Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Healthcare hacker sentenced to 10 years in prison
Robert Purbeck, 45, of Georgia was found with data on more than 132,000 individuals taken from various breaches, including multiple providers, a police station and a city government.
Ransomware group deploys ticking clock to threaten Georgia hospital
Memorial Hospital and Manor announced the data breach through Facebook on Nov. 3. The cybercrime group Embargo has taken credit for the incident, claiming to have 1.15TB of stolen information.
Hackers were inside an Iowa hospital’s network for two weeks
St. Anthony Regional Hospital confirmed patient data was taken by cybercriminals, but the August incident is still being investigated.
Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015
A study from Microsoft on the impact of ransomware found unaffected nearby hospitals see a rise in stroke and cardiac arrest cases, in addition to an influx of patients.
Feds make it official: Change data breach was the largest in healthcare history, impacting 100M
Updated reporting from HHS shows UnitedHealth Group's estimate that roughly one-third of people in the U.S. would be affected was correct.

doctor's open hand waiting for a payment

Emergency reimbursement for Change Healthcare breach ends in July

The last day for providers and suppliers to apply for Medicare reimbursement through the advanced payment program is July 12.

June 19, 2024

UnitedHealth needs to be solely responsible for HIPAA notifications after Change Healthcare breach, letters demand

The ONC has fallen short of plainly stating that UnitedHealth is required to send the notifications, leaving providers in regulatory limbo.

June 13, 2024

artificial intelligence cybersecurity cybercrime patient data privacy

HHS releases DDoS attack response plan

The Health Sector Cybersecurity Coordination Center's analysis details how healthcare organizations can thwart a botnet invasion.

June 7, 2024

Q&A: Healthcare cybersecurity advocate fears damage from Change Healthcare breach has only begun

Richard Staynings says the breach of Change Healthcare’s systems stems from consolidation, and the impact may devastate independent providers.

June 4, 2024

HHS: ‘Who is responsible for ensuring that individuals affected by the Change Healthcare breach receive notification?’

HHS’s Office for Civil Rights (OCR) has confirmed UnitedHealth Group can send out HIPAA-required notifications about the breach but stopped short of saying the company will be responsible for doing so.

June 3, 2024

Private equity investment in healthcare down 20% as regulatory pressures mount

Public sentiment has turned against private equity stakeholders in healthcare, and that isn't likely to change post-election.

May 28, 2024

100+ groups ask OCR for clarification on HIPAA requirements after Change Healthcare hack

In a letter dated May 20, a number of medical associations and physicians groups ask the OCR to force UnitedHealth Group to follow through on notifying patients that their data was taken by hackers.

May 22, 2024

money cybersecurity ransomware health IT data breach hacker

HHS launches $50M security initiative to thwart ransomware attacks at hospitals

The UPGRADE platform aims to automate the detection and patching of device-related security vulnerabilities at hospitals nationwide.

May 20, 2024

Around the web

Cardiovascular Business

Payment cuts and beyond: Key takeaways for cardiologists from the 2025 Medicare Physician Fee Schedule

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals.

AI in Healthcare

A modest proposal to rally AI regulators around a simple game plan

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

Cardiovascular Business

FDA commissioner urges clinicians to join fight against medical misinformation

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Cybersecurity

Healthcare hacker sentenced to 10 years in prison

Ransomware group deploys ticking clock to threaten Georgia hospital

Hackers were inside an Iowa hospital’s network for two weeks

Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015

Feds make it official: Change data breach was the largest in healthcare history, impacting 100M

Around the web