Top Stories
HITRUST CSF v11 Scheduled for January 2023 Release
HITRUST, the information risk management, standards, and certification body, plans to release HITRUST CSF version 11 in January 2023 to improve mitigations against evolving cyber threats, broaden the coverage of authoritative sources, and streamline the journey to higher levels of assurance.
Breaches
Texas County EMS Agency Says Ransomware Breach Hit 612,000
A municipal ambulance services provider that serves 15 cities in a Texas county has reported to federal regulators a ransomware breach potentially affecting 612,000 individuals, which is equivalent to nearly 30% of the county's 2.1 million population.
Arkansas Hospital Notifies Patients of Healthcare Data Breach
As the new year begins, healthcare data breach reports continue to roll in.
Security
Healthcare Ransomware Attacks More Than Doubled Over Past 5 Years
The number of healthcare ransomware attacks more than doubled from 2016 to 2021, from 43 in 2016 to 91 in 2021, according to a study published recently in JAMA Health Forum.
Exclusive: FDA Leader on Impact of New Medical Device Law
The $1.7 trillion omnibus spending bill signed into law last week by President Joe Biden contains new cybersecurity requirements for medical devices that make it a game changer for strengthening security within the healthcare ecosystem, says Dr. Suzanne Schwartz of the U.S. Food and Drug Administration.
Microsoft: Windows Server 2012 reaches end of support in October
Microsoft has reminded customers that the extended support for all editions of Windows Server 2012 and Windows Server 2012 R2 will end on October 10.
CircleCI warns of security breach — rotate your secrets!
The CI/CD platform touts having a user base comprising more than one million engineers who rely on the service for "speed and reliability" of their builds.
Privacy
2023 brings US state privacy law preparedness into focus
A compliance extravaganza kicked off Jan. 1, as the California Privacy Rights Act and the Virginia Consumer Data Protection Act took force. Laws in Colorado, Connecticut and Utah will also go live at different points in 2023.
Concern over moves to tighten NZ's data privacy regulations | RNZ News
The government is moving to change the law in line with tighter data privacy regulations in the European Union. This would likely oblige people to be told if their personal data was accessed by a third party, when at present they do not have to be notified.
Misc
Ukraine War and Upcoming SEC Rules Push Boards to Sharpen Cyber Oversight - WSJ
In 2023, the U.S. Securities and Exchange Commission is expected to complete a proposal to require companies to disclose details about cybersecurity oversight and attacks, including which board members have security expertise.
Divided Government Set to Return With Start of 118th Congress - WSJ
Political analysts say congressional leaders could still find common ground on bipartisan issues such as coming up with privacy rules for handling user data.
Cyber attacks set to become ‘uninsurable’, says Zurich chief | Financial Times
Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses.