Lehigh Valley Health Network (LVHN) is facing a lawsuit om association with its latest BlackCat ransomware attack. The attack resulted in the encryption of files after exfiltrating data as is common in ransomware attacks; nevertheless, the attack was distinct because of the aggressive step of the ransomware group to exert more pressure on LVHN to … Read more
Dental Health Management Solutions Alerted Patients About Historic Data Breach Dental Health Management Solutions (DHMS) based in Cedar Park, TX provides the military/government and private individuals with dental services. It recently reported the exposure of the protected health information (PHI) of some patients as a result of a hacking incident in 2021. In the notification … Read more
DoppelPaymer Ransomware Core Members Arrested in Europol-Driven Operation Two persons alleged of being key DoppelPaymer ransomware group members were detained — one by the police in Germany and another by the Ukrainian Police officers and Ukraine German Regional Police. It is This organized law enforcement operation was led by Europol. The Federal Bureau of Investigation … Read more
At the beginning of February, attackers exploited a zero-day vulnerability (CVE-2023-0669) found in Fortra’s GoAnywhere MFT secure file transfer software on over 130 companies, which include a few companies in the healthcare sector, for instance, Community Health Systems (CHS) in Tennessee. That attack impacted around 1 million patients. Fortra released a notification regarding the vulnerability … Read more
mscripts Cloud Storage Misconfiguration Exposed PHI for 6 Years The mobile pharmacy company, mscripts, has just reported that its misconfigured cloud storage environment resulted in the exposure of client information on the internet for the last 6 years. mscripts discovered the misconfiguration and fixed it on November 18, 2022. Since September 30, 2016, the cloud … Read more
Community Health Systems based in Franklin, TN recently reported being affected by a security incident that happened at cybersecurity firm, Fortra. Unauthorized people acquired access to the protected health information (PHI) of around 1 million of its patients. Community Health Systems is one of the United States’ biggest health systems. It manages 79 hospitals and … Read more
The French Computer Emergency Response Team (CERT-FR) issued a warning regarding a persistent ransomware campaign attacking VMware ESXi hypervisors without patching against the critical heap-overflow vulnerability monitored as CVE-2021-21974. VMware released a patch on February 3, 2021, to resolve the vulnerability; even so, hundreds of VMware ESXi virtual machines remain vulnerable to the exploit and … Read more
Multiple Vulnerabilities Discovered in OpenEMR Health Record and Practice Management Software More than 100,000 healthcare providers across the globe use the open source electronic health record and medical practice management software called OpenEMR. They use it to document and process sensitive patient information. Over 200 million patients utilized the software to book appointments on the … Read more
Ransomware groups are profiting less from their attacks as fewer victims give ransom payments to get the decryption keys and keep the stolen data from being exposed, according to two newly revealed reports from the ransomware remediation company, Coveware, and blockchain analysis organization, Chainalysis. Coveware revealed that in Quarter 1 of 2019, 85% of ransomware … Read more
Based on a survey performed by Dataiku in 2020, the main organizational challenge that delays the use of AI in healthcare settings is ethics. Even though particular concerns vary by company, the concerns could typically be classified as informed permission to use information, safety and visibility, algorithmic fairness, and data privacy. These issues aren’t distinct … Read more
The subject of AI in healthcare frequently gets different responses. Although a number of people believe in the advantages of using AI in healthcare and the substantial rewards to patients, other people have worries concerning the ethics of AI in healthcare and hesitate in the use of AI in healthcare due to insufficient understanding of … Read more
Maternal & Family Health Services based in Eastern Pennsylvania lately informed a number of patients regarding a ransomware attack on April 4, 2022 that resulted in the exposure of sensitive patient data. As soon as the healthcare provider detected the attack, it secured the systems and engaged a third-party computer forensics company to look into … Read more
The HHS’ Office for Civil Rights (OCR) made an announcement of its first HIPAA enforcement action for 2023. The OCR is reminding HIPAA-covered entities of their responsibility to provide people and their personal representatives with prompt access to their health documents. Life Hope Labs, LLC, has agreed to pay the $16,500 penalty to resolve the … Read more
The information risk management, standards, and certification agency, HITRUST, made an announcement that it is going to release a new version of its well-known cybersecurity framework this January. HITRUST CSF Version 11 includes a number of enhancements to make sure the framework remains applicable, with enhanced mitigations against changing and arising cybersecurity threats, at the … Read more
The healthcare and public health (HPH) industry has been cautioned regarding the likelihood of cyberattacks conducted by a pro-Russian hacktivist gang called KillNet, after a new cyberattack on a U.S. healthcare group. KillNet started its operations during the time when Russia occupied Ukraine, from January to March 2022. From that time on, the hacktivist group … Read more
On November 14, 2022, Health Care Management Solutions (HMS) located in Fairmont, WV announced a data breach to the HHS’ Office for Civil Rights that affected approximately 500,000 people. During that time, limited information regarding the breach was revealed. Now, it is affirmed that HMS experienced a ransomware attack last October 8, 2022. As a … Read more
