Mark Wilson
Cyberattacks at Precision Imaging Centers, Atrium Health Wake Forest Baptist, Marshall & Melhorn, and Murfreesboro Medical Clinic & SurgiCenter
Precision Imaging Centers located in Jacksonville, FL recently informed 31,010 patients with regards to a security breach that took place on or about November 2, 2022. Unauthorized persons acquired access to its system and extracted files that contain sensitive patient … Read more
Final Rule on Cyber Incident Disclosures and New Nevada Consumer Health Data Bill
SEC Postpones Final Rule on Cyber Incident Disclosures The Securities and Exchange Commission (SEC) was scheduled to release a final rule, mandating publicly traded companies to disclose important cyber breaches in their regulatory filings within four days of discovering a … Read more
New MOVEit Zero-Day Vulnerability, Critical Vulnerability in VMware Aria Operations for Networks, and CISCO AnyConnect Secure Vulnerability
Progress Software Alerts of New MOVEit Zero-Day Vulnerability – Quick Action Necessary Progress Software has released an alert concerning a new vulnerability identified in its MOVEit Transfer file transfer software program. It is an exploit that is available in the … Read more
Lawsuit Against Blackbaud and the New Limits of the Identity Theft Legislation
Blackbaud Had No Common Law Duty to Protect the Confidentiality of Trinity Health’s Records An Indiana district court judge has decided in support of the plaintiff in a lawsuit that alleged negligence for not preventing a breach of protected health … Read more
Trends in Data Breaches According to the 2023 Verizon Data Breach Investigations Report
Trends in Data Breaches According to the 2023 Verizon Data Breach Investigations Report Verizon 2023 DBIR: Rising Social Engineering Attacks While Ransomware Plateaus The Verizon 2023 Data Breach Investigations Report (DBIR) was published to offer insights into the present threat … Read more
Latest News About Cyberattacks and Email Account Compromise on Healthcare Providers
Ohio Hospital Exposed Nurses and Other Staff to Workplace Violence The Occupational Safety and Health Administration (OSHA) has confirmed that a children’s hospital based in Columbus, Ohio didn’t sufficiently safeguard healthcare staff from violence in the workplace. Patients assaulted nurses … Read more
Revised Pennsylvania Breach of Personal Information Notification Act and New StopRansomware Guide
The 2022 change to the Pennsylvania Breach of Personal Information Notification Act (BPINA) is currently in force. The revision extended the definition of personal data adding medical data, medical insurance details, and usernames along with a security question/answer or a … Read more
The BianLian Ransomware Group and Vulnerabilities on Illumina Sequencing InstrumentsIllumina Sequencing Instruments
FBI and CISA Warn About BianLian Ransomware and Extortion Group The Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory with regard to the BianLian ransomware and … Read more
SuperCare’s Proposed Data Breach Settlement and the Lawsuit Against University of Iowa Hospitals and Clinics
SuperCare Offers to Pay $2.25 Million to Resolve Data Breach Lawsuit SuperCare, a home care service provider in California, has offered to pay $2.25 million to settle a class action lawsuit associated with a 2021 hacking incident wherein the protected … Read more
Lawsuits Against One Brooklyn Health, 90 Degree Benefits, and Lehigh Valley Health Network
One Brooklyn Health Faces Lawsuit Over 235K-Record Data Breach One Brooklyn Health based in New York City manages three acute care hospitals, namely Interfaith Medical Center, Brookdale Hospital Medical Center, and Kingsbrook Jewish Medical Center. A class-action lawsuit has been … Read more
Recent Data Breaches Reported by Santa Clara Family Health Plan and Other Healthcare Organizations
Santa Clara Family Health Plan Encountered a Clop GoAnywhere Hack On March 30, 2023, Santa Clara Family Health Plan reported a 276,993-record data breach to the HHS’ Office for Civil Rights that was a result of a Clop ransomware group … Read more
Arizona Veterans’ Healthcare Facility Exposed Staff to Potentially Fatal Conditions and Other Data Breaches Reported
The investigation of an Arizona Department of Veteran Affairs (VA) healthcare facility showed that workers were put at risk because they were exposed to potentially fatal hazards on steam lines. Workers were permitted to do work on the steam lines … Read more
Proposed HIPAA Privacy Rule Update and CISA’s Updated Zero Trust Maturity Model
