Researchers publish developer guidance for medical device security

Researchers publish developer guidance for medical device security

The guidance is organized into 10 categories, and serves as "starting point for a more complete code," report authors said.

Three MetroHealth computers infected with malware, patients notified

The Ohio-based health care provider is notifying nearly 1,000 patients that three computers in its Cardiac Cath Lab were infected with malware.

DHS adds more bug disclosures to Hospira drug pump alert, FDA joins call

DHS adds more bug disclosures to Hospira drug pump alert, FDA joins call

ICS-CERT is now aware of more vulnerabilities impacting Hospira infusion pumps.

Study: Root cause of health care breaches shifts to criminal attacks

Study: Root cause of health care breaches shifts to criminal attacks

An annual health care study found that criminal attacks replaced device theft and loss as the leading cause of breaches.

ICS-CERT issues advisory on Hospira infusion pump flaws

ICS-CERT issues advisory on Hospira infusion pump flaws

An independent researcher identified the improper authorization vulnerability and insufficient verification of data authenticity flaw.

Sign on the digital line: Case study

Sign on the digital line: Case study

Biopharma companies need a secure digital signing infrastructure. SureClinical found an answer for them, reports Greg Masters.

In latest filing, LabMD claims lack of due process, prejudice taint FTC case

In latest filing, LabMD claims lack of due process, prejudice taint FTC case

The Atlanta-based medical testing lab has, again, filed to have FTC's complaint dismissed.

Hospitals testing AC monitoring platform to spot malware in medical devices

Two unnamed hospitals have signed on to test the WhatsAppDoc platform developed to detect malware in outdated medical devices by monitoring AC consumption.

RSA 2015: In the healthcare industry, security must innovate with business

RSA 2015: In the healthcare industry, security must innovate with business

Legislation, mobility and personalization are forces driving healthcare in the U.S., Frank Kim said at RSA Conference 2015.

In growing market for genetic data, privacy implications prove lasting

In growing market for genetic data, privacy implications prove lasting

Experts consider the lasting impact of data brokers, and potential breaches, on genetic information.

Researchers investigate link between Axiom spy group, Anthem breach

Researchers investigate link between Axiom spy group, Anthem breach

Anthem breach investigators initially claimed that tools, linked exclusively to Chinese espionage attackers, were used against the health insurer.

Up to 18.8 million non-Anthem members possibly affected in breach

Of the approximate 78.8 million people whose information was accessed by hackers earlier this month, anywhere from 8.8 to 18.8 million of those affected include non-members.

Think you should just be worried about fines? Think again. And think like an attacker.

Think you should just be worried about fines? Think again. And think like an attacker.

When it comes to healthcare security, if you think compliance is the only thing you need to worry about, think again.

Report: Anthem may have up to $200M in cyber insurance

A unit of AIG Inc. is the primary cyber insurer for Anthem, according to a recent report in Business Insurance.

Lawsuits filed against Anthem, phishing scams abound

Lawsuits filed against Anthem, phishing scams abound

Plaintiffs in California, Georgia, Indiana and Alabama have filed suits and Anthem warned customers to brace for more phishing scams.

Community debates encryption's value in Anthem incident

Community debates encryption's value in Anthem incident

Experts argue that encryption is not the key piece in the Anthem breach if the incident involved a targeted attack on admin credentials.

Exclusive: Mandiant speaks on Anthem attack, custom backdoors used

Exclusive: Mandiant speaks on Anthem attack, custom backdoors used

Mandiant was brought on site Tuesday, after Anthem started their own internal investigation.

Skills in demand: Information security analysts - health care

Skills in demand: Information security analysts - health care

The amount of information stored in our medical records creates a ripe environment for security breaches. The health care sector is in search of information security analysts.

Eleventh Circuit dismisses LabMD motion questioning FTC authority

LabMD can challenge the FTC's enforcement authority in federal court once the agency comes to a final decision on the exposure of patient data.

