Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Breached Change Healthcare server lacked multifactor authentication, UnitedHealth CEO admits
UnitedHealth CEO Andrew Witty told the Senate Finance Committee that systems have been rebuilt “from scratch” in light of the oversight.
Kaiser Permanente exposed data on 13.4 million members to tech companies
Tracking technologies sent patient information to advertisers such as Microsoft, Google and Meta.
Hackers were inside Change Healthcare’s systems 9 days before attack
UnitedHealth Group confirms hackers have personal data on “a substantial proportion of people in America."
Atrium Health sued for violating patient privacy, sharing data with Facebook and Google
In a court filing, the plaintiffs claim Atrium Health used Meta's Pixel code on its website, resulting in patients receiving targeted ads.
Massive data trove from Change Healthcare hack now for sale on dark web
Cybercriminal group RansomHub claims to have protected health information from nearly every American.

HHS to investigate Change Healthcare cyberattack

“Given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers, OCR is initiating an investigation into this incident,” states a “Dear Colleague” letter from OCR director Melanie Fontes Rainer.

March 14, 2024

Change Healthcare cyberattack: A recap and update in 10 quotes

“This is what happens when everything merges and you only have one option.”

March 8, 2024

Provider orgs on Change Healthcare cybersecurity crisis: ‘Help!’

As the tsunami of the Change Healthcare cyberattack continues to inundate the healthcare landscape, the AMA and AHA have sent separate letters to federal officials calling for a lifesaver.

March 5, 2024

The American Hospital Association (AMA) is warning healthcare systems the Russians may attempt cyber attacks amid rising tensions of the war in Ukraine and the international community's response. #Ukraine #warinukraine #ukrainewar

Change Healthcare cyberattack outage now at 9 days

What was initially identified as “connectivity issues” last week has spiraled into a nine day (and counting) cybersecurity saga for UnitedHealth Group’s Change Healthcare.

February 29, 2024

money cybersecurity ransomware health IT data breach hacker

Cyberattack temporarily shuts down UnitedHealth’s Change Healthcare

The incident began Wednesday morning, with system update trackers noting “connectivity issues” before later confirming it was in fact a cybersecurity issue.

February 22, 2024

Notorious hospital cybervillain acknowledges guilt, heads to prison

An international cybercrime mastermind who compiled a long resumé of remote break-ins—including a hit that cost a major U.S. medical center $30 million—has pled guilty to two counts of conspiracy.

February 19, 2024

HCA Healthcare appoints Chad Wasserman as new chief information officer

Wasserman will now lead the full team of over 6,700 IT staff in providing the organization’s infrastructure, cloud services, automation, data engineering, software development and clinical technology initiatives.

February 6, 2024

healthcare technology safety hazards ECRI

ECRI: Top 10 healthcare technology hazards that are avoidable (by suppliers) and/or minimizable (by providers)

The nonprofit patient-safety organization says the list “reflects our judgment about which risks should be given attention now to help care providers, as well as device manufacturers, prioritize their patient safety efforts.”

January 31, 2024

Around the web

AI in Healthcare

Biden Administration itemizes AI accomplishments to date

Half a year after President Biden officially directed federal agencies in the executive branch’s bailiwick to “seize the promise and manage the risks” of AI, the White House has posted a status report.

Cardiovascular Business

‘Concerning’ data connect industry payments to cardiologists with medical device use

U.S. physicians often receive payments from medical device manufacturers and pharmaceutical companies. New research in JAMA found a connection between receiving such payments and using specific devices—should the industry be concerned?

Cardiovascular Business

Cardiology groups share key update: ABMS seeking feedback on proposed Board of Cardiovascular Medicine

Five of the largest U.S. medical societies focused on cardiovascular health are one step closer to seeing their paradigm-shifting proposal become a reality.

Cybersecurity

Breached Change Healthcare server lacked multifactor authentication, UnitedHealth CEO admits

Kaiser Permanente exposed data on 13.4 million members to tech companies

Hackers were inside Change Healthcare’s systems 9 days before attack

Atrium Health sued for violating patient privacy, sharing data with Facebook and Google

Massive data trove from Change Healthcare hack now for sale on dark web

Around the web