HHS recently unveiled healthcare-specific cybersecurity performance goals (CPGs) with the intent of helping the sector prioritize the implementation of key security best practices.
On their surface, the voluntary CPGs are straightforward,...
Insurance brokerage company Keenan & Associates recently notified more than 1.5 million individuals of a data breach. Keenan provides insurance and risk management solutions for schools, colleges,...
Florida lawmakers have proposed new legal protections for businesses facing claims of negligence in data breach lawsuits in the recently introduced Florida House Bill No. 473.
Also known as the...
The healthcare sector was hit hard by data breaches in 2023, with more than 540 organizations reporting breaches to HHS last year. Ransomware remains a top threat to healthcare, as exemplified by the...
HHS has released sector-specific cybersecurity performance goals (CPGs) to help the sector prioritize key security actions and reduce risk. The voluntary CPGs consist of “essential” and...
Singing River Health System in Mississippi suffered a ransomware attack in August 2023 that resulted in a data breach. The breach impacted 252,890 individuals in total, according to a notice provided...
The Health Sector Cybersecurity Coordination Center (HC3) issued a sector alert to warn healthcare organizations of recent threat actor activity involving the abuse of ScreenConnect, a widely used...
The American Hospital Association (AHA) warned hospitals of a validated IT help desk social engineering scheme and encouraged hospitals to remain vigilant and notify the Federal Bureau of Investigation...
Identity and access management (IAM) is a framework of processes, policies, and technologies that monitor digital identities, manage authentication controls, and grant employees and end users access to information that is relevant to their...
Artificial intelligence (AI) continues to become ingrained into our society, and the regulations and guidance that govern it are evolving to match. In October 2023, President Biden issued an Executive Order on the Safe, Secure, and...
New York Attorney General Letitia James reached an agreement with Refuah Health Center over alleged failures to protect the private health information of patients, which led to a ransomware attack....
Missouri-based North Kansas City Hospital (NKCH) and its transcription subsidiary, Meritas Health Corporation, recently notified more than 500,000 individuals of a third-party data breach stemming from...
As the new year begins, the healthcare sector will undoubtedly continue to grapple with a significant volume of cybersecurity threats and challenges.
The year 2023 saw record-breaking data breach figures, with more than 540 organizations...
The Cybersecurity and Infrastructure Security Agency (CISA) published a cybersecurity advisory based on key findings that the agency uncovered during a risk and vulnerability assessment (RVA) conducted...
Illinois-based Harrisburg Medical Center (HMC) filed a data breach notice with the Maine Attorney General’s Office regarding a December 2022 breach. The breach impacted 147,826 individuals in...
The American Hospital Association (AHA) expressed dissatisfaction with parts of HHS’ recently released healthcare cybersecurity strategy, which was unveiled in early December. Specifically, the...
New York Attorney General (NYAG) Letitia James reached a settlement with Healthplex, a large dental insurance provider, following a data breach that occurred in November 2021. Healthplex agreed to pay...
Open-source software (OSS) is the foundation of modern software development, but it can also expose critical infrastructure sectors to cybersecurity risks, the HHS Health Sector Cybersecurity...
HHS released a concept paper outlining the department’s long-awaited healthcare cybersecurity strategy and establishing goals for improving the sector’s cybersecurity posture. The...
Genetic testing company 23andMe notified 6.9 million individuals that their personal information was compromised in October 2023. However, 23andMe had no evidence that there was a data security incident within its systems. Instead, threat...