BankInfoSecurity.com

HIPAA Settlement Small Compared to Many Others
U.S. federal regulators fined a dental practice software vendor with a seemingly lowball financial penalty for a high-stakes 2020 hack affecting 15 million individuals that the company failed to report. Maryland-based MMG Fusion agreed to $10,000.

Researchers Tie UAT-9244 Intrusion to Famous Sparrow and Tropic Trooper
A China-linked cyberespionage group has been targeting telecommunications providers in South America since 2024 using a set of newly discovered malware tools designed to maintain persistent access to critical communications infrastructure, Cisco Talos researchers found.

Vendors Cite Global Teams as Iran War Raises Travel Questions From Israel
Several Israeli cybersecurity firms say they still plan to attend RSAC 2026 despite the Iran war. Companies including Orca Security, Check Point, Cyera and Radware say their global workforce structure allows them to maintain conference participation even if travel from Israel remains difficult.

Trump Signs Executive Order and Publishes Cyberspace Strategy
U.S. President Donald Trump signed Friday afternoon an executive order directing federal prosecutors, cyber defense officials and diplomats to ramp up efforts to combat cybercriminal gangs. Trump signed the order in tandem with publishing a five-page cybersecurity strategy.

Growing AI Investments Push Enterprises to Demand Accountability From Tech Vendors
Companies spent over $300 billion on artificial intelligence last year, yet most initiatives produced little measurable value. As skepticism grows, a new debate is emerging around accountability in enterprise technology contracts and whether vendors should share responsibility for outcomes.

Key Challenges in the Proposed HIPAA Security Rule Update
The HIPAA Security Rule may soon undergo its first major overhaul in decades. Although finalization could come as early as May 2026, timelines remain uncertain as new requirements are grounded in modern cybersecurity practices and frameworks.

Experts Urge Preparedness, Nonstop Vigilance, See Ongoing Risk of Online Reprisals
Seven days into the United States and Israel continuing "major combat operations" against Iran, Tehran continues to respond with kinetic attacks against neighboring countries. While no cyberattacks have emerged, experts see unpredictability and continue to urge caution, monitoring and preparedness.

Also: Anthropic Claude Code Security Impact on AppSec, RSAC Conference Preview
In this week's panel, four ISMG editors discuss the potential cyber spillover from escalating tensions in the Iran-Israel-U.S. conflict, the market disruption sparked by Anthropic's Claude Code Security launch and a preview of RSAC Conference 2026.

OT Experts Weigh In on SP-800 82 Revisions
Now is the moment for U.S. federal guidance on securing OT to plunge deeper into the practicalities of securing systems, an extension into actionable advise that reflects a maturing branch of cybersecurity, several OT security specialists told the national Institute of Standards and Technology.

More Code, More Problems - and More Testing
When Anthropic unveiled Claude Code Security late last month, investors were quick to punish traditional cybersecurity vendors. But analysts say the impact of Anthropic's new service will likely be more nuanced than indicated by early reactions.

New CEO John Heyman Says Enterprises Need Tools to Manage Thousands of AI Agents
New OneTrust CEO John Heyman said enterprises rapidly deploying generative AI will soon manage hundreds or thousands of AI agents across their organizations. They must monitor AI agents' data flows and third-party technologies as privacy risk and security oversight increasingly converge.

Also: Trojanized RedAlert App, Tycoon 2FA Takedown, CyberStrikeAI Attacks
This week, Cisco patches and hacks. Trojanized app targeted Israelis. Bye-bye, Tycoon 2FA. Also bye-bye LeakBase. A LexisNexis breach. Woman sentenced for trafficking Microsoft licenses. Silver Dragon targeted governments. Broadcom patch. A Mississippi medical clinic resumed operations.

Compromise Affects Healthcare Clients of Co.'s Revenue Cycle Management Services
Billing services vendor Trizetto Provider Solutions is notifying 3.4 million individuals of a hacking incident discovered in October 2025 that investigators have now determined started nearly a year earlier, when threat actors accessed the company's healthcare clients' insurance related data.

Lawmakers, Industry Warn Supply-Chain Risk Label Sets Dangerous Precedent for Tech
Major tech firms, defense leaders and lawmakers are rallying behind Anthropic as the Pentagon threatens to label the AI developer a supply-chain risk after a dispute over surveillance safeguards, raising fears the move could chill AI investment and reshape government tech contracting.

System Meant to Dispel FUD Faces Uphill Climb to Widespread Adoption
Hurricanes, tornados, earthquakes - and now operational technology cyber incidents - all can receive a numerical score based on their severity, although a new effort promoting an "OT Incident Impact Score" faces an uphill climb to get the traction it needs to succeed.

Millisecond Detection and Layered Controls Will Shape Future Payment Security
Stablecoins can remove chargebacks and make transactions irreversible in fraud cases. This trend is forcing banks to analyze risks before a payment executes. AI models must work within milliseconds while maintaining accuracy and minimizing friction for legitimate users.