The healthcare sector suffered more ransomware attacks than any other critical infrastructure sector last year, according to complaint data examined in the Federal Bureau of Investigation’s 2023...
Lurie Children's Hospital in Chicago has restored its Epic EHR platform and other key systems following a cyberattack that began on January 31st, the hospital stated. MyChart remains unavailable as...
HHS released a statement regarding the Change Healthcare cyberattack and shed light on immediate steps that CMS is taking to assist providers during this time. The announcement follows multiple...
Indiana Attorney General Todd Rokita filed a lawsuit against Apria Healthcare over a data breach that unfolded between April 2019 and October 2021. Apria is a leading provider of home medical equipment...
UPDATE 3/5/2024 - This article has been updated to include excerpts from a letter that the AHA sent to UnitedHealth Group.
Optum has launched a temporary funding assistance program to help...
The National Institute of Standards and Technology (NIST) released version 2.0 of its Cybersecurity Framework (CSF), which is broadly used to reduce cyber risk across critical infrastructure....
The Medical Group Management Association (MGMA) urged HHS to use “all the tools at its disposal” to mitigate the impacts of the Change Healthcare cyberattack on medical groups in a letter...
The Healthcare and Public Health (HPH) Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) announced the publication of its “Health Industry Cybersecurity Strategic Plan”...
Surveyed healthcare organizations that used the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) as their primary framework saw lower cyber insurance premium...
The HHS Office for Civil Rights (OCR) delivered two reports to Congress on HIPAA compliance and enforcement efforts logged by the department during the 2022 calendar year. HHS is required to...
Green Ridge Behavioral Health agreed to pay $40,000 and implement corrective actions to resolve a ransomware investigation conducted by the HHS Office for Civil Rights (OCR). This marks the second-ever...
Quest Diagnostics reached a $5 million settlement to resolve allegations that the company illegally disposed of hazardous waste, medical waste, and protected health information (PHI) at its California...
The US Department of Justice (DOJ) and UK authorities announced the disruption of the LockBit ransomware group at a press conference held in London on February 20. LockBit was a notorious ransomware...
The HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published the final version of Special Publication (SP) 800-66 Revision 2, aimed at helping covered...
The US Government Accountability Office (GAO) issued recommendations to HHS surrounding its oversight of ransomware practices across the sector in a recent report. The report assessed four federal...
US Senators Angus King (I-ME) and Marco Rubio (R-FL) introduced the Strengthening Cybersecurity in Health Care Act, aimed at bolstering cybersecurity efforts within HHS.
Specifically, the act would...
US Senator Ron Wyden (D-OR) sent a letter to the Federal Trade Commission (FTC) and Securities and Exchange Commission (SEC) chairs urging them to hold a data broker accountable for alleged misleading...
UPDATE 2/13/24 - This article has been updated to reflect new information about the cyberattack on Lurie Children's Hospital.
Lurie Children's Hospital has entered its third week of...
The Health Sector Cybersecurity Coordination Center (HC3) issued an analyst note about Akira ransomware, a group that has been active since at least May 2023. In its short tenure, Akira has conducted...
HHS, via the Office for Civil Rights (OCR) and the Substance Abuse and Mental Health Services Administration (SAMHSA), announced its finalized changes to the Confidentiality of Substance Use...