Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Rostislav Panev is facing fraud and cybercrime charges in Israel, where he has been accused of being a software developer for hacker group LockBit.
Data breach at chain of clinics impacts 450K patients
The Center for Vein Restoration has notified patients about a data breach that occurred in October, exposing financial and medical information on patients from across the U.S.
Nebraska becomes first state to sue Change Healthcare over data breach
State Attorney General Mike Hilgers said he decided to sue because of Change Healthcare's evident carelessness as well as its slowness to inform potential victims.
Christmas ransomware exposed over 300K patient records to dark web
Last Christmas, Anna Jaques Hospital in Massachusetts suffered a ransomware attack. Now, nearly a year later, it confirms hackers stole personal information on 316,342 patients.
Cryo-frozen tissue manufacturer suffers cyberattack
In an SEC filing, Artivion did not provide a lot of specifics. However, the incident appears to be a ransomware attack.

Children's medical records left outside Tenn. hospital

Eighty-seven families received notification from Erlanger Health System, saying their child's medical records were found outside the hospital.

April 8, 2013

Stolen laptop the source of VA breach

The William Jennings Bryan Dorn VA Medical Center has alerted 7,405 veteran patients of a recent breach involving an unprotected laptop containing their personal information.

April 8, 2013

Florida breach may be due to employee ties to identity theft ring

The Office of the State Attorney, the Internal Revenue Service and the U.S. Secret Service allege a University of Florida employee acquired patient insurance information, including names, addresses, dates of birth and Social Security numbers, and may have sold some of the information to a third party.

April 8, 2013

5K hospice patients impacted by N.C. breach

More than 5,000 hospice patients and their families have been notified about a possible breach of personal information following a February break-in at the organization’s office.

April 7, 2013

Advocacy org publishes trust framework

Advocacy organization Patient Privacy Rights (PPR) has published its Privacy Trust Framework, a set of more than 75 auditable criteria based on 15 key privacy principles. The framework enables objective measurement of how well health IT, platforms, applications, electronic systems and research projects protect data privacy and ensure patient control over the collection, use and disclosure of their health data.

April 4, 2013

Weekly roundup: Breaches, privacy efforts in the news

Even as the new Omnibus federal privacy and security rules went into effect with an upcoming compliance date of Sept. 23, three data breaches were reported by healthcare organizations this week.

March 29, 2013

Utah clinic reports possible breach of 2,600 records

A Utah-based medical clinic notified federal health officials of a potential data breach of approximately 2,600 medical appointment records, according to a March 22 article in the Salt Lake Tribune.

March 26, 2013

Third breach for OHSU; third stolen, unencrypted device

A stolen laptop is the source of a data breach of approximately 4,000 Oregon Health & Science University (OHSU) patients. The unencrypted laptop containing their personal health information was stolen from an OHSU surgeon's rented vacation home in February.

March 26, 2013

Around the web

Cardiovascular Business

FDA says years-long tirzepatide shortage is resolved, will give limited leeway to compounders

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

AI in Healthcare

From Capitol Hill to a hospital near you? 5 federal recommendations for healthcare AI policy

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks.

Cardiovascular Business

Merck spends up to $2B to license new weight loss drug with potential heart benefits

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.

Cybersecurity

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks

Data breach at chain of clinics impacts 450K patients

Nebraska becomes first state to sue Change Healthcare over data breach

Christmas ransomware exposed over 300K patient records to dark web

Cryo-frozen tissue manufacturer suffers cyberattack

Around the web