Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Laptop stolen from car, 11.5K patients’ data at risk

A laptop theft was the cause of the latest breach, which impacted 11,500 patients at DaVita, a Colorado-based kidney care company. 

Upgrade process leads to stolen hard drive, breach

Updating physician services led to a breach that impacted 7,170 patients of University Hospitals in Cleveland.

Tennessee’s Health eShare Direct Project Reaches Milestone 1,000th Participant

Direct Technology has been adopted by 1,000 healthcare professionals across Tennessee thanks to Health eShare, a statewide initiative through the Office of eHealth Initiatives (OeHI) to implement Direct secure email technology.

ONC pilot simulates advanced patient privacy control over shared records

A pilot demonstration, conducted in collaboration with the Data Segmentation for Privacy effort of the Office of the National Coordinator for Health IT, has successfully demonstrated patient control over release of protected health information (PHI) during the exchange of EHRs. Pilot participants include the health IT program at The University of Texas at Austin, Jericho Systems Corporation and Conemaugh Health System.

Unsecured email puts PHI of 1,310 at risk

CaroMont Health in Gastonia, N.C., has notified 1,310 patients of the security compromise of their protected health information (PHI). A routine information security systems audit revealed that an unsecured email—sent to a trusted source outside the organization—was the source of the security lapse, according to a statement released by CaroMont and published by the Charlotte Observer.

Providers must rise to challenge of medical device cybersecurity

Medical devices are no longer standalone boxes, but parts of larger systems that are connected to other systems, speakers said during ECRI Institute's Oct. 23 webinar examining cybersecurity risks.

Massive breach impacts 729K patients

The theft of two laptops from an office at AHMC Healthcare in Alhambra, Calif., compromised the protected health information of approximately 729,000 patients, according to a notice published on the provider’s website.

Facebook photo is source of Arizona security breach

A Facebook photo that inadvertently captured a patient’s personal information was at the heart of a breach that took place at the University of Arizona Medical Center.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.