Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Rostislav Panev is facing fraud and cybercrime charges in Israel, where he has been accused of being a software developer for hacker group LockBit.
Data breach at chain of clinics impacts 450K patients
The Center for Vein Restoration has notified patients about a data breach that occurred in October, exposing financial and medical information on patients from across the U.S.
Nebraska becomes first state to sue Change Healthcare over data breach
State Attorney General Mike Hilgers said he decided to sue because of Change Healthcare's evident carelessness as well as its slowness to inform potential victims.
Christmas ransomware exposed over 300K patient records to dark web
Last Christmas, Anna Jaques Hospital in Massachusetts suffered a ransomware attack. Now, nearly a year later, it confirms hackers stole personal information on 316,342 patients.
Cryo-frozen tissue manufacturer suffers cyberattack
In an SEC filing, Artivion did not provide a lot of specifics. However, the incident appears to be a ransomware attack.

HHS: Entities need 32M hours to comply with HIPAA omnibus bill

Entities will require about 32.1 million hours to comply with the HIPPA omnibus bill, set to go into effect Sept. 23, according to the Department of Health and Human Services.

September 9, 2013

MRO Corp. Announces Acquisition of Release-of-Information Vendor MTT Enterprises, LLC

KING OF PRUSSIA, Pa.-- MRO Corp., a leading provider of technology-driven disclosure management services and applications for healthcare organizations, has acquired the assets of MTT Enterprises, LLC (Metairie, La.), a provider of release-of-information (ROI) services. Mariela Twiggs, CEO of MTT, will assume the role of MRO’s executive director of training and education, client relations. The transaction took effect September 6.

September 9, 2013

Hackers theft of credit card info impacts 7K in SC

Hackers stole the credit card information of approximately 7,000 patients or other financially responsible people of The Medical University of South Carolina (MUSC).

September 9, 2013

NSA revelations raise questions about privacy

With the Sept. 23 compliance deadline for the HIPAA Omnibus Rule inching closer, new revelations about the National Security Agency’s (NSA’s) ability to circumvent or crack much of the encryption that guards IT systems, including those for medical records, may stir more questions about the ability to protect and secure personal health information.

September 6, 2013

Missouri practice computer theft impacts 10K

A Missouri orthodontics practice has notified 10,000 patients and their parents about the theft of two desktop computers and an external hard drive.

September 5, 2013

Unencrypted laptop stolen from Texas practice

The theft of an unencrypted laptop has resulted in UT Physicians, the group practice of the University of Texas Health Science Center at Houston Medical School, notifying 596 patients that some of their protected health information may have been compromised.

September 4, 2013

EHR debate, colossal breach

Bad news dominated the headlines this week. From both a massive breach and smaller breaches to wild claims about the failure of a $1 billion EHR system, the industry had an off week.

August 30, 2013

Medtronic notifies patients of potential PHI breach

Medical device manufacturer Medtronic has notified 2,764 patients after a box of training records went missing at a facility in Minnesota.

August 28, 2013

Around the web

Cardiovascular Business

FDA says years-long tirzepatide shortage is resolved, will give limited leeway to compounders

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

AI in Healthcare

From Capitol Hill to a hospital near you? 5 federal recommendations for healthcare AI policy

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks.

Cardiovascular Business

Merck spends up to $2B to license new weight loss drug with potential heart benefits

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.

Cybersecurity

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks

Data breach at chain of clinics impacts 450K patients

Nebraska becomes first state to sue Change Healthcare over data breach

Christmas ransomware exposed over 300K patient records to dark web

Cryo-frozen tissue manufacturer suffers cyberattack

Around the web