The U.S. Department Health and Human Services’ Office for Civil Rights (OCR) is responsible for enforcing compliance with HIPAA security and privacy regulations. OCR conducts audits triggered by patient complaints or reported breaches. Healthcare organizations can avoid or pass OCR audits by educating staff, designating a security officer, reviewing policies and procedures, performing security risk analysis, working with vendors, creating a risk management plan, reviewing business associate agreements, and providing regular HIPAA training.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is