HITRUST, Deloitte slate cyber town halls for health care orgs

The HITRUST Alliance and Deloitte will coordinate cyber town hall meetings in major U.S. cities.

HITRUST forms working group for medical device, health system security

The mission of the working group will be to enhance health information technology (HIT) security.

NJ law requires health insurance carriers to encrypt sensitive data

New Jersey Governor Chris Christie signed the legislation last Friday.

HITRUST adds privacy controls to Common Security Framework

The privacy controls will be added to version 7 of HITRUST's CSF due out later this month.

Landmark HIPAA settlement confirms push to firm up patching schedules

Landmark HIPAA settlement confirms push to firm up patching schedules

Anchorage Community Mental Health Services (ACMHS) must pay $150,000 and integrate an action plan to meet HIPAA compliance.

Health billing co., former CEO settle with FTC over data collection

PaymentsMD and its former CEO will have to destroy all information collected related to its Patient Health Report service.

Healthcare sector's broad data sets will attract increased attacks in 2015

Healthcare sector's broad data sets will attract increased attacks in 2015

A number of Websense threat predictions point back to the vulnerable healthcare industry as a major target for cybercriminals.

Study: 68 percent of healthcare breaches caused by loss or theft of devices, files

Study: 68 percent of healthcare breaches caused by loss or theft of devices, files

Security firm Bitglass analyzed three years worth of HHS breach records for its report.

PHI is more valuable than credit cards: Time to get serious about data security!

News about data breaches in the healthcare sector continues unabated.

Childrens' Hospital apologizes for rogue employee breach

Alberta Health Services is apologizing following a data breach at Alberta Children's Hospital.

New system aims to automate threat intelligence in health care industry

A new system aimed at not only promoting threat intelligence in the health care industry, but automating it, was announced Wednesday.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.

Securing critical patient privacy & care: Visibility, control and response for healthcare providers

Healthcare IT professionals deal with an increasing array of critical security issues that involve privacy, BYOD and network access, managing live-saving medical devices, and ensuring compliance federal regulations.

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.

Congressman asks Issa for hearing on CHS breach

The top Democrat on the House Oversight and Government Reform Committee asked for a hearing to investigate the CHS breach.

Temple University patients impacted by possible breach

The unencrypted desktop computer was stolen from a university physician's office in July.

Central Utah Clinic notifies over 30K patients of potential HIPAA breach

The clinic is warning patients of a potential breach after an unauthorized party accessed a server.

CMS administrator to testify before committee on HealthCare.gov hack

Administrator Marilyn Tavenner will have to testify in front of the House Committee on Oversight and Government Reform on Sept. 18.

More than 10K electronic medical records compromised at Houston health system

An employee accessed medical records at Memorial Hermann Health System for nonprofessional purposes.

Healthcare orgs prepare for cyber threat readiness test

More than 750 healthcare organizations will test their cyber attack responses in October as part of a HITRUST initiative.

Apple health app protocol bars developers from selling user info

Under its new protocol, app developers are prohibited from selling users' personal health information.

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Sources close to the breach investigation tipped off TrustedSec CEO David Kennedy.

Health care breaches continue to rise, over 30M affected

As breaches hitting the health care industry continue to ramp up, more than 30 million individuals have been affected by these incidents thus far.

$4 billion breach suit against Sutter Health dismissed

The ruling comes nearly three years after a computer theft occurred at the organization.

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

About 18K doctors may have had Social Security numbers exposed

About 18,000 doctors had Social Security numbers included in rosters provided to the Department of Managed Health Care by Blue Cross of California.

St. Vincent Breast Center mails 63K letters to wrong people

St. Vincent Breast Center mailed more than 63,000 letters containing personal information to the wrong people due to a clerical error.

Most health care vendors earn 'D' in data protection, study finds

Most health care vendors earn 'D' in data protection, study finds

A security intelligence report analyzed 150 health care vendors, both small and large.

