More than a quarter million Medicare beneficiaries will be issued new Medicare cards and identifiers following a ransomware attack on a government contractor compromising a range of sensitive personal and health information.
A Florida primary care practice will pay a $20,000 financial penalty and implement a corrective action plan to settle a HIPAA right of patient access dispute. The case is the 42nd such dispute resolved by the Department of Health and Human Services since April 2019.
A ransomware attack knocking out a medical center's imaging and lab equipment is an incident felt by an entire network of healthcare providers. Entities everywhere should plan for outages even when they don't directly experience an attack, say Aftin Ross of the FDA and Penny Chase of MITRE.
Ransomware operations have become expert at finding ways to make a victim pay. But experts say there are multiple steps healthcare sector entities in particular can take to better protect themselves and ensure that they can quickly restore systems and never have to consider paying a ransom.
When healthcare organizations come together through mergers or acquisitions, it is critical for the entities to carefully assess the cyber risk each poses, as well as its level of cyber maturity, says Jigar Kadakia, CISO and chief privacy officer at Boston-based Mass General Brigham.
U.S. federal authorities are warning healthcare providers, vendors and public health sector organizations of attacks involving LockBit 3.0 ransomware, which includes features of other ransomware variants, including BlackMatter, along with the threat of triple-extortion demands.
A ransomware attack on the Irish healthcare system in 2021 has cost the government 80 million euros in damages and counting. The Irish Health Service continues to notify victims of the incident that their personal information was illegally accessed and copied.
Updated guidance from the Federal Trade Commission and the Department of Health and Human Services aims to help clarify for mobile health app developers creating apps that process health data the privacy and security regulations that apply to their products.
Chicago-based hospital chain CommonSpirit reported to federal regulators that its October ransomware incident affected the protected health information of nearly 624,000 individuals. Among the information compromised were names, addresses, phone numbers and birthdates.
Attackers wielding Royal ransomware have been hitting crypto-locking healthcare targets, the U.S. Department of Health and Human Services warns, saying that in each known case, attackers "claimed to have published 100% of the data that was allegedly extracted from the victim."
The purchase of healthcare security startup Medigate means Claroty can address the IoT, OT, IoMT and connected device needs of hospitals from a single platform. Claroty says its single-platform approach facilitates everything from network mapping and segmentation to continuous threat detection.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity and privacy issues, including the evolution of the CISO role, the community impact of ransomware attacks targeting hospitals, and trends in cybersecurity customers' buying behavior.
An important element of cybersecurity maturity is defining what exactly an organization is trying to accomplish, says Dan Wilkins, CISO for the state of Arizona. With that mission in mind, security teams can align strategy, goals and benchmarks for cyber maturity.
Ransomware gangs rely on shotgun-style attacks using phishing or stolen remote access credentials to target individuals. This strategy snares less poorly prepared organizations, and that often means healthcare entities. Experts share insights on this plague on healthcare and what to do about it.