In a bid to avert another breach similar to the hack of several U.S. government email accounts by Chinese advanced persistent threat operation Storm-0558 using a compromised Microsoft signing key, the Cybersecurity and Infrastructure Security Agency has introduced new Secure Cloud Business Applications guidance for Google Workspace, CyberScoop reports.
"Using our ScubaGear assessment tool, agency practitioners implemented advanced protections and configured cloud environments to better safeguard sensitive information and secure government services against sophisticated threat actors. Though the Microsoft-specific baselines were developed collaboratively with the Federal Chief Information Officers Council to provide necessary security enhancements for most federal cloud business applications, we quickly identified that more was needed," said CISA Associate Director for Capacity Building Michael Duffy.
Such guidelines are now available for public comment. Federal agencies have also been sought by CISA to provide input in validating and improving SCuBA project standards and the ScubaGoggles assessment tool.
TechCrunch reports that major U.S. healthcare revenue and payment cycle management provider Change Healthcare had its systems targeted by a cyberattack on Feb. 20, which resulted in the loss of access across most of the prescription processor's login pages.