According to the Q1, 2024 ransomware report from the ransomware remediation firm Coveware, ransom payments have fallen to a record low with only 28% of victims opting to pay the ransom to recover files and/or prevent the exposure of stolen data. In Q1, 2019, more than 80% of victims of ransomware attacks paid the ransom, but the percentage has been steadily falling, with only 29% of victims paying up in Q4, 2023, and just 28% in Q1, 2024.

Coveware suggests several reasons for the decline in payments, including better preparation and more advanced protective measures that allow victims to recover files without having to pay the ransom, legal pressure on victims not to give in to demands, and growing distrust of ransom groups. There have been an increasing number of attacks where payment has been made only for the attackers to continue to leak data or trade stolen data with other groups. For instance, the recent Blackcat ransomware attack on Change Healthcare saw the operators pocket the $22 million ransom payment and not pay the affiliate, who switched to the RansomHub group, which started leaking the data to pressure Change Healthcare into paying another ransom payment.

Coveware also reports that the confidence of ransomware affiliates has been shaken by recent law enforcement operations against LockBit and BlackCat. While groups were able to recover from the takedowns, the operations demonstrated that ransomware groups are not beyond the reach of Western law enforcement agencies. Further, the actions of the groups following the attacks have not helped to restore affiliates’ confidence. Both groups have had public disputes with affiliates and refused to pay them their cut of the ransoms, and coupled with the risk of having their identities discovered by law enforcement, many have chosen to quit conducting attacks for those groups and potentially quit ransomware altogether.

Based on the attacks where Coveware has been engaged to assist with recovery, Akira is now the dominant group with a market share of 21%, followed by Blackbasta and Lockbit which each have a 9% share, medusa, Phobos, and BlackCat with 6%, and Rhysida, BlackSuit and Inc Ransom with a 4% market share. BlackBasta has returned to the list of top ransomware groups, which suggests that affiliates have been leaving BlackCat and Lockbit, while the increase in Phobos attacks suggests that some affiliates are choosing to set up their own operations.

There has been a trend for increasing ransom payments since 2019 and a sharp increase in payments in Q1, 2023; however, by Q3, 2024, ransom payments started to fall. That fall has continued, with Q1, 2024 seeing an average payment of $381,980, down 32% from the previous quarter. Median payments have been increasing slowly and jumped by 25% to $250,000 in Q1, 2024. This is due to ransomware groups demanding more reasonable payments to increase the likelihood of being paid.

The threat of publication of stolen data is often enough to get victims to pay up. 23% of victims who were only faced with the threat of publication of their data chose to pay the ransom in Q1; however, there is no guarantee that the stolen data will be deleted. The law enforcement disruption of LockBit confirmed that the group still held a lot of data from attacks where the victims had paid to have their data deleted. There have been several cases where payment has been made to one group, only for the data to be provided to another ransomware group for re-extortion.

Coveware tracks the ransomware vectors used to gain initial access to networks; although that is becoming increasingly difficult, with the initial access vector unclear in more than 40% of Q1, 2024 attacks. Remote access compromise is the most common of the confirmed attack vectors, with software vulnerabilities and phishing both in decline. It is also common for multiple attack vectors to be used to achieve an extortion-level impact. While few sectors have escaped ransomware attacks, in Q1, 2024, healthcare was the worst affected industry, accounting for 18.7% of attacks, followed by professional services (17.8%), the public sector (11.2%), and consumer services (10.3%).

The post Only 28% of Ransomware Victims Choose to Pay Ransom appeared first on HIPAA Journal.

The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) have issued a joint cybersecurity advisory about the Akira ransomware operation, which has conducted more than 250 attacks and has been paid around $42 million in ransom payments. The group’s operators are highly skilled and are associated with the infamous Conti ransomware operation.

Akira is a relatively new ransomware group that emerged in April 2023 that mostly targets small- to medium-sized businesses and demands ransom payments from around $200,000 to millions of dollars. The group has attacked many verticals including finance, real estate, manufacturing, and healthcare. Attacks on healthcare targets prompted the Health Sector Cybersecurity Coordination Center to issue a Sector Alert about Akira ransomware in September 2023. The latest cybersecurity advisory from CISA and Partners shares information on the latest tactics, techniques, and procedures (TTPs) used by the group, updated indicators of compromise (IoCs), and recommended mitigations for network defenders.

