The U.K. government is considering banning ransomware payments to make critical industries “unattractive targets for criminals.” It would apply to all public sector bodies and critical national infrastructure, which includes NHS trusts, schools, local councils, and data centres. Currently, all government departments nationwide are banned from paying cyber criminals to decrypt their data or prevent it from being leaked. This rule intends to protect the services and infrastructure the British public relies on from financial and operational disruption. The health sector is classified as CNI, so withholding ransomware payments could impact patient care. According to Bloomberg, the attack on pathology company Synnovis last June, which led to months of NHS disruption, resulted in harm to dozens of patients, with long-term or permanent damage in at least two cases. SEE: Number of Active Ransomware Groups Highest on Record Organisations must also report ransomware attacks within three days On top of the ban, the proposed legislation will make it mandatory for organisations to report ransomware attacks within 72 hours of becoming aware of it. This is so law enforcement remains up-to-date on whom is being targeted and how which aids their investigations into organised crime groups and enables them to publish helpful advisories. The Home Office also wants to instate a ransomware payment prevention regime involving educating businesses on responding to a live threat and criminalising unreported payments. It is hoped that this will both increase the National Crime Agency’s awareness of attacks and reduce the number of payouts made to hackers, especially in exchange for data suppression. On Jan. 14, the Home Office opened a consultation on these three proposals, which will run until April 8. Ultimately, the goal is to reduce the sum of cash criminals extract from U.K. companies and boost understanding of the ever-changing ransomware landscape to aid prevention and disruption efforts. “These proposals help us meet the scale of the ransomware threat, hitting these criminal networks in their wallets and cutting off the key financial pipeline they rely upon to operate,” security minister Dan Jarvis said in a press release. The proposed approach to improving the country’s cyber security appears to echo that of the U.S. The federal government mandates compliance with its cyber security initiatives for federal agencies and regulated industries, hoping other businesses will voluntarily follow suit. Must-read security coverage Blanket ban could disproportionately impact small businesses and non-critical sectors Within the documentation outlining the proposals, the Home Office acknowledges the potential for the legislation to disproportionately impact small and micro-businesses “which cannot afford specialist ransomware insurance, or clean up specialists.” These SMBs will have less employee capacity during an attack to engage with the government and meet reporting deadlines. As a result, they may feel that the only option to retain their business is to pay to decrypt data. SEE: 94% of Ransomware Victims Have Their Backups Targeted Alejandro Rivas Vasquez, the global head of Digital Forensics and Incident Response at security firm NCC Group, said in a statement that the blanket rule could create “unfair and administrative burdens that become complex and unmanageable” for smaller businesses. He said: “Instead of a one size fits all approach, we’d recommend the government explore a less burdensome obligation that could be applied to smaller businesses, or focus on incentivising businesses to improve their security posture, rather than punitive action.” Vasquez added that applying the ban only to public sector bodies and CNI could impact other industries. “A blanket ban could place a larger target on sectors not included in the ban, such as manufacturing, which doesn’t currently fall under the scope,” he said. Manufacturing was the second most targeted industry for ransomware last year, after services, and saw a 71% year-on-year increase. Furthermore, the legislation would not impact hackers who are motivated by factors other than money. As Vasquez said: “In geopolitically motivated attacks, which can be launched by nation states, ransomware is a tool to cripple critical national infrastructure and steal sensitive data – money is not the objective. Banning payments would be futile in stemming such attacks – the hackers would already have the data they need.” U.K.’s cyber risks are ‘widely underestimated’ In December, Richard Horne, head of the U.K.’s National Cyber Security Centre, warned that the country’s cyber risks are “widely underestimated.” He said that hostile activity had “increased in frequency, sophistication, and intensity,” largely from foreign actors in Russia and China. According to the NCSC’s Annual Review 2024, the agency handled 430 incidents this year compared to 371 in 2023. Of these, 13 were “nationally significant” ransomware incidents threatening essential services or the wider economy. SEE: Microsoft: Ransomware Attacks Growing More Dangerous The report called ransomware the most pervasive threat to U.K. businesses, especially in academia, manufacturing, IT, legal, charities, and construction. According to the NCSC, the pervasion of generative AI has been found to increase the risk of ransomware by providing “capability uplift” to attackers. Amateur attackers can use it to craft social engineering materials, analyse exfiltrated data, code, and reconnaissance, which essentially lowers the barrier to entry. source

