UnitedHealth Group has admitted data was "taken" in the cyberattack on Change Healthcare and has just started analyzing the types of personal, financial and health information potentially compromised. The U.S. is offering a $10 million bounty for BlackCat, which claims to have launched the attack.
The Change Healthcare attack - the most disruptive cyber incident to ever hit the U.S. healthcare ecosystem - spotlights the risks that come from relying on a handful of major suppliers, said leaders of the Health Information Sharing and Analysis Center.
As thousands of hospitals, clinics and doctor practices potentially have to notify millions of patients about the Change Healthcare breach, the American Hospital Association said the IT services firm and parent company, UnitedHealth Group, should be the sole sender of notifications.
A nursing home operator is seeking bankruptcy protection, citing the effects of a ransomware attack last fall and fallout from the recent Change Healthcare outage as factors that contributed to its financial woes. Also, a Senate bill aims to address cash flows for some health firms hit by an attack.
Revenue cycle management firm MedData has agreed to a $7 million settlement in a class action lawsuit filed after an employee inadvertently uploaded and exposed the health and personal information of about 136,000 individuals on the public-facing part of GitHub for more than a year.
In the latest "Proof of Concept," panelists Sam Curry of Zscaler and Heather West of Venable LLP discuss the crucial role of explainability and transparency in artificial intelligence, especially in areas such as healthcare and finance, where AI decisions can significantly affect people's lives.
Federal authorities are warning healthcare and public health sector entities of email bomb attacks, a type of denial-of-service attack that can overwhelm email systems and networks and distract victims from other nefarious activities. The incidents can also disrupt clinical and business workflow.
Federal regulators have issued updated guidance about web trackers on patient portals or other health-related websites, saying that collecting and disclosing certain information - such as device IP addresses - does not necessarily pose HIPAA violations, under some circumstances.
A Mississippi women's health clinic has filed a proposed class action lawsuit against UnitedHealth Group alleging the disruption in claims processing caused by the cyberattack on the company's Change Healthcare unit and the resulting IT outage is threatening to push the practice into bankruptcy.
The many kinds of OT and IoT gear that are not regulated medical devices but are critical to run hospitals and other care facilities present a variety of cybersecurity and patient safety concerns, said Dr. Benoit Desjardins, professor of radiology at the University of Pennsylvania Medicine.
In the aftermath of a ransomware attack several years ago, Hackensack Meridian Health embarked on transforming its cybersecurity program with the support of top leadership and increased funding and staff and by implementing critical security tools and best practices, said CISO Mark Johnson.
Healthcare organizations and makers of medical devices need to think about how to safeguard their critical medical gear against future cyberthreats, including the looming dangers posed by quantum computing, said Mike Nelson, global vice president of digital trust at security firm DigiCert.
Healthcare sector organizations need to focus their attention on meeting the "voluntary" essential and enhanced cybersecurity performance goals set out by federal regulators before they become potential mandates, said Kate Pierce, virtual information security officer at Fortified Heath Security.
The U.S. healthcare sector needs to closely watch government regulatory and legislative developments involving artificial intelligence, including the European Union AI Act, said Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Systems Society.
It's critical for hospitals and other firms to not only prepare for how they will respond to a cyberattack but also to consider the regional impact if a neighboring provider of services needed in the community is disrupted by a serious cyber incident, said Margie Zuk of Mitre.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.