Akira has been observed gaining initial access to victims’ networks through a Virtual Private Network (VPN) service without multifactor authentication, primarily through the exploitation of the Cisco vulnerabilities CVE-20203259 and CVE-2023-20269. The group also targets external facing services including Remote Desktop Protocol (RDP), abuses valid credentials, and conducts spear phishing attacks.

When a corporate network has been breached, the group moves laterally and attempts to obtain Windows domain credentials, then deploys ransomware to encrypt files. The group engages in double extortion tactics, stealing sensitive data from victims and demanding payment to prevent stolen data from being leaked and for the keys to decrypt files. Initially, the group only attacked Windows systems but has developed a Linux encryptor and now also targets VMware ESXi virtual machines. The group uses Kerberoasting techniques and Mimikatz to obtain credentials, LaZagne to help with privilege escalation, PowerTool to exploit the Zemana AntiMalware driver and terminate antivirus-related processes, and FileZilla, WinRAR, WinSCP, and RClone for data exfiltration.

The cybersecurity advisory includes several recommended mitigations to prevent and reduce the impact of Akira ransomware attacks, some of the most important of which are ensuring that patches are applied to fix known exploited vulnerabilities – especially CVE-20203259 and CVE-2023-20269, enforcing phishing-resistant multifactor authentication across the organizations in particular for VPNs, webmail, and accounts linked to critical systems, and ensuring that software is kept up to date.

The post CISA & Partners Share New Threat Intelligence on Akira Ransomware appeared first on HIPAA Journal.

Exploitation of a recently disclosed zero-day vulnerability affecting Palo Alto Networks firewalls has grown since proof-of-concept exploits were released, and a previously recommended mitigation is ineffective at preventing exploitation of the flaw.

The vulnerability, tracked as CVE-2024-3400, is a command injection flaw in versions 10.2, 11.0, and 11.1 of the PAN-OS operating system that powers its firewalls. The vulnerability is thought to have been exploited since March 26, 2024, initially by a nation-state-affiliated group tracked as Operation MidnightEclipse; however, Palo Alto Networks has detected an additional 20 IP addresses attempting to exploit the flaw.

The vulnerability affects the GlobalProtect gateway or portal VPN feature on certain PAN-OS devices, and can be exploited by an unauthenticated attacker to execute arbitrary code with root privileges. The vulnerability has a maximum CVSS v3 severity score of 10. According to security researchers at Rapid7, the vulnerability is being exploited as part of an exploit chain, along with a second vulnerability that has yet to have a CVE assigned. The second vulnerability is a file creation vulnerability in the GlobalProtect web server.

Initially, Palo Alto Networks said PAN-OS firewalls are vulnerable to attack if GlobalProtect gateway and device telemetry are both enabled. Palo Alto Networks released an initial security advisory about the flaw on Friday, along with recommended mitigations. A secondary mitigation action suggested by Palo Alto Networks was disabling device telemetry; however, Palo Alto has now confirmed that the mitigation is no longer effective, as vulnerable firewalls do not need device telemetry to be enabled to be exposed to attacks.

According to SharowServer, around 156,000 vulnerable Palo Alto Networks devices are exposed to the Internet, although it is unclear how many of those devices have been patched. To remediate the vulnerability, customers should ensure a hotfix is applied. Rapid7 has confirmed that the hotfixes released by Palo Alto networks are effective at preventing the exploitation of CVE-2024-3400.

The hotfixes are PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and all later versions. On Thursday and Friday, Palo Alto Networks released hotfixes for other commonly deployed maintenance releases, as detailed in an updated HC3 Sector Alert from the Health Sector Cybersecurity Coordination Center (HC3).

The post Palo Alto Networks Updates Mitigations as Exploitation of 0Day Firewall Vulnerability Grows appeared first on HIPAA Journal.

An analysis of ransomware activity by GuidePoint Security’s Research and Intelligence Team (GRIT) shows a 55% year-over-year increase in active ransomware groups and an almost 20% increase in ransomware victims (1,024) compared to Q1, 2023.

