The US Department of Health and Human Services (HHS) has proposed rules to increase cybersecurity protections for electronic health data. The changes extend to HIPAA-regulated entities such as healthcare providers, insurers, and associated businesses, imposing stricter requirements around risk assessments, data encryption, and more. It will eliminate the “required” and “addressable” distinctions in the implementation specifications, making all violations mandatory. The public has until March 7, 2025, to submit comments on the proposal.
GuidePoint warns of Python backdoor used in ransomware
GuidePoint Security identified a threat actor using a Python-based backdoor to persistently access breached endpoints and release RansomHub encryptors across compromised networks. The backdoor was