The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry.

In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:

• Healthcare Cybersecurity Act introduced in the U.S. Senate; details and analysis about the proposed regulation
• HHS and OCR seek feedback on new HITECH safe harbors for the adoption of cybersecurity best practices including NIST and HITRUST
• OCR requests feedback on how HIPAA civil monetary penalties should be shared with individuals that have been victims of breaches
• University of Pittsburgh Medical Center is required to make payments to 66,000 employees that were victims of a 2014 cyber breach as part of legal settlement
• Proposed PATCH Act that would see the FDA require cybersecurity measures for medical device manufacturers; details and analysis
• New NIST standards for enterprise patching management including NIST SP 800-40 and NIST SP 1800-31
• FDA releases updated guidance on medical device cybersecurity (in addition to the PATCH Act)
• Lapsus$ cyber threat group alerts from the Health Sector Cybersecurity Coordination Center (HC3) as well as prominent arrests of the Lapsus$ gang’s teenage leader
• Arrest of ransomware leader responsible for 13 ransomware attacks; details of attacks and sentencing
• Germany and the U.S. shut down the world’s largest illegal darknet marketplace
• CISA warns of Uninterruptible Power Supply (UPS) device cyberattacks
• Urgent security alert for Philips MRI monitoring software
• A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell'
• S State Department announces Bureau of Cyberspace and Digital Policy (CDP)