According to Guidepoint Security’s Q1 2024 Ransomware Report, the industries most impacted by ransomware attacks were manufacturing, retail and wholesale, and healthcare. While there was a 7.4% increase in posted victims from February to March, there was a decline in attacks on healthcare organizations, which fell from 32 new additions to data leak sites in February to just 20 in March. There was a similar reduction in attacks on law firms, which decreased from 20 in February to 10 in March. In Q1, 2024, more than half of all victims (537 attacks) were based in the United States – The first time since Q2, 2023, that more than 50% of attacks were conducted in the US. The United Kingdom was the second most targeted country (60 attacks).

In Q1, 2023, GRIT identified 29 distinct, active ransomware groups whereas 45 groups were detected in Q1, 2024. The most active ransomware group in Q1, 2024 was LockBit. Even with the law enforcement disruption of the LockBit ransomware group in February 2024, LockBit retained the top spot claiming 219 victims in the quarter, although this was below the typical number of attacks the group conducts. Prior to the law enforcement operation that disrupted its operation on February 20, 2024, LockBit was averaging 3 attacks a day. From February 24 through the end of March, the group dropped to an average of 2 attacks a day. The group now appears to be back up to full speed, claiming 97 victims in March alone. The next most active group was Blackbasta which conducted 73 attacks in Q1, 2024, up 151% from the previous quarter, followed by Play with 71 attacks, down 37% from Q4, 2023. While the Qilin ransomware-as-a-service group conducted relatively few attacks (44) in 2023, it has increased activity considerably in 2024 claiming 34 victims in the quarter.

There has been significant law enforcement activity against ransomware groups in recent months. LockBit survived the attempted takedown by the Operation Cronos Task Force, which only caused a few days of severe disruption but ransomware attacks have been conducted at a lower volume in the weeks since. In late December, law enforcement disrupted the ALPHV/Blackcat ransomware group, which was the second most prolific ransomware group in 2023. The group responded by removing virtually all restrictions for affiliates and actively encouraged attacks on healthcare organizations until the attack on Change Healthcare, after which the group appeared to pocket the full ransom payment as part of an exit scam and shut down its operation.

Even with the disruption of LockBit and the ALPHV shutdown, there was still a 19.2% increase in reported victims in the quarter with a minimum of 50 victims added to data leak sites each week and a high of 125 victims posted one week in March. GRIT identified attempts by several groups to attract new affiliates in Q1, including the Medusa, Cloak, and RansomHub groups, which were advertising their RaaS operations on deep and dark web forums in January and February 2024, with RansomHub activity appearing to have increased in the weeks since. Three new ransomware groups emerged in Q1 – Killsec, Donex, and Redransomware. While these groups only conducted a small number of attacks (22) in March, activity is likely to increase. Attacks fell from 1,117 in Q4, 2023 to 1,024 in Q1, 2024, and with the shutdown of the ALPHV operation, Q2 may see attacks continue to decline; however, the affiliates who worked for ALPHV are likely to switch ransomware operations, with other groups likely to increase activity to fill the gap.

The post Ransomware Attacks Up 20% YoY with 55% Increase in Active Ransomware Groups appeared first on HIPAA Journal.

IT professionals and security executives believe cyberattacks have increased since 2023 according to a recent survey by Keeper Security.  The cybersecurity firm surveyed 800 IT leaders globally, and 92% said they thought cyberattacks have increased in the past year with 95% saying that cyberattacks have become so sophisticated that they feel unprepared to deal with emerging threat vectors such as AI-based attacks (35%), deepfakes (30%), leveraged 5G networks (29%), unauthorized cloud control (25%), and fileless attacks (23%). It is not only external threat actors that are conducting attacks, as 40% of respondents said they have experienced a cyberattack caused by an insider. The main types of attacks that have increased in frequency are phishing (51%), malware (49%), ransomware (44%), and password attacks (31%). A majority of IT professionals said phishing and smishing attacks have become much harder to detect, which many attribute to the use of generative AI by cybercriminals.

There was a surge in ransomware attacks in 2023; however, attacks have fallen in 2024 according to the Israeli cybersecurity firm Cyberint. In 2023, there was a 55.5% increase in victims of ransomware attacks, with 5,070 organizations reporting attacks in 2023 and 1,309 reported attacks in Q4 alone. However, in Q1, 2024, only 1,048 have been reported, down 22% from Q4, 2023.

