Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Rostislav Panev is facing fraud and cybercrime charges in Israel, where he has been accused of being a software developer for hacker group LockBit.
Data breach at chain of clinics impacts 450K patients
The Center for Vein Restoration has notified patients about a data breach that occurred in October, exposing financial and medical information on patients from across the U.S.
Nebraska becomes first state to sue Change Healthcare over data breach
State Attorney General Mike Hilgers said he decided to sue because of Change Healthcare's evident carelessness as well as its slowness to inform potential victims.
Christmas ransomware exposed over 300K patient records to dark web
Last Christmas, Anna Jaques Hospital in Massachusetts suffered a ransomware attack. Now, nearly a year later, it confirms hackers stole personal information on 316,342 patients.
Cryo-frozen tissue manufacturer suffers cyberattack
In an SEC filing, Artivion did not provide a lot of specifics. However, the incident appears to be a ransomware attack.

2,200 UPMC ED patients' information compromised

A data theft at an outside medical billing company has led to about 2,200 people treated at various University of Pittsburgh Medical Center (UPMC) emergency departments being notified that their records may have been illegally disclosed by an employee of Medical Management LLC (MML). MML and its affiliates provide billing services to healthcare providers throughout the United States, including to UPMC’s physician group Emergency Resource Management.  

May 26, 2015

NY breach impacts 90K

Almost 90,000 patients have been notified that their data may have been compromised after a former New York City Health and Hospitals Corp. employee improperly accessed and transmitted files containing protected health information.

May 26, 2015

Another major health-insurer hack attack, China again snooper of interest

CareFirst BlueCross BlueShield, which serves the Washington, D.C., area, has reported a hack into a database containing 1.1 million customer records.

May 21, 2015

Wearables raising possible policy concerns over privacy and security

Wearable fitness-monitoring devices are not only motivating Americans to exercise more. When combined with providers’ use of wearable computers and cloud-based storage, they’re also pushing the healthcare system to ask whether HIPAA lines are being crossed.

May 18, 2015

An important shift

This week in health IT a report found a disturbing change regarding data breaches. 

May 14, 2015

Indiana theft impacts data of 39K

Theft of a laptop and two hard drives from the car of an Indiana State Medical Association administrator is the source of a data breach impacting 39,090 members of its group health and life insurance plans.

May 14, 2015

Hospital creates IS analyst position to increase awareness

BOSTON—When Union Hospital was going to implement a new EMR, the organization took advantage of the opportunity to also implement an infrastructure with greater information security. CIO Anne Lara, EdD, RN, CNE, CPHIMS, shared the hospital's experience during a presentation at Medical Informatics World. 

May 13, 2015

'Act and act quickly' on privacy and security concerns

BOSTON—If you apply privacy and security policies and procedures inconsistently, you will create problems, according to Lassaad Fridhi, information privacy and security officer for Commonwealth Care Alliance, speaking at Medical Informatics World.

May 12, 2015

Around the web

Cardiovascular Business

FDA says years-long tirzepatide shortage is resolved, will give limited leeway to compounders

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

AI in Healthcare

From Capitol Hill to a hospital near you? 5 federal recommendations for healthcare AI policy

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks.

Cardiovascular Business

Merck spends up to $2B to license new weight loss drug with potential heart benefits

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.

Cybersecurity

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks

Data breach at chain of clinics impacts 450K patients

Nebraska becomes first state to sue Change Healthcare over data breach

Christmas ransomware exposed over 300K patient records to dark web

Cryo-frozen tissue manufacturer suffers cyberattack

Around the web