Coming from South Africa but living in Europe, I can tell you that sending money to family and friends back home is a bit of a nightmare. Typically you must use a traditional bank, which can take a week or more, or payment apps like PayPal or Wise, which charge high fees.  The antiquated nature of remittance payments is something that immigrants are all too familiar with. Demand for better alternatives is giving rise to a new cohort of fintech companies looking to streamline the process. One of them is London-headquartered LemFi. Founded in 2021, the financial services platform enables diaspora communities in North America and Europe to quickly and affordably send money to friends and family in China, India, Pakistan, Nigeria, Kenya, and 15 other countries in the Global South. Sadly, for me, South Africa is not yet on the list. However, LemFi is expanding fast so I might not have very long to wait. LemFi has already onboarded 1 million customers so far, who have made a combined $1bn in monthly transactions through the app. Transactions to and from Asia are currently growing at 30% month-on-month, said the company. And last week, LemFi, which employs over 300 people, officially set up shop in Europe. The startup is tapping a global remittance market predicted to reach $1.3 trillion by 2032.   The 💜 of EU tech The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now! All that growth potential, has, unsurprisingly, piqued the interest of VCs. Today, LemFi announced that it has raised $53mn in Series B funding. London-based growth-stage venture firm Highland Europe led the round, with participation from previous investors Left Lane Capital, Palm Drive Capital, and Y-Combinator. The fresh funding brings LemFi’s total raised to $85mn. “When we started building LemFi, we were told remittance had already been solved,” said Ridwan Olalere, co-founder and CEO of LemFi, pictured left. “But for too many people, it is still too slow, cumbersome and expensive with customers telling us that in some instances it was cheaper to send money from the US via Canada than directly to their families back home.” Olalere, originally from Nigeria, founded LemFi alongside Norwegian Rian Cochran. The pair met whilst working at Nigerian fintech unicorn OPay, incubated by Norwegian browser provider Opera.  Fuelled by fresh funding, LemFi now looks to add new features and expand to new countries, said Olalere. No doubt part of LemFi’s popularity is that it advertises zero transaction fees. Well, unless you live in China, India, or Pakistan. The company also makes revenue on foreign currency exchanges. Its business model is dependent on volume, making small profits on numerous transactions while staying competitive for users seeking low-cost international money transfers. LemFi is far from alone in the increasingly crowded remittance fintech market. Perhaps the most well-known is US-based Remitly, which went public in 2021. Other contenders include startups Zepz and Taptap Send, both of which are based in London.      source

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Scams are everywhere. McAfee’s new scam detector spots and stops scams across text, email, and video to keep you from being fooled. McAfee today announced at CES 2025 the launch of McAfee Scam Detector – the most comprehensive protection against text, email, and video scams. Today’s scams are smarter, sneakier, and more convincing than ever – and they’re everywhere. One in three Americans admit falling for a text, email, or video scam in the last 12 months. From fake emails and suspicious texts to deepfake videos that look incredibly real, scammers are using clever tricks to steal people’s money and personal information. McAfee is helping consumers take back control with its AI-powered McAfee Scam Detector to stop scammers in their tracks. McAfee is using AI to try to stop scams before they strike via automatic detection of scams or potential scams. Scammers have a couple of things working in their favor, said Steve Grobman, CTO of McAfee, in an interview with GamesBeat. One is there’s a large number of private communication channels where there’s not necessarily a moderator, like on encrypted messaging or direct messaging. They could be communicating with the victim, you know, under the guise of security. The other piece is real time, and it’s one of the reasons that McAfee has made its deepfake detector