The US Department of Health and Human Services is proposing new cybersecurity requirements for healthcare organizations to protect patients’ private data from cyberattacks. The rules, estimated to cost $9 billion in the first year, include mandatory multifactor authentication, network segmentation, and encryption of patient data. These proposals will update the 1996 Health Insurance Portability and Accountability Act.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is