IT Security & Privacy

The U.S. Department of Health and Human Services (HHS) has introduced a comprehensive cybersecurity strategy aimed at fortifying the resilience of the health care sector against the escalating threat of cyber-attacks. The concept paper, aligned with President Biden's National Cybersecurity Strategy, outlines four pivotal pillars for action with a focus on bolstering cybersecurity for hospitals, patients, and communities vulnerable to cyber threats.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a crucial mitigation guide aimed at fortifying the cybersecurity defenses of the Healthcare and Public Health (HPH) Sector. The new guidance, a supplement to the HPH Cyber Risk Summary released on July 19, 2023, outlines strategic measures to combat pervasive cyber threats affecting the sector.

Rivers Casino in Des Plaines has disclosed a data breach that occurred in mid-August, highlighting the vulnerabilities that businesses, even in the entertainment and hospitality sector, face in the digital age.

The government of Maine recently disclosed that approximately 1.3 million residents fell victim to a massive data breach earlier this year, out of a population of 1.37 million. The breach, which occurred in May, was part of a widespread cyberattack that exploited a vulnerability in the widely used MOVEit file-transfer system, impacting not only Maine but also several U.S. federal agencies, including the Department of Energy and the Department of Health and Human Services (HHS).

The French data protection authority, known as the CNIL, has been actively enforcing its new simplified sanction procedure, which was introduced in 2022. Over the past two months, the CNIL has issued ten new decisions under this streamlined approach, imposing fines totaling €97,000 on both private and public-sector entities. These sanctions were a result of violations of various data protection requirements, highlighting the authority's commitment to upholding privacy and data protection regulations.

In a concerning development, Cook County Health has issued a warning that more than 1.2 million patients may have had their personal information exposed in a data breach involving medical transportation firm Perry Johnson & Associates (PJ&A). The breach occurred earlier this year and was brought to light by PJ&A in July, leaving a significant number of patients potentially impacted.

New York has taken a decisive step in strengthening its cybersecurity regulations, adding stricter requirements that surpass recent federal rules. The New York State Department of Financial Services (DFS), responsible for overseeing various financial institutions, has introduced these enhanced cybersecurity regulations in response to the growing threat of cyberattacks, emphasizing the need for more robust protections.