The Office for Civil Rights (OCR) has clarified it is the responsibility of covered entities to make breach notifications in the wake of the Change Healthcare cyberattack, even if the task is delegated to associates such as UnitedHealth Group (UHG). The OCR also gave specific instructions on the reporting procedure and started the 60-day clock for notification, thereby alleviating concerns about the incident’s regulatory impact.

The NHS needs to tighten its third-party supplier cybersecurity
The NHS should proactively fortify cybersecurity within its third-party software suppliers following recent damaging ransomware attacks, says Jonathan Lee from Trend Micro. He suggests implementing