This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Hey everyone. I'm Drex, and this is the two minute drill where I cover some of the hottest security stories twice a week. All part of the 2 29 project. Cyber and Risk community here at this week. Health. Great to see everyone today. Here's some stuff you might wanna know about. Ascension is facing a lawsuit after a massive breach.

More than a year ago, that exposed data from 5.6 million patients. The initial complaint was filed back in May of 2024. Now, a judge has said that the case can move forward, which means months and maybe even years of legal discovery and court battles for health systems. This highlights not just the operational, financial and reputational risk of a breach.

But also the long legal tale that often follows. And more on the legal front. One Blood. The Florida based blood donation nonprofit has agreed to a settlement after a ransomware attack last year. Exposed patient and donor information details show they're paying out even as they continue to recover from the reputational and financial damage.

It was one of many examples over the past year or so of how cyber criminals hitting the healthcare supply chain can cause ripples across the industry all the way down to patients and families. I rated to record this because I had kind of hoped there would be some good news about the looming government shutdown.

Um, apparently I am wrong. CISA has outlined what the shutdown means for their staff. 35% of their workforce could be furloughed at midnight, leaving a thinner defense at a time when critical vulnerabilities are being actively exploited. And a bit more on csa, the other csa, the Cybersecurity Information Sharing Act of 2015.

It's the law that provides legal protections, making it okay to share threat intel with each other and with the federal government, that law is set to expire tonight at midnight if Congress doesn't act. It sure feels like they have a lot of other hot stuff on their plate. Right now. Industry groups, including healthcare leaders are sounding the alarm that elapse in the Cybersecurity Information Sharing Act could damage critical public-private partnerships.

You can get the latest news and webinars and podcast and insider info from the 2 29 project. Go to this week, health.com/subscribe and sign up. Oh, and you wanna make sure that you never miss another episode of the Two Minute Drill, or unh, the podcast ever. Well, you can search from E Drex to Ford now wherever you get your podcast, as they say.

And just mash the like and subscribe button, and you'll always be up to date on the latest in healthcare security and risk. Thanks for being here. That's it for today's two minute drill. Stay a little paranoid and I will see you around campus.