Nearly one month after a ransomware attack on the nation's fourth-largest hospital network, CommonSpirit Health is still struggling to bring online the various IT systems - including electronic medical records, prescriptions and patient appointment scheduling - affected at many of its facilities.
Healthcare entities need to rehearse breach response playbooks to avoid paying fines to the Department of Health and Human Services for poor incident response after a severe breach. Well-tested security incident response plans ensure the security of patient data, says the HHS Office of Civil Rights.
The federal tally of health data breaches reached a new milestone this week: Since its inception in September 2009, more than 5,000 major incidents have been posted to the Department of Health and Human Services' HIPAA breach "wall of shame."
As controversy grows around the use of Facebook Pixel code and similar tracking tools that harvest sensitive health and other personal data of consumers, so does the pressure from lawmakers demanding answers from tech vendors about those data collection practices.
Advocate Aurora Health is notifying 3 million individuals of a health data breach involving the organization's "previous" use of web tracking tools from tech vendors including Google and Facebook's parent company, Meta. The entity says it has disabled or removed those tracking services.
Beware ransomware and data extortion shakedowns that trace to a cybercrime gang called Daixin Team, which is especially targeting the healthcare sector, as well as wielding phishing emails and a proficiency with VMware server environments, warns a new U.S. government cybersecurity advisory.
Many entities fight an uphill battle against increasingly clever phishing and related scams that lead to serious data compromises, say former CIA analyst Eric Cole and former Department of Justice Assistant Attorney General David Kris, who are both advisers at security firm Theon Technology.
Too many medical device makers don't pay close attention to the fine details and features of their product designs to ensure they are safe and secure, says Naomi Schwartz, a former product reviewer at the Food and Drug Administration and current cybersecurity adviser at security firm MedCrypt.
Cyberattacks on healthcare entities result in poor patient outcomes, including delayed procedures and even a rise in mortality, according to a recent survey conducted by research firm the Ponemon Institute. Ryan Witt of Proofpoint, which sponsored the study, discusses the findings.
A study by data privacy firm Lokker found thousands of healthcare providers deploying Facebook Pixel and other similar tracking tools. Those trackers reveal "medical and other data that consumers don't know is being tracked and haven't authorized," says Ian Cohen, Lokker's chief executive officer.
Plan for a ransomware attack the same way you plan for a hurricane, says Paige Peterson Sconzo, director of healthcare services at security firm Redacted Inc. A cyber incident capable of disrupting network connectivity requires careful thinking about how to revert to the pre-internet era.
Security flaws in a vital signs monitoring device from a China-based manufacturer could allow hackers to launch an attack that spreads to all other devices connected to the same network. This is among the most serious security issues involving medical devices, says Jason Sinchak of Level Nine.
A ransomware gang published 52 gigabytes of data it says it stole from Consorci Sanitari Integral, a Barcelona health organization of 3,000 physicians and staff. CSI acknowledge a "compromise in data confidentiality" but says its systems are fully recovered thanks to cloud backups.
The toll that cyber incidents can have on healthcare entities and their patients was especially felt this week by the parents of a 3-year-old child who received an accidental megadose of medicine - a mistake attributed to IT systems being offline at an Iowa medical center.
A former doctor who practiced internal medicine in several states has pleaded guilty in a New Jersey federal court to criminal HIPAA violations in a case that also involved a pharmaceutical salesman and a larger alleged $2.5 million healthcare fraud conspiracy.