Hello world,
Today’s Paubox Weekly is 527 words - a 2 minute read.
Want to get this type of content delivered to your inbox every Friday? Subscribe to Paubox Weekly.
The healthcare industry is reeling from a series of data breaches that affected 15 million patients in April 2024.
Going deeper: The data breaches were primarily driven by two distinct types of incidents: unauthorized access or disclosure and hacking.
While investigating a Windows DWM Core Library privilege escalation bug, cybersecurity researchers at Kaspersky stumbled upon information about a previously unknown Windows DWM vulnerability.
Why it matters: The vulnerability, if successfully exploited, would allow attackers to gain SYSTEM-level privileges on the affected system.
QakBot has served as an initial infection vector
WebTPA Employer Services disclosed a data breach impacting the personal information of 2,429,175 individuals. The company, a third-party administrator specializing in health insurance and benefits plans, discovered the breach in late 2023.
What happened: WebTPA detected suspicious activity on its network on December 28, 2023. An investigation uncovered that a threat actor had stolen personal information between April 18 and April 23, 2023.
At least seven class action lawsuits have been filed
The Advanced Research Projects Agency for Health (ARPA-H) announced the launch of the Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE) program to improve healthcare cybersecurity.
What's new: UPGRADE focuses on creating a software suite that can proactively evaluate potential vulnerabilities by probing models of hospital systems for weaknesses.
Will allocate $50 million to create tools for IT teams
HIPAA training typically focuses on direct patient interactions and protecting patient privacy.
The bottom line: Specialized training is necessary for new professionals to ensure they understand the unique requirements and responsibilities of their positions.
Elements to implement into staff training