National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems

Protection of our Nation’s critical infrastructure is a responsibility of the government at the Federal, State, local, Tribal, and territorial levels and of the owners and operators of that infrastructure. The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our Nation. The degradation, destruction, or malfunction of systems that control this infrastructure could cause significant harm to the national and economic security of the United States.



HHS OCR Summer 2021 Cybersecurity Newsletter
A recent reportof security incidents and data breaches found that 61% of analyzed data breaches in the healthcare sector were perpetrated by external threat actors and 39% by insiders. Without appropriate authorization policies and procedures and access controls,hackers, workforce members, or anyone with an Internet connection may have impermissible access to the health data, including protected health information(PHI),that HIPAA regulatedentities hold. News stories and OCR investigations abound ofhackers infiltrating information systems, workforce members impermissibly accessing patients’ health information,and electronic PHI(ePHI) being left on unsecured servers.
New website – The U.S. Government’s One-Stop Location to Stop Ransomware

The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. is a whole-of-government approach that gives one central location for ransomware resources and alerts. We encourage organizations to use this new website to understand the threat of ransomware, mitigate risk, and in the event of an attack, know what steps to take next.

HHS OCR June 25 Cybersecurity Update

Dell Boot Recovery Remote Code Execution Vulnerability Impacts Millions of Devices: Eclypsium security researchers have discovered a vulnerability in the Dell BIOSConnect feature available on at least 180 models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Secured-core PCs. This undesignated vulnerability has a calculated CVSS score of 8.3 (High), potentially impacting millions of devices.



Confidentiality Coalition Webinar: HIPAA: Privacy, Security and New Challenges, Oh My!

HIPAA has provided the privacy and security of health data for decades; however new challenges have arisen with the rapid expansion of technology. Experts will provide overviews of both the HIPAA privacy and security rules, followed by a discussion about next steps to respond to a changing privacy and security environment. Watch here.