The HHS’ Office for Civil Rights has issued a Notice of Proposed Rulemaking (NPRM) concerning a HIPAA Privacy Rule update to reinforce the protection of privacy for reproductive health information. The proposed revision is in response to the decision of the Supreme … Read more
Health-ISAC Report on Present and Upcoming Cyber Threats to the Healthcare Industry
Ransomware and phishing are still the biggest concerns in terms of cybersecurity for healthcare providers based on Health-ISAC’s Current and Emerging Healthcare Cyber Threat Landscape report for February 2023. The joint report by Booz Allen Hamilton Cyber Threat Intelligence (CTI) … Read more
How the Federal Government Can Strengthen Healthcare Cybersecurity
The U.S. Senate Committee on Homeland Security and Governmental Affairs conducted a hearing to look at cybersecurity threats to the healthcare industry, what healthcare companies and the federal government are doing to overcome those risks, and know what the federal … Read more
Lehigh Valley Health Network and Maternal & Family Health Services Face Lawsuit Over Ransomware Attack
Lehigh Valley Health Network (LVHN) is facing a lawsuit om association with its latest BlackCat ransomware attack. The attack resulted in the encryption of files after exfiltrating data as is common in ransomware attacks; nevertheless, the attack was distinct because … Read more
Data Breaches Reported by Dental Health Management Solutions, Nursing Rehab Centre, The Chautauqua Center, Northeast Surgical Group, and White Bird Clinic
Dental Health Management Solutions Alerted Patients About Historic Data Breach Dental Health Management Solutions (DHMS) based in Cedar Park, TX provides the military/government and private individuals with dental services. It recently reported the exposure of the protected health information (PHI) … Read more
DoppelPaymer Ransomware Core Members and Medicare Beneficiary Identifier Theft Conspirator Arrested
DoppelPaymer Ransomware Core Members Arrested in Europol-Driven Operation Two persons alleged of being key DoppelPaymer ransomware group members were detained — one by the police in Germany and another by the Ukrainian Police officers and Ukraine German Regional Police. It … Read more
HPH Sector Warned Against Clop Cyberattacks and MedusaLocker Ransomware Attacks
At the beginning of February, attackers exploited a zero-day vulnerability (CVE-2023-0669) found in Fortra’s GoAnywhere MFT secure file transfer software on over 130 companies, which include a few companies in the healthcare sector, for instance, Community Health Systems (CHS) in … Read more
Roundup of Recent Data Breaches and Cyber Attacks
mscripts Cloud Storage Misconfiguration Exposed PHI for 6 Years The mobile pharmacy company, mscripts, has just reported that its misconfigured cloud storage environment resulted in the exposure of client information on the internet for the last 6 years. mscripts discovered … Read more
GoAnywhere MFT Hack Impacts Up to 1 Million Community Health Systems Patients and Growing Gootloader Attacks
Community Health Systems based in Franklin, TN recently reported being affected by a security incident that happened at cybersecurity firm, Fortra. Unauthorized people acquired access to the protected health information (PHI) of around 1 million of its patients. Community Health … Read more
Cyber Attacks on VMware ESXi Servers, Sharp HealthCare, Regal Medical Group, and Southeast Colorado Hospital District
The French Computer Emergency Response Team (CERT-FR) issued a warning regarding a persistent ransomware campaign attacking VMware ESXi hypervisors without patching against the critical heap-overflow vulnerability monitored as CVE-2021-21974. VMware released a patch on February 3, 2021, to resolve the … Read more
Round-up of Cyberattacks and Data Breaches Affecting Healthcare Organizations
Multiple Vulnerabilities Discovered in OpenEMR Health Record and Practice Management Software More than 100,000 healthcare providers across the globe use the open source electronic health record and medical practice management software called OpenEMR. They use it to document and process … Read more
Ransomware Income Decrease as Victims Decline to Pay Ransoms
Ransomware groups are profiting less from their attacks as fewer victims give ransom payments to get the decryption keys and keep the stolen data from being exposed, according to two newly revealed reports from the ransomware remediation company, Coveware, and … Read more
