Hacks on healthcare sector entities reached record levels in 2023 in terms of data breaches. But the impact of hacks on hospital chains, doctors' offices and other medical providers - or their critical vendors - goes much deeper than the exposure of millions of health records.
Healthcare CISOs must recognize the real and imminent threat of AI-fueled cyberattacks and take proactive steps, including the deployment of AI-based security tools, to protect patient data and critical healthcare services, said Troy Hawes, managing director at consulting firm Moss Adams.
Hackers carried out a double-extortion ransomware attack on medical software company ESO Solutions, exposing personal details and healthcare information of 2.7 million U.S. patients and encrypting some of the company's systems. Double-extortion attacks also exfiltrate data.
With the surge in major cyber incidents involving third-party suppliers, it's critical for healthcare sector entities to raise their security expectations and tighten their requirements for vendors handling sensitive data, said Renee Broadbent, CIO of Southern New England Healthcare.
The explosion in applications using genomic data - from drug and vaccine development and consumer ancestry testing to law enforcement work - is heightening the need to carefully address critical privacy and security concerns around this sensitive data, government authorities say in a new report.
An Iowa medical center is among the latest healthcare entities reporting to federal regulators a breach tied to a data theft hack on medical transcription vendor Perry Johnson and Associates earlier this year. Meanwhile, stacks of federal lawsuits continue to pile up against the Nevada firm.
Lobbyists for U.S. hospitals oppose a Biden administration proposal for mandatory cybersecurity requirements and possible financial disincentives for organizations that fail to meet those expectations. Industry experts contend that some type of government actions are needed.
The Cybersecurity and Infrastructure and Security Agency is urging health sector entities to take critical steps in fortifying their environments based on findings from a risk and vulnerability assessment performed by the federal agency on a healthcare industry organization earlier this year.
As a legacy protocol, DICOM lacks proper security measures, and as the healthcare industry modernizes and moves to the cloud, there is a significant risk of patient data exposure, said Sina Yazdanmehr, a senior IT security consultant at Aplite.
Three members of Congress are urging the Department of Health and Human Services to improve HIPAA privacy protections around pharmacy information. The request comes after the lawmakers asked major pharmacy companies how they handle law enforcement requests for patient records.
A Kentucky-based hospital chain is notifying millions of individuals that their information was potentially exfiltrated in a May attack. Russian-speaking ransomware-as-a-service group Alphv/BlackCat - which is currently reportedly undergoing its own disruptions - took credit for the data theft.
In the latest weekly update, editors at ISMG discuss the rampant rise in healthcare sector attacks and breaches in 2023, the most common vulnerabilities and targets, and remember the life of the Steve Katz, the world's first CISO who inspired generations of security leaders.
Open-source software is pervasive in healthcare. It is used in critical systems such as electronic health records and components contained in medical devices. Federal regulators are urging healthcare sector firms to be vigilant in managing risks and threats involving open-source software.
Weeks after the Department of Health and Human Services announced its first HIPAA enforcement action in a ransomware breach, federal regulators have reached another milestone: a $480,000 settlement in a HIPAA case centered for the first time ever on a phishing attack.
The Joint Commission is kicking off a new voluntary certification program for hospitals' "responsible use" of health data. The effort aims to help address growing privacy concerns over the secondary use of patient data by third parties for artificial intelligence initiatives and other activities.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.
