Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Rostislav Panev is facing fraud and cybercrime charges in Israel, where he has been accused of being a software developer for hacker group LockBit.
Data breach at chain of clinics impacts 450K patients
The Center for Vein Restoration has notified patients about a data breach that occurred in October, exposing financial and medical information on patients from across the U.S.
Nebraska becomes first state to sue Change Healthcare over data breach
State Attorney General Mike Hilgers said he decided to sue because of Change Healthcare's evident carelessness as well as its slowness to inform potential victims.
Christmas ransomware exposed over 300K patient records to dark web
Last Christmas, Anna Jaques Hospital in Massachusetts suffered a ransomware attack. Now, nearly a year later, it confirms hackers stole personal information on 316,342 patients.
Cryo-frozen tissue manufacturer suffers cyberattack
In an SEC filing, Artivion did not provide a lot of specifics. However, the incident appears to be a ransomware attack.

Ill. provider cleared in class-action lawsuit from breach

Advocate Medical Group has been cleared of wrongdoing in a class action lawsuit alleging the organization failed to protect patient data following a massive HIPAA data breach. 

August 18, 2015

Guide aims to help improve security of mobile devices

The National Cybersecurity Center of Excellence has released a draft for public comment of the first guide in a new series of publications that will show businesses and other organizations how to improve their cybersecurity using standards-based, commercially available or open-source tools. 

August 17, 2015

White House ups budget for cybersecurity efforts

The White House issued an update to President Obama's fiscal year 2016 budget request that seeks additional cybersecurity funding for several agencies, including the Department of Health and Human Services and the Department of Veterans Affairs. 

August 14, 2015

This week's 3 privacy & security developments

This week in health IT, there were three interesting developments all centered around the privacy and security of health data.

August 14, 2015

HITPC approves recommendations that drive better understanding of big data's privacy issues

More understanding of the privacy and security issues surrounding big data is needed to advance a learning healthcare system, according to the Health IT Policy Committee’s Privacy & Security Work Group.

August 12, 2015

94M records stolen so far this year

The records of 94 million patients have been stolen from healthcare entities so far this year, according to a report from conservative think tank American Action Forum. 

August 11, 2015

MIE faces class-action lawsuit after cyberattack

EHR vendor Medical Informatics Engineering is facing significant fallout from its recent cyberattack with an Indiana resident affected by the data breach filing a class-action lawsuit in federal court against the company, alleging the vendor did not adequately protect its software from a cyberattack.

August 10, 2015

HHS issues guide of HIPAA basics

In response to ongoing confusion about HIPAA, the Department of Health and Human Services has released a guide covering the basics of the law. 

August 5, 2015

Around the web

Cardiovascular Business

FDA says years-long tirzepatide shortage is resolved, will give limited leeway to compounders

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

AI in Healthcare

From Capitol Hill to a hospital near you? 5 federal recommendations for healthcare AI policy

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks.

Cardiovascular Business

Merck spends up to $2B to license new weight loss drug with potential heart benefits

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.

Cybersecurity

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks

Data breach at chain of clinics impacts 450K patients

Nebraska becomes first state to sue Change Healthcare over data breach

Christmas ransomware exposed over 300K patient records to dark web

Cryo-frozen tissue manufacturer suffers cyberattack

Around the web