Ethics, the Challenge of Using AI in Healthcare
Based on a survey performed by Dataiku in 2020, the main organizational challenge that delays the use of AI in healthcare settings is ethics. Even though particular concerns vary by company, the concerns could typically be classified as informed permission … Read more
Applications of AI in Healthcare
The subject of AI in healthcare frequently gets different responses. Although a number of people believe in the advantages of using AI in healthcare and the substantial rewards to patients, other people have worries concerning the ethics of AI in … Read more
Retreat Behavioral Health, Maternal & Family Health Services, and L. Knife & Son Reported Data Breaches
Maternal & Family Health Services based in Eastern Pennsylvania lately informed a number of patients regarding a ransomware attack on April 4, 2022 that resulted in the exposure of sensitive patient data. As soon as the healthcare provider detected the … Read more
Diagnostic Lab Resolves Medical Record Access Case for $16,500
The HHS’ Office for Civil Rights (OCR) made an announcement of its first HIPAA enforcement action for 2023. The OCR is reminding HIPAA-covered entities of their responsibility to provide people and their personal representatives with prompt access to their health … Read more
2023 Version of HITRUST Cybersecurity Framework Released
The information risk management, standards, and certification agency, HITRUST, made an announcement that it is going to release a new version of its well-known cybersecurity framework this January. HITRUST CSF Version 11 includes a number of enhancements to make sure … Read more
HPH Sector Cautioned About Pro-Russian Hacktivist Group’s DDoS Attacks
The healthcare and public health (HPH) industry has been cautioned regarding the likelihood of cyberattacks conducted by a pro-Russian hacktivist gang called KillNet, after a new cyberattack on a U.S. healthcare group. KillNet started its operations during the time when … Read more
Around 254,000 Medicare Beneficiaries Impacted by CMS Subcontractor Ransomware Attack
On November 14, 2022, Health Care Management Solutions (HMS) located in Fairmont, WV announced a data breach to the HHS’ Office for Civil Rights that affected approximately 500,000 people. During that time, limited information regarding the breach was revealed. Now, … Read more
New Proposed Rule by HHS to Enforce HIPAA Standard for Healthcare Attachments and Electronic Signatures
The Secretary of the Department of Health and Human Services (HHS) has a new proposed rule that will call for the use of criteria for healthcare transactions and electronic signatures utilized together with those transactions to support healthcare cases and … Read more
Automation Can Aid Network Defenders to Accomplish More Quickly and Be Ahead of Hackers
Automation reduces expenses and enhances productivity. It is vital in cybersecurity just like in manufacturing. A lot of labor-intensive security work may be automated to enable network defenders to accomplish more quicker, such as port scanning, monitoring, scanning vulnerability, and … Read more
Guide Published for Evaluating and Enhancing Connected Medical Device Security
One of the major cybersecurity issues in healthcare is the safety of medical devices. Hospitals still use a lot of connected healthcare devices and in so doing they considerably expand the attack surface. A new survey identified a connection between … Read more
Healthcare Sector Impending Risk Due to Cuba Ransomware Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint cybersecurity warning concerning the Cuba Ransomware and have provided information on the tactics, techniques, and procedures (TTPs) utilized by the ransomware group, … Read more
119 Pediatric Practices Impacted by EHR Vendor Breach
Connexin Software Inc., an electronic medical records and practice management software provider to pediatric doctor practice groups has lately reported that it encountered a cyberattack wherein an unauthorized third party acquired access to its internal computer system. Although the electronic … Read more
Forefront Dermatology Negotiates $3.75 Million Settlement to Take Care of Ransomware Lawsuit
The dermatology practice, Forefront Dermatology, based in Wisconsin has decided to settle a class action lawsuit filed on behalf of patients who had their protected health information (PHI) compromised in a ransomware attack in late May 2021. Forefront Dermatology has … Read more
