Attorneys general across 33 states have reached settlements for three health data breaches that affected nearly 2 million people, including a $1.4 million settlement for a clearinghouse that left patient data exposed for three years. The AGs accused the firms of violating state laws and HIPAA rules.
The FBI is warning plastic surgery practices and their patients of cybercriminals targeting their sensitive health information and medical photos for extortion schemes. The alert followed recent hacking incidents at several plastic surgery practices involving data theft.
IBM says the personal information of 631,000 people was compromised by a "technical method" that allowed unauthorized access to a third-party database used by a Johnson & Johnson patient medication support platform. IBM said the problem has been fixed, but two lawsuits have already been filed.
The number of people affected by a Tennessee cardiac care clinic hack has more than doubled to 411,000 since the healthcare group first reported the incident to regulators in July. Cybercriminal group Karakurt claimed responsibility for the attack, which has so far triggered five class action suits.
Federal authorities are warning healthcare organizations and the public health sector of threats involving NoEscape, a relatively new multi-extortion ransomware-as-a-service group believed to be a successor to the defunct Russian-speaking Avaddon gang.
The violent surprise attack on Israel by Hamas and the region's escalating war spotlights the critical importance of situational awareness, and especially for healthcare organizations that rely on medical or tech products from Israeli technology firms, said Denise Anderson, president of the H-ISAC.
Cloud compromises and supply chain attacks are overshadowing ransomware as the top cyberthreats worrying healthcare sector organizations - but all such incidents are still viewed as significant risks to patient outcomes and safety, said Ryan Witt of Proofpoint, citing new research findings.
A recent attack by a Russian ransomware-as-a-service group that stole the personal information of 2.5 million patients of McLaren Health Care has triggered at least three proposed federal class action lawsuits in recent days, claiming the healthcare company failed to protect patient privacy.
Genetics testing firm 23andMe is investigating a data leak of ancestry DNA information for certain customers whose usernames and passwords were previously hacked on other websites. The company suspects a massive credential stuffing attack on individual accounts using recycled passwords and no MFA.
The use of generative AI is being "highly explored" in healthcare and has great promise for a variety of applications, but it needs to be scrutinized closely, said Erik Decker, vice president and CISO of Intermountain Health and a cybersecurity adviser to the federal government.
Revenue cycle management firm Arietis Health is notifying the patients of 55 healthcare practices across several states that their sensitive information has been potentially compromised in a hack of Progress Software's MOVEit file transfer application. What can entities learn from these breaches?
Ransomware-as-a-service gang Alphv/BlackCat claims to have stolen 6 terabytes of data on 2.5 million patients in a recent attack on Michigan-based McLaren Health Care, which operates 13 hospitals and a network of cancer centers. The incident is part of the group's rash of recent attacks.
Large enterprises, including government and educational organizations, are being warned to immediately update their WS_FTP Server, built by Progress Software, to fix serious flaws being actively exploited by attackers. Secure file transfer software remains a top target, especially for extortionists.
An August cyberattack on a national hospital chain may make medical care in underserved areas of Connecticut even harder to obtain now that a would-be buyer said it's having second thoughts about going through with the deal. The Rhysida group claimed responsibility for an attack on Prospect Medical.
Medical device makers in their premarket submissions to the Food and Drug Administration under the agency's new "refuse to accept" policy for cybersecurity should pay close attention to details such as a product's software bill of materials and vulnerability management, said Jessica Wilkerson of FDA.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.