Cyberint offers several possible explanations for the decline. There has been increased law enforcement activity, including two operations targeting two of the most active groups, LockBit and ALPHV, that disrupted their operations. In the case of LockBit, the disruption was particularly short, with the group claiming to have rebuilt its infrastructure within a week of the takedown. In Q1, 2024, 210 attacks were attributed to LockBit showing that the disruption was only temporary. In December 2023, a law enforcement operation seized some of the infrastructure of the ALPHV group, and while the group remained active, only 51 attacks were confirmed in Q1, 2024, down from 109 attacks in Q4, 2024. The group also recovered quickly and, in response, removed restrictions for affiliates, and actively encouraged attacks on healthcare targets. The ALPHV group has now shut down following the attack on Change Healthcare, although ALPHV is expected to rebrand and return.

Cyberint also suggests that the decreasing number of victims paying ransoms has made ransomware attacks less profitable, leading some affiliates to pursue other sources of income. Data from the ransomware remediation firm Coveware shows ransom payments fell to a record low in Q4, 2023, with only 29% of victims choosing to pay the ransom. Ransom payments have also fallen to an average payment in Q4, 2023 of $568,705, a 33% decrease from the previous quarter.

While some groups appear to have shut down their operations, several new groups have emerged. In Q1, 2024, Cyberint tracked the emergence of 10 new ransomware groups. While these groups have not been conducting attacks on the scale of ALPHV, there is the potential for them to scale up their operations. One of those groups, RansomHub, is attempting to extort Change Healthcare, and claims it has the data stolen in its ALPHV ransomware attack.

While the reduction in ransomware attacks is good news, it is too early to tell whether the decline will continue or if it is just a blip. What is more certain is that, in the short term at least, ransomware is likely to continue to be one of the biggest cyber threats faced by organizations.

The post Cyberattacks Have Increased but Ransomware Attacks Have Declined in 2024 appeared first on HIPAA Journal.

Investing in cybersecurity can help organizations prevent data breaches and avoid regulatory fines, but there are other benefits. A recently released report from Diligent Institute and Bitsight shows organizations that have a strong cybersecurity program tend to have better financial performance and deliver higher returns for their shareholders.

For the report, Diligent Institute and Bitsight analyzed data from 4,149 mid to large-sized organizations in multiple sectors across Australia, Canada, France, Germany, Japan, the United Kingdom, and the United States. Cybersecurity oversight at the committee level was assessed to determine the impact on cybersecurity risk ratings and each company’s cyber oversight structure was correlated with their security performance data, with each company given a security performance classification of basic, intermediate, or advanced.

The study revealed companies with advanced security ratings created almost 4 times the amount of value for their shareholders as companies with basic security ratings. Over three and five years, companies with an advanced security rating had a Total Shareholders’ Return (TSR) of 372% and 91% higher respectively, compared to companies with a basic security rating. Over three and five years, the average TSR for companies with an advanced security rating was 71% and 67%, compared to a 37% and 14% TSR for companies with a basic security rating.

The report showed that healthcare and other highly-regulated sectors appreciate the importance of cybersecurity and understand that cybersecurity is not simply an IT problem, rather it is an enterprise risk that can have an impact on the company’s short-term performance and long-term health. Healthcare outperformed other sectors in terms of cybersecurity performance and had the highest average security rating of all industries represented in the study.

In addition to the correlation between cybersecurity performance and shareholder return, the researchers found a correlation between board structure and security ratings, with companies that had specialized risk or audit committees performing better than those that did not. Companies with specialized risk or audit committees had an average security rating of 710, compared to an average rating of 650 for companies that had neither of these committees.

Integrating a cybersecurity expert into a board committee tasked with cybersecurity risk oversight makes a significant difference to an organization’s security performance; however, simply having a cybersecurity expert on the board does not mean a company will have a better security rating. Companies with cybersecurity experts on the board had an average security score of 580, compared to an average rating of 700 for companies that had cybersecurity experts on either audit committees or specialized risk committees. The researchers note that it is rare for boards to include cybersecurity experts, with only 5% of the assessed companies having cybersecurity experts on their boards. “Companies seeking to hire cybersecurity expertise for the board should first ensure that the board is appropriately organized so that expertise can be properly incorporated into the oversight mechanisms,” suggested the researchers.

The post Companies with Strong Cybersecurity Programs Deliver Higher Returns for Shareholders appeared first on HIPAA Journal.

