Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Hackers were inside an Iowa hospital’s network for two weeks
St. Anthony Regional Hospital confirmed patient data was taken by cybercriminals, but the August incident is still being investigated.
Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015
A study from Microsoft on the impact of ransomware found unaffected nearby hospitals see a rise in stroke and cardiac arrest cases, in addition to an influx of patients.
Feds make it official: Change data breach was the largest in healthcare history, impacting 100M
Updated reporting from HHS shows UnitedHealth Group's estimate that roughly one-third of people in the U.S. would be affected was correct.
CMS contractor takes $1.2M loss after data breach, DOJ lawsuit
Federal Data Solutions allegedly failed to encrypt screenshots of patient data, stored on a server being paid for with Medicare funds.
Boston Children's physician group suffers data breach
Cybercrime group BrianLian took credit for the attack. It has been responsible for over 60 ransomware attacks in 2024 alone.

Presence Health first to be fined for delayed breach notification

HHS’s Office of Civil Rights (OCR) announced its first HIPAA enforcement action based solely on a healthcare facility not reporting a data breach in a timely manner. 

January 11, 2017

Foreign government suspected in Anthem cyber security breach

The California Department of Insurance has released its findings and settlement agreement in regards to the security breach of the insurance company Anthem. More than 78 million patient records, 12 million belonging to minors, were breached on January 27, 2015.

January 9, 2017

Wearables and the risk to users' data privacy

Most people don’t realize the risks to privacy and security posed by wearable devices. A report by researchers at American University and the Center for Digital Democracy includes recommendations and explanations for the primary concerns associated with wearable technologies.

December 16, 2016

Mumps outbreaks plague college campuses

There have been more mumps outbreaks in 2016, particularly on college campuses, than in decade prior, alarming the medical community and the government.

December 6, 2016

Connected medical devices are not as safe as they seem

Connected devices, meant to improve patient outcomes, are able to be turned against those they were meant to help, all thanks to hackers. Now, the healthcare system is struggling to keep such devices safe.

December 1, 2016

HIMSS eyes 3 main topics to improve homeland security

The U.S. Department of Homeland Security released its Draft National Cyber Incident Response Plan (NCIRP) in September. Now, the Healthcare Information and Management Systems Society (HIMSS) has written a letter focusing on three main topics to improve the plan.

November 2, 2016

FDA finds 17 hospitals failed medical device reporting standards

The FDA had held regulatory meetings with multiple hospitals that have had differences from the Medical Device Reporting Regulation (21 CFR Part 803) and not given responses. 

October 31, 2016

Are we truly taking advantage of technology?

Getting a new device brings everyone excitement; how will my life change using this, will others notice it, and what can this device do for me, are all questions people ask when unboxing their new technology. In an age filled with an endless stream of new products, are we actually taking advantage of the devices around us?

October 28, 2016

Around the web

Cardiovascular Business

Q&A: Why are cardiovascular devices involved in so many recalls? FDA policies may be to blame

Cardiovascular devices are more likely to be in a Class I recall than any other device type. The FDA's approval process appears to be at least partially responsible, though the agency is working to make some serious changes. We spoke to a researcher who has been tracking these data for years to learn more.

Cardiovascular Business

Cardiologist compensation still rising, especially in invasive and interventional cardiology

Updated compensation data includes good news for multiple subspecialties. The new report also examines private equity's impact on employment models and how much male cardiologists earn compared to females.

Cardiovascular Business

FDA’s tirzepatide decision creates uncertainty for patients—and leads to a lawsuit

When drugs are on the FDA’s shortage list, outsourcing facilities can produce their own compounded versions. When the FDA removed tirzepatide from that list with no warning, it created a considerable amount of chaos both behind the scenes and in pharmacies all over the country.

Cybersecurity

Hackers were inside an Iowa hospital’s network for two weeks

Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015

Feds make it official: Change data breach was the largest in healthcare history, impacting 100M

CMS contractor takes $1.2M loss after data breach, DOJ lawsuit

Boston Children's physician group suffers data breach

Around the web