The Biden administration should adopt less-strict standards about what triggers a proposed prohibition on data brokers selling bulk sensitive information to adversarial foreign entities, industry groups argued in public comments due last week. Among their biggest suggestions is that any potential rules should make exceptions for anonymized data. Another is that they should raise the volume threshold for what counts as bulk information. The groups’ comments, which were submitted by Friday under a Department of Justice deadline, broadly reflect their desire to scale back those potential rules di ..read more

Nearly 90% of information technology professionals working in health care said their facilities suffered a cyberattack in the past year, according to a report out Thursday from the research organization Ponemon Institute. Many of them said the attacks, which averaged 43 at various types of health care organizations including hospitals and insurance providers, increasingly affected patient care. More than 600 IT and IT security practitioners responded to the survey sponsored by the cybersecurity firm Proofpoint. The report comes amid frequent warnings from federal cybersecurity officials about ..read more

Three federal agencies said Wednesday that North Korean hackers have been attacking the health care sector with ransomware, and cautioned victims that paying up could run afoul of U.S. sanctions rules. The FBI, the Department of Homeland Security’s Cybersecurity an Infrastructure Security Agency and the Treasury Department said in an alert that the hackers were using a kind of ransomware dubbed “Maui” to go after health care and public health organizations. “This malicious activity by North Korean state-sponsored cyber actors against the healthcare and public health sector poses a significant ..read more

Sens. Jacky Rosen, D-Nev., and Todd Young, R-Ind., are introducing legislation that would require the U.S. Food and Drug Administration to keep federal guidance on medical device security up to date with rapidly evolving cyber threats to the health industry. The legislation, first shared with CyberScoop, would impose requirements on the FDA to work with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to issue binding guidance for industry and FDA staff regarding medical device cybersecurity no less than every two years. The bill also requires FDA to regul ..read more

Rolling robots used at hospitals for a variety of tasks — including transporting medication — have been patched for five vulnerabilities that could have allowed attackers to potentially disrupt patient care or capture sensitive information, researchers said Tuesday. Health care cybersecurity company Cynerio said it found the bugs in Aethon’s TUG robots in December, and then “worked closely” from January onward with the manufacturer through the federal Cybersecurity and Infrastructure Security Agency’s process for disclosing critical vulnerabilities. Aethon said it took “immediate action” after ..read more

A little more than a year removed from its role in advancing some of the most significant cybersecurity legislation ever enacted, the Cyberspace Solarium Commission is transforming into version 2.0 of itself. With some of its key recommendations now law — such as the creation of the Office of the National Cyber Director in the White House — the remnant of the congressionally created panel is turning its attention to tracking how those ideas are implemented, while studying some of the issues it didn’t get to fully examine before releasing its final report. Those areas of study include protectin ..read more

The websites of the top newspaper and TV station in Portugal remained down Tuesday after a cyberattack that began over the weekend, following in a string of recent attacks on media organizations. Impresa Group said its Expresso newspaper and SIC TV stations were the victim of a computer attack. A ransomware group suspected as the culprit, known as Lapsus$, initially defaced the websites with a ransom demand. The outfit also sent tweets from Expresso’s Twitter account to declare itself the president of Portugal, and sent text messages to the news organizations’ customers hyping its success in a ..read more

A group of likely foreign government-sponsored hackers is behind cyberattacks on two bio-manufacturing companies that occurred this year, using a kind of malware capable of operating with independence within a network, an industry group warned. The Bioeconomy ​​Information Sharing and Analysis Center (BIO-(ISAC) dubbed the malware “Tardigrade” after the resilient micro-animal, and said it looks like the work of an advanced persistent threat group, a term that most often refers to government-backed attackers. Researchers first investigated the hacking tool this spring following a ransomware att ..read more

Nearly 90% of information technology professionals working in health care said their facilities suffered a cyberattack in the past year, according to a report out Thursday from the research organization Ponemon Institute. Many of them said the attacks, which averaged 43 at various types of health care organizations including hospitals and insurance providers, increasingly affected patient care. More than 600 IT and IT security practitioners responded to the survey sponsored by the cybersecurity firm Proofpoint. The report comes amid frequent warnings from federal cybersecurity officials about ..read more

Three federal agencies said Wednesday that North Korean hackers have been attacking the health care sector with ransomware, and cautioned victims that paying up could run afoul of U.S. sanctions rules. The FBI, the Department of Homeland Security’s Cybersecurity an Infrastructure Security Agency and the Treasury Department said in an alert that the hackers were using a kind of ransomware dubbed “Maui” to go after health care and public health organizations. “This malicious activity by North Korean state-sponsored cyber actors against the healthcare and public health sector poses a significant ..read more