DataBreachToday.com

Britain will likely ban at least some types of ransom payments as it revamps the nation's cybersecurity laws, but many open questions remain, including sectors and the organizational sizes to be covered, and if all payments might be required to pass sanctions checks, said policy expert Jen Ellis.

NASCIO Agenda Focuses on AI Policy, Cyber Investment and Critical Infrastructure
State CIOs have lots on their plates, juggling multiple priorities from AI to cybersecurity. But the state IT programs don't have to go it alone. The National Association of State CIOs' 2026 agenda focuses on federal legislation - and federal funds - that could help state IT programs.

Artificial intelligence use in healthcare is only as safe and accurate as the governance and trust frameworks surrounding it, particularly in clinical environments where errors or hallucinations can directly impact patient care, said Dave Bailey, vice president at consultancy Clearwater.

CEO Rohit Ghai Emphasizes Platform Depth, Threat Intel and AI-Powered Simplicity
Rohit Ghai, the new CEO of Barracuda, is leading a push to protect midmarket and resource-constrained businesses through a deeply integrated platform powered by AI. He says ease of use, human-led threat intelligence and modular deployment are essential to meeting their cybersecurity needs.

Russian Hacking Shows Limits of Preventive Measures
Europe must step up its active defenses against cyberattacks and modernize its IT infrastructure, a leading expert has warned in the wake of a major attack on Poland's energy grid attributed to Russian hackers.

Civil Society Orgs Concerned Deal Could Tilt Cloud Security Space in Google’s Favor
A coalition of European civil society organizations is urging regulators to launch a detailed antitrust investigation into Google's proposed $32 billion purchase of Wiz. They argue the acquisition would strengthen Google's dominance in cloud security and undermine multi-cloud neutrality.

Also: Why AI Agents Are Colliding, What Good Governance Ought to Look Like
In this week's panel, four ISMG editors discussed real-time vishing attacks that are defeating MFA, the growing problem of AI agents making conflicting decisions inside of enterprises and why the next phase of AI adoption depends on governance, accountability and control.

Comstar Paid Feds $75K Last Year to Settle HIPAA Allegations in Same 2022 Breach
An ambulance billing and collections firm has agreed to pay $515,000 to Massachusetts and Connecticut regulators and implement a prescriptive information security program in the aftermath of a 2022 hacking incident affecting the sensitive information of nearly 350,000 residents in those states.

ACAMS Says Investigators Need Better Data, Architecture and AI-Based Detection
The financial system has a trust problem driven by artificial intelligence, and CIOs looking to prevent fraud and other financial crimes will only face more challenges as criminals find new ways to use AI to swindle, according to an Association of Certified Anti-Money Laundering Specialists survey.

Also, SmarterMail Flaw, Nike Breach Probe, Empire Market Co-Creator Pleads Guilty
This week, researchers exposed an Android RAT abusing Hugging Face. Attackers exploited a SmarterMail flaw. Automakers raised cyber spending. CISA flagged a VMware bug. Microsoft patched Office. An Empire Market co-creator pleaded guilty. Nike probed a breach.

Agents Fuel Digital Risk Protection, Open-Source Intel Adoption in Regulated Spaces
Outtake will invest $40 million to grow its automated platform for digital risk protection and open-source threat intelligence. CEO Alex Dhillon says the New York-based startup's agent-led model stands apart by replacing manual labor with scalable AI workflows.

CISA Defends Director’s Use of AI Tool Despite Internal Compliance Review
Cybersecurity and Infrastructure Security Agency Acting Director Madhu Gottumukkala uploaded sensitive documents to ChatGPT under a temporary, approved exception, prompting internal alerts and reigniting concerns over the agency's AI governance and leadership judgement.

Revisions to 42 CFR Part 2 that go into effect soon to better align federal regulations for the confidentiality of substance use disorder records with HIPAA require entities to adjust their compliance programs. But the changes aren't easy, said attorney David Holtzman, founder of HITprivacy LLC.

ShinyHunters Campaign Uses Voice Phishing to Bypass MFA and Steal Corporate Data
Security experts warn that "an active and ongoing campaign" being waged by ShinyHunters extortionists has at least 150 organizations in its sights across a range of sectors, with attackers using live voice phishing to bypass multifactor authentication, steal cloud data and hold it to ransom.

Web-Based Client on Local Host Didn't Sanitize Inputs
Video camera surveillance management software made by South Korean manufacturer Idis is susceptible to a one-click attack giving hackers the power to execute arbitrary code. The vulnerability allows an attacker to escalate beyond the browser sandbox and achieve code execution on the host.

Reported Victim Tally in HCIactive's Health Data Theft Incident Soars
The victim count in a 2025 hack against a Maryland-based firm that provides "AI-powered" administrative and technology services to healthcare practices soared to nearly 3.1 million nationwide, according to an updated breach report from Healthcare Interactive.