Tag: healthcare
-
The Privacy Risks of Embedded, Shadow AI in Healthcare
Artificial intelligence that is embedded in newer editions of software and other technology tools but is not explicitly revealed by vendors is a substantial risk on par with shadow AI, said regulatory attorney Elizabeth Hodge with the law firm Akerman LLP. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/privacy-risks-embedded-shadow-ai-in-healthcare-i-5546
-
Train like you fight: Why cyber operations teams need no-notice drills
Tags: breach, business, cloud, communications, credentials, cyber, cybersecurity, detection, framework, healthcare, injection, login, military, psychology, ransomware, risk, skills, soc, threat, training, updateThe Yerkes-Dodson inverted-U curve: Performance rises with arousal to an optimal point, then falls sharply.Wikimedia Commons, CC-ZeroWhat repeated no-notice drills do is shift a team’s position on that curve. By building familiarity with threat-level arousal, they raise the threshold at which stress becomes performance-impairing. The stimulus is no longer novel. The cascade is shorter. Executive…
-
LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations
Cambridge, MA, May 5th, 2026, CyberNewswire New right-sized offering brings advanced encryption, easy API integration, and HITRUST-certified compliance to the most underserved segment in healthcare email, with pricing starting at $99/month LuxSci, a leading provider of HIPAA compliant secure healthcare communications, today announced the launch of LuxSci Secure High Volume Email for mid-sized healthcare […]…
-
LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations
Cambridge, MA, 5th May 2026, CyberNewswire First seen on hackread.com Jump to article: hackread.com/luxsci-launches-enterprise-grade-hipaa-compliant-email-security-for-mid-sized-healthcare-organizations/
-
NHS to close-source hundreds of GitHub repos over AI, security concerns
Healthcare giant’s maintainers handed May deadline to enact the change First seen on theregister.com Jump to article: www.theregister.com/2026/05/05/nhs_to_closesource_hundreds_of_repos/
-
Feds Indict Ex-Hospital Pharmacist for Spying on Co-Workers
Defendant Is Also at Center of a Civil Class Action Against His Former Employer. A federal grand jury has indicted a former Maryland hospital pharmacist, alleging he weaponized tech tools – including keylogging – to steal credentials and spy on nearly 200 co-workers and other individuals over an eight-year period. The defendant is also the…
-
How Mythos Signals Cybersecurity Disruption
Tags: access, ai, attack, banking, browser, business, cybersecurity, data, exploit, finance, government, hacker, healthcare, infrastructure, microsoft, open-source, risk, software, technology, tool, update, vulnerability, zero-dayWhat is Mythos Mythos is Anthropic’s latest AI model, and it is stirring up a tornado of concern in cybersecurity circles. Even before its release, Mythos discovered thousands of new sensitive vulnerabilities in commercial and open-source software, including all major operating systems and web browsers. One was in existence for over 27 years without the industry…
-
US healthcare marketplaces shared citizenship and race data with ad tech giants
Virginia and Washington D.C. paused the data collection and sharing, after Bloomberg’s investigation found their health insurance marketplaces were sharing users’ information with advertisers. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/04/us-healthcare-marketplaces-shared-citizenship-and-race-data-with-ad-tech-giants/
-
Are Hospital Attacks ‘Terrorism,’ Patient Deaths ‘Murder’?
Experts Weigh How the US Could Raise the Stakes for Would-Be Attackers. As ransomware attacks on hospitals continue to disrupt patient care and sometimes contribute to serious patient harm, policymakers are increasingly debating whether the U.S. should treat such incidents as acts of terrorism – and even pursue homicide charges when a patient death occurs.…
-
ODNI to CISOs on threat assessments: You’re on your own
Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfareThe bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
-
ODNI to CISOs on threat assessments: You’re on your own
Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfareThe bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
-
AI Finds 38 Security Flaws in Electronic Health Record Platform
Flaws in OpenEMR’s platform, used by more than 100,000 healthcare providers, enabled database compromise, remote code execution, and data theft. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/ai-finds-38-security-flaws-openemr
-
A Quarter of Healthcare Organizations Report Medical Device Cyber-Attacks
RunSafe report reveals most attacks on medical devices disrupt patient care First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/quarter-healthcare-medical-device/
-
Researchers Find 38 Flaws in OpenEMR. They’ve Been Fixed
AI Tool Used to Discover Bugs, Which Included 2 Maximum Severity Vulnerabilities. Researchers at security firm AISLE said they recently identified 38 vulnerabilities, including two maximum-severity zero-day flaws in OpenEMR, an open-source electronic medical record software platform used by about 100,000 healthcare providers globally. OpenEMR has patched the problems. First seen on govinfosecurity.com Jump to…
-
Protecting Michigan’s Patients: The State’s Healthcare CISOs
Michigan’s healthcare sector is one of the most complex in the Midwest, spanning academic medical centers, regional health systems, long-term care, and the statewide associations that set the security standards many smaller organizations depend on. The leaders in this feature are not working in comparable environments. They are securing a $500 million long-term care operator,…The…
-
The Bluegrass State’s Security Leaders: Kentucky CISOs to Know
