The HHS Office of Inspector General (OIG) has called for the Office for Civil Rights (OCR) to expand its HIPAA audit program and define audit effectiveness metrics following a rise in healthcare cyberattacks and data breaches. An OIG audit discovered OCR fulfilled its duties to perform periodic audits for HIPAA compliance, but did not include many of the necessary safeguards, and did not require audited entities to take corrective action. OCR was in agreement with most recommendations but cited a need for increased funding and staffing resources.
Found in the wild: The world’s first unkillable UEFI bootkit for Linux
Security firm ESET has found the first known example of a Linux UEFI bootkit, a type of malware that infects the Unified Extensible Firmware Interface.
