Health IT Security and HIPAA News

Pandemic-Era Telehealth Rules Set to Expire in May, Shifting HIPAA Compliance Obligations

by

The COVID-19 public health emergency (PHE) is set to end on May 11, marking the expiration of many pandemic-era support programs and lighter compliance obligations. As such, the HHS Office for Civil...

HHS Emphasizes EHR Cybersecurity Risks to Healthcare Sector

by

EHRs are poised to remain a crucial part of the healthcare industry, but the exploitation of patient data casts a shadow over its benefits. A recent HHS threat brief emphasized the need for healthcare...

DNS NXDOMAIN Flood DDoS Attacks Impacting Healthcare, HC3 Warns

by

HHS warned the healthcare sector of ongoing DNS NXDOMAIN flood distributed denial-of-service (DDoS) attacks that could pose significant threats to security and system availability. HHS'...

Microsoft, Fortra, Health-ISAC Crack Down On Cobalt Strike Abuse

by

Microsoft’s Digital Crimes Unit (DCU), along with cybersecurity software company Fortra and the Health Information Sharing and Analysis Center (Health-ISAC), are working together to disrupt...

HC3 Raises Concern Over KillNet DDoS Attacks Targeting Healthcare Sector

by

In just a few months since its emergence in 2022, pro-Russia hacktivist group KillNet has quickly evolved into a significant threat to the healthcare sector by executing distributed denial-of-service...

Tallahassee Memorial Provides Healthcare Data Breach Notice

by

Tallahassee Memorial HealthCare (TMH) provided a healthcare data breach notice to HHS following a February breach. The incident impacted 20,376 individuals in total. As previously reported, TMH began...

HSCC Releases Free Video Series Providing Healthcare Cybersecurity Awareness, Training to Clinicians

by

The Health Sector Coordinating Council (HSCC) Cybersecurity Working Group has released a free eight-part video series entitled “Cybersecurity for the Clinician.” The video series provides...

Attackers Increasingly Targeting Cloud Apps to Deliver Malware in Healthcare

by

Threat actors are increasingly abusing cloud apps to deliver malware in healthcare settings, Netskope revealed in its latest Threat Labs Report. Cloud-delivered malware increased from 38 percent to 42...

Illinois Medical Practice Settles Lawsuit After Data Breach Impacts 228K

by

Illinois Gastroenterology Group (IGG) has settled a class-action lawsuit for an undisclosed amount after a data breach puts the patient privacy of more than 227,943 individuals at risk. The lawsuit...

Nearly All US Acute Care Hospitals Transfer Data to Third Parties, Study Finds

by

University of Pennsylvania researchers found third-party tracking technologies on nearly all US nonfederal acute care hospital websites, a Health Affairs study revealed. Researchers studied all US...

Tracking Pixel Use Results in Data Breach at NY Hospital, 54K Impacted

by

NewYork-Presbyterian Hospital (NYP) is the latest healthcare organization to report a data breach stemming from its use of tracking and analytics tools. As previously reported, Meta, Google, and other...

Rise Interactive Faces Class Action Lawsuit Over Healthcare Data Breach

by

Rise Interactive Media & Analytics was hit with proposed a class action healthcare data breach lawsuit in the aftermath of a November 2022 breach.  The law firm Wolf Haldenstein, Adler...

Vendor Data Breach Impacts At Least 9 Healthcare Organizations

by

At least nine healthcare organizations recently reported a vendor data breach tied to Adelanto HealthCare Ventures (AHCV), a consulting company that specializes in Medicaid reimbursements. According...

Health-ISAC Annual Threat Report Sheds Light on Healthcare Cyber Threat Landscape

by

Health-ISAC released its annual threat report, providing insight into how healthcare cybersecurity experts view the current cyber threat landscape. More than 280 executives across Health-ISAC, CHIME,...

Maryland Hospital Reveals 30K Individuals Impacted by Ransomware Attack

by

Atlantic General Hospital has notified 30,704 patients of a ransomware attack that potentially compromised protected health information (PHI), a notice provided to the Maine Attorney General’s...

FDA to Refuse Medical Device Submissions For Cybersecurity Reasons Beginning in October

by

Effective immediately, the US Food and Drug Administration (FDA) will require medical device manufacturers to provide cybersecurity information in their premarket device submissions. Additionally,...

Fortra GoAnywhere MFT Vulnerability Impacts Blue Shield of CA

by

Blue Shield of California notified 63,341 individuals of a healthcare data breach that stemmed from the Fortra GoAnywhere vulnerability. One of Blue Shield’s providers, Brightline Medical...

Inadequate Healthcare Cybersecurity Maturity Jeopardizes Patient Privacy

by

The healthcare sector ranks lowest in several cybersecurity maturity domains, according to CYE's first Cybersecurity Maturity Report, which suggests that even organizations that handle highly...

CISA Looks Back On One Year of CIRCIA, Encourages Cyber Threat Sharing

by

President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) into law one year ago, requiring the Cybersecurity and Infrastructure Security Agency (CISA) to...

NY Law Firm Pays $200K Over Healthcare Data Security Failures

by

The office of New York Attorney General Letitia James announced a $200,000 settlement with law firm Heidell, Pittoni, Murphy, & Bach LLP (HPMB) for failing to implement proper healthcare data...