Two recent apparent ransomware attacks on health plans have potentially affected hundreds of thousands of individuals. One of the incidents allegedly involved the Conti ransomware group, and the other allegedly involved Hive. One of the health plans is already facing legal fallout.
The list of ophthalmology practices and the number of individuals affected by a December hacking incident at a cloud-based electronic health records vendor, which resulted in deleted databases, are growing as more details about the attack slowly emerge.
Auditors have once again rated the Department of Health and Human Services' information security program as "not effective," citing several areas of weaknesses, including issues related to risk management, information security continuous monitoring and contingency planning.
Recent incidents affecting the sensitive information of tens of thousands of individuals underscore the ongoing threats and risks facing organizations that handle health and other delicate personal information, including a community health center and a social services agency.
More than 670,000 individuals have been affected by two 2021 hacking incidents that were only recently reported to federal regulators. The breaches involve healthcare software and billing services firm Adaptive Health Integrations and urgent care provider Urgent Team Holdings.
A breach involving the compromise of a single user's email account at an Illinois-based multispecialty clinic has affected nearly 503,000 individuals - one of the largest breaches reported so far this year to federal regulator. How can other entities avoid similar email security incidents?
Five recently reported data breaches involving cyberattacks on a variety of different types of healthcare sector entities have affected a total of more than 1.2 million individuals. Experts say the incidents highlight the intensifying threat landscape in the sector.
Federal regulators are seeking public input about how they should consider the "recognized" security practices of organizations when taking potential HIPAA enforcement actions - and how to distribute a percentage of HIPAA fines to individuals harmed by violations.
If an organization doesn’t know who is accessing what, how can they be trusted to make sure a bad actor isn’t gaining access to data, assets, or systems they shouldn’t?
Recent breach reports filed by a law enforcement benefits health plan, a healthcare staffing firm and a rural medical center are the latest examples of the diverse range of healthcare sector entities being targeted by cyberattackers. What do experts recommend?
As Finnish technology giant Nokia announces it is ceasing sales in Russia over the war with Ukraine, the company is facing tough questions over how it helped enable a mass surveillance program that supports President Vladimir Putin's autocratic regime.
An apparent ransomware attack and alleged data theft by the Hive cybercriminal group has left Partnership HealthPlan of California struggling to recover its IT services for more than a week. The nonprofit says it is unable to receive or process treatment authorization requests.
The White House is seeking fiscal 2023 budget increases for the Department of Health and Human Services, including a boost in funding for cybersecurity initiatives including medical device security and regulatory and enforcement efforts related to secure health data exchange.
Regulators have slapped four small covered entities with HIPAA enforcement actions, including three settlements and one civil monetary penalty. The most egregious case involves an Alabama dentist who disclosed patient information for use in his unsuccessful campaign for state Senate.
Life comes at you fast, especially when you're a breached business such as Okta, which may have exposed customer data or otherwise put the businesses paying for your product at risk. Here's how after detecting the breach, Okta fumbled its response, and what others should learn from this experience.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.