Tag: Cybersecurity

Summary of article from FiscalNote, by Nicole D’Angelo:

Cybercrime costs are projected to rise from $9.22 trillion in 2024 to $13.82 trillion by 2028, with new threats emerging due to advancements in technology, particularly AI. Governments are increasingly focusing on cybersecurity, with several key legislations proposed in 2024, including the Healthcare Cybersecurity Improvement Act and the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) in the US, and the EU AI Act, Network and Information Security 2 Directive (NIS2), and Digital Operation Resilience Act (DORA) in the EU. The rise of AI is also leading to new cybersecurity risks, with governments focusing on ensuring AI systems are secure and ethical. The concept of “Security by Design” is gaining traction, encouraging developers to integrate security measures into new products. The Cybersecurity and Infrastructure Security Association (CISA) is offering support to high-risk sectors, such as healthcare and education, to help them mitigate sophisticated cyberattacks.

Summary of article from The HIPAA Journal, by Steve Adler:

The Advanced Research Projects Agency for Health (ARPA-H), a Department of Health and Human Services (HHS) agency, has initiated a cybersecurity program aimed at enhancing and automating cybersecurity in U.S. hospitals. The program, called Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE), will invest over $50 million to develop software tools to bolster network defenses against cyberattacks. The software will help identify and mitigate vulnerabilities in hospital systems, intending to reduce the time devices remain vulnerable from several months to a few days. ARPA-H is seeking proposals for the creation of a vulnerability mitigation platform, development of digital twins of hospital equipment, and methods for auto-detecting vulnerabilities and auto-developing defenses. The UPGRADE program is part of HHS’s broader strategy to improve cyber resilience across the healthcare sector.

Summary of article from IAPP, by Jodi Daniels, CIPP/US:

Managing cookies is essential for compliance with privacy and data protection laws worldwide. Establishing a cookie governance program involves designating roles for program leadership, creating a comprehensive policy for cookie use and removal, and implementing systems to manage user consent. Regular audits and privacy impact assessments for new cookie use are necessary to ensure ongoing compliance. Employees should be trained on the cookie program and privacy practices, and privacy notices must accurately reflect the company’s cookie practices. As technologies and privacy laws evolve, businesses should regularly review and update their cookie governance program to maintain compliance.

Summary of article from Renal and Urology News, by John Schieszer:

The Department of Health and Human Services (HHS) is updating the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to include new cybersecurity requirements, in light of increasing cyber threats to the healthcare sector. The HHS has issued a concept paper providing voluntary Cybersecurity Performance Goals (CPGs) to help healthcare organizations improve their cyber resilience. A significant rise in data breaches and ransomware attacks has been observed, emphasizing the need for improved cyber protection. The HHS is planning to establish two programs to aid healthcare providers in implementing these CPGs, one of which involves financial aid for high-need providers. Additionally, changes to the HIPAA Security Rule may include allowing patients more direct access to their Protected Health Information (PHI) and potential privacy concerns are being addressed.

Summary of article from Federal Trade Commission, Office of Technology:

The FTC has been enforcing national consumer protection laws for over two decades, focusing on companies with inadequate security practices such as failing to encrypt sensitive data and not using multi-factor authentication. The FTC and the Cybersecurity and Infrastructure Security Agency (CISA) recommend practices like root-cause analysis of vulnerabilities, using template rendering systems for Cross-Site Scripting (XSS) vulnerabilities, query builders for SQL injection vulnerabilities, and memory-safe programming languages for buffer overflows and use-after-free vulnerabilities. CISA’s Secure by Design Alert Series offers additional strategies to protect systems from design issues leading to security incidents. The FTC asserts that companies have a legal obligation to protect consumers’ data, with violations leading to enforcement actions.