Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Healthcare hacker sentenced to 10 years in prison
Robert Purbeck, 45, of Georgia was found with data on more than 132,000 individuals taken from various breaches, including multiple providers, a police station and a city government.
Ransomware group deploys ticking clock to threaten Georgia hospital
Memorial Hospital and Manor announced the data breach through Facebook on Nov. 3. The cybercrime group Embargo has taken credit for the incident, claiming to have 1.15TB of stolen information.
Hackers were inside an Iowa hospital’s network for two weeks
St. Anthony Regional Hospital confirmed patient data was taken by cybercriminals, but the August incident is still being investigated.
Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015
A study from Microsoft on the impact of ransomware found unaffected nearby hospitals see a rise in stroke and cardiac arrest cases, in addition to an influx of patients.
Feds make it official: Change data breach was the largest in healthcare history, impacting 100M
Updated reporting from HHS shows UnitedHealth Group's estimate that roughly one-third of people in the U.S. would be affected was correct.

Only 39% of healthcare providers confident in medical device security

Just 39 percent of healthcare organizations and providers are confident in their medical device security, according to report by KLAS, College of Healthcare Information Management Executives (CHIMES) and the Association for Executives in Healthcare Information Security (AEHIS).

October 8, 2018

Patient information exposed on Twitter during Gwinnett Medical Center breach

The FBI is currently investigating a reported data breach at the Gwinnett Medical Center in Lawrenceville, Georgia, according to a report by The Atlanta Journal-Constitution.

October 3, 2018

Cybersecurity threats named top health technology hazard for 2019

Cybersecurity and hacking threats were named the top technology hazard healthcare organizations are expected to face in 2019.

October 2, 2018

Aspire Health email system hacked, loses some protected health information

Nashville healthcare company Aspire Health is still trying to identify a hacker that attacked its email system and took some patient health information, according to a report by The Tennessean.

September 28, 2018

Healthcare providers, health plans accounted for most breaches, patient records exposed

Between 2010 and 2017, healthcare providers and health plans accounted for the most breaches and largest number of patient records compromised from breaches, according to a research letter published in JAMA.

September 26, 2018

UMass Memorial entities ordered to pay $230K fine for data breaches

The Massachusetts Office of the Attorney General announced on Thursday, Sept. 20, that UMass Memorial Medical Group, Inc. and UMass Memorial Medical Center, Inc. have been ordered to pay $230,000 following two separate data breaches that exposed the personal health information of more than 15,000 people.

September 25, 2018

Boston hospitals fined nearly $1M for potential HIPAA violations

The federal government has fined three Boston hospitals nearly $1 million for potential HIPAA violations regarding a documentary series.

September 21, 2018

Pennsylvania health insurance company warns of security breach

A Pennsylvania health insurance company issued a notice following a security incident that exposed the private health information of some members.

September 20, 2018

Cybersecurity

Healthcare hacker sentenced to 10 years in prison

Ransomware group deploys ticking clock to threaten Georgia hospital

Hackers were inside an Iowa hospital’s network for two weeks

Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015

Feds make it official: Change data breach was the largest in healthcare history, impacting 100M