Health sector breaches recently reported to the US Department of Health and Human Services (HHS) include a network disruption affecting more than 250,000 patients at Bay Bridge Administrators, a network intrusion affecting more than 60,000 patients at Circles of Care Providers, and a data exposure affecting more than 35,000 patients at the Elizabeth Hospice. Note …
CentraState Medical Center in New Jersey is operating under electronic health record (EHR) downtime following a cybersecurity incident that began last month. The medical center is also sending patients to other hospitals in the area due to the IT disruptions. Note Despite LockBit’s actions, hospitals and medical remain top targets for attackers. Even so, don’t …
Updated on 2023-01-05: SickKids ransomware attack The LockBit ransomware gang has apologized for its attack on the Sick Kids Hospital chain and released a free decrypter to help the victim recover files without paying. Updated on 2023-01-02 LockBit apologized for the attack on SickKids, Canada, and released a free decryptor for the hospital. It claimed …
US Senator Mark Warner (D-Virginia) wants the Department of Health and Human Services. And the Cybersecurity and Infrastructure Security Agency (CFISA) to improve their collaboration in their efforts to protect the health care sector from cyberattacks. Warner has published a policy options paper that addresses “various challenges and proposals aimed at changing the way that …
Updated on 2022-11-07: Iranian threat actors The security team at the US Department of Health and Human Services has a summary [PDF] of Iran-based threat actors and their most common TTPs. Overview: US HHS Brief on Iranian Threat Actors and Healthcare The US Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center …
Updated on 2022-10-26 Advocate Aurora Health informed the federal government that it suffered a privacy breach involving unauthorized access or disclosure of patient details, blaming Google and Facebook web tracking technologies. Read more: Health Entity Says Tracking Code Breach Affects 3 Million Overview The Advocate Aurora Health (AAH) network, which operates in Wisconsin and Illinois, …
Updated on 2022-12-08: Medibank Shut Down Systems Over the Weekend to Make Security Improvements Over the weekend, Australian health insurance company Medibank took its IT systems offline, closed its branches, and brought in Microsoft’s response team to help them make security improvements. Medibank suffered a cyber security breach in October and is still reeling from …
A former physician has pleaded guilty to violating the US Health Insurance Portability and Accountability Act (HIPAA). Frank Alario pleaded guilty “to conspiring to wrongfully disclose patients’ individually identifiable health information to pharmaceutical sales representative Keith Ritson in violation of the criminal provisions of the Health Insurance Portability and Accountability Act (HIPAA).” Ritson is scheduled …
Updated on 2022-10-07 A cancer testing laboratory based in the US state of Georgia has reported a second data breach within just six months. In early July, Cytometry Specialists, dba CSI Laboratories, learned that it had been the victim of a phishing attack. The company reported the incident to federal regulators on September 26. CSI …
Updated on 2022-10-17: Advanced incident Advanced, one of the biggest IT providers for the UK NHS, disclosed a security breach last week, admitting they had their IT network compromised following an infection with the LockBit 3.0 ransomware. “The threat actor initially accessed the Advanced network using legitimate third-party credentials to establish a remote desktop (RDP) …
Updated on 2022-12-08 Patients of at least seven Washington state hospitals affiliated with CommonSpirit have been impacted by the breach of the hospital chain in October, revealed investigation. Read more: CommonSpirit Health Provides Cyberattack Update and Notification of Data Breach Involving Virginia Mason Franciscan Health in Washington state Updated on 2022-12-04: CommonSpirit finally notifies of …
The Health Sector Coordinating Council Cybersecurity Working Group has asked the US National Institute of Standards and Technology (NIST) to provide guidance for small and lesser-sourced healthcare organizations. The request comes in response to NIST’s request for comment on SP 800-66r2 initial public draft; it asks NIST to “create an entirely separate document specifically for …
Updated on 2022-09-30 Managed care company Magellan Health will pay $1.43 million to settle a lawsuit filed in the wake of a 2019 data breach. In May 2019, Magellan subsidiary Magellan Rx Management suffered a phishing attack that led to the compromise of sensitive personal information belonging to 273,000 patients. While Magellan learned about the …
The US Food and Drug Administration (FDA) appropriations bill has passed, but cybersecurity provisions introduced in the House version were removed when the bill went to Senate. The bill gives the FDA the authority to collect fees from healthcare organizations for reviewing new drugs and medical devices. Note This is an unfortunate victory for the …
Updated on 2022-09-28: Healthcare services organization spills data West Virginia-based Physician’s Business Office notified 196,573 individuals about a breach that exposed their personal data and Protected Health Information (PHI). Hackers could have accessed patient names, SSNs, driver’s licenses, treatments, diagnoses, contact details, disability codes, prescription information, and health insurance account details. Overview West Virginia-based Physician’s …
