AI Vendor Risks in Healthcare
The Health Sector Coordinating Council (HSCC) has released new guidance aimed at helping the healthcare and public health sector manage the growing cybersecurity risks from third party AI vendors. As AI technology becomes embedded in a wide range of medical products and services, the number of potential attack vectors expands. The guidance provides a framework for assessing and mitigating these emerging threats, which are increasingly targeting sensitive patient data and critical healthcare operations.
Software Supply Chain Attacks Multiply
A flurry of attacks targeting software supply chains has raised alarms across industries. Threat actors have backdoored popular JavaScript libraries like Axios to distribute remote access Trojans, while also exploiting open source repositories at an accelerating pace. Experts urge developers to go beyond code integrity tools and introduce delays before merging new repositories, as unfolding attacks are often detected within hours or days. Cloudsmith recently raised $72 million to expand policy enforcement and real time package risk analysis, reflecting the growing focus on supply chain threats tied to open source dependencies and AI assisted development.
Healthcare Vendor Breach Exposes Patient Data
CareCloud, an electronic health records vendor, notified the SEC of a cyber incident that temporarily disrupted its software and accessed one of its EHR environments. The company is still assessing whether patient data was stolen. Separately, CISA warned of a high severity vulnerability in Grassroots DICOM, an open source library widely used in medical imaging products, that could allow attackers to cause denial of service conditions by sending specially crafted files.
Source: Healthcareinfosecurity
