In 2025, another unwanted record was set for losses to cybercrime, with almost $21 billion in reported losses, beating the previous record of $16.6 in losses set in 2024 by 26%, according to the Federal Bureau of Investigation (FBI) Internet Crime Report 2025. The report was compiled based on complaints filed with the FBI’s Internet Crime Complaint Center (IC3), which topped 1 million for the first time, increasing from 859,000 complaints in 2024. This is the 25^th year that the FBI has released its annual report, which started with a few thousand complaints filed per month to an average of almost 3,000 complaints per day in 2025.

The increase in losses was largely driven by an increase in losses to investment fraud ($8,648,617,756), which was the largest cause of losses in 2025, followed by business email compromise – BEC – ($3,046,598,558) and tech support scams ($2,134,675,818).

Source: FBI Internet Crime Complaint Report 2025

In terms of complaint volume, phishing topped the list (191,561 complaints), followed by extortion (89,129 complaints), investment fraud (72,984 complaints), and personal data breaches (67,456), with non-payment/non-delivery rounding out the top 5 (56,478 complaints). Cyber-enabled fraud was present in 453,000 complaints, accounting for $17.7 billion in total losses. In 2025, 181,565 complaints related to cryptocurrency, and 22,364 related to AI-related incidents, with the latter involving $893 million in losses.

IC3 received 3,611 complaints related to ransomware, resulting in more than $32 million in losses. Those losses do not include losses due to business disruptions, equipment, or third-party remediation costs. Ransomware attacks were among the top cyber threats reported by critical infrastructure entities. The biggest ransomware threats in terms of complaint volume were Akira, Qilin, INC Ransom/Lynx/Sinobi, BianLian, and Play. Across all 16 critical infrastructure sectors, the healthcare and public health sector experienced the highest number of cyber threats, including 182 data breaches and 460 ransomware attacks, ahead of critical manufacturing, financial services, information technology, and the government.

The FBI said it has upgraded its efforts to prevent cybercrime, including blocking attacks, notifying victims, and freezing stolen funds. In January, the FBI launched its Operation Winter Shield, which explained some of the most important steps that businesses can take to improve their defenses against cyber threats and block cyberattacks. The FBI also launched Operation Level Up, a proactive approach to identify and alert victims of cryptocurrency investment fraud. The FBI reports that out of the 3,780 victims the agency notified last year, 78% were unaware that they were being scammed. Last year, the FBI also initiated approximately 3,900 Financial Fraud Kill Chain (FFKC) interventions, and was able to block a significant number of fraudulent transactions, freezing more than $679 million in fraudulent transfers, achieving a 58% success rate, and a 65% success rate for its FFKC Actions in healthcare.

The post 2025 Losses to Cybercrime Exceeded $20 Billion appeared first on The HIPAA Journal.

Two critical vulnerabilities have been identified in Progress Software’s ShareFile service. The flaws could potentially be chained by an unauthenticated remote attacker to make configuration changes and achieve remote code execution.

While there have been no known cases of the vulnerabilities being exploited in the wild to date, vulnerabilities in file sharing software are actively targeted by threat actors, so attempted exploitation is likely. In 2023, a zero-day vulnerability in Progress Software’s MOVEit file transfer software was mass exploited by the Clop ransomware group, which claimed hundreds of victims worldwide. To a lesser extent, vulnerabilities in Fortra’s GoAnywhere, Accellion FTA, and Cleo MFT were also mass exploited. Users are therefore encouraged to apply the security updates promptly to prevent exploitation.

The vulnerabilities affect ShareFile Storage Zones Controller v5 version deployments for customer-managed zones and include an authentication bypass flaw tracked as CVE-2026-2699 and a remote code execution flaw tracked as CVE-2026-2701.

According to Progress Software’s security alert, “These vulnerabilities allow an unauthenticated remote attacker to access on-prem storage zones controller’s configuration pages, potentially leading to changes in system configuration and remote code execution.” The authentication bypass flaw has a CVSS v3.1 base score of 9.8, and the RCE flaw has a CVSS base score of 9.1.

The vulnerabilities affect versions 0 through 5.12.3 and have been patched in version 5.12.4. The vulnerabilities do not exist in any v6 versions. Progress Software strongly recommends upgrading to a patched version of V6 as soon as possible to prevent exploitation. Any users of unsupported versions should ensure they upgrade to a supported and fixed version as soon as possible.

