Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Ransomware attack on UMMC causes 20% drop in revenue due to delayed patient care
The report on the financials comes from Mississippi Today. University of Mississippi Medical Center said it’s still processing paper backups and has extended clinic hours to address the backlog of elective surgeries and bring revenue back up to expectations. The attack happened in February and caused non-emergency operations at the health system to shut down for nine days.
Novartis sued for allegedly leaking data on breast cancer patient to Google, Contentsquare
In a lawsuit seeking class action status, a woman identified as “P.M.” said she began using the website for Kisqali, a Novartis breast cancer treatment, in late 2024 shortly after being issued a prescription. Unbeknownst to her, sensitive data she shared when seeking a discount may have been shared with advertisers.
CMS leaves the ’80s behind with shift away from snail mail correspondence, fax machines
In a Final Rule revealed last week, the Centers for Medicare & Medicaid Services outlined its plan to exchange medical records, diagnostic images and clinical notes electronically using secure protocols. Once the rule is published in the Federal Register, any HIPAA-covered entity that interacts with Medicare will have two years to follow CMS into the modern age.
New York man pleads guilty to cyberstalking family of murdered UnitedHealthcare CEO
Authorities said Shane Daley, 40, began making threatening calls mere hours after Brian Thompson was shot and killed outside a hotel in Manhattan. Daley awaits sentencing and faces up to five years in prison.
Data allegedly from UMMC priced at $800K, posted on dark web
Medusa, an infamous ransomware cybercriminal organization, has claimed credit for the February data breach at University of Mississippi Medical Center. In a post on its leak site, the gang is asking for $800,000 for the sale or deletion of the information it said it stole. An ominous ticking clock sets the deadline for March 20.

Ransomware attack on UMMC causes 20% drop in revenue due to delayed patient care

The report on the financials comes from Mississippi Today. University of Mississippi Medical Center said it’s still processing paper backups and has extended clinic hours to address the backlog of elective surgeries and bring revenue back up to expectations. The attack happened in February and caused non-emergency operations at the health system to shut down for nine days.

Novartis sued for allegedly leaking data on breast cancer patient to Google, Contentsquare

In a lawsuit seeking class action status, a woman identified as “P.M.” said she began using the website for Kisqali, a Novartis breast cancer treatment, in late 2024 shortly after being issued a prescription. Unbeknownst to her, sensitive data she shared when seeking a discount may have been shared with advertisers.

CMS leaves the ’80s behind with shift away from snail mail correspondence, fax machines

In a Final Rule revealed last week, the Centers for Medicare & Medicaid Services outlined its plan to exchange medical records, diagnostic images and clinical notes electronically using secure protocols. Once the rule is published in the Federal Register, any HIPAA-covered entity that interacts with Medicare will have two years to follow CMS into the modern age.

New York man pleads guilty to cyberstalking family of murdered UnitedHealthcare CEO

Authorities said Shane Daley, 40, began making threatening calls mere hours after Brian Thompson was shot and killed outside a hotel in Manhattan. Daley awaits sentencing and faces up to five years in prison.

Data allegedly from UMMC priced at $800K, posted on dark web

Medusa, an infamous ransomware cybercriminal organization, has claimed credit for the February data breach at University of Mississippi Medical Center. In a post on its leak site, the gang is asking for $800,000 for the sale or deletion of the information it said it stole. An ominous ticking clock sets the deadline for March 20.

Stolen data complaint against Geisinger Health, Nuance Communications settled for $5M

The caper was carried out by a former employee of Nuance Communications, a Microsoft subsidiary. According to court documents, the man used his credentials to access patient data from 1.3 million patients at Geisinger. Police said they found the trove stored on a flash drive in his car.

Data breach on care management company impacts 5K patients at NYC Health

Many of the details are unknown, as an investigation is ongoing. The National Association on Drug Abuse Programs said it became aware of an invasion of its network in January 2026. The nonprofit supports 35,000 people—mainly Medicaid enrollees—in the state of New York.

Medical device manufacturer hit by cyberattack, possibly from Iranian-backed hackers

Stryker, a Michigan-based company that manufactures surgical implants, confirmed it was experiencing a global network outage. Employee devices reportedly displayed the logo of a pro-Iran cybercrime cell.