The Secretary of the Department of Health and Human Services (HHS) has a new proposed rule that will call for the use of criteria for healthcare transactions and electronic signatures utilized together with those transactions to support healthcare cases and previous authorization dealings. The new guideline will impose the conditions of the Administrative Simplification Requirements … Read more
Automation reduces expenses and enhances productivity. It is vital in cybersecurity just like in manufacturing. A lot of labor-intensive security work may be automated to enable network defenders to accomplish more quicker, such as port scanning, monitoring, scanning vulnerability, and patching. There are different security tools that may be utilized to automate work to enable … Read more
One of the major cybersecurity issues in healthcare is the safety of medical devices. Hospitals still use a lot of connected healthcare devices and in so doing they considerably expand the attack surface. A new survey identified a connection between the volume of connected healthcare devices in medical centers and the number of cyberattacks they … Read more
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint cybersecurity warning concerning the Cuba Ransomware and have provided information on the tactics, techniques, and procedures (TTPs) utilized by the ransomware group, together with Indicators of Compromise (IoCs) to help system defenders strengthen their defenses against ransomware … Read more
Connexin Software Inc., an electronic medical records and practice management software provider to pediatric doctor practice groups has lately reported that it encountered a cyberattack wherein an unauthorized third party acquired access to its internal computer system. Although the electronic medical record system wasn’t viewed in the attack, and there was no access to its … Read more
The dermatology practice, Forefront Dermatology, based in Wisconsin has decided to settle a class action lawsuit filed on behalf of patients who had their protected health information (PHI) compromised in a ransomware attack in late May 2021. Forefront Dermatology has associate practices in 21 states and Washington D.C. In May 2021, the Cuba ransomware group … Read more
Community Health Network in Indiana is the most recent healthcare company to announce the impermissible disclosure of protected health information (PHI) of patients to Google and Meta/Facebook as a result of adding their tracking code on its web pages. Based on the breach report sent to the HHS’ Office for Civil Rights, the PHI of … Read more
Alta Forest Products based in Chehalis, WA has encountered a cyberattack where the protected health information (PHI) of around 2,100 Alta Forest Products Health and Welfare Plan members was compromised. The company detected the security breach on September 1, 2022, and fast action was undertaken to protect its systems and stop continuing unauthorized access. The … Read more
The Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Cybersecurity and Infrastructure Security Agency (CISA) just released guidance for government and private institutions on the avoidance and mitigation of distributed Denial of Service (DDoS) attacks. These attacks are performed to overburden programs and sites with traffic, as a … Read more
USV Optical, a branch of U.S. Vision, has lately reported the exposure of patient records at a number of entities inside its network. It detected suspicious activity inside its system on May 12, 2021. Forensic investigation affirmed that unauthorized persons got access to its system for one month from April 20, 2021 to May 17, … Read more
MFA is one of the most essential steps to take to stop unauthorized account access; on the other hand, it doesn’t give total security and certain types of MFA could be circumvented. Any type of MFA is significantly better than not using one at all. However, for the greatest protection, companies ought to use phishing-resistant … Read more
Hacking Incident at Country Doctor Community Clinic, WA On October 19, 2022, Country Doctor Community Clinic based in Seattle, WA reported that attackers had acquired access to its digital system and viewed and likely acquired files comprising the protected health information of 38,751 patients. On October 6, 2022, strange activity was noticed in its computer … Read more
The Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, is traveling across the country as part of the Cybersecurity Awareness Month. She’s been promoting the best practices of cybersecurity, telling everyone the steps they can dp to be safe on the web, and emphasizing the value of using multi-factor authentication on bank … Read more
The New York State Department of Financial Services (DFS) has decided to resolve an investigation of EyeMed Vision Care (EyeMed) into possible violations of the DFS Cybersecurity Regulation for $4.5 million. EyeMed based in Ohio is a licensed medical insurance provider, which gathers and keeps sensitive consumer data as a business practice. The DFS investigated … Read more
A big data breach has happened at the management firm of several anesthesia services providers. Based on a media breach notice released by Anesthesia Associates of El Paso, one of the impacted providers, the data breach happened at its unnamed management firm on July 15, 2022. Unauthorized persons accessed the IT systems employed by the … Read more
Wisconsin Department of Health Services Reports Accidental Disclosure of PHI through Email The Wisconsin Department of Health Services (DHS) has just announced that there was an accidental disclosure of protected health information (PHI) via its email. Based on the breach notice, in April 2021, the DHS Children’s Long-Term Support Council got a presentation via email … Read more
FMC (Family Medicine Centers) Services based in Amarillo, TX recently reported a hacking incident it discovered and blocked on July 26, 2022. A third-party cybersecurity company conducted a forensic investigation to find out the nature and extent of the cyberattack. That investigation didn’t find any proof that indicates the purpose of the cyberattack was to … Read more