Up to 1.5 Million Patients Affected by Adding a Tracking Code to the Community Health Network Website
Community Health Network in Indiana is the most recent healthcare company to announce the impermissible disclosure of protected health information (PHI) of patients to Google and Meta/Facebook as a result of adding their tracking code on its web pages. Based … Read more
Data Exposed at Alta Forest Products, Hilario Marilao, M.D, and Three Rivers Provider Network
Alta Forest Products based in Chehalis, WA has encountered a cyberattack where the protected health information (PHI) of around 2,100 Alta Forest Products Health and Welfare Plan members was compromised. The company detected the security breach on September 1, 2022, … Read more
Feds Publish Guidance on Responding and Lowering Impact of DDoS Attacks
The Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Cybersecurity and Infrastructure Security Agency (CISA) just released guidance for government and private institutions on the avoidance and mitigation of distributed Denial of Service … Read more
2021 Data Breaches Reported by U.S. Vision Subsidiary and Florida Addiction Treatment Center
USV Optical, a branch of U.S. Vision, has lately reported the exposure of patient records at a number of entities inside its network. It detected suspicious activity inside its system on May 12, 2021. Forensic investigation affirmed that unauthorized persons … Read more
CISA Wants Companies to Use Phishing-Resistant Multifactor Authentication
MFA is one of the most essential steps to take to stop unauthorized account access; on the other hand, it doesn’t give total security and certain types of MFA could be circumvented. Any type of MFA is significantly better than … Read more
Hacking Incidents and Improper Disposal Incidents Reported
Hacking Incident at Country Doctor Community Clinic, WA On October 19, 2022, Country Doctor Community Clinic based in Seattle, WA reported that attackers had acquired access to its digital system and viewed and likely acquired files comprising the protected health … Read more
CISA Director Encourage All Healthcare Providers to Use FIDO Authentication
The Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, is traveling across the country as part of the Cybersecurity Awareness Month. She’s been promoting the best practices of cybersecurity, telling everyone the steps they can dp to … Read more
EyeMed to Pay $4.5 Million Penalty for Phishing Attack and Data Breach of 2.1M-Record
The New York State Department of Financial Services (DFS) has decided to resolve an investigation of EyeMed Vision Care (EyeMed) into possible violations of the DFS Cybersecurity Regulation for $4.5 million. EyeMed based in Ohio is a licensed medical insurance … Read more
Data Breach Affects At Least 13 Anesthesia Providers
A big data breach has happened at the management firm of several anesthesia services providers. Based on a media breach notice released by Anesthesia Associates of El Paso, one of the impacted providers, the data breach happened at its unnamed … Read more
Wisconsin Department of Health Services, Detroit Health Department, and Smith, Gambrell & Russell, LLP Announce Data Breaches
Wisconsin Department of Health Services Reports Accidental Disclosure of PHI through Email The Wisconsin Department of Health Services (DHS) has just announced that there was an accidental disclosure of protected health information (PHI) via its email. Based on the breach … Read more
Cyberattack on FMC Services, Kaye-Smith and Johnson Memorial Hospital
FMC (Family Medicine Centers) Services based in Amarillo, TX recently reported a hacking incident it discovered and blocked on July 26, 2022. A third-party cybersecurity company conducted a forensic investigation to find out the nature and extent of the cyberattack. … Read more
Data Breaches at Choice Health, Tessie Cleveland Community Services Corp and Easterseals-Goodwill Northern Rocky Mountain
Humana lately reported the potential compromise of the protected health information (PHI) of 22,767 persons in a security incident at Choice Health. This business associate is Humana’s vendor of its Medicare products. On May 18, 2022, Choice Health discovered that … Read more
Healthcare Companies Targeted by Monkeypox Phishing Campaign
An alert was given to the healthcare and public health (HPH) industry regarding a Monkeypox phishing campaign directed at U.S. healthcare companies that tries to steal Office 365, Gmail, and other email account credentials. Monkeypox is a remarkably transmittable viral … Read more
