New York regulators are warning millions of individuals of identity theft risks involving a data theft at a medical transcriber that has now affected patients of at least two major healthcare groups, including Crouse Health and Northwell Health in the state. Lawsuits in the case are also piling up.
Incident response, even with effective planning, can be stressful. That stress is heightened with attacks that happen outside of normal operating hours. And even for those that may originate during the business day, response and recovery can rack up hundreds—or more—hours, late nights, weekends, and holidays. What...
Federal regulators have smacked a New York medical center with an $80,000 penalty as part of a settlement for a HIPAA privacy breach involving the information of three patients that was exposed to a reporter and distributed nationally during press coverage in the early days of the COVID-19 pandemic.
New York State will soon seek public comment on sweeping new cybersecurity regulations for hospitals. The proposed rules would come with $500 million in requested funding to help the providers step up their security investments to comply with the new requirements.
In the latest weekly update, editors at Information Security Media Group discuss why a growing number of U.S. and Canadian hospitals have been forced to turn away patients because of cyberattacks, innovations that have surfaced during the Israel-Hamas war and the future of industrial automation.
The number of healthcare organizations and patients affected by a recent data theft at medical transcription firm Perry Johnson & Associates is expanding: The company now says the breach affected the sensitive information of about 9 million people.
A virtual pharmacy and mail-order prescription drug firm is notifying about 2.36 million patients of a hacking incident that compromised their sensitive information. In the past week, attorneys have filed at least six proposed federal class action lawsuits related to the breach.
McLaren Health Care is notifying nearly 2.2 million people of a data breach weeks after ransomware group Alphv/BlackCat claimed to have stolen 6 terabytes of patient records in a recent attack. In the meantime, the number of lawsuits filed against McLaren related to the incident continues to climb.
Protected Health Information (PHI) includes medical histories, lab results and vital signs, as well as addresses, social security numbers, birth dates, billing and payment card data, and other personally identifiable information (PII).
It is no wonder the healthcare industry has become a favourite target for hackers,...
Today, complete medical records currently sell for as much as $1,000 on the Dark Web. It is no surprise that healthcare call and contact centers are prime targets for fraudsters, who are persistently – and ingeniously – looking for new ways to get their hands on your patients’ data.
HIPAA, PCI DSS and a wide...
A San Diego public hospital is diverting ambulances and patients to other facilities as it is dealing with a cyberattack this week. The medical center is the latest on a growing list of regional hospitals forced to suddenly shift patients to neighboring entities due to a cybersecurity crisis.
A shared IT services provider and its five Ontario member hospitals say their recovery from a Daixin Team ransomware attack in October could last into December as the group rebuilds its IT network. Meanwhile, the outage will continue to disrupt patient services, including diagnostics and treatments.
The American Hospital Association, along with three other organizations, has filed a federal lawsuit seeking to have the U.S. Department of Health and Human Services withdraw guidance issued last year warning that the use of online trackers by hospitals potentially violates HIPAA.
For over a decade, the HIPAA Security Rule has required covered entities and business associates to engage in risk analysis and management. But due to the recent surges in data breaches within the healthcare sector, it's time to embrace an information asset-based approach to risk analysis.
The Federal Trade Commission in an amended lawsuit complaint unsealed Friday details how Idaho-based data broker Kochava allegedly violated federal law by collecting and disclosing to third parties "enormous" amounts of geolocation and other sensitive information about consumers.