Top Stories
HHS Appoints Melanie Fontes Rainer as New OCR Director
Melanie Fontes Rainer, who previously served as the acting director of the Office for Civil Rights (OCR), will now lead the enforcement of federal civil rights such as HIPAA as OCR Director.
Breaches
LastPass says hackers had internal access for four days
Lastpass' CEO Karim Toubba also said that the company's investigation (carried out in partnership with cybersecurity firm Mandiant) found no evidence the threat actor accessed customer data or encrypted password vaults.
ClearBalance, Bricker & Eckler settle data breach lawsuits involving patient data
Two class action settlements involving business associates.
Uber hacked, internal systems breached and vulnerability reports stolen
Uber suffered a cyberattack Thursday afternoon with an allegedly 18-year-old hacker downloading HackerOne vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server.
Security
FBI: Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses
The FBI has received multiple reports of cyber criminals increasingly targeting healthcare payment processors to redirect victim payments.
Pen Testing Data Highlights Gaps in Healthcare Cybersecurity
Coalfire analyzed the results of 3,100 pen tests conducted on behalf of its clients to draw insights about top cybersecurity risks.
Trend Micro warns of actively exploited Apex One RCE vulnerability
This flaw (CVE-2022-40139) enables attackers to execute arbitrary code remotely on systems running unpatched software.
Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs
Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on.
EU Proposes Strict Cybersecurity Rules for Digital-Product Makers - WSJ
Security guarantees and five years of patches would be required for a range of products, from home appliances and connected toys to computers and software, under European Union plan.
Privacy
Senators Seek HIPAA Changes to Protect Reproductive Info
Democratic U.S. senators are urging the Biden administration to strengthen federal health privacy regulations by restricting medical providers from sharing reproductive health information absent the explicit consent of patients.
California’s New Online Child Protection Law Will Challenge Companies
A new California law on children’s data privacy could be a headache for many companies, especially smaller ones, according to privacy experts. The fines for noncompliance can be steep, with $2,500 levied per child for accidental infractions, and $7,500 for more deliberate transgressions.
Misc
CISA to Hold Meetings to Flesh Out Cyber-Incident Reporting Rules
The Cybersecurity and Infrastructure Security Agency will launch 11 consultations with critical-infrastructure operators over the coming weeks in an effort to flesh out cybersecurity reporting rules that Congress passed earlier this year.
Vista Equity Bids to Take KnowBe4 Private at $4.2B Valuation
Tampa, Florida-area KnowBe4 says it received a nonbinding offer of $24 per share for the 90.65% of outstanding shares not currently owned by Vista Equity, an Austin, Texas-based global investment giant. Vista Equity's offer represents a 39% premium to KnowBe4's closing price Friday of $17.30 per share and values KnowBe4 at $4.22 billion given the 175.7 million shares of company stock outstanding.