In its latest report, the US Government Accountability Office (GAO) called on HHS to improve the healthcare data breach reporting process. Specifically, GAO urged HHS to create a mechanism for entities...
Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), Cory Booker (D-NJ), and Rep. Sara Jacobs (D-CA) sent a letter asking the Federal Trade Commission (FTC) to launch an investigation into Apple and...
High-severity cybersecurity vulnerabilities in OFFIS DCMTK software could result in remote code execution (RCE) if exploited, the Cybersecurity and Infrastructure Security Agency (CISA) warned in a...
The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) released a joint cybersecurity advisory to warn organizations of continued...
As previously reported, Seattle-based company MCG Health suffered a data breach in March resulting from unauthorized access. The Seattle-based software company provides patient care guidelines to...
University of Pittsburgh Medical Center (UPMC) and Charles J. Hilton, PC, (CJH) agreed to a $450,000 settlement to resolve allegations relating to a 2020 healthcare data breach. UPMC had engaged...
Application Programming Interface (API) adoption is steadily increasing in the healthcare sector, but APIs do not come without cybersecurity risks. In fact, Gartner predicted that API attacks would...
In the wake of detailed allegations of patient privacy violations covered in a report co-published by The Markup and STAT, Meta (the parent company of Facebook) is facing a lawsuit over the use of its...
Yale New Haven Hospital (YNHH) informed an undisclosed number of individuals of a healthcare data breach that involved a radiology file. The file was created for research and was accidentally posted on...
Texas-based Baptist Medical Center and Resolute Health Hospital informed an undisclosed number of patients that its network was infected with malicious code, potentially resulting in protected health...
Two medical device vulnerabilities in select Hillrom electrocardiograph products may cause unauthorized access and security risks, a Cybersecurity and Infrastructure Security Agency (CISA) ICS advisory...
US Senators introduced the Health and Location Data Protection Act, which would ban data brokers from selling location and health data in anticipation of the potential repeal of Roe v. Wade.
Elizabeth...
The HHS Health Sector Cybersecurity Coordination Center (HC3) issued a brief with tips for strengthening cyber posture in healthcare.
HC3 defined cyber posture as “the overall strength of an...
Texas Tech University Health Sciences Center (TTUHSC) added 1.3 million to the total number of individuals impacted by the Eye Care Leaders (ECL) EMR data breach, bringing the total to over 2...
Yuma Regional Medical Center (YRMC) suffered a ransomware attack in late April that exposed the Social Security numbers and other personal information of thousands of individuals. In a notice posted on...
The Cloud Security Alliance (CSA) released this year’s “Top Threats to Cloud Computing” report, outlining the most prevalent security concerns that trouble cybersecurity experts...
The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) released version 3.3 of the HHS Security Risk Assessment (SRA) Tool.
ONC and OCR...
The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory containing tips...
The recently introduced Strengthening Cybersecurity for Medical Devices Act called on the US Food and Drug Administration (FDA) to review and update its medical device security guidelines more...
The HHS Office for Civil Rights (OCR) announced plans to produce a pre-recorded video presentation on the Health Information Technology for Economic and Clinical Health Act (HITECH) recognized security...