product work on any video stream in the web, Grobman said. Beginning this spring, McAfee’s Scam Detector will be included at no extra cost for McAfee customers. This must-have product uses the latest in advanced AI technology to proactively analyze and flag risky messages in real time. That ‘Hi, how are you?’ text from a stranger? It’s one of the top text scams of 2024. I got a scam email about using an automated document signing service, with an attachment saying “termination NDA” on it. I almost fell for that one, given the urgency I associated with that one. (I wasn’t fired). An urgent email about a failed delivery? Probably fake. And no, Elon Musk doesn’t have a unique investment opportunity for you. McAfee makes it easy to tell real from fake in seconds and gives you the winning combination of tips and technology to keep scams out of your life for good. “I think the thing that is most clever is the personalization,” said Grobman. “One of the things that we have seen are job scams, where people have made their search public, and those scams take the form of taking your job interview to the next level, but it requires a background check and we require the applicant to pay for the background check.” He said the scanning for scams is working in real time, making it possible to catch the scammers at the right times. Background A year ago, Grobman talked to me about focusing on scam defense in three areas: scams that come through email, scams that come through text, and then scams that users are exposed to, more generally, in other media forms like video. To address that, the company developed advanced AI models to protect consumers in all three of those areas and it started to deploy them in late 2024. One of those was a deepfake detector to help consumers identify whether AI generated videos are AI generated versus authentic. The company also ran technology previews for our other modalities, namely email and text. “And now that we’re moving into 2025 we’re very excited to move all of these technologies into a much larger scale by making them available to the vast majority of our customers,” Grobman said. “We’re evolving our AI models to take advantage of advanced AI PCs when an advanced AI PC is there. So we can run our AI models on the [PC’s own] NPU, but we also have the ability to run on other inference engines, either the CPU or GPU, which is able to give us a broader scope, to give capabilities to a broader set of users.” The email scam defense is going to move beyond a technology preview that McAfee did in 2024 where it was available for Microsoft-based email properties. Now it can support Gmail and other properties. “In offerings in 2025, we’ve developed advanced technology to detect deep fake images. So we did a partnership with Yahoo News in 2024 around helping to ensure that images that came through the news pipeline, that their editors, their quality assurance personnel, could best detect if anything was generated with AI image generation technology and help provide that insight.” Protecting people in today’s Scamiverse Every day, scammers trick people with fake emails, texts, and videos, and the results can be devastating. Americans report receiving 12 scam messages daily, losing as much as $1,000 when they fall for one, and spend 80 hours a year simply trying to figure out if the onslaught of messages they receive are real or fake, according to a McAfee survey. And deepfake scams, which use AI to create fake video, can be even worse – some people have lost up to half a million dollars, based on a McAfee survey. It’s clear that scams have become a drain on people’s time, energy, and finances. “I’ve had more issues with scam texts recently. I’d say within the last year, it’s just been bad. Like I’ve been getting a lot of spam emails, texts, calls…it’s a lot,” said Tina, 31, in South Carolina. “It was a fake email for UPS. I thought that I was signing up to change my address and instead it charged my credit card,” said Alexandria, 46, in Georgia. “While I love new technology, I have been very scared of AI generated videos and information since seeing just how realistic it can be,” said Haley, 24, from New Jersey. “Scammers are getting smarter every day, using technology like artificial intelligence to make their tricks more convincing and harder to spot,” said

