Healthcare-covered entities and business associates are being urged to share their current best practices with HHS OCR, as well as their thoughts on recent HITECH Act changes and HIPAA penalties.
While nearly 95% of public and private sector leaders reported being somewhat or very concerned about cybersecurity risk and almost 80% of public sector respondents noted that their organizations have proactively addressed risks, about 40% of those in the public sector said they did not have any incident response plans, GCN reports.
Advanced persistent threat groups El Machete, Lyceum, and SideWinder have exploited the ongoing Russian invasion of Ukraine in spearphishing campaigns targeted at organizations across various sectors around the world last month, The Hacker News reports.
Armorblox researchers say threat actors using WhatsApp combine social engineering, brand impersonation, exploiting a legitimate domain, and replicating daily business email to launch a trojan on a victim’s system.
The Cybersecurity and Infrastructure Security Agency has added the Spring4Shell remote code execution vulnerability impacting the Spring Framework to its Known Exploited Vulnerabilities Catalog.
More than 100 high-value Mailchimp customers in the cryptocurrency and finance industries had their data exfiltrated as a result of a breach on one of the email marketing firm's internal tools.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.