The vulnerabilities were identified by security researchers Sonny and Piotr Bazydlo of watchTowr, who reported them to Progress Software. According to Shadow Server, there are 334 Unique IPs associated with ShareFile in the United States.

The post Critical Flaws Identified in Progress Software ShareFile Service appeared first on The HIPAA Journal.

Cybersecurity researchers warn that there could potentially be mass exploitation of a critical flaw in Citrix NetScaler products on a scale similar to the CitrixBleed vulnerability in 2023, which was exploited by ransomware groups. Earlier this week, Citrix disclosed a critical vulnerability affecting its NetScaler ADC and NetScaler Gateway application-delivery products. The vulnerability is an input validation flaw that could allow an attacker to leak sensitive information.

The vulnerability occurs in NetScaler ADC and NetScaler Gateway when configured as a SAML IdP, leading to memory overread. The vulnerability is tracked as CVE-2026-3055 and has a CVSS v4 severity score of 9.3. The vulnerability affects the following NetScaler products, but only when the appliance is configured as a SAML identity provider (IdP):

• NetScaler ADC and NetScaler Gateway 1 BEFORE 14.1-66.59
• NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-62.23
• NetScaler ADC FIPS and NDcPP BEFORE 13.1-37.262

Citrix has released updated software versions to fix the vulnerability, and all customers are advised to prioritize remediation of this vulnerability due to the high risk of exploitation. NetScaler devices are constantly targeted by threat actors, and the vulnerability is certain to be targeted when a proof-of-concept exploit is released.

This is not the only vulnerability to be disclosed by Citrix this week. Citrix also disclosed a race condition flaw – CVE-2026-4368 – that affects  NetScaler ADC and NetScaler Gateway 14.1-66.54, when the appliance is configured as either a gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or a AAA virtual server. The vulnerability is rated high severity, with a CVSS base score of 7.7. Action should be taken to mitigate the vulnerability for customer-managed instances. The vulnerability has been fixed in version 14.1-60.58. Further information on the flaws can be found in the Citrix security bulletin.

March 31, 2026, Update: The vulnerability is being actively exploited, though the scale of the exploitation remains unclear. CISA has added the vulnerability to its Known Exploited Vulnerability (KEV) Catalog on March 30, 2026, and has ordered all federal civilian branch agencies to ensure the vulnerability is patched by April 2, 2026. All network defenders, including those in the private sector, have been advised to prioritize patching the vulnerability and ensure it is mitigated as soon as possible.

The post Urgent Action Required to Fix Actively Exploited Critical Citrix NetScaler Vulnerability appeared first on The HIPAA Journal.

Healthcare has retained its position as the industry most targeted by cyber actors, an unwanted accolade that the sector has held for more than a decade, and in 2025, healthcare had the highest average ransom payments, averaging $1,154,245, according to the recently published BakerHostetler 2026 Data Security Incident Response Report. The report is based on more than 1,250 data security incidents that the law firm was engaged in last year.

BakerHostetler has been publishing annual breach reports for 12 years, and in each of those years, healthcare accounted for more cyber incidents than any other industry. In 2025, healthcare – which includes biotech and pharma – accounted for 27%, with finance/insurance in second spot, accounting for 18% of incidents. While healthcare data breaches remain high – more than 700 last year – 2025 was the second consecutive year where breaches impacting 500 or more individuals declined, albeit only slightly.

Last year saw some threat actors issue astronomical ransom demands, the highest of which was $98 million, more than double the highest ransom demand in 2024 ($40 million). The largest ransom paid was $5.65 million, down from more than $20 million in 2024. Ransom payments increased in 2025, from an average payment of $501,338 in 2024 to $682,702, although average payments in healthcare were 69% higher.

BakerHostetler’s analysis revealed threat actors are spending less time in networks, with the dwell time falling from 36 days in 2023 to just 22 days in 2025. As defenders have got better at detecting intrusions, threat actors have had to adapt and are spending less time snooping to find data of interest. Linked to this is a growing trend of encryption being abandoned in some attacks, with some threat groups opting to solely conduct extortion only attacks. These are faster and quieter, with less chance of discovery before the attackers have achieved their aims, although in some attacks, the exfiltration of data is what tipped off victims to the attack, forcing the attackers to abandon encryption.

