Cybersecurity: $18M settlement with Yale New Haven | Russians hit PBM | Ransomware spurs 'Code Black' | Nursing homes hacked

The settlement fund is being established for victims of the March 8 data breach, with a hearing to finalize the agreement scheduled for March 2026. Yale New Haven Health System denies any wrongdoing.

Hackers at Qilin claimed credit for a data breach at MedImpact, a pharmacy benefit manager serving insurance plans. The company said the incident is still under investigation, and so far it appears no protected health information was compromised.

A “cybersecurity incident” at Heywood Healthcare forced it to halt all emergency services at one of its hospitals. Details on what happened remain largely unclear. 

Family West Health, a 25-bed facility, said it spotted a cyberattack this week that forced it to shut down IT systems. However, it confirmed patient care was not impacted.

Healthcare Interactive confirmed the cyberattack in a statement released last week; however the details have yet to be reported to HHS. The incident happened in July. 

In a new report, Proofpoint and the Ponemon Institute surveyed 677 health IT professionals to understand the impact cybersecurity incidents have on patient care. 

The number is almost double initial estimates. With final data breach notifications now sent, UnitedHealthcare said its investigation into the February 2024 ransomware attack is coming to a close.

The ransomware attack on Integris Health, a nonprofit health system in Oklahoma, happened in late 2023. Victims of the breach said they were extorted by hackers directly.

A former executive at Verily is suing the company, alleging he was fired after reporting the incidents to management. The misuses of data, if true, would constitute HIPAA violations.

The incident at Methodist Homes is now over a year old but was only recently disclosed to the public. The nature of the data breach remains unknown; however, it has been confirmed that hackers accessed protected health information.