Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Hospitals, Epic sued after clinician allegedly accesses nude photos of 400+ patients
According to lawyers representing two of the plaintiffs, a shared EHR portal was used by a physical therapist at KU Health to access the sensitive photographs in what is being investigated as a data breach.
DaVita kidney care clinics hit by ransomware attack
The company said part of its network has been encrypted. However, it told the Securities and Exchange Commission it is still able to deliver dialysis care to patients.
UnitedHealth garnishing claims to recoup ‘loans’ from Change Healthcare hack
UnitedHealth Group said it is seeking repayment of “interest-free” advances distributed to providers struggling during the shutdown of claims processing caused by the ransomware attack on Change Healthcare.
UMMC sued after pharmacist allegedly hacked computers to spy on women
The academic medical center is accused of deploying lax security protocols that allowed an employee to access internet-connected cameras and private emails in acts of privacy invasion that lasted a decade.
Oracle Health denies cloud breached as second attack confirmed
Questions remain about the alleged breach on a legacy server at Oracle Health, as the nature of the attacks and scope of stolen data are still being investigated.

Around the world, healthcare still pays more than any other sector for data breaches

No industry has taken cybercrime on the chin more than healthcare over the past 13 years. That trend continues in 2024, as global data breaches cost healthcare $9.77 million between March 2023 and February 2024.

North Korean hospital hacker indicted in the US

A North Korean national who may or may not still reside in his home country has been indicted for allegedly leading ransomware attacks against U.S. hospitals.

UnitedHealth sued by pharmacists, providers hurt by Change Healthcare hack

The National Community Pharmacists Association and nearly 40 provider groups are seeking class-action status for their lawsuit against UnitedHealth Group and its subsidiaries. The plaintiffs argue they are still struggling to file claims after the February breach of Change Healthcare.

Nationwide IT outage leaves hospitals without EHRs

Many hospitals that use Epic were unable to access services, forcing them to operate on pen-and-paper and cancel non-emergency care delivery. The disruption was caused by an error with security vendor CrowdStrike.

Senators introduce bill to bolster healthcare cybersecurity

The Healthcare Cybersecurity Act would improve cooperation between HHS and CISA to ideally speed up the response to cyberattacks.

State attorneys general send warnings of Change Healthcare breach, urge residents to respond

Several state attorneys general have issued notices to residents regarding the Change Healthcare breach, asking them to sign up for credit monitoring and identity theft protection.

Change Healthcare notifies patients their medical records may have been taken in breach

A HIPAA notification posted to the company’s website said details about patients’ diagnoses and treatments may have been stolen by hackers.

Cybersecurity incident reporting rule would exclude insurers, vendors

Hospitals and provider groups have responded with confusion to a rule proposed by the Cybersecurity and Infrastructure Security Agency requiring hospitals and providers to comply with stringent reporting requirements that overlap with HIPAA.

Around the web

Cardiovascular Business

FDA announces new recall of Abbott heart pump accessories over significant safety risks

The mobile power units of certain HeartMate 3 and HeartMate II LVADs have been experiencing “sudden, unexpected performance issues” such as turning on, off or even restarting with no warning. These issues can potentially be fatal, according to an alert shared by the FDA.

Radiology Business

Tariffs threaten imaging access for patients, RBMA warns

Radiology practices are already operating on razor thin margins, with price increases prompting calls for congressional action to prevent further damage.

Radiology Business

Chinese radiology vendors dodge high tariffs with US-based factories

United Imaging and other manufacturers that have established American factories may remain insulated from the trade war.

Cybersecurity

Hospitals, Epic sued after clinician allegedly accesses nude photos of 400+ patients

DaVita kidney care clinics hit by ransomware attack

UnitedHealth garnishing claims to recoup ‘loans’ from Change Healthcare hack

UMMC sued after pharmacist allegedly hacked computers to spy on women

Oracle Health denies cloud breached as second attack confirmed

Around the web