NVIDIA’s announcement of a foundation model platform to support development of robots and autonomous vehicles aligns well with one of our automation predictions for 2025: that one quarter of robotics projects will work to combine cognitive and physical automation. Many of the examples NVIDIA showed featured humanoid robots, but Cosmos is equally relevant to autonomous vehicles and other forms of physical robots. That’s just as well, because another of our predictions for 2025 is clear that less than 5% of robots entering factories in 2025 will walk. We first started writing about the integration of physical and cognitive automation in 2023, based on expanding orchestration capabilities combined with AI’s potential to add flexibility to physical robotics. The question being debated at Forrester is whether the January 6 launch of NVIDIA’s Cosmos world foundation model is a turning point, or just another high-value tech company jumping into the large language model (LLM) playing field. We think the former is more likely. Developers now have an “open” model designed to address physical automation use cases, meaning autonomous vehicles and robots. It’s the first LLM trained to understand the physical world. It is optimized for NVIDIA chips running in the cloud, on developers’ desktops, and out at the edge inside cars, trucks, and robots, and it plugs into expansive NVIDIA tools and frameworks. The ChatGPT moment may have arrived for our robot friends, yet two things have stalled the advance of robots in the physical world so far: solid use cases and the cost of infusing agility into robots. Generative AI, combined with rich training data (video and otherwise), goes some way to solving the agility problem, but the use case problem has proven harder to solve. In 2023, we published an adoption model showing six phases that physical automation must traverse to reach the “acceptable” sweet spot (see below). For example, janitorial robots were pushed to acceptability by the pandemic, while security robots still struggle to achieve similar acceptance. Let’s Learn From Past Mistakes The field of physical automation has, unfortunately, succumbed to the allure of media spectacle. Remember Boston Dynamics’ Spot performing backflips? This impressive feat, while captivating audiences in a “60 Minutes” feature, ultimately demonstrated limited practical applications. NVIDIA should be congratulated: It has introduced the first full developer capability that can take physical automation to the next level but now needs to show equal leadership in projecting how robots can interact with humans in both a productive and nonthreatening way.   More Physical Automation Research Is Coming Forrester analysts continue to research physical and cognitive automation, both together and separately. One piece of research later this year will specifically look at physical or embodied AI in the smart manufacturing and mobility context, along with all of the interesting things that happen when an AI system must observe and interact with the physical world around it. If you have perspectives to share, please do get in touch. source

By Matthew Perlman ( January 13, 2025, 5:28 PM EST) — The Federal Trade Commission has rejected Meta’s argument that the agency lacks authority to modify a $5 billion data privacy settlement as the social media giant continues fighting an order barring it from monetizing children’s data…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Best value: Square Best for low processing fees: Helcim Best for online businesses: PayPal Best for multichannel payment platforms: Stripe Best for invoicing: Wave Disclaimer: When I say “free,” I mean “no upfront costs, no monthly subscription fees, and no contracts.” I do not mean “no processing fees.” Every time a transaction is made electronically, whether online or in-person, a lengthy chain of stakeholders is involved in processing the transfer of funds, and each one takes a cut. So, there’s no truly free way to accept payments  — except cash, that is. That said, these merchant account providers all offer no monthly fees, long-term contracts, or monthly minimums; and, they offer competitive transaction fees. See our detailed comparison below. Top free merchant account providers compared Our rating (out of 5) Best for In-person transaction fee Online transaction fee Free card reader? Square 4.58 All-in-one solution 2.6% + $0.10 2.9% + $0.30 Yes, 1st magstripe reader Helcim 4.24 Low processing fees 1.83% + $0.08 (average) 2.27% + $0.25 (average) No PayPal 4.19 Online-only businesses 2.29% + $0.09 2.99% + $0.49 Yes, 1st card reader discounted Stripe 4.11 Selling in person and online 2.7% + $0.05 2.9% + $0.30 No Wave 3.83 Collecting payments via invoicing N/A From 2.9% N/A (online payments only) Square: Best value Our rating: 4.58 Image: Square We’re talking free, right? Well, what if we want free stuff in addition to free services? Well, that’s why Square is at the top of my list. To be clear, Square has many advantages, not just the free reader they send to new accounts when they sign on. Square often makes our best-of lists because of its convenient services and all of the payment tools it offers for free. Here are some of the things you can claim for signing up with Square for no cost other than what you pay in processing fees: A free magstripe card reader peripheral. Access to in-person card payment processing via Square’s POS. Access to virtual POS functionality and manual-entry transaction processing. Access to free website building, hosting, and online storefront support. Access to invoicing including “click to pay” buttons for your customers to pay