Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Rostislav Panev is facing fraud and cybercrime charges in Israel, where he has been accused of being a software developer for hacker group LockBit.
Data breach at chain of clinics impacts 450K patients
The Center for Vein Restoration has notified patients about a data breach that occurred in October, exposing financial and medical information on patients from across the U.S.
Nebraska becomes first state to sue Change Healthcare over data breach
State Attorney General Mike Hilgers said he decided to sue because of Change Healthcare's evident carelessness as well as its slowness to inform potential victims.
Christmas ransomware exposed over 300K patient records to dark web
Last Christmas, Anna Jaques Hospital in Massachusetts suffered a ransomware attack. Now, nearly a year later, it confirms hackers stole personal information on 316,342 patients.
Cryo-frozen tissue manufacturer suffers cyberattack
In an SEC filing, Artivion did not provide a lot of specifics. However, the incident appears to be a ransomware attack.

Nurse fired for prying into patient records

A Canadian hospital has fired a nurse over allegations that she inappropriately accessed more than 1,300 patient records over the past nine years.

August 14, 2013

Few details revealed on Vermont home health breach

A stolen laptop is the source of a breach for patients of Caledonia Home Health Care & Hospice in St. Johnsbury, Vt., but the organization isn't revealing the number of patients affected or the extent of the types of protected health information at risk.

August 14, 2013

Stolen laptop impacts Calif. eye patients

Retinal Consultants Medical Group has announced the theft of an unencrypted laptop computer but has not revealed the scope of the breach, including how many patients are affected.

August 13, 2013

HITPC: Update on query, MU Stage 3 security requirements

Despite previous requests for more thoughtful discussion, the Privacy & Tiger Team re-affirmed its previous conclusions about nontargeted queries to the Health IT Policy Committee during its Aug. 7 meeting.

August 11, 2013

32K patients' data breached due to downed firewall

A breach of protected health information of approximately 32,000 patients in 48 states was the result of a health IT vendor's firewall being down for more than a month, allowing, in some cases, for patient data to be indexed by Google.   

August 11, 2013

Software glitch causes Missouri Medicaid breach

Missouri's state Medicaid program, MO HealthNet, is notifying 1,357 individuals that some of their personal information was mailed to an incorrect address by one of its IT infrastructure management contractors. The disclosure was caused by a software programming error.

August 7, 2013

Governance key to making security progress

“Traditionally, the security guy is the bad guy. Historically, security has to kick open doors. Governance is the key to open those closed doors,” said Kim Sassaman, director of information security and HIPAA security officer, Presbyterian Health System in Albuquerque, speaking during a webcast on security governance hosted by the Institute for Health Technology Transformation.

August 6, 2013

Privacy and security strategies

“If individuals lack trust that information will be protected as health IT moves forward and as mobile devices continue to be used, it’s going to affect their willingness to disclose and share information and could have life-threatening consequences,” John Benevelli, acting senior advisor, HIPAA Compliance and Enforcement, Office for Civil Rights. Benevelli spoke on a panel discussing privacy and security at the Centers for Medicare & Medicaid Services’ 2013 eHealth Summit.

August 5, 2013

Around the web

Cardiovascular Business

FDA says years-long tirzepatide shortage is resolved, will give limited leeway to compounders

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

AI in Healthcare

From Capitol Hill to a hospital near you? 5 federal recommendations for healthcare AI policy

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks.

Cardiovascular Business

Merck spends up to $2B to license new weight loss drug with potential heart benefits

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.

Cybersecurity

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks

Data breach at chain of clinics impacts 450K patients

Nebraska becomes first state to sue Change Healthcare over data breach

Christmas ransomware exposed over 300K patient records to dark web

Cryo-frozen tissue manufacturer suffers cyberattack

Around the web