Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

UMMC sued after pharmacist allegedly hacked computers to spy on women
The academic medical center is accused of deploying lax security protocols that allowed an employee to access internet-connected cameras and private emails in acts of privacy invasion that lasted a decade.
Oracle Health denies cloud breached as second attack confirmed
Questions remain about the alleged breach on a legacy server at Oracle Health, as the nature of the attacks and scope of stolen data are still being investigated.
Data breach at Oracle Health leads to extortion of hospitals
A legacy server accessed with stolen credentials is being blamed for the incident. However, the nature and scope of the attack are still being investigated, with Oracle reportedly working with the FBI to gather details.
Change Healthcare files to have federal lawsuits dismissed
There are at least 65 consolidated cases pending in federal courts that stem from the 2024 data breach on the claims processor's network. A judge in Minnesota has asked that the lawsuits be coordinated and consolidated as much as possible.
ISIS is not launching terrorist attacks against hospitals, FBI says
Trade groups released a statement denying the claim's credibility, but they fear some may be inspired by a widely shared social media post.

Federal judge strikes down HHS ban on tracking cookies

Providers argued the HHS overstepped its regulatory authority. A federal court in Texas agreed.

Change Healthcare begins sending breach notifications

UnitedHealth Group has said it will begin notifying patients directly in July. There’s still no evidence medical records were exposed to hackers.

doctor's open hand waiting for a payment

Emergency reimbursement for Change Healthcare breach ends in July

The last day for providers and suppliers to apply for Medicare reimbursement through the advanced payment program is July 12.

UnitedHealth needs to be solely responsible for HIPAA notifications after Change Healthcare breach, letters demand

The ONC has fallen short of plainly stating that UnitedHealth is required to send the notifications, leaving providers in regulatory limbo.

artificial intelligence cybersecurity cybercrime patient data privacy

HHS releases DDoS attack response plan

The Health Sector Cybersecurity Coordination Center's analysis details how healthcare organizations can thwart a botnet invasion.

Q&A: Healthcare cybersecurity advocate fears damage from Change Healthcare breach has only begun

Richard Staynings says the breach of Change Healthcare’s systems stems from consolidation, and the impact may devastate independent providers.

HHS: ‘Who is responsible for ensuring that individuals affected by the Change Healthcare breach receive notification?’

HHS’s Office for Civil Rights (OCR) has confirmed UnitedHealth Group can send out HIPAA-required notifications about the breach but stopped short of saying the company will be responsible for doing so.

Private equity investment in healthcare down 20% as regulatory pressures mount

Public sentiment has turned against private equity stakeholders in healthcare, and that isn't likely to change post-election.

Cybersecurity

UMMC sued after pharmacist allegedly hacked computers to spy on women

Oracle Health denies cloud breached as second attack confirmed

Data breach at Oracle Health leads to extortion of hospitals

Change Healthcare files to have federal lawsuits dismissed

ISIS is not launching terrorist attacks against hospitals, FBI says