Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Rostislav Panev is facing fraud and cybercrime charges in Israel, where he has been accused of being a software developer for hacker group LockBit.
Data breach at chain of clinics impacts 450K patients
The Center for Vein Restoration has notified patients about a data breach that occurred in October, exposing financial and medical information on patients from across the U.S.
Nebraska becomes first state to sue Change Healthcare over data breach
State Attorney General Mike Hilgers said he decided to sue because of Change Healthcare's evident carelessness as well as its slowness to inform potential victims.
Christmas ransomware exposed over 300K patient records to dark web
Last Christmas, Anna Jaques Hospital in Massachusetts suffered a ransomware attack. Now, nearly a year later, it confirms hackers stole personal information on 316,342 patients.
Cryo-frozen tissue manufacturer suffers cyberattack
In an SEC filing, Artivion did not provide a lot of specifics. However, the incident appears to be a ransomware attack.

Class action lawsuit filed against CHS

Several months after Chinese hackers accessed the personal health information of 4.5 million Community Health Systems patients, a class action lawsuit has been filed against the system alleging failure to implement and follow security procedures.

October 10, 2014

Balancing data analytics with patient privacy

CHICAGO—How to leverage healthcare data while protecting patient privacy is not a new question but “the dimensions have gotten significantly bigger,” said Deven McGraw, JD, partner in the healthcare practice of Manatt, Phelps & Phillips, speaking at the 2014 Healthcare Leadership Forum.

October 9, 2014

FDA unveils medical device cybersecurity guidance

The FDA’s Center for Devices and Radiological Health has issued its long-awaited final guidance on cybersecurity issues that manufacturers should consider when designing and developing medical devices and preparing for premarket submissions.

October 1, 2014

Mail merge error affects 418 patients

A mail merge mix-up is the cause of the latest breach.

October 1, 2014

Clinic chain breach hits 2,500 patients

American Family Care is offering one year of identity protection services to nearly 2,500 patients after two laptops were stolen from an employee’s car in July.

September 29, 2014

Good time for security advice

A conference this week offered lots of advice and warnings about data security so they can be ready for both HIPAA audits and cyberattackers.

September 26, 2014

Defending critical infrastructure from cyber attacks

NH-ISAC, the nation's Healthcare and Public Health Information Sharing and Analysis Center, is hard at work securing critical infrastructure in all sectors of the U.S., including healthcare, Deborah Kobza, the organization's executive director and CEO, said during the National Institute of Standards and Technology and the Office of Civil Rights’ joint conference, “Safeguarding Health Information: Building Assurance through HIPAA Security,” on Sept. 24.

September 25, 2014

Good security compliance requires passion

During the joint conference on mobile device security hosted by the Dept. of Health and Human Services Office of Civil Rights and the National Institute of Standards and Technology on Sept. 24, Daniel Solove, the John Marshall Harlan research professor of law at the George Washington University Law School, talked about how to wake up the C-suite to the importance of good security.

September 25, 2014

Around the web

Cardiovascular Business

FDA says years-long tirzepatide shortage is resolved, will give limited leeway to compounders

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

AI in Healthcare

From Capitol Hill to a hospital near you? 5 federal recommendations for healthcare AI policy

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks.

Cardiovascular Business

Merck spends up to $2B to license new weight loss drug with potential heart benefits

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.

Cybersecurity

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks

Data breach at chain of clinics impacts 450K patients

Nebraska becomes first state to sue Change Healthcare over data breach

Christmas ransomware exposed over 300K patient records to dark web

Cryo-frozen tissue manufacturer suffers cyberattack

Around the web