online. Why I chose Square I mentioned several of the freebies Square throws your way in the list above. In addition to the freebies, the fees Square does charge are flat-rate, transparent, and easy to budget for. Bottom line: Square comes up so frequently because brands that sell in person, especially sole proprietors or small operations, stand to benefit dramatically from these much lower barriers to entry. And in this economy, any leg up when starting a business is welcome. Pricing Pricing plans Free — $0/month plus processing fees. Plus — $29/month plus processing fees. Premium — $89+/month plus processing fees. Processing fees In-person — 2.6% + $0.10. Online — 2.9% + $0.30. Manually entered — 3.5% + $0.15. Invoices — 3.3% + $0.30. Add-ons tools: From $5/month. Features Free Square account includes POS, online store/checkout, virtual terminal, invoicing, and more. Square includes a free mobile card reader with every signup; in-person rates are industry standard. Loads of add-ons and upgrades with valuable features at inexpensive prices. Square account balance example. Image: Square Pros and cons Pros Cons Lots of freebies, including free hardware. Less suited to businesses that accept most of their payments as card-not-present. Options for B2B services like marketing and business banking. Processing fees are not the lowest available. Custom processing rates available for high-volume sellers. SEE: Best cloud POS systems Helcim: Best for low processing fees Our rating: 4.24 Image: Helcim If the account is free, then the biggest expenses you’re likely to contend with are the processing fees. You can’t get around those fees, but you can minimize their impact by finding the ones most amenable to your organization. Helcim cuts down the costs across the board, but the numbers have to get kind of complicated to make it happen. Where Square and Stripe flatten transaction processing fees to a single price, Helcim doesn’t. The former two can only achieve a flat fee format by varying their own profit margin, meaning they sometimes take a bigger cut. Helcim does the opposite, applying the same (rather thin) profit margin to every transaction. In practice, it looks like your fees are all over the place — because they are — but you’re never paying extra just to get the flat fee. You only ever pay the interchange fees plus their flat margin. That’s why it’s known as “Interchange Plus pricing.” Why I chose Helcim In addition to interchange-plus rates, Helcim also offers pass-through fees; which allows customers and donors to pay processing fees and send you the full transaction amount. This isn’t commonly done in retail sales or other for-profit contexts. But if you’re running a nonprofit, a charity, or anything else that takes donations rather than selling goods/services, this can be quite the lifesaver. Donors are already looking to help you make the most of the money they’re giving, so the majority are happy to keep the fees from eating into what you receive. Interchange Plus and pass-through fees alone qualify Helcim for this list. Pricing No monthly fees. No contracts. Interchange Plus: Helcim’s processing fees are the base interchange rate plus its flat margin rate — .0.40% + $0.08 for in-person transactions, and 0.50% + $0.25 for online and manual entry. Features Interchange Plus pricing means you’ll pay less for processing fees with Helcim than anywhere else. Pass-through fees option so you can set up your processing to give the payee the option to eat the cost of those fees themselves. Volume-based discounts help you save more the more you sell. Helcim for Professional Services. Image: Helcim Pros and cons Pros Cons Super low processing fees, though calculations are a bit more confusing. You save less if you process mostly high-interchange transactions (e.g., AmEx). Better suited to businesses processing high volumes, nonprofits accepting donations, and organizations doing lots of ACH transactions. Fewer add-ons and

By Allison Grande ( January 15, 2025, 8:24 PM EST) — Web-hosting provider GoDaddy has agreed to overhaul its data security practices to resolve the Federal Trade Commission’s claims that the company failed to implement adequate measures to safeguard its services against cyberattacks that risked harm to its millions of customers, the commission said Wednesday…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Up Network, the user-powered AI agent operating system, has announced its partnership with DreamSmart to create Web3 AI glasses powered by Google Gemini. This product integrates state-of-the-art industrial design, AI, XR (extended reality) capabilities, and Web3 incentives, with the aim of redefining human-machine interaction and advancing the post-smartphone era. Developed under DreamSmart’s StarV brand, the Web3 AI glasses are aimed at changing how we connect with technology. Powered by Google’s Gemini, these glasses allow you to interact naturally—just by talking—while delivering seamless, intuitive experiences. They