Kentucky’s cybersecurity leadership spans government, academic medicine, community healthcare, manufacturing technology, banking, and global software platforms. The CISOs in this feature have built programs inside environments as different as a city government and a Fortune-level enterprise acquisition, but they share a common thread: careers shaped by the specific demands of the institutions and industries Kentucky…The…
-
Poor Risk Analysis Cost 4 Firms $1.7 Million in HIPAA Fines
HHS OCR Breach Investigators Again Find All-Too-Common Risk Analysis Failures. Faulty or non-existent security risk analyses cost a medical imaging provider, a women’s healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn’t do enough to prevent ransomware attacks. First seen on govinfosecurity.com…
-
Benchmarking OpenAI’s Privacy Filter: What it gets right, and where PII detection still needs real data
A deep dive into OpenAI’s Privacy Filter, benchmarking its PII detection performance against Tonic Textual on real-world datasets. We explore where the model succeeds, where it struggles, and how fine-tuning with labeled data impacts accuracy across domains like healthcare, legal, and web data. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/benchmarking-openais-privacy-filter-what-it-gets-right-and-where-pii-detection-still-needs-real-data/
-
Anthropic bets on EPSS for the coming bug surge
Tags: ai, cisco, ciso, cloud, crowdstrike, cve, cvss, cyber, data, exploit, flaw, government, Hardware, healthcare, infrastructure, network, update, vulnerabilitySecurity leaders weigh promise versus reality: Security vendors are increasingly incorporating EPSS scores into their systems.According to Roytman, EPSS has been incorporated into more than 120 security vendors’ products, including CrowdStrike, Cisco, Palo Alto Networks, Qualys, and Tenable platforms.”I do not think other CISOs realize how broadly EPSS has been adopted, but that adoption is…
-
Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks
The ideas came up at a House Homeland Security Committee hearing, as health care ransomware attacks are on the rise. First seen on cyberscoop.com Jump to article: cyberscoop.com/lawmakers-ponder-terrorism-designations-homicide-charges-over-hospital-ransomware-attacks/
-
Researchers build an encrypted routing layer for private AI inference
Organizations in healthcare, finance, and other sensitive industries want to use large AI models without exposing private data to the cloud servers running those models. A … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/21/securerouter-encrypted-ai-inference/
-
Health AI Firm Faces Lawsuits Over DNA Data Use, Disclosure
Complaints Allege Tempus AI Lacked Consent to Use, Share Data With Pharma Cos.. A healthcare artificial intelligence firm that sells genetic information from an acquired database holding the results of millions of screening tests faces multiple putative class action lawsuits in Chicago federal court. Genetic data resists attempts to de-identify it, plaintiffs say. First seen…
-
Article 5 and the EU AI Act’s Absolute Red Lines FireTail Blog
Tags: access, ai, awareness, cctv, cloud, compliance, control, data, detection, exploit, finance, group, healthcare, ibm, infrastructure, Internet, law, microsoft, monitoring, risk, service, technology, tool, training, vulnerabilityApr 20, 2026 – Alan Fagan – Most conversations about the EU AI Act focus on August 2026, when obligations for high-risk AI systems become fully enforceable. But Article 5 is already live. The Act’s eight prohibited practices became enforceable in February 2025. Fines of up to Euro35 million or 7% of global annual turnover…
-
Article 5 and the EU AI Act’s Absolute Red Lines FireTail Blog
Tags: access, ai, awareness, cctv, cloud, compliance, control, data, detection, exploit, finance, group, healthcare, ibm, infrastructure, Internet, law, microsoft, monitoring, risk, service, technology, tool, training, vulnerabilityApr 20, 2026 – Alan Fagan – Most conversations about the EU AI Act focus on August 2026, when obligations for high-risk AI systems become fully enforceable. But Article 5 is already live. The Act’s eight prohibited practices became enforceable in February 2025. Fines of up to Euro35 million or 7% of global annual turnover…
-
Healthcare Cyber Research Programs Escape Budget Knife
UPGRADE and DigiSeals Programs at ARPA-H Remain Fully Funded. A U.S. federal grant effort to develop autonomous medical device patching platforms for hospitals evaded the budget-cutting knife of the Trump administration. Program boosters hope to automate cyber defenses so that hospitals of any size can more quickly patch vulnerabilities. First seen on govinfosecurity.com Jump to…
-
Ransomware attack continues to disrupt healthcare in London nearly two years later
More than 18 months after a ransomware attack disrupted care at hospitals in South East London, documents show at least one NHS trust is still working without fully restored systems and managing large backlogs of delayed test results. First seen on therecord.media Jump to article: therecord.media/ransomware-nhs-cyberattack-disruption
-
Article 12 and the Logging Mandate: What the EU AI Act Actually Requires FireTail Blog
Tags: access, ai, breach, ciso, cloud, compliance, control, data, data-breach, finance, GDPR, grc, healthcare, infrastructure, insurance, jobs, metric, monitoring, regulation, risk, saas, service, toolApr 16, 2026 – Lina Romero – When GDPR arrived, the organisations that had mistaken documentation for capability were the ones that struggled the most. They had policies about data retention but no technical controls enforcing those policies. They had breach notification procedures but no systems capable of detecting a breach in time to use…
-
Signed software abused to deploy antivirus-killing scripts
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/signed-software-abused-to-deploy-antivirus-killing-scripts/