Humana lately reported the potential compromise of the protected health information (PHI) of 22,767 persons in a security incident at Choice Health. This business associate is Humana’s vendor of its Medicare products. On May 18, 2022, Choice Health discovered that one of its databases can be accessed online. The investigation confirmed there was a misconfiguration … Read more
An alert was given to the healthcare and public health (HPH) industry regarding a Monkeypox phishing campaign directed at U.S. healthcare companies that tries to steal Office 365, Gmail, and other email account credentials. Monkeypox is a remarkably transmittable viral disease due to a virus coming from the same specie as smallpox. As per the … Read more
When a HIPAA complaint is submitted, what happens next depends on who it is filed with, the nature of the complaint, and whether the complaint is valid. After registering with a healthcare company or becoming a group health plan member, a person should receive a Notice of Privacy Practices. This Notice details what the healthcare … Read more
During the Labor Day weekend, Oakbend Medical Center based in Richmond, TX, encountered a ransomware attack, which began on September 1, 2022, resulting in the encryption of files in its network. The IT team of the medical center had to take all systems down to control the attack. The medical center run with lockdown measures … Read more
Henderson & Walton Women’s Center (HWWC) based in Birmingham, AL lately advised 34,306 patients about the potential compromise of some of their protected health information (PHI) due to a hacker getting access to an employee’s email account. HWWC stated the forensic investigation into the data breach revealed the attacker didn’t access the email server and … Read more
Health-ISAC has publicized a white paper to help guide healthcare CISOs planning to employ zero trust security architectures. The standard security approach is to set up border defenses in order to keep unauthorized persons out. Although this security strategy has helped companies well in past times, it isn’t useful online where there’s no border to … Read more
The number of persons impacted by the ransomware attack on OneTouchPoint, the mailing and printing vendor based in Hartland, WI, has now grown to 2,651,396 people. One of the most recent companies to confirm being impacted by the attack is Common Ground Healthcare Cooperative based in Brookfield, WI. The cyberattack affected 133,714 of the Cooperative’s … Read more
LastPass, the company offering the most widely used password management solution worldwide, reported a cyberattack and security breach. As per LastPass, there are close to 30 million users of its password manager tool globally, which include 85,000 business clients. Notifications were sent to users to advise them concerning the cyberattack and give reassurances that although … Read more
The Health Sector Cybersecurity Coordination Center has alerted the healthcare and public health (HPH) sector regarding the growing social engineering and voice phishing (vishing) attacks. In cybersecurity terminology, social engineering is the control of people by malicious actors to advance their own agenda. It is a comprehensive term that includes many varied types of attacks, … Read more
Independent Case Management (ICM) based in Little Rock, AR, a provider offering home and community-based assistance for persons with mental and developmental handicaps, recently informed 3,307 persons about the potential theft of some of their protected health information (PHI) in a ransomware attack. As per the notification letters, the attack affected three servers, which were … Read more
Florida Orthopaedic Institute has offered to pay $4 million to settle claims from patients impacted by a data breach in 2020. In April 2020, Musculoskeletal Institute, doing business as Florida Orthopaedic Institute, found that an unauthorized third party had acquired access to a server keeping patients’ protected health information (PHI) and employed ransomware for file … Read more
Healthback Holdings has begun sending notifications to 21,114 persons regarding the likely access and theft of some of their protected health information (PHI) by unauthorized individuals. The Oklahoma City home health provider noticed odd activity inside its email account on June 1, 2022. A third-party cybersecurity company helped look into the incident. It was affirmed … Read more
Cyberattacks on firms are growing year over year throughout all industry segments. Cyberattacks involving third parties also increased. From the perspective of a cyber threat actor, it is more practical to attack a vendor for instance a managed service provider, because the attack is profitable. The threat actor could acquire access to the networks of … Read more
St. Luke’s Health System based in Boise, ID, has just submitted a data breach report to the HHS’ Office for Civil Rights that affected 31,579 patients. The breach happened in May 2022 at Kaye-Smith, which is a billing vendor of the health system. The patients billed that month were affected by the breach. Kaye-Smith discovered … Read more
Blue Cross and Blue Shield of Massachusetts (BCBSofMA) has lately affirmed that a data breach at a business associate led to the compromise of the protected health information (PHI) of several of its health plan members. The breach took place at LifeWorks US Inc, which offers services connected to the management of the Retirement Income … Read more
The U.S Department of Justice made an announcement that it seized approximately $500,000 in Bitcoin from North Korean threat actors that used the Maui ransomware to attack healthcare companies in the U.S.A. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently released a security advisory about North Korean attackers … Read more
The Cyber Safety Review Board (CSRB), started by President Biden last February 2022, has released a report about the Log4j vulnerability (CVE-2021-44228) as well as linked vulnerabilities that were identified at the end of 2021. The vulnerabilities have an impact on Log4j, the open source Java-based logging tool. CSRB says that they are very rampant … Read more