In January 2025, the U.S. Department of Health and Human Services (HHS) proposed significant amendments to the HIPAA Security Rule. These proposed changes aim to strengthen cybersecurity measures protecting electronically protected health information (ePHI) in response to the escalating frequency and sophistication of cyberattacks targeting the healthcare sector.
Modern attackers come from any and every angle, but one thing they all want is access to data. But this doesn’t mean they just want to land in some database… more often than not, advanced attackers are looking for ways to monitor information flows to gain credentials and learn more about the systems and organizations they infiltrate.
CMMC reshapes how defense contractors secure CUI. One of the most critical components of CMMC compliance is incident response (IR)—the ability to detect, respond to, and recover from cybersecurity incidents while meeting strict reporting and documentation requirements.
Under the final CMMC rule, contractors at Level 2 and above must implement formalized IR policies, procedures, and continuous monitoring capabilities to maintain compliance. Without a well-structured IR plan, organizations risk non-compliance, loss of contract eligibility, and significant security breaches.