Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Rostislav Panev is facing fraud and cybercrime charges in Israel, where he has been accused of being a software developer for hacker group LockBit.
Data breach at chain of clinics impacts 450K patients
The Center for Vein Restoration has notified patients about a data breach that occurred in October, exposing financial and medical information on patients from across the U.S.
Nebraska becomes first state to sue Change Healthcare over data breach
State Attorney General Mike Hilgers said he decided to sue because of Change Healthcare's evident carelessness as well as its slowness to inform potential victims.
Christmas ransomware exposed over 300K patient records to dark web
Last Christmas, Anna Jaques Hospital in Massachusetts suffered a ransomware attack. Now, nearly a year later, it confirms hackers stole personal information on 316,342 patients.
Cryo-frozen tissue manufacturer suffers cyberattack
In an SEC filing, Artivion did not provide a lot of specifics. However, the incident appears to be a ransomware attack.

Lost mobile device impacts 1,800 home infusion patients

The loss of an unencrypted handheld Palm device in the Continuum Home Infusion unit of the University of Virginia Medical Center has resulted in a data breach of protected health information. More than 1,800 patients or potential patients were affected.

December 4, 2012

HHS updates HIPAA enforcement

The Office for Civil Rights within the Department of Health and Human Services (HHS) has resolved 68,896 HIPAA complaints out of 75,474 filed, or 91 percent of all complaints, since HIPAA went into effect in April 2003. 

November 29, 2012

Weekly roundup: Breaches back in the news

Data breaches are back in the news after a few weeks with no reported incidents. More than 100,000 clients of a home monitoring firm were impacted when a company laptop wasstolen from an employee’s car. In Arkansas, the University of Arkansas for Medical Sciences is notifying approximately 1,500 patients of a medical records breach involving a resident physician who was terminated in 2010.

November 29, 2012

Stolen home monitoring firm laptop impacts 116K

A data breach, resulting from the theft of a laptop from the locked vehicle of a home monitoring company employee, has resulted in the notification of 116,000 potentially impacted individuals.

November 28, 2012

Arkansas breach due to terminated resident

The University of Arkansas for Medical Sciences is notifying approximately 1,500 patients of a medical records breach involving a resident physician who was terminated in 2010.

November 27, 2012

Patients want to control the privacy of their health info

Patients desire granular privacy control over their electronic health information, according to research published online Nov. 26 by the Journal of the American Medical Informatics Association.

November 26, 2012

N.H. court orders hospital to grant EHR access for hep C outbreak case

In an effort to determine how many patients have come in contact with a lab technician accused of spreading hepatitis C, New Hampshire's Merrimack County Superior Court ordered Exeter Hospital to provide public health officials with access to the hospital's EHR system, so an investigation into the hepatitis C outbreak can continue.

November 6, 2012

EHRs need to improve teens' privacy, say pediatricians

EHR technology requires changes to protect the medical privacy of adolescent patients, the American Academy of Pediatrics says in a new policy statement.

November 6, 2012

Around the web

Cardiovascular Business

FDA says years-long tirzepatide shortage is resolved, will give limited leeway to compounders

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

AI in Healthcare

From Capitol Hill to a hospital near you? 5 federal recommendations for healthcare AI policy

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks.

Cardiovascular Business

Merck spends up to $2B to license new weight loss drug with potential heart benefits

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.

Cybersecurity

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks

Data breach at chain of clinics impacts 450K patients

Nebraska becomes first state to sue Change Healthcare over data breach

Christmas ransomware exposed over 300K patient records to dark web

Cryo-frozen tissue manufacturer suffers cyberattack

Around the web