The US Department of Health and Human Services (HHS) has published a proposed rule to overhaul the HIPAA Security Rule, aiming to better protect health data from cybersecurity threats. Changes would enforce stricter standards for healthcare entities in establishing and maintaining defenses, including requiring robust cybersecurity requirements. The suggested revisions would also align the Security Rule with industry best practices such as the NIST Cybersecurity Framework and the EU’s GDPR. Public comments can be submitted until 7 March.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is