Security breaches are top of mind today with more news around the data breach at Columbus Regional Healthcare System. The question of who is liable for data breaches continues to be examined as the legal system catches up with trends in the market.
Maybe as a result, hospitals and health systems are putting more of a focus on cybersecurity with plans for higher spending on this essential budget item, according to a new report. Even as the spending rises, security teams continue to struggle with the sprawl of security tools and alerts.
We also have news today about a new cybersecurity funding, a new distribution agreement, and some troubling news about how the UK government is losing ground when it comes to investigating ransomware incidents.
As always, please send your news, tips and insights to me at [email protected]. I’m also interested in the type of news you’d like to see us cover here. Please let me know.
Today’s MSSP Market Update
1. Class action data breach lawsuit - Who is liable for security breaches? A class action lawsuit filed in federal court alleges Columbus Regional Healthcare System violated its patients’ privacy rights when hackers accessed their personal data in a cybersecurity breach last year. Plaintiffs say CRHS "owed a duty" to them "to secure and safeguard that information" and to not subject them "to an unreasonable risk of exposure and theft." (source: News Reporter)
2. Hospital cybersecurity spending to rise - Three-quarters of hospitals and health systems spent more on information technology last year and many will continue to do so, with greater focus on IT infrastructure and bolstering cybersecurity, according to a new report from Bain & Company and KLAS Research. (source: American Hospital Association)
3. Security tool sprawl - Security teams, on average, use over 90 security tools, yet 60% report “too much noise and too many security alerts” to manage effectively, according to a new report by cybersecurity company Red Canary. Teams spend twice as much time on operational tasks as opposed to cyber readiness.
4. Cybersecurity Series A round - Harmonic Security has secured $17.5 million Series A funding for what it calls “zero-touch data protection,” bringing total funding to more than $26 million. The company’s data protection uses pre-trained, specialized language models. The Series A round was led by Next47. It joins Ten Eleven Ventures which led a $7 million seed round in October 2023.
5. Distribution deal - Cobalt, a provider of pentest as a service, has announced a partnership with emt Distribution, a leading IT distributor based in the Middle East.This key expansion of Cobalt's growing partner network underscores the rising importance of offensive security in enhancing security programs and modernizing pentesting.
6. Bad guys get upper hand - Ransomware incidents being investigated by the UK’s data protection regulator have fallen to record lows, raising questions about the regulator’s capacity and approach to the problem, according to The Record. Of the 1,253 incidents reported to the Information Commissioner’s Office (ICO) last year, only 87 were investigated — fewer than 7% — and just 19 of the 440 incidents reported in the first half of this year have been subjected to an investigation, fewer than 5%. Last year the privacy watchdog investigated more than 99% of the 605 ransomware incidents.
Looking for more news and a list of industry events? Check out the daily news column on our affiliate site ChannelE2E here.