In 2025, across all industry sectors, 34% of victims of ransomware attacks paid the ransom, but there was a notable shift in the reason for payment last year. In 2024, 43% of victims of ransomware attacks paid the ransom to obtain a decryptor, with 34% paying to prevent the publication of stolen data. Those figures were reversed in 2025, with 31% of victims paying to obtain the decryptor, 43% paid to prevent the publication of stolen data, and 26% paid to recover data and prevent a data leak. Out of all extortion/ransomware incidents, 64% resulted in data theft requiring notices to individuals.

The Qilin ransomware group stepped up its attacks in 2025, having recruited affiliates from other ransomware operations, although Akira took top spot, based on the number of incidents BakerHostetler was engaged to assist with. Lynx/Inc ransom took third spot followed by Clop in 4^th, and the now defunct RansomHub in 5^th. The law enforcement operations against the LockBit ransomware group have clearly been effective, as BakerHostetler reports that for the first time in the past 5 years, LockBit was not in the top five most active ransomware groups.

This year’s report includes a spotlight on the healthcare sector. Out of all healthcare incidents that BakerHostetler was engaged in, 35% were attributed to vendors, which remain an Achilles heel in the industry. Vendor incidents were among the largest data breaches, such as the data breach at Conduent that affected more than 10 million individuals, the 5 million+ data breach at Episource, and the data breach at Oracle Health (Cerner). The number of individuals affected by the latter has not been disclosed, but is certainly in the millions.

While announcements were made about 21 resolution agreements in 2025, only 12 of the settlements/notices of final determination had 2025 dates. Out of those 12, seven resolved alleged HIPAA violations at business associates, as OCR demonstrated it is taking a keen interest in HIPAA compliance by vendors.

BakerHostetler suggests that fewer penalties are likely to be imposed this year, as OCR may opt for providing more efficient technical assistance; however, state attorneys general may well fill the gap as they exercise their authority to penalize healthcare organziations over breaches of the protected health information of state residents.

BakerHostetler predicts that state actions are likely to increase, as states are increasing staffing in their data privacy units. The expected focus will be data breach incident investigation, data awareness and data minimization, more robust protections for sensitive data, and greater incident investigation transparency, and with Congress yet to pass federal data privacy legislation, more states will implement their own privacy legislation.

The post BakerHostetler: Healthcare Remains Most Targeted Sector with Extortion-Only Attacks on the Rise appeared first on The HIPAA Journal.

A high-severity vulnerability has been identified in Grassroots DICOM that could be exploited by a remote threat actor to trigger a denial-of-service condition.  The vulnerability, tracked as CVE-2026-3650, is a memory leak issue that has been assigned a CVSS v3.1 severity score of 7.5.

Grassroots DICOM is a C++ library for DICOM medical images that comes with a scanner implementation capable of quickly scanning hundreds of DICOM files for attributes. Grassroots DICOM is used by healthcare and public health sector organizations worldwide, including in the United States.

The vulnerability affects Grassroots DICOM (GDCM) version 3.2.2 and occurs when parsing malformed DICOM files with non-standard VR types in file meta information. If an attacker sends a specially crafted file, when that file is parsed, it leads to vast memory allocations and resource depletion, triggering a denial of service condition. A maliciously crafted file could fill the heap in a single read operation without properly releasing it.

The vulnerability was identified by Volodymyr Bihunenko, Mykyta Mudryi, and Markiian Chaklosh of ARIMLABS, who reported it to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which contacted the maintainer of Grassroots DICOM; however, the maintainer failed to respond to requests by CISA to mitigate the vulnerability.

While there is currently no fix to remediate the vulnerability, CISA has suggested recommended practices to reduce the potential for exploitation. They involve ensuring that the Grassroots DICOM is not exposed to the internet, that control system networks are located behind firewalls and are isolated from business networks, and if remote access is required, that secure methods are used to connect, such as Virtual Private Networks (VPNs), ensuring that the VPN is running the latest software version.

The post High Severity Vulnerability Identified in Grassroots DICOM appeared first on The HIPAA Journal.

