The Office for Civil Rights (OCR) has clarified it is the responsibility of covered entities to make breach notifications in the wake of the Change Healthcare cyberattack, even if the task is delegated to associates such as UnitedHealth Group (UHG). The OCR also gave specific instructions on the reporting procedure and started the 60-day clock for notification, thereby alleviating concerns about the incident’s regulatory impact.

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
An updated version of a malware loader, known as Hijack Loader, has been discovered with new features aimed at evading detection and maintaining persistence. The