of sophisticated scams exploiting what seems to be a loophole in Apple's password reset feature. The attacks manipulate device notifications to flood victims with system prompts for password approval, subsequently followed by a call from scammers posing as Apple support to "verify" the user under the guise of security measures. Instances shared by entrepreneurs Parth Patel and a cryptocurrency hedge fund owner named Chris illustrate the alarming efficiency of these scams, involving a method known as "push bombing" or "MFA fatigue" attacks to overload users with verification requests. Despite efforts to mitigate these attacks, such as the implementation of an Apple Recovery Key, these incidents highlight significant concerns regarding Apple's system security and the effectiveness of current safeguards against sophisticated phishing campaigns.

Recent ‘MFA Bombing’ Attacks Targeting Apple Users Krebs on Security