A class 2 recall has been issued by the U.S. Food and Drug Administration (FDA) for certain GE HealthCare Centricity medical imaging products due to a vulnerability that could potentially be exploited by an unauthorized individual to manipulate data or impact system availability. Centricity Universal Viewer is a device that displays medical images such as mammograms and data from various imaging sources. The vulnerability affects the following Centricity Universal Viewer software versions:

• Versions 5.0 SP6 through UV 5.0 SP7.1
• Versions 6.0 through 6.0 Sp10.4.1
• Versions 7.0 through 7.0 Sp2.0.1

The recall was issued as the vulnerability may cause temporary or medically reversible adverse health consequences, but where the probability of serious adverse health consequences is remote. The vulnerability is due to user login credentials being exposed on the local client workstation. As such, an unauthorized individual could obtain the credentials and potentially impact system availability and/or manipulate data; however, the potential for exploitation is limited, as direct physical access to the local workstation is required.

There have been no known cases of exploitation of the vulnerability nor any known unauthorized access to patient data, according to GE Healthcare. The vulnerability was discovered by GE Healthcare during routine testing, and the company is working on a permanent fix. GE HealthCare has issued instructions for customers to follow to allow them to continue using their devices until the fix is issued.

According to the FDA’s recall notice, in order to continue using the affected products, users must ensure that appropriate security controls are implemented, as stated in the product manuals. Network account authentication should be implemented by using Active Directory/LDAP services for user management. If network authentication is not possible, users should contact GE Healthcare to request temporary steps to mitigate the issue.

The post FDA Issues Recall Notice for GE HealthCare Centricity Universal Viewer appeared first on The HIPAA Journal.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging U.S. organizations to strengthen administrative controls for the Intune endpoint management tool, following the Iran-linked cyberattack on the medical technology company Stryker. The Stryker cyberattack was conducted by a threat actor called Handala – a hacktivist group with links to Iran’s Ministry of Intelligence and Security.

Handala claimed to have exfiltrated 50 terabytes of data in the attack, before wiping data. Handala has claimed that it managed to delete 12 Petabytes of data in the attack from 200,000 devices. Wiper malware was not required, as Handala used the built-in wipe command in the Intune cloud-based endpoint management tool to wipe Windows devices, including mobile phones and laptops.  According to Bleeping Computer, a source familiar with the incident claimed that Handala compromised an administrator account and created a new Global Administrator account, which was used to wipe the data.

At the time of writing, the military action against Iran is continuing, and Iran has issued threats of retaliation. In addition to a military response, retaliation is also likely to include further cyberattacks on U.S. companies. “CISA is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026, cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment,” explained CISA in its March 18, 2026, alert. Consequently, CISA is recommending that organizations take steps to harden their endpoint management system configurations by following Microsoft’s recommendations.

The three main actions to take to harden Intune involve adopting a least-privilege approach for admin roles, assigning only the necessary permissions for day-to-day operations through Microsoft’s Intune role-based access control (RBAC). Organizations are advised to enforce phishing-resistant multifactor authentication and privileged access hygiene, including using Microsoft Entra ID capabilities to block unauthorized access to privileged actions in Microsoft Intune. Microsoft also recommends configuring access policies to require multiple admin approvals. Policies should be set up that require approval from a second administrative account in order to make changes to sensitive or high-impact actions, such as wiping devices, applications, scripts, RBAC, and configurations.

According to the Palo Alto Networks Unit 42 team, there has been an increase in cyberattacks related to the war with Iran, including data wiping attacks and data theft. While the attack on Stryker involved misuse of Intune to wipe data, Iran-linked threat groups commonly use wiper malware in their offensive cyber operations. The Unit 42 team has observed Iran-nexus hacking groups and hacktivist groups increasing wiper attacks and spear phishing attacks. In addition to hardening Intune security, organizations should ensure that they patch promptly, have robust data backup systems in place, and have a tested disaster recovery and business continuity plan for data wiping attacks.

The post CISA Advises U.S. Organziations to Harden Microsoft Intune Following Stryker Data Wiping Attack appeared first on The HIPAA Journal.

