Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Hackers were inside an Iowa hospital’s network for two weeks
St. Anthony Regional Hospital confirmed patient data was taken by cybercriminals, but the August incident is still being investigated.
Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015
A study from Microsoft on the impact of ransomware found unaffected nearby hospitals see a rise in stroke and cardiac arrest cases, in addition to an influx of patients.
Feds make it official: Change data breach was the largest in healthcare history, impacting 100M
Updated reporting from HHS shows UnitedHealth Group's estimate that roughly one-third of people in the U.S. would be affected was correct.
CMS contractor takes $1.2M loss after data breach, DOJ lawsuit
Federal Data Solutions allegedly failed to encrypt screenshots of patient data, stored on a server being paid for with Medicare funds.
Boston Children's physician group suffers data breach
Cybercrime group BrianLian took credit for the attack. It has been responsible for over 60 ransomware attacks in 2024 alone.

Antibiotics, infection and patients who share hospital beds

Researchers have found that infections from Clostridium difficile, a bacterium that causes diarrhea and more serious intestinal conditions such as colitis, can pass from patient to patient after sharing the same hospital bed.

October 27, 2016

St. Joseph Health pays $2.14 million for patient information breach

St. Joseph Health (SJH) will be paying a $2.14 million settlement for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.

October 19, 2016

St. Jude Medical forms cyber security board

St. Jude Medical, a medical device maker in Saint Paul, Minnesota, is taking action to prevent cyber-threats from attacking the company.

October 19, 2016

Zotec Partners Achieves SOC-2 Security Certification

INDIANAPOLIS, IN – (October 12, 2016) – Zotec Partners (Zotec), an industry leader in revenue cycle and practice management services for hospital-based physician groups and health systems, is pleased to announce it has achieved SOC-2 Security certification. The SOC-2 certification is established by the American Institute of Certified Public Accountants (AICPA) in accordance with the SSAE 16 professional standards, and it focuses on a business's controls related to the security, availability, integrity, confidentiality, and privacy of information and systems.

October 13, 2016

Need answers? HHS covers 11 questions on HIPAA, cloud computing

The U.S. Department of Health and Human Services (HHS) has released a guide on HIPAA and cloud computing in an effort to improve the security of patient information.

October 10, 2016

Surgeon General investigating potential breach affecting healthcare workers

The personal information of 6,700 physicians and nurses overseen by the U.S. Surgeon General may have been compromised. 

October 7, 2016

Could hackers set their sights on your medical device?

Hackers are best known for stealing patient data through computers, but they may have added an entirely new avenue to encroach on your privacy—by infiltrating medical devices.

October 4, 2016

FDA annual clinical investigator course promotes safety, accuracy

The U.S. Food and Drug Administrations (FDA) has announced the seventh annual Clinical Investigator Training Course, in partnership with the University of Maryland's Center of Excellence in Regulatory Science and Innovation, will be held Nov. 7-9 for healthcare professionals around the world.

September 30, 2016

Around the web

Cardiovascular Business

Q&A: Why are cardiovascular devices involved in so many recalls? FDA policies may be to blame

Cardiovascular devices are more likely to be in a Class I recall than any other device type. The FDA's approval process appears to be at least partially responsible, though the agency is working to make some serious changes. We spoke to a researcher who has been tracking these data for years to learn more.

Cardiovascular Business

Cardiologist compensation still rising, especially in invasive and interventional cardiology

Updated compensation data includes good news for multiple subspecialties. The new report also examines private equity's impact on employment models and how much male cardiologists earn compared to females.

Cardiovascular Business

FDA’s tirzepatide decision creates uncertainty for patients—and leads to a lawsuit

When drugs are on the FDA’s shortage list, outsourcing facilities can produce their own compounded versions. When the FDA removed tirzepatide from that list with no warning, it created a considerable amount of chaos both behind the scenes and in pharmacies all over the country.

Cybersecurity

Hackers were inside an Iowa hospital’s network for two weeks

Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015

Feds make it official: Change data breach was the largest in healthcare history, impacting 100M

CMS contractor takes $1.2M loss after data breach, DOJ lawsuit

Boston Children's physician group suffers data breach

Around the web