simplify complexity, adapt to your needs with context-aware intelligence, and ensure your data remains private and under your control. The glasses weigh just 44 grams, or about as much as the heavy side of ordinary glasses. They are built for all-day wear, delivering up to eight hours of battery life for uninterrupted usage. The glasses have an optical guidewave display, the glasses deliver a seamless extended reality (XR) experience for productivity, entertainment, and daily tasks. Google Gemini and other advanced AI agents, the glasses provide real-time contextual intelligence, and the companies claim they surpass current offerings from major tech players like Google and Samsung. Web3 Made Simple: AI Glasses Empowering Web3 for Everyone Web3 technologies are complex, requiring users to interact with decentralized systems, manage wallets and digital assets, and engage with blockchain-based applications. They haven’t proven as popular among consumers due to the complexity. Through its integration with Up Network, the Web3 AI Glasses elevates this experience by providing hands-free, natural language interaction, with real-time and context-aware assistance, bridging the gap between complexity and accessibility. The companies said the AI agent swarms eliminate the steep learning curve and complexities of Web3. By handling tasks collaboratively and intuitively, these agents enable anyone—even crypto newcomers—to interact with blockchain and AI using natural language. They use tokenized incentives allow users to earn by interacting with AI agents, contributing insights, and engaging in decentralized activities. And users own their data as an asset, maintaining full control and privacy through on-device processing and anonymized storage. The companies said they are creating a privacy-first experience. All interactions are securely processed on-device, ensuring users retain their data sovereignty without compromising usability. “This partnership with DreamSmart to launch the first Web3 AI Glasses represents a major step forward for Up Network,” said Devansh Khatri, cofounder at Up Network, in a statement. “These glasses are not just a device—they’re a gateway to the future of computing and decentralized technology, combining AI, XR, and Web3 incentives into one powerful ecosystem.” The Web3 AI Glasses will be available in Q1 2025. Additional details on pricing, market availability, and exclusive previews will be announced soon. DreamSmart is based in China. It was founded in March, 2023, and it has more than 4,000 people. Up Network is based in Singapore and it has 15 people. Up Network was founded in the summer of 2024, and it expects to announce a funding round soon. source

The U.S. Department of Health and Human Services issued a proposed rule on Jan. 6 to improve cybersecurity and better protect the U.S. health care system from a growing number of cyberattacks. The latest proposed amendments to the Health Insurance Portability and Accountability Act represent the department’s first major updates since 2013, addressing some of the most pressing cybersecurity challenges. However, they also highlight areas where further innovation is needed to protect sensitive patient information in an increasingly interconnected world. If finalized, these amendments will impose stricter requirements on HIPAA-covered entities — such as health care providers and insurers — and their business associates, emphasizing proactive cybersecurity measures. Stakeholders are encouraged to review the proposed changes and submit comments by March 7. 1 Semperis Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Large, Enterprise Features Advanced Attacks Detection, Advanced Automation, Anywhere Recovery, and more 2 ESET PROTECT Advanced Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Advanced Threat Defense, Full Disk Encryption , Modern Endpoint Protection, and more 3 ManageEngine Log360 Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Micro, Small, Medium, Large, Enterprise Features Activity Monitoring, Blacklisting, Dashboard, and more New measures aim to protect data security — but companies still have work to do The proposed HIPAA Security Rule introduces mandatory measures that reflect the growing sophistication of cyber threats. These include end-to-end encryption, which ensures electronic Protected Health Information remains unreadable to unauthorized users throughout its lifecycle. Multi-factor authentication has also become mandatory for systems containing ePHI, balancing robust security with the operational demands of clinical settings. Additionally, continuous monitoring would replace periodic risk assessments, enabling organizations to proactively identify and address potential threats through automated systems that track access and maintain detailed audit logs. While these measures bolster defenses, they primarily focus on internal systems, leaving c gaps in third-party interactions and global data-sharing practices. SEE: China-Linked Cyber