The FDA has issued final guidance on how medical device makers should approach cybersecurity in their products to meet new requirements for including cyber details in their premarket product submissions. Starting Oct. 1, the FDA will "refuse to accept" submissions lacking those details.
It's not just medical device cybersecurity that's keeping some healthcare security leaders up at night - it's also the risks posed by other critical connected gear that patients and clinicians depend upon, said Ali Youssef, director of medical device and emerging tech security at Henry Ford Health System.
Chicago-based CommonSpirit is still waiting to hear back on its insurance claim for an October 2022 ransomware attack, but the hospital chain said disruption of some facilities and "significantly" hampered billing and collection activities contributed to a $1.4 billion operating loss for the year.
Chinese and North Korean nation-state groups continue to pose significant "unique threats" to the U.S. healthcare and public health sector, including data exfiltration attacks involving espionage and intellectual property theft, federal authorities warned Thursday in a brief naming the top groups.
An Ohio community college is notifying 290,000 people of a data theft breach this spring that may have compromised their personal and health information. Security researchers say small schools such as this are now favored targets. Some 80% of schools have reported hacking incidents in the past year.
Federal authorities are warning of "significant risk" for potential attacks on healthcare and public health sector entities by the North Korean state-sponsored Lazarus Group involving exploitation of a critical vulnerability in 24 Zoho ManageEngine products.
Any healthcare organization that embeds tracking technologies in its website should carefully review whether it is inadvertently violating HIPAA or other federal regulations, said Nick Heesters, senior adviser for cybersecurity at the Department of Health and Human Services' Office for Civil Rights.
The list of healthcare entities affected by MOVEit file transfer hacks continues to grow. Nuance Communications acknowledged that hackers had stolen data belonging to 14 of its clients, all North Carolina medical providers. Hackers may have obtained diagnostic information including imaging reports.
Generative AI holds great potential for many amazing applications in healthcare, but it's critical to establish a strong framework before deploying it, said Barbee Mooneyhan, vice president of security, IT and privacy of Woebot Health, a provider of AI-driven online mental health services.
The drumbeat for potential federal legislation to better protect sensitive health information - or at least new regulations - appears to be growing louder in Congress. One of the Senate's four lawmaker doctors is quizzing the healthcare industry on ways to safeguard health data.
Authorities are warning of threats posed by Akira, a ransomware group that surfaced in March and has been linked to dozens of attacks on small and midsized entities. The group is targeting many industries, including healthcare, and seems to favor entities that lack MFA on VPNs.
Federal regulators have smacked a large California health plan with a $1.3 million fine to settle potential HIPAA violations for two relatively small breaches that affected about 2,250 individuals. But officials indicate "long-standing HIPAA deficiencies" were a "systemic" problem at the insurer.
A federal judge has given the green light for attorneys to proceed with a consolidated class action lawsuit against Meta that accuses the social media giant of intercepting sensitive health information with its Pixel tracking tools used in numerous healthcare websites and patient portals.
In the latest weekly update, ISMG editors discuss the state of cybersecurity market resilience in 2023, why U.S. federal regulators publicly named 130 healthcare firms using web trackers and how SentinelOne ended its partnership with startup Wiz amid takeover discussions.
In the aftermath of mergers and acquisitions among healthcare entities - and the resulting IT integration and cost-cutting moves - gaps in technology and skills and other gaps often put organizations at higher risk for attacks and other security incidents, said Jack Danahy of NuHarbor Security.