News

Change Healthcare cyberattack fallout continues

April 23, 2024 - UPDATE 4/23/2024 - This article has been updated to reflect new information about the Change Healthcare cyberattack. UHG has not yet provided a formal breach notification to HHS following the cyberattack. In an April 22 update, UHG stated that the review of impacted data is "likely to take several months of continued analysis before...

Read More


Articles

HHS finalizes rule to strengthen reproductive health data privacy under HIPAA

by

The Biden-Harris administration, through HHS, issued a final rule to bolster patient privacy for those seeking and administering lawful reproductive healthcare. Entitled HIPAA Privacy Rule to Support...

Hearing on Change Healthcare cyberattack yields more questions for UHG

by

Lawmakers had many questions for UnitedHealth Group (UHG), the parent of Change Healthcare, at a March 16 House subcommittee hearing about the cyberattack that halted claims payments and disrupted...

Cerebral faces $7M FTC penalty over alleged health data security failures

by

Under a proposed order from the Federal Trade Commission (FTC), online mental healthcare platform Cerebral will be restricted from disclosing consumers’ personal health information to third...

FTC bans Monument from disclosing health data to third-party advertisers

by

The Federal Trade Commission (FTC) banned Monument, an alcohol addiction treatment service, from disclosing its users’ personal health data to third-party advertisers, following allegations that...

Physicians report widespread financial turmoil due to Change Healthcare cyberattack

by

As of April 3, UnitedHealth Group (UHG) had advanced nearly $4.7 billion to providers grappling with the aftermath of the Change Healthcare cyberattack. Even so, physician practices across the country...

Wisconsin health cooperative suffers 533K-record breach

by

Group Health Cooperative of South Central Wisconsin (GHC-SCW) notified more than 533,000 individuals of a data breach that resulted from a cyberattack. On January 25, GHC-SCW detected unauthorized...

Advanced cybersecurity performance translates to higher shareholder returns

by

Strong cybersecurity performance in healthcare is crucial for ensuring patient safety and operational continuity at all times, especially during a cybersecurity incident. But new research shows that...

AHA observes uptick in hospital IT help desk social engineering schemes

by

UPDATE 4/4/2024 - This article has been updated to include information from an HC3 sector alert. The American Hospital Association (AHA) has doubled down on its warning to the healthcare sector about...

MFA bypass results in breach at LA County Department of Mental Health

by

A multi-factor authentication (MFA) failure led to the exposure of patient information pertaining to the Los Angeles County Department of Mental Health (DMH), a report filed with the California...

HHS imposes $100K penalty on NJ facility over HIPAA right of access violations

by

The HHS Office for Civil Rights (OCR) imposed a $100,000 civil monetary penalty against Hackensack Meridian Health, West Caldwell Care Center, also known as Essex Residential Care, over HIPAA right of...

HHS reaches HIPAA right of access settlement with Phoenix Healthcare

by

The HHS Office for Civil Rights (OCR) announced a HIPAA right of access settlement with Oklahoma-based Phoenix Healthcare, marking the office’s 47th enforcement action under the HIPAA Right of...

Healthcare security culture steadily improving, but gaps remain

by

As the healthcare and pharmaceuticals sector continues to face a high volume of cyberattacks, maintaining a strong security culture remains a crucial element to maintaining a strong security posture....

HHS offers resource guide to providers impacted by Change Healthcare cyberattack

by

Healthcare providers nationwide are continuing to face financial and operational challenges in the aftermath of the Change Healthcare cyberattack, which began more than one month ago. In...

HC3 alerts shed light on two popular healthcare cyberattack tactics

by

The HHS Health Sector Cybersecurity Coordination Center (HC3) released two sector alerts recently, each highlighting a different cyber threat tactic that bad actors may use to facilitate healthcare...

New cyber legislation would provide advance payments to providers facing hacks

by

Senator Mark Warner (D-VA) has introduced the Health Care Cybersecurity Improvement Act of 2024, which would allow for advance and accelerated payments to providers in the event of a cybersecurity...

OCR updates HIPAA guidance on online tracking technologies

by

OCR recently released updated HIPAA guidance for covered entities and business associates who use online tracking technologies that exchange protected health information (PHI). The guidance addresses...

Change Healthcare cyberattack affecting hospital finances, care access

by

The majority of hospitals say the Change Healthcare cyberattack is negatively affecting their finances and hindering patient care access, according to a survey from the American Hospital Association...

MA hospitals losing $24M per day following Change Healthcare cyberattack

by

The Change Healthcare cyberattack is costing Massachusetts hospitals at least $24 million per day, according to the Massachusetts Health & Hospital Association (MHA). After Change...

63% of known exploited vulnerabilities found on healthcare networks

by

Healthcare networks and medical devices are highly vulnerable to cyberattacks, according to a recent study from cyber-physical systems protection company Claroty. The study found that 63 percent of...

Recent Articles