Healthcare Information Security

Cybersecurity in Healthcare

Philips IntelliVue Information Center Hit By Cybersecurity Vulnerability

by Fred Donovan

Philips IntelliVue Information Center iX central patient monitoring system has a cybersecurity vulnerability that could result in the operating system becoming unresponsive due to a network attack, the ICS-CERT warned in an August 21...

Philips Delays Fix for Cardiograph Cybersecurity Vulnerabilities

by Fred Donovan

Philips does not intended to fix cybersecurity vulnerabilities in its PageWriter Cardiograph devices, which could allow attackers to modify settings on the devices, until mid-year 2019, according to an August 16 advisory from...

Cybersecurity Vulnerabilities Lurk in Philips IntelliSpace System

by Fred Donovan

ICS-CERT is warning about cybersecurity vulnerabilities in Philips’ IntelliSpace Cardiovascular (ISCV) cardiac image and information management systems that could enable an attacker to escalate privileges on the ISCV server and...

McAfee Uncovers Cybersecurity Vulnerabilities in Patient Monitors

by Fred Donovan

McAfee Labs has discovered cybersecurity vulnerabilities in a protocol used by patient monitors to communicate with central monitoring stations. If hackers could exploit the weakness in the RWHAT protocol used by connected medical devices...

Medtronic Criticized for Lax Medical Device Security Response

by Fred Donovan

Researchers Billy Rios and Jonathan Butts criticized Medtronic’s response to medical device security issues in its products during a presentation at the BlackHat security conference held last week in Las Vegas. The researchers said...

ICS-CERT Flags Medtronic Devices for Cybersecurity Vulnerabilities

by Fred Donovan

A Medtronic patient monitor and an insulin pump were flagged this week by ICS-CERT for cybersecurity vulnerabilities that could expose sensitive data to attackers. The Medtronic MyCareLink patient monitor suffers from insufficient...

Man Convicted of DDoS Attack Against Boston Children’s Hospital

by Fred Donovan

Martin Gottesfeld of Somerville, Massachusetts, was convicted by a federal jury of carrying out a DDoS attack against Boston Children’s Hospital and against Wayside Youth and Family Support Network, the Department of...

SamSam Ransomware Attacks Net Creator $6M So Far

by Fred Donovan

SamSam ransomware attacks, which have targeted healthcare organizations, has netted its creator $6 million so far, according to a recent report by security firm Sophos. Three-quarters of the victims are based in the United States, and the...

Accidents Were Most Frequent Cause of Healthcare Data Breaches

by Fred Donovan

In the second quarter of 2018, the most frequent cause of healthcare data breaches was accidental disclosures, according to incidents reported to the Beazley Breach Response Services team.  Accidental disclosures made up 38 percent...

Half of US Adults Are Anxious About Healthcare Data Security

by Fred Donovan

Around half of US adults (49%) are extremely or very concerned about their healthcare data security, such as diagnoses, health history, and test results, according to a survey of more than 2,000 US adults by The Harris Poll on behalf of...

CMS Would Drop Security Risk Analysis from Interoperability Score

by Fred Donovan

CMS is proposing that the Protect Patient Health Information objective and its associated measure, security risk analysis, would no longer be scored as a measure but would act as a prerequisite for a participating clinician to earn any...

HHS Fails To Fix Cybersecurity Vulnerabilities, Putting PHI At Risk

by Fred Donovan

HHS has failed to remedy cybersecurity vulnerabilities in its systems that could put PHI at risk, warned the GAO in a report released July 25. The GAO cited problems at CMS that threaten to compromise Medicare beneficiary data and the...

C-Suite May Lack Awareness of Healthcare Supply Chain Risk

by Fred Donovan

A majority of healthcare industry respondents think their organization’s leadership may lack awareness of healthcare supply chain risk, according to a survey by Vanson Bourne on behalf of endpoint security firm CrowdStrike. A full...

Despite Flashy Attacks, Healthcare Ransomware Attacks Decline

by Fred Donovan

Even with some well-publicized ransomware attacks against healthcare organizations this year, such as Allscripts and LabCorp, healthcare ransomware attacks are on the decline, according to the latest analysis by cybersecurity firm...

Strong Healthcare Data Security Needed for EHR Use in Clinical Trials

by Fred Donovan

The FDA is recommending that organizations and individuals conducting clinical investigations have strong healthcare data security and privacy controls in place when using EHR data for agency-regulated research. In its recently issued Use...

Cass Regional Finally Recovers from Devastating Ransomware Attack

by Fred Donovan

Cass Regional Medical Center finally has its EHR system back online and is no longer diverting emergency patients to other hospitals a week after it suffered a ransomware attack. The initial attack, reported by the Missouri-based hospital...

Response to Spectre, Meltdown Cybersecurity Vulnerabilities Queried

by Fred Donovan

US lawmakers want answers from the Software Engineering Institute’s (SEI) CERT Coordination Center (CERT-CC) to questions about the industry's response to the Spectre and Meltdown cybersecurity vulnerabilities disclosed in...

LabCorp’s Network Security Breach May Have Exposed PHI of Millions

by Fred Donovan

After recently dodging a legal bullet over an alleged HIPAA violation, LabCorp is now facing a network security breach that forced the North Carolina-based laboratory diagnostics firm to shut down its IT network, possibly placing PHI of...

Allscripts Wants Ransomware Attack Class-Action Lawsuit Dismissed

by Fred Donovan

EHR vendor Allscripts wants a district court judge in Illinois to dismiss a class-action lawsuit filed by Florida-based Surfside Non-Surgical Orthopedics over the SamSam ransomware attack that encrypted patient data and took...

MedEvolve Cops to Healthcare Data Breach With PHI on 200K at Risk

by Fred Donovan

Arkansas-based practice management software provider MedEvolve has finally copped to a healthcare data breach at one of its customers, Premier Immediate Medical Care, which may have impacted more than 200,000 current and former patients of...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...