Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Healthcare hacker sentenced to 10 years in prison
Robert Purbeck, 45, of Georgia was found with data on more than 132,000 individuals taken from various breaches, including multiple providers, a police station and a city government.
Ransomware group deploys ticking clock to threaten Georgia hospital
Memorial Hospital and Manor announced the data breach through Facebook on Nov. 3. The cybercrime group Embargo has taken credit for the incident, claiming to have 1.15TB of stolen information.
Hackers were inside an Iowa hospital’s network for two weeks
St. Anthony Regional Hospital confirmed patient data was taken by cybercriminals, but the August incident is still being investigated.
Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015
A study from Microsoft on the impact of ransomware found unaffected nearby hospitals see a rise in stroke and cardiac arrest cases, in addition to an influx of patients.
Feds make it official: Change data breach was the largest in healthcare history, impacting 100M
Updated reporting from HHS shows UnitedHealth Group's estimate that roughly one-third of people in the U.S. would be affected was correct.

Nationwide IT outage leaves hospitals without EHRs

Many hospitals that use Epic were unable to access services, forcing them to operate on pen-and-paper and cancel non-emergency care delivery. The disruption was caused by an error with security vendor CrowdStrike.

July 19, 2024

Senators introduce bill to bolster healthcare cybersecurity

The Healthcare Cybersecurity Act would improve cooperation between HHS and CISA to ideally speed up the response to cyberattacks.

July 16, 2024

State attorneys general send warnings of Change Healthcare breach, urge residents to respond

Several state attorneys general have issued notices to residents regarding the Change Healthcare breach, asking them to sign up for credit monitoring and identity theft protection.

July 10, 2024

Change Healthcare notifies patients their medical records may have been taken in breach

A HIPAA notification posted to the company’s website said details about patients’ diagnoses and treatments may have been stolen by hackers.

July 9, 2024

Cybersecurity incident reporting rule would exclude insurers, vendors

Hospitals and provider groups have responded with confusion to a rule proposed by the Cybersecurity and Infrastructure Security Agency requiring hospitals and providers to comply with stringent reporting requirements that overlap with HIPAA.

July 8, 2024

Former Microsoft employee arrested for stealing 1.2M patient records

A former employee at Nuance Communications, a Microsoft subsidiary, stands accused of taking patient data from Geisinger Health system shortly after their termination.

July 2, 2024

Federal judge strikes down HHS ban on tracking cookies

Providers argued the HHS overstepped its regulatory authority. A federal court in Texas agreed.

June 26, 2024

Change Healthcare begins sending breach notifications

UnitedHealth Group has said it will begin notifying patients directly in July. There’s still no evidence medical records were exposed to hackers.

June 21, 2024

Cybersecurity

Healthcare hacker sentenced to 10 years in prison

Ransomware group deploys ticking clock to threaten Georgia hospital

Hackers were inside an Iowa hospital’s network for two weeks

Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015

Feds make it official: Change data breach was the largest in healthcare history, impacting 100M