Privacy & Security

And in other news, CISA directs federal agencies on Microsoft breach by Russian operatives.

Also: CloudWave and FDA extend their threat intelligence partnership to offer an open-source vendor assessment framework.

Most hospitals do not patch medical devices at the same frequency as traditional networks and need compensating security controls to address their unquantified device vulnerabilities, says Richard Staynings, chief security strategist at Cylera.

Senators Hawley and Blumenthal asked UnitedHealth Group how Change Healthcare's systems were breached, why the clearinghouse suffered "such an egregious and unexplained outage" and the extent of data compromised in the ransomware attack.

The agency says threat actors are targeting organizations' IT help desks with phone calls from a local area code claiming to be revenue cycle or administrator employees. After gaining access, they divert legitimate payments.

Hamish Steel, the 23-year-old founder of Australia's Digital Health Festival, says there are massive opportunities out there to accelerate Australian healthcare's digitalisation.

Poorly controlled cloud environments, growing access to systems, heightened regulatory scrutiny and significant deals activity will require healthcare CISOs, CIOs and other security leaders to bolster the defenses.

Also, New Zealand's My Health Record has expanded access to more personal health information.

Many healthcare organizations underestimate the expense of on-premises cybersecurity and may miss early signs of an attack if teams don’t know what to look for, says Max Rogers, senior director of the security operations center at Huntress.  

Darren Lacey discusses the key foundational technologies underlying healthcare's IT infrastructure, and how innovative approaches to open-source tooling and memory safe languages can help improve health systems' cybersecurity posture.