The Trump administration has announced its long-awaited cybersecurity strategy. While light on detail, the Trump administration has committed to deploying the full suite of defensive and offensive cyber operations available to the U.S. government and will aggressively target transnational cybercrime groups to protect Americans.

For many years, cybercriminals have targeted the United States more than any other country, and cyberattacks have been growing in volume and sophistication. Financially motivated cybercriminals and state-sponsored hacking groups continue to target the U.S. government and private sector firms, with Russia, China, Iran, and North Korea posing the greatest threat to critical infrastructure and national security. In contrast to published strategies from past administrations, none of these countries is named in the policy document.

The document – President Trump’s CYBER STRATEGY for America – announces six policy pillars that underpin the strategy. Each of the six policy pillars is vital for national security; however, the document lacks detail on how the U.S. government will achieve those cybersecurity goals. The strategy includes only 5 pages of text, two of which are introductory pages boasting of the might of the United States, America’s wealth of cybersecurity talent, and its unrivalled technological and economic innovation.

Regarding talent, the U.S. government has lost a considerable amount during President Trump’s second term, including the heads of the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA). Neither agency currently has a Senate-confirmed leader, and CISA has lost around one-third of its workforce under the current administration.

That said, the strategy is welcome news and will guide the efforts of the United States in targeting cybercriminals and nation-state actors. By improving defenses and aggressively targeting cybercriminal gangs, the Trump administration plans to make it much harder for adversaries’ cyber operations to succeed by eroding their capabilities and raising the costs for their aggression.

“By disrupting adversaries’ cyber campaigns and making our networks more defensible and resilient, we will unleash innovation, accelerate economic growth, and secure American technology dominance. We will remove burdensome, ineffective regulations so that our industry partners innovate quickly in emerging technologies. Partners in the private sector must be able to respond and recover quickly to ensure continuity of the American economy,” explained President Trump in the cyber strategy document.

The six pillars outlined in the strategy for guiding the U.S. government are:

• Shape adversary behavior – Full use of government resources for tackling cybercrime and incentivizing the private sector to help identify and disrupt adversary networks. “We will uproot criminal infrastructure and deny financial exit and safe haven.”
• Promote common sense regulation – The administration plans to streamline cyber regulations to reduce compliance burdens, address liability, and better align regulators and industry globally.
• Modernize and secure federal government networks – Accelerating the modernization of federal information systems by implementing cybersecurity best practices, post-quantum cryptography, zero-trust architecture, and cloud transition.
• Secure critical infrastructure – Harden defenses and information and operational technology supply chains to deny adversaries access and ensure a rapid response and recovery in the event of a successful attack
• Sustain superiority in critical and emerging technologies – Building secure technologies and supply chains, supporting the security of cryptocurrencies and blockchain technologies, promoting post-quantum cryptography and secure quantum computing, and securing the AI technology stack and promoting innovation in AI security.
• Build talent and capacity – Ensuring there is investment in America’s cyber workforce, the creation of a pipeline that develops and shares talent, and the elimination of roadblocks that prevent industry, academia, government, and the military from aligning incentives and building a highly skilled cyber workforce.

The cyber strategy is accompanied by a new Executive Order that targets transnational criminal organizations that engage in cybercrime, fraud, and predatory schemes targeting American families, businesses, and critical infrastructure. The Executive Order specifically targets the most prevalent and costly cybercriminal operations, including ransomware attacks, phishing campaigns, financial fraud, sextortion schemes, and impersonation scams.

The Executive Order directs administration officials to conduct a comprehensive review of the operational, technical, diplomatic, and regulatory tools for combatting cybercriminal gangs, establishes a dedicated operational cell within the National Coordination Center (NCC) tasked with creating an action plan that identifies the groups responsible for scam centers and cybercrime and solutions for prevention, investigation, detection, disruption, and dismantling those groups’ operations.

The Attorney General has been instructed to prioritize prosecutions of cyber-enabled fraud and scam schemes, pursuing the most serious, provable offenses, and create a  Victims Restoration Program to ensure that seized and forfeited funds are directed to the victims of cybercrime. The Secretary of the Department of Homeland Security has been tasked with working with state and local partners and providing training, technical assistance, and resilience building against cyber threats.