Warnings have been issued by the American Hospital Association (AHA) and the Health Sector Cybersecurity Coordination Center (HC3) about a social engineering campaign that targets IT helpdesk at U.S. hospitals. According to the AHA, the campaign uses the stolen identities of revenue cycle employees or employees in other sensitive financial roles. The threat actor contacts the IT helpdesk and uses stolen personally identifiable information to answer security questions posed by IT helpdesk staff. Once the threat actor has navigated the questions, they request a password reset and ask to enroll a new device, often with a local area code, to receive multi-factor authentication (MFA) codes.

Once the new device has been enrolled, the threat actor logs into the user’s account and successfully passes the MFA check, the MFA code is sent to the newly registered device. The AHA warns that these attacks can also bypass phishing-resistant MFA. The main purpose of the campaign appears to be to divert legitimate payments. Once access has been gained to an employee’s email account, payment instructions are changed with payment processors, resulting in fraudulent payments to U.S. bank accounts. Access may also be used to install malware on the network.

HC3 is aware of this social engineering campaign and said IT helpdesks are told that the user has broken their phone so they cannot receive any MFA codes. The helpdesk is provided with the last four digits of the target employee’s social security number (SSN), corporate ID number, and demographic details to pass security checks. HC3 suggests the information is likely to have been obtained from publicly available sources such as professional networking sites and/or past data breaches. The tactics in the campaign mirror those used by a threat group known as Scattered Spider (UNC3944). Scattered Spider claimed responsibility for a similar campaign targeting the hospitality and entertainment industry, which led to BlackCat ransomware being used to encrypt files on the network. Ransomware is not believed to have been used in the campaign targeting the healthcare sector and it is unclear which threat group is behind the campaign.

The AHA was first made aware of the campaign in January 2024 and issued a warning to hospitals. The warning has now been reissued due to an uptick in incidents. “The risk posed by this innovative and sophisticated scheme can be mitigated by ensuring strict IT help desk security protocols, which at a minimum require a call back to the number on record for the employee requesting password resets and enrollment of new devices,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “Organizations may also want to contact the supervisor on record of the employee making such a request. In addition, a video call with the requesting employee might be initiated and a screenshot of the employee presenting a valid government-issued ID be captured and preserved.” One large health system has changed its policies and procedures following a successful attack and now requires employees to visit the IT helpdesk in person in order to change their password or register a new device.

You can view the HC3 alert and recommended mitigations here.

The post Social Engineering Campaign Targets Hospital IT Helpdesks appeared first on HIPAA Journal.

The Health Sector Cybersecurity Coordination Center (HC3) has issued a healthcare and public health (HPH) sector alert about credential harvesting, one of the most common tactics used by hackers in cyberattacks on the HPH sector.

While there are more secure ways of authenticating individuals and controlling access to accounts and resources, credentials such as usernames, passwords, and personal information are commonly used. Credentials provide access to online accounts, email systems, patient data, and network resources. If credentials are obtained, hackers will gain the user’s privileges and a foothold in the network.

Credential harvesting leads to data breaches, but oftentimes credential harvesting is the first stage in a much more extensive attack. The access may allow a hacker to compromise further accounts and escalate privileges, exploit vulnerabilities in internal systems, deploy malware, move laterally within the network, disrupt administrative functions, and cause system downtime, which can impair healthcare professionals’ ability to provide patient care.

Credential harvesting is most commonly associated with phishing, but credentials can be obtained using a variety of methods, the most common of which are:

• Phishing: The use of deceptive messages to trick users into disclosing their login credentials, often on attacker-controlled websites
• Keylogging: Malware that records keystrokes as they are entered by users, including usernames and passwords.
• Brute Force Attacks: Automated attempts using numerous combinations of usernames and commonly used passwords until the correct combination is identified.
• Person-in-the-Middle (PITM) Attacks: The interception of communications between two parties, capturing login credentials exchanged during the authentication process.
• Credential Stuffing: The use of credentials obtained in one data breach to access accounts on other platforms/systems where the same username/password combinations have been used.

Since there are a variety of ways that credentials can be harvested, there is no single mitigation that can protect against this tactic. Healthcare organizations need to be proactive and implement several mitigations to reduce risk. Multi-factor authentication (MFA) is one of the most important security measures as it adds an extra layer of authentication. If credentials are compromised, without the additional authentication, account access will not be granted. Phishing-resistant MFA provides the highest level of protection.

