In the latest weekly update, editors at ISMG discuss the rampant rise in healthcare sector attacks and breaches in 2023, the most common vulnerabilities and targets, and remember the life of the Steve Katz, the world's first CISO who inspired generations of security leaders.
Open-source software is pervasive in healthcare. It is used in critical systems such as electronic health records and components contained in medical devices. Federal regulators are urging healthcare sector firms to be vigilant in managing risks and threats involving open-source software.
Weeks after the Department of Health and Human Services announced its first HIPAA enforcement action in a ransomware breach, federal regulators have reached another milestone: a $480,000 settlement in a HIPAA case centered for the first time ever on a phishing attack.
The Joint Commission is kicking off a new voluntary certification program for hospitals' "responsible use" of health data. The effort aims to help address growing privacy concerns over the secondary use of patient data by third parties for artificial intelligence initiatives and other activities.
The U.S. Department of Health and Human Services on Wednesday released a sweeping strategy document proposing how the Biden administration intends to push the healthcare sector - through new requirements, incentives and enforcement - into improving the state of its cybersecurity.
A New York medical imaging services provider is notifying nearly 606,000 individuals that their information was potentially accessed and copied in a recent hacking incident. The entity is one of several medical imaging centers that have reported major hacking breaches in recent weeks and months.
A recent spike in ransomware attacks has prompted federal regulators and the American Hospital Association to issue urgent warnings to hospitals and other healthcare firms to prevent potential exploitation of the Citrix Bleed software flaw affecting some NetScaler ADC and NetScaler Gateway devices.
A large, Seattle-based surgical group is notifying nearly 437,400 individuals that their information was potentially compromised in a ransomware and data theft incident earlier this year. The breach is part of a larger, disturbing trend in the healthcare sector in 2023.
New Jersey-based hospital group Capital Health is dealing with a network outage, caused by a cyberattack earlier this week, which is affecting some patient services. Capital Health is at least the second healthcare provider in the Garden State responding to a cyberattack this week.
New York regulators are warning millions of individuals of identity theft risks involving a data theft at a medical transcriber that has now affected patients of at least two major healthcare groups, including Crouse Health and Northwell Health in the state. Lawsuits in the case are also piling up.
As Congress weighs potential legislative and regulatory guardrails for the use of AI in healthcare, issues such as human oversight, privacy and security risk need close attention, said healthcare industry experts who testified during a House Energy and Commerce subcommittee hearing on Wednesday.
Patient services - including emergency care and telehealth appointments - are still affected at dozens of hospitals and other care facilities in several states operated by Ardent Health Services as the Tennessee-based organization continues to respond to a Thanksgiving Day ransomware attack.
Tennessee-based Ardent Health Services, which operates dozens of hospitals and other healthcare facilities in several states, said on Monday that it is dealing with a ransomware attack that has forced the entity to divert some patients and cancel or reschedule certain procedures.
The tally of individuals whose health data was compromised in a hack on MOVEit file transfer software used by Welltok, a provider of online wellness resources to dozens of health plans, has soared to nearly 8.5 million. The hack is among the biggest health data breaches reported so far this year.
President Joe Biden's recent executive order for artificial intelligence encourages investment in AI while setting a vision for a regulatory framework to address issues involving AI technology safety, bias and other concerns in healthcare, said attorney Wendell Bartnick of the law firm Reed Smith.