Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Rostislav Panev is facing fraud and cybercrime charges in Israel, where he has been accused of being a software developer for hacker group LockBit.
Data breach at chain of clinics impacts 450K patients
The Center for Vein Restoration has notified patients about a data breach that occurred in October, exposing financial and medical information on patients from across the U.S.
Nebraska becomes first state to sue Change Healthcare over data breach
State Attorney General Mike Hilgers said he decided to sue because of Change Healthcare's evident carelessness as well as its slowness to inform potential victims.
Christmas ransomware exposed over 300K patient records to dark web
Last Christmas, Anna Jaques Hospital in Massachusetts suffered a ransomware attack. Now, nearly a year later, it confirms hackers stole personal information on 316,342 patients.
Cryo-frozen tissue manufacturer suffers cyberattack
In an SEC filing, Artivion did not provide a lot of specifics. However, the incident appears to be a ransomware attack.

Spotlight on information security

This week was HIMSS’ Privacy and Security Forum and Clinical Innovation + Technology was there. We learned a little about the Office of Civil Rights’ plans for HIPAA audits, Boston Children’s Hospital’s experience with a cyberattack by Anonymous, the details of Aetna’s risk-based approach to information security, the alarming increase in healthcare-targeted cyberattacks and much more.

September 12, 2014

What keeps HIT security executives up at night

BOSTON—“What keeps me up at night is the unknown,” said Heather Roszkowski, chief information security officer at Fletcher Allen Healthcare, speaking on top health IT security concerns at HIMSS' Privacy and Security Forum on Sept. 9.

September 10, 2014

Tackling latent risks in health IT security

BOSTON—Although they lay dormant, latent risks pose real potential to undercut health IT security, Fernando Martinez, senior vice president and CIO of Texas-based Parkland Health and Hospital System, said at the HIMSS’ Privacy and Security Forum on Sept. 9.

September 10, 2014

Halamka shares info security advice

BOSTON—Despite changing security threats on a global scale, internal users just might be your organization’s biggest risk, said John Halamka, MD, CIO and acting CISO of Beth Israel Deaconess Medical Center in Boston, who spoke at HIMSS’ Privacy and Security Forum.

September 10, 2014

Marx: Leadership cornerstone to health IT security

BOSTON--How did IT security staff get the attention of executives at Texas Health Resources? By hacking into their email accounts, said Ed Marx, senior vice president and CIO at Texas Health Resources, speaking at HIMSS’ Privacy and Security Forum on Sept. 9.

September 10, 2014

Aetna CISO on risk-based approach to info security

BOSTON—“I take risks to manage risk more effectively,” said Jim Routh, Aetna’s chief information security officer, speaking at HIMSS’ Privacy and Security Forum on Sept. 8.

September 10, 2014

OCR official: No timeframe yet for audits, but expect more in-depth reviews

BOSTON—At the HIMSS’ Privacy and Security Forum on Sept. 9, Office of Civil Rights’ Senior Advisor of Health Information Privacy Linda Sanches declined to elaborate on a timeline for audits, noting that the agency still is entrenched in a technology upgrade that has thrown plans off schedule.

September 9, 2014

Healthcare cyberattacks increased 91% in one year

BOSTON—Targeted cyberattacks on healthcare organizations have increased 91 percent between 2012 and 2013, according to Nathan Russ, director of healthcare industry vertical for Symantec, who spoke at HIMSS’ Privacy and Security Forum on Sept. 8.

September 9, 2014

Around the web

Cardiovascular Business

FDA says years-long tirzepatide shortage is resolved, will give limited leeway to compounders

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

AI in Healthcare

From Capitol Hill to a hospital near you? 5 federal recommendations for healthcare AI policy

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks.

Cardiovascular Business

Merck spends up to $2B to license new weight loss drug with potential heart benefits

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.

Cybersecurity

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks

Data breach at chain of clinics impacts 450K patients

Nebraska becomes first state to sue Change Healthcare over data breach

Christmas ransomware exposed over 300K patient records to dark web

Cryo-frozen tissue manufacturer suffers cyberattack

Around the web