In its most recent assault against a healthcare entity, ransomware-as-a-service operator AvosLocker claims to be behind an attack allegedly involving data theft from Texas-based CHRISTUS Health, which operates hundreds of healthcare facilities in the U.S., Mexico and South America.
Several eye care practices have reported health data breaches involving vendor Eye Care Leaders and its cloud-based myCare Integrity electronic medical records offering. The incident, involving the deletion of databases and systems configuration data, has affected about 100,000 or more patients.
A recent ransomware attack disclosed by a medication management systems provider is the latest reminder of persistent cybersecurity threats and risks facing healthcare supply chain and related vendors, as well as their customers. What's at stake?
In late 2021, the Federal Trade Commission (“FTC”) issued guidance clarifying protections applicable to consumers’ sensitive personal data increasingly collected by digital health applications. Per the FTC statement, organizations using “health applications and connected devices” to “collect or use”...
No question, the COVID-19 pandemic has been devastating for healthcare professionals. But it also has brought new opportunities for IT and security leaders to exercise unprecedented influence on healthcare enablement. Anahi Santiago, CISO of ChristianaCare, discusses this enormous responsibility.
More than 670,000 individuals have been affected by two 2021 hacking incidents that were only recently reported to federal regulators. The breaches involve healthcare software and billing services firm Adaptive Health Integrations and urgent care provider Urgent Team Holdings.
Five recently reported data breaches involving cyberattacks on a variety of different types of healthcare sector entities have affected a total of more than 1.2 million individuals. Experts say the incidents highlight the intensifying threat landscape in the sector.
The White House is seeking fiscal 2023 budget increases for the Department of Health and Human Services, including a boost in funding for cybersecurity initiatives including medical device security and regulatory and enforcement efforts related to secure health data exchange.
Regulators have slapped four small covered entities with HIPAA enforcement actions, including three settlements and one civil monetary penalty. The most egregious case involves an Alabama dentist who disclosed patient information for use in his unsuccessful campaign for state Senate.
A bipartisan Senate bill proposes closer collaboration between the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency, with a goal of strengthening cybersecurity in the health and public health sectors. But would that make a major difference?
The number of major health data breaches posted to the federal tally so far in 2022 - and the total number of individuals affected by those breaches - has surged in recent weeks as reports of large hacking incidents continue to flow in to regulators.
The pandemic has raised the ante significantly for the attack surface and the level of insider threats facing healthcare sector entities, according to Dave Bailey, vice president of security services, and attorney Andrew Mahler, vice president of privacy and compliance, of consultancy CynergisTek.
A Tennessee pediatric hospital is dealing with a cyber incident disrupting patient services, and a Missouri medical center and Colorado cardiology group have reported breaches linked to their recent security events. Experts say these are reminders of the threats facing healthcare sector entities.
A proposed class action lawsuit against a Montana-based healthcare organization after a recent hacking incident affecting 214,000 individuals - the entity's second significant breach since 2019 - alleges, among other claims, that the entity was negligent when it failed to protect sensitive data.
A healthcare services contractor agrees to pay a $933,000 settlement in a whistleblower case about alleged false claims about the security of electronic medical records of military personnel and diplomats. It is the first settlement under the Department of Justice's new Civil Cyber-Fraud Initiative.