Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Thumbnail

Patients impacted by phishing email scheme

Baylor Regional Medical Center has notified 1,981 patients that their information was compromised when some of the medical center's affiliated physicians responded to phishing emails.

Health IT Summit: Trust matters with privacy and security

BOSTON—Sometimes the best advice is to trust no one, or no device. “We don’t trust devices or users, and the internal network is considered untrusted,” said David Reis, vice president of IT governance, portfolio management and security at Lahey Hospital & Medical Center, discussing privacy and security during a panel session at the iHT2 Health IT Summit.

Catholic Health faces second breach in five months

For the second time in five months, patients’ information may have been compromised in a data breach at nine Washington hospitals and dozens of others in 17 states across the U.S., according to KIRO 7 TV.

Thumbnail

$4.8M HIPAA fine sets new record

The Department of Health and Human Services has laid down the gauntlet when it comes to security of patient data. New York-Presbyterian Hospital and Columbia University Medical Center together have agreed to pay a record-breaking $4.8 million to settle alleged HIPAA violations after the electronic protected health information of 6,800 patients wound up on Google in 2010.

Thumbnail

HITPC talks exchange of behavioral health, sensitive data

New technologies to facilitate the exchange of behavioral health data while ensuring that privacy and security protections are maintained were explored during the Health IT Policy Committee on May 6.

Transcription vendor fired after data breach

Boston Medical Center has fired its transcription service after the hospital learned that about 15,000 patients records were posted without password protection on the vendor’s web site used by physicians, reports the Boston Globe. 

Partners' take on BYOD security

BOSTON—“The only time I’ve had someone snap at me is when I suggested that we do something about BYOD [bring your own device],” said Jennings Aske, former chief information security and privacy officer for Partners HealthCare. Aske spoke at the Medical Informatics World Conference on April 29.

Bring your own device or bring your own disaster?

BOSTON--Healthcare organizations should take caution when allowing employees to bring their own device (BYOD) to work, as this can create privacy and security gaps and raise a number of legal issues if not handled appropriately, said Marti Arvin, chief compliance officer at the David Geffen School of Medicine at UCLA Health System, speaking at the Medical Informatics World Conference on April 28.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.