Threat Group Hacks US Treasury Department Addressing third-party risks Modern health care ecosystems depend on sharing sensitive content with vendors, subcontractors, and research collaborators. However, this approach introduces substantial risks. Research shows that nearly four in 10 health care organizations share sensitive content with 2,500 or more third parties. Centralized systems with encryption and access controls are essential for managing data exchanges securely. These platforms provide visibility into external data handling while enforcing consistent security measures. Clear third-party agreements are critical in mitigating risks by outlining specific security protocols, breach responses, and reporting requirements. Regular audits and real-time monitoring further strengthen defenses, helping organizations detect and address vulnerabilities promptly. Even a minor breach in one entity can expose the entire network to significant threats without such measures. Global research collaborations add another layer of complexity, requiring alignment with international standards such as GDPR. Policies safeguarding cross-border data sharing ensure sensitive information is protected across jurisdictions, enabling organizations to maintain compliance and collaboration in an interconnected health care landscape. Must-read security coverage Leveraging AI for compliance and cybersecurity Artificial intelligence holds transformative potential for cybersecurity — but its integration into HIPAA compliance remains underexplored. AI can monitor systems in real time, detect anomalies in file and email sharing, file transfer, and other sensitive content communication channels, and analyze historical data to anticipate and counter emerging threats. Predictive threat modeling and automated compliance tools simplify documentation and generate actionable insights. Clear regulatory standards are needed to harness AI’s potential. This includes validation protocols and ethical guidelines for its deployment. Integrating AI-driven solutions with existing security frameworks will enhance compliance and create a dynamic and adaptive defense against evolving cyber threats. SEE: Timeline: 15 Notable Cyberattacks and Data Breaches How AI plays a role in detecting and addressing cyber threats Real-time monitoring has significantly improved data security, but its effectiveness depends on integrating advanced technologies. Centralized audit logs are crucial, offering a consolidated view of data access and changes, which supports continuous monitoring and incident response. By maintaining detailed records, organizations can quickly detect and address anomalies. AI plays a pivotal role in enhancing these efforts. Machine learning algorithms dynamically analyze risks, identifying potential vulnerabilities before they escalate. AI can also detect patterns indicative of data misuse or unauthorized collaboration, ensuring proactive threat mitigation. Additionally, blockchain technology complements these efforts by providing immutable records that enhance transparency and accountability. Together, these innovations create a robust framework for continuous monitoring, making systems more resilient to sophisticated cyberattacks. Bridging the gaps in compliance Despite progress, several compliance challenges persist. Smaller providers often face difficulties in creating comprehensive documentation due to limited resources. The absence of standardized benchmarks across the industry leads to inconsistencies, while the lack of uniform reporting frameworks complicates audit processes. Centralized audit logs are key to addressing these gaps. Audit logs provide clear, actionable insights into data access, usage, and potential vulnerabilities by consolidating all compliance-related activities into a single system. These logs enable organizations to streamline reporting, ensure consistency, and simplify compliance audits by offering a transparent, real-time view of all activities. To further enhance compliance, organizations should adopt platforms that integrate automated reporting tools and dashboards with these audit logs. Real-time assessments and AI-driven analysis can identify anomalies and help prevent compliance breaches. Collaboration with trusted technology providers can also result in tailored solutions that address specific security and compliance challenges. By centralizing compliance management and leveraging technology, health care organizations can build scalable frameworks that align with regulatory requirements and enhance overall data protection. Ample patient-centric benefits of cybersecurity Stronger cybersecurity measures do more than prevent breaches; they foster trust. Patients are more likely to engage with providers who are committed to protecting their data. This trust supports broader innovations, such as personalized medicine and real-time health monitoring, ultimately enhancing the quality of care. Health care organizations can achieve operational