An April ransomware attack that compromised the personal information of more than 2.5 million individuals has triggered at least four proposed federal class action lawsuits against Massachusetts health insurer Harvard Pilgrim Health and its parent company, Point32Health.
Federal regulators have once again smacked a healthcare provider with a HIPAA settlement involving patient protected health information that was disclosed in response to a negative online review. Manasa Health Center will pay $30,000 and implement a corrective action plan, HHS said.
In the latest weekly update, ISMG editors discuss why communication is vital to be an effective CISO in 2023, how the hack of Florida-based dental insurer MCNA affects nearly 9 million people, and how CyberArk is securing privileged users with a new browser.
A Long Island, New York-based life sciences company has reported to the U.S. Securities and Exchange Commission that clinical test information of nearly 2.5 million individuals was compromised in a ransomware attack in April involving data exfiltration.
A community hospital and its clinics in rural Idaho are diverting ambulances and some patients to other facilities as the entities recover from a cyberattack discovered on Monday. The incident spotlights ongoing healthcare sector cyber challenges, especially in rural communities.
Many hospitals are still more reactive than proactive in terms of embracing recommended best practices that can advance their cybersecurity maturity level, said Steve Low, president of KLAS Research, and Ed Gaudet, CEO of consulting firm Censinet, who discuss findings of a recent benchmarking study.
An insurance provider that services many state Medicaid agencies and the Children's Health Insurance Program told regulators that hackers compromised the personal and protected health information of nearly 9 million patients in an incident discovered in March.
An upstate New York medical specialty practice has reported to regulators that the information of nearly 224,500 employees and patients was compromised in a hacking incident discovered in March. Ransomware group RansomHouse claims to have downloaded 2 terabytes of the entity's data.
The American Hospital Association is urging federal regulators to back off from recent guidance that treats patient IP addresses as protected health information, saying that the new rules would "reduce public access to credible health information" and create hardships for doctors and hospitals.
Healthcare providers are struggling with protecting legacy medical devices against a rising tide of cyberthreats. New Health Sector Coordinating Council guidance can help, said Jessica Wilkerson of the Food and Drug Administration and Mike Powers of Intermountain Health.
Hospital chain CommonSpirit has upped its estimate on the financial toll incurred by a ransomware incident last fall that disrupted IT systems and patient services at some of its facilities for weeks. But company officials reportedly expect many of the costs to be covered by the company's insurance.
A practice management software firm has agreed to pay a $550,000 fine and implement a comprehensive data security program to settle an enforcement action by New York state regulators after a 2020 ransomware attack that affected 1.2 million individuals nationwide, including 428,000 New Yorkers.
Home healthcare equipment firm Apria Healthcare is notifying nearly 1.9 million individuals of a hacking incident discovered in September 2021 that affected information dating back to mid-2019. The company says the breach was related to an attempt to fraudulently obtain funds from Apria.
The Federal Trade Commission on Thursday made a few bold moves to ramp up its oversight of data privacy. They include issuing a notice of proposed amendments to its Health Breach Notification Rule and releasing a policy statement warning of heightened scrutiny over the use of biometric information.
Federal regulators fined a practice management software and services vendor $350,000 in the aftermath of an investigation into a 2018 HIPAA breach that involved a file transfer protocol server mishap. The company said the incident was the result of "a singular human error."