Paubox Weekly: Google addresses the fifth zero-day vulnerability in Chrome

Hello world,

Today’s Paubox Weekly is 543 words - a 2 minute read.

Want to get this type of content delivered to your inbox every Friday? Subscribe to Paubox Weekly. 

1. Google addresses the fifth zero-day vulnerability in Chrome

Google has patched a zero-day vulnerability in its Chrome browser that would have allowed attackers to execute malicious code on users' devices.

The bottom line: While Google has patched the reported vulnerabilities, users must promptly update their Chrome browsers to the latest version to mitigate the security risk.

The fifth time this year already

2. Paubox customers: Paubox Zoom social mixer (May 2024)

The Paubox Zoom social mixer for May 2024 was a roundtable discussion covering topics like ransomware, new cybersecurity threats, and DMARC best practices.

What was said: The mixer began with a harrowing tale of a nurse who downloaded a legal document that contained Gootloader - pre-ransomware designed to prepare a computer system for a future ransomware attack.

Read the key takeaways

3. DMARC best practices according to the NSA

A joint cybersecurity advisory released by the NSA and FBI includes their recommended DMARC security policies.

The big picture: A DMARC policy is a security measure for email that helps prevent fraud and phishing. It ensures that emails claiming to come from your domain are genuinely sent from your domain.

The bare minimum recommended by the NSA

4. HHS finalizes regulations on patient care decision tools, including AI

The HHS recently finalized anti-discrimination regulations addressing patient care decision support tools, including clinical algorithms and AI.

What's new: The regulations place clear obligations on covered entities to proactively address the potential for discrimination within their patient care decision support tools.

A one-year compliance timeline

5. Ascension Health falls victim to cyberattack, impacting 13.4 million

Ascension Health experienced a cyberattack in May that disrupted operations and patient care that may have affected 13.4 million customers.

What was said: A provider at Ascension Health told Fox Business that their “teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible."

The average cost of a cyberattack has risen to $4.45 million

6. 500+ organizations globally breached in Black Basta ransomware attack

CISA and the FBI reported that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024, encrypting and stealing data from at least 12 critical infrastructure sectors.

Why it matters: Healthcare organizations, in particular, are urged to apply the recommended mitigations due to their attractiveness to cybercriminals and the potential for significant disruptions to patient care.

Linked to the attack that hit Ascension Health

Community links

• Why patient portals are inconvenient: An evidence-based perspective. Link
• How HIPAA governs the way reproductive PHI is used in an investigation. Link
• The FTC set to distribute $7.8M BetterHelp settlement. Link
• Kaseya ransomware attacker receives prison sentence, must pay $16M. Link
• HHS regulations elevate adult protective services nationwide. Link
• How threat actors use mailbox delegation to access your emails. Link
• How to train healthcare employees on two-factor authentication (2FA). Link
• All about alert routing. Link
• Will OpenAI sign a BAA? (Update 2024). Link
• HIPAA compliant intake forms for therapy sessions. Link
• What is DKIM 2048? Link
• All about cloud email services. Link

Good reads from around the web

• FBI seizes hacking forum BreachForums — again. Link
• North Korean hackers exploit Facebook Messenger in targeted malware campaign. Link
• U.S. health care is increasingly like a casino. Link
• Top social determinants of health barring patient care access. Link
• Cyber companies start fulfilling the promise of AI security. Link

What happened last week