Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Ransomware attack on UMMC causes 20% drop in revenue due to delayed patient care
The report on the financials comes from Mississippi Today. University of Mississippi Medical Center said it’s still processing paper backups and has extended clinic hours to address the backlog of elective surgeries and bring revenue back up to expectations. The attack happened in February and caused non-emergency operations at the health system to shut down for nine days.
Novartis sued for allegedly leaking data on breast cancer patient to Google, Contentsquare
In a lawsuit seeking class action status, a woman identified as “P.M.” said she began using the website for Kisqali, a Novartis breast cancer treatment, in late 2024 shortly after being issued a prescription. Unbeknownst to her, sensitive data she shared when seeking a discount may have been shared with advertisers.
CMS leaves the ’80s behind with shift away from snail mail correspondence, fax machines
In a Final Rule revealed last week, the Centers for Medicare & Medicaid Services outlined its plan to exchange medical records, diagnostic images and clinical notes electronically using secure protocols. Once the rule is published in the Federal Register, any HIPAA-covered entity that interacts with Medicare will have two years to follow CMS into the modern age.
New York man pleads guilty to cyberstalking family of murdered UnitedHealthcare CEO
Authorities said Shane Daley, 40, began making threatening calls mere hours after Brian Thompson was shot and killed outside a hotel in Manhattan. Daley awaits sentencing and faces up to five years in prison.
Data allegedly from UMMC priced at $800K, posted on dark web
Medusa, an infamous ransomware cybercriminal organization, has claimed credit for the February data breach at University of Mississippi Medical Center. In a post on its leak site, the gang is asking for $800,000 for the sale or deletion of the information it said it stole. An ominous ticking clock sets the deadline for March 20.

cybersecurity hacker ransomware cyber data breach

Cyberattack on member-owned healthcare payer ends in $3.5M settlement

The January 2024 incident at Group Health Cooperative of South Central Wisconsin had all of the hallmarks of a ransomware attack, with an unknown cybercrime group taking credit in a letter to the payer. In total, 533,000 people were impacted by the data breach.

healthcare money economics dollar stethoscope acquire merger

Study finds big hospitals overpaid, rural facilities overlooked in Change Healthcare relief

Researchers from University of Minnesota found that more than 300 small, rural hospitals didn't even apply for relief. At the same time, many larger, for-profit systems received hundreds of thousands in overpayments. The findings are published in Health Affairs.

Cardiologists join chorus of voices urging Trump administration to kill cybersecurity proposal

The proposal, first announced by the Biden administration, was developed to improve patient data security. Those opposed argue that it would significantly increase costs and create a logistical nightmare for hospitals and health systems throughout the country.

Kaiser Permanente agrees to $46M settlement over data incident affecting 13.4M people

The managed care company does not admit to doing anything wrong. The data breach constituted its use of third-party tracking technology on its website, which shared data with Google, Microsoft, Twitter, Meta and others.

Optum UnitedHealthcare UnitedHealth Group HQ

Nebraska’s lawsuit against Optum and Change Healthcare can move forward, judge rules

The UnitedHealth Group subsidiaries had attempted to have the case dismissed. However, a court rejected the motion. Nearly half of Nebraskans were impacted by the infamous February 2024 data breach on Change Healthcare.

Cybersecurity researcher provides more details on $200K ransom pinned on Doctor Alliance

The outlet DataBreaches.net was able to gather more details on the alleged hack of the healthcare billing automation platform, said to be perpetrated by a notorious cybercriminal.

$200K ransom demanded of Doctor Alliance after hackers say they stole 1.2M files

Someone self-identifying as "Kazu" posted a sample of the data trove on a dark web forum, which was discovered by cybersecurity researchers. The company has not confirmed a data breach occurred.

cleveland clinic settles for failing to disclose research funding

Class action lawsuit over 5.6M breached records at Yale New Haven settled for $18M

The settlement fund is being established for victims of the March 8 data breach, with a hearing to finalize the agreement scheduled for March 2026. Yale New Haven Health System denies any wrongdoing.

Cybersecurity

Ransomware attack on UMMC causes 20% drop in revenue due to delayed patient care

Novartis sued for allegedly leaking data on breast cancer patient to Google, Contentsquare

CMS leaves the ’80s behind with shift away from snail mail correspondence, fax machines

New York man pleads guilty to cyberstalking family of murdered UnitedHealthcare CEO

Data allegedly from UMMC priced at $800K, posted on dark web