The reception of the cyber strategy has been largely positive, although the policy has attracted some criticism for failing to state how the U.S. government will achieve its cybersecurity goals.  “The National Cyber Strategy represents an important step in aligning federal cyber policy with the scale and complexity of today’s threats. However, the hard work begins now, and that’s translating the vision into ambitious-yet-achievable operational outcomes. Consequence-based prioritization will be essential to ensure finite federal and private-sector resources are focused on the systems where disruption would have the greatest national impact,” said Matthew Hartman, Chief Strategy Officer at Merlin Group, a network of affiliates that invests in, enables, and scales cyber technology companies. “At the same time, this is an opportunity to clarify how government and industry divide responsibility for defining and delivering shared security and resilience outcomes. If implemented effectively, the strategy can help drive coordinated action across government and strengthen resilience across the infrastructure that underpins the U.S. economy and national security.”

“President Trump’s Cyber Strategy for America puts operational effect ahead of “compliance theater.” From a practitioner’s perspective, the emphasis on modernizing federal systems with zero trust, post‑quantum cryptography, and AI‑enabled defense—while streamlining duplicative regulation—is directionally appropriate,” said Bruce Jenkins, Chief Information Security Officer, Black Duck, an application security solution provider. “The real test and historical challenge will be in execution: translating these pillars into clear requirements, faster procurement, and measurable risk reduction across government and the defense industrial base.”

The post Trump Administration Announces Aggressive Cyber Strategy appeared first on The HIPAA Journal.

The Senate Health, Education, Labor, and Pensions (HELP) Committee has advanced the Health Care Cybersecurity and Resiliency Act, with a 22-1 vote in favor of the bill. The Health Care Cybersecurity and Resiliency Act was first introduced in November 2025, followed by a largely unchanged bill that was reintroduced in December 2025. As the name suggests, the bill seeks to introduce new cybersecurity requirements to strengthen healthcare cybersecurity.

Many of the bill’s requirements were included in the proposed update to the HIPAA Security Rule issued by the HHS’ Office for Civil Rights in the final days of the Biden administration. It remains to be seen whether the current administration will push ahead with the HIPAA Security Rule update, which has proven to be unpopular with health systems and provider associations.

The Health Care Cybersecurity and Resiliency Act was proposed by a bipartisan group of senators – HELP Committee Chair Sen. Bill Cassidy (R-LA), and Sens. Mark Warner (D-VA), Maggie Hassan (D-NH), and John Cornyn (R-TX), and could attract more support than the unpopular Security Rule update. The Health Care Cybersecurity and Resiliency Act calls for several cybersecurity measures similar to but not as extensive as those in the proposed HIPAA Security Rule update. They include new cybersecurity minimum standards for HIPAA-regulated entities, including multifactor authentication, data encryption, penetration testing, and regular security audits. The bill also requires changes to breach reporting requirements, such as requiring all regulated entities to report the number of individuals affected by a cybersecurity incident, and for the HHS to publish the corrective actions and recognized security practices applied by a regulated entity following a data breach.

Other requirements of the bill are greater coordination between the HHS and the Cybersecurity and Infrastructure Security Agency (CISA), the HHS to develop a cybersecurity incident response plan, the HHS to designate the Administration for Strategic Preparedness and Response as the Sector Risk Management Agency, and for enhanced recognition of security practices, including an annual report on how the HHS is complying with the requirements of the Consolidated Appropriations Act of 2021 with respect to the adoption of recognized security practices by HIPAA-regulated entities.

Much of the criticism of the proposed Security Rule update centered on the considerable burden it would place on healthcare providers and the cost of the required security changes, which would divert resources away from patient care. The Health Care Cybersecurity and Resiliency Act would provide financial assistance to under-resourced providers, including hospitals, cancer centers, rural health clinics, health facilities operated by the Indian Health Service, and academic health centers, to help them make the necessary improvements to cybersecurity. The bill also requires the HHS to issue guidance for rural entities and rural health clinics on best practices for cybersecurity breach prevention, resilience, and coordination with federal agencies.

While advancing past a HELP Committee vote is an important step, it remains to be seen whether the bill has sufficient strength to survive a House vote, make it to the President’s desk, and be signed into law.

The post Senate HELP Committee Advances Healthcare Cybersecurity Bill appeared first on The HIPAA Journal.