What You Should Know:
- The Federal Trade Commission (FTC) has finalized significant changes to the Health Breach Notification Rule (HBNR), aiming to improve consumer protection in the digital age.
- These updates clarify the rule's application to modern technologies like health apps and expand the information healthcare providers must disclose in the event of a data breach.
Key Updates to Health Breach Notification Rule Summary
Focus on Health Apps and Emerging Technologies:
Read More
Healthcare Cybersecurity | Healthcare Data Security | Ransomware | Hospital Security Breaches
UnitedHealth Faces New Ransomware Threat After Alleged $22M Payment Failure
What You Should Know:
- UnitedHealth Group is embroiled in a new ransomware saga, just as it recovers from a February attack, according to a blog post from threat intelligence firm SOCRadar.
- A hacking group called RansomHub claims to possess 4 terabytes of stolen data from UnitedHealth's subsidiary, Change Healthcare and is demanding a ransom to prevent its release.
RansomHub's Demands and Allegations
This data supposedly includes the personal details and medical records of
Read More
Feds Launches Investigation of Change Healthcare Cybersecurity Attack
What You Should Know:
- The Department of Health and Human Services' Office for Civil Rights (OCR) has announced an investigation into the recent cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group (UHG).
- The cybersecurity attack has significantly disrupted healthcare billing and information systems nationwide, potentially impacting patient care.
Investigation Focuses on HIPAA Compliance
The OCR enforces the Health Insurance Portability and Accountability Act
Read More
Sensitive Data Requires Great Responsibility: The Importance of ‘Privacy and Security by Design’ in Healthcare
In healthcare, sensitive data comes with great responsibility. For companies entrusted with managing and protecting patients’ personal information, ensuring the privacy of that data must be the highest priority. These companies are called to act as vigilant guardians, especially when you consider that secure and accurate data can literally save lives.
Enter the concept of 'privacy and security by design,' an approach that goes beyond merely meeting compliance standards and, instead, embedding
Read More
HIPAA Enforcement is Changing. Providers Must Too.
Healthcare delivery organizations and those working with them that are still in business are either well aware of their duties under HIPAA, work with managed service providers that understand the law well, or…are lucky to have made it this far. Even for organizations that have steered clear of both cyberattacks and regulatory fines, vigilance is essential to maintaining a clean bill of (cybersecurity) health.
With HIPAA guidance and enforcement practices shifting increasingly quickly right
Read More
Health Hacks Aren’t Just Expensive – They’re Detrimental to Patient Care
Healthcare remains firmly in hacker crosshairs. A recent survey finds that four out of five healthcare operators in the past year experienced at least one cybersecurity incident. Adding to the concern, 60 percent of those incidents had a “moderate or substantial” impact on patient care, and an additional 15% reported a “severe” impact.
The repercussions of a health hack extend far beyond financial losses. This makes it all the more important to secure health networks and devices to keep out
Read More
Hospitals at Risk: Cybersecurity Vulnerability Discovered in EEG Medical Device NeuroWorks Natus
What You Should Know:
- A new critical vulnerability was discovered in NeuroWorks Natus Electroencephalogram (EEG) Software that could allow cybercriminals to take control of affected devices and steal medical data. NeuroWorks Natus Electroencephalogram (EEG) software solution is widely used across clinics, hospitals, large teaching facilities and medical device providers for EEG, LTM, ICU, sleep, and research studies.
- Trustwave SpiderLabs discovered the vulnerability affects the
Read More
75% of Healthcare Organizations Hit by Ransomware Attacks, Sophos Survey Finds
What You Should Know:
- Cybercriminals have been highly successful in their ransomware attacks on healthcare organizations, according to a new survey conducted by Sophos. “The State of Ransomware in Healthcare 2023, report reveals nearly 75% of the surveyed healthcare organizations reported that their data was successfully encrypted by the attackers.
- In addition, only 24% of healthcare organizations were able to disrupt a ransomware attack before the attackers encrypted their
Read More
NextGen’s Mirth Connect Vulnerability Could Compromise Health Data
What You Should Know:
- Mirth Connect, by NextGen HealthCare, an open source data integration platform widely used by healthcare companies has been reportedly vulnerable that would allow cyberattackers to gain access compromise sensitive healthcare data. - The vulnerability, CVE-2023-43208 discovered a few months ago by IHTeam reveals versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability. NextGen has updated Mirth Connect with an updated
Read More
How Healthcare Organizations Can Defend Against Ransomware
There’s no denying it - the need for stronger cyber defense is urgent. More ransomware attacks targeted healthcare in 2022 than any other critical infrastructure sector, according to the FBI’s Internet Crime Complaint Center (IC3). With attacks on healthcare negatively impacting patient care – including increased mortality rates - healthcare organizations must adopt proactive approaches to better protect their patients and sensitive information.
In the spring, the Multi-State Information
Read More
