Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Hackers were inside an Iowa hospital’s network for two weeks
St. Anthony Regional Hospital confirmed patient data was taken by cybercriminals, but the August incident is still being investigated.
Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015
A study from Microsoft on the impact of ransomware found unaffected nearby hospitals see a rise in stroke and cardiac arrest cases, in addition to an influx of patients.
Feds make it official: Change data breach was the largest in healthcare history, impacting 100M
Updated reporting from HHS shows UnitedHealth Group's estimate that roughly one-third of people in the U.S. would be affected was correct.
CMS contractor takes $1.2M loss after data breach, DOJ lawsuit
Federal Data Solutions allegedly failed to encrypt screenshots of patient data, stored on a server being paid for with Medicare funds.
Boston Children's physician group suffers data breach
Cybercrime group BrianLian took credit for the attack. It has been responsible for over 60 ransomware attacks in 2024 alone.

Phishing attack on AU Health exposes information of 417K people

The personal health information of 417,000 people may have been exposed following a phishing attack that targeted Augusta University (AU) Health in Augusta, Georgia.

August 28, 2018

Doctors, patients question privacy of medical records

After a note about a patient and her family was shared with another doctor, one physician looked at the benefits and consequences of having open medical records.

August 24, 2018

Judge approves Anthem's $115M settlement for data breach

Anthem, Inc.'s $115 million settlement for a data breach that exposed the personal information of millions has been approved by a federal judge, according to a report by Bloomberg Law.

August 20, 2018

More healthcare providers purchasing cyber insurance

With an increase of technology in the healthcare industry, providers now have a greater risk of being hacked and patient data being exposed. Due to that growing threat, more physicians are purchasing cyber insurance.

August 20, 2018

Survey: Only 18% of EHR safety guidelines fully implemented

Voluntary guidelines designed to increase the safety of electronic health records (EHRs) have yet to be implemented fully, according to a survey published in the Journal of the American Medical Informatics Association.

August 16, 2018

NIST releases guidelines for securing records on mobile devices

Healthcare organizations wondering how to better secure information can look to the National Cybersecurity Center of Excellence for advice after it recently released a new set of practice guidelines on how to better protect information in electronic health records (EHRs).

August 7, 2018

DNA testing companies agree to new data sharing rules

Genetic testing companies—including Ancestry and 23andMe—have agreed to new rules when it comes to sharing customers’ DNA with third-party companies, Fortune reported.

August 2, 2018

GSK reaches 4-year, $300M deal with 23andMe for genetic data

GlaxoSmithKline (GSK) announced a four-year, $300 million deal with 23andMe, a personal genomics and biotechnology company based in Mountain View, California. The British pharmaceutical company will have access to genetic information of 23andMe’s five million customers.

July 30, 2018

Around the web

Cardiovascular Business

Q&A: Why are cardiovascular devices involved in so many recalls? FDA policies may be to blame

Cardiovascular devices are more likely to be in a Class I recall than any other device type. The FDA's approval process appears to be at least partially responsible, though the agency is working to make some serious changes. We spoke to a researcher who has been tracking these data for years to learn more.

Cardiovascular Business

Cardiologist compensation still rising, especially in invasive and interventional cardiology

Updated compensation data includes good news for multiple subspecialties. The new report also examines private equity's impact on employment models and how much male cardiologists earn compared to females.

Cardiovascular Business

FDA’s tirzepatide decision creates uncertainty for patients—and leads to a lawsuit

When drugs are on the FDA’s shortage list, outsourcing facilities can produce their own compounded versions. When the FDA removed tirzepatide from that list with no warning, it created a considerable amount of chaos both behind the scenes and in pharmacies all over the country.

Cybersecurity

Hackers were inside an Iowa hospital’s network for two weeks

Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015

Feds make it official: Change data breach was the largest in healthcare history, impacting 100M

CMS contractor takes $1.2M loss after data breach, DOJ lawsuit

Boston Children's physician group suffers data breach

Around the web