Many credential harvesting attacks use email to make initial contact with users. Email filtering solutions such as spam filters will block the majority of these messages and prevent them from reaching end users; however, even the most advanced email security solutions will not block all malicious messages. Employee training and awareness are therefore important. Members of the workforce (from the CEO down) should be educated about phishing and other credential harvesting methods and be taught cybersecurity best practices.

Monitoring and detection solutions should be used to identify suspicious login attempts and suspicious user behavior, endpoint security solutions can protect against malware such as keyloggers, systems should be kept up to date to prevent the exploitation of vulnerabilities, and organizations should ensure they have comprehensive incident response plans to minimize the harm caused should an attack prove successful.

This is the second sector alert to be issued by HC3 this month on tactics used by malicious actors in attacks on the HPH sector. The earlier alert covers email bombing, which is used for denial of service attacks.

The post HHS Shares Credential Harvesting Mitigations appeared first on HIPAA Journal.

This week, Senator Mark R. Warner (D-VA) introduced new legislation that will allow for advance and accelerated payments to healthcare providers in the event of a cyberattack. The new legislation was introduced in response to the recent ransomware attack on Change Healthcare, which caused an outage that lasted for more than 4 weeks. The outage prevented physicians and hospitals from processing claims, billing patients, and checking insurance coverage for care, and the reimbursement delays have left many healthcare providers struggling to pay workers and buy supplies, with some placed at risk of becoming financially insolvent.

Given the increase in cyberattacks on the healthcare sector in recent years, a major attack that caused massive nationwide disruption to healthcare was an inevitability, and there will likely be other highly damaging healthcare cyberattacks in the future. The Health Care Cybersecurity Improvements Act of 2024 will help to ensure that in the event of another attack, healthcare providers will not face such challenging financial problems.

Sen. Warner, a member of the Senate Finance Committee and co-chair of the Senate Cybersecurity Caucus, has been sounding the alarm about healthcare cybersecurity for some time. In 2022, he published a white paper that framed cybersecurity as a patient safety issue. The Change Healthcare ransomware attack demonstrated how a cyberattack can prevent patients from receiving timely care and essential medications. “The recent hack of Change Healthcare is a reminder that the entire healthcare industry is vulnerable and needs to step up its game. This legislation would provide some important financial incentives for providers and vendors to do so.”

The Health Care Cybersecurity Improvements Act of 2024 will allow for advance and accelerated payments to healthcare providers in the event of a cyber incident; however, they would only qualify if they and their vendors meet minimum cybersecurity standards. In the press release announcing the new legislation, Sen. Warner did not mention what those minimum cybersecurity standards are, as that will be left to the HHS Secretary to determine.

Currently, in certain situations, Medicare Part A providers (such as acute care hospitals, skilled nursing facilities, and other inpatient care facilities) and Part B suppliers (including physicians, nonphysician practitioners, durable medical equipment suppliers, and others who furnish outpatient services) can experience cash flow difficulties due to specific circumstances that are beyond their control, as happened following the Change Healthcare ransomware attack. The Centers for Medicare and Medicaid Services (CMS) has provided temporary financial relief to Medicare Part A providers and Part B suppliers through Accelerated and Advance Payment (AAP) programs, which provide advance payments from the federal government, which are later recovered by withholding payments for later claims.

The Health Care Cybersecurity Improvements Act of 2024 will modify the existing Medicare Hospital Accelerated Payment Program and the Medicare Part B Advance Payment Program. If the legislation is passed, the HHS Secretary will determine if the need for payment results from a cyber incident, and if it does, the healthcare provider requiring the payment must meet minimum cybersecurity standards, which will be determined by the Secretary. For instance, a healthcare provider may be required to implement the essential cybersecurity performance goals recently announced by the HHS. If the provider has implemented those minimum cybersecurity measures and the provider’s intermediary was the target of the incident, the intermediary must also meet minimum cybersecurity standards in order for the provider to receive the payments.

If passed, the act would take effect two years from the date of enactment, which will give healthcare organizations sufficient time to ensure they comply with the cybersecurity requirements set by the HHS Secretary.

The post Legislation Introduced to Provide Advance Payments to Providers Affected by Cyberattacks appeared first on HIPAA Journal.