Salina Family Healthcare Center email gaffe impacts about 10K patients

A Salina Family Healthcare Center employee inadvertently left patient information in a database that was submitted to the National Commission for Quality Assurance.

Laptop stolen from Calif. hospital stored data on more than 500 patients

Riverside County Regional Medical Center has notified 563 patients that their data was on a laptop stolen from a hospital procedure room.

Employee accesses nearly 100K patient files in NRAD Medical Associates breach

A former employee radiologist accessed and acquired data on as many as 97,000 current and former patients of NRAD Medical Associates.

San Diego hospital breach investigation reveals second incident, both human error

An investigation into a Rady Children's Hospital breach involving more than 14,000 patients revealed a separate incident involving more than 6,000 patients.

Penn State Hershey employee takes data home, puts 1,801 patients at risk

A clinical laboratory technician took patient data home, outside the secured Penn State Hershey Medical Center system.

HIPAA shake: Health care

HIPAA shake: Health care

Adherence to HIPAA, the national law that aims to protect patient information, is about to get trickier, reports Alan Earls.

Former employee accessed Bay Park Hospital patient data for a year

An employee of Bay Park Hospital in Ohio accessed information on about 600 patients over the course of a year.

Four computers containing patient data stolen in New Hampshire

More than 1,200 patients of Elliot Hospital in New Hampshire are being notified that their personal information was on four computers that were stolen from an employee's vehicle.

Unencrypted USB drive stolen, 3,000 Humana members in Atlanta impacted

In Georgia, an encrypted laptop and unencrypted USB drive containing information on nearly 3,000 members of health care provider Humana were stolen from an associate's vehicle.

Keylogger malware found on three UC Irvine health center computers

Student and non-student data may have been compromised after keylogger malware was discovered on three computers in the University of California, Irvine, Student Health Center.

Columbia University, NY hospital to pay $4.8 million HIPAA fine

Columbia University, NY hospital to pay $4.8 million HIPAA fine

The agreement marks the largest HIPAA settlement to date.

SSNs on postcards sent to 5,000 former Molina Healthcare members

Social Security numbers may have been printed on postcards sent to more than 5,000 former members of New Mexico-based Molina Healthcare.

Insider breach affects about 2,400 UMass Memorial Medical patients

A former UMass Memorial Medical Center employee accessed patient data, and the information could have been used to open commercial accounts.

Patient data accessible after health staffers act on phishing emails

Unauthorized access may have been gained to the email accounts, which contained patient data, of a small group of Centura Health employees after they responded to phishing emails.

Vendor fired for risking data on 15K Boston Medical Center patients

Boston Medical Center fired a vendor that did not use password protection on a website used by physicians to store patient records.

Humana co. pays HHS $1.7 million after unencrypted laptop breach

A Texas-based company, Concentra, paid the HIPAA settlement stemming from a 2011 breach.

Anonymous might be culprit behind apparent DDoS attack on children's hospital

No evidence directly links the group to the attacks, but clues hint at Anonymous' signature traits.

Tufts Health Plan data stolen, 8,830 members impacted

Roughly 8,830 current and former members of Tufts Health Plan are being notified that their personal information was stolen.

DDoS attack almost crashes children's hospital website

Officials haven't confirmed a DDoS scheme, but noted the attackers hit the hospital's website with large attacks designed to overwhelm it with traffic.

Feds warn health care sector of looming cyber attacks

The FBI believes that the lax security systems that the health care industry has in place make it a prime target for cyber attacks.

Second burglary breach within a month for Coordinated Health

More than 700 Pennsylvania patients have been impacted after Coordinated Health experienced its second burglary-related data breach within a month.

Fate of unencrypted drive unknown, PHI of 5,500 in Virginia at risk

A Virginia-based chiropractic center is not quite sure what happened to an unencrypted thumb drive, which contained personal information - including Social Security numbers - on more than 5,500 patients.

Three laptops stolen from New York podiatry office, 6,475 at risk

Nearly 6,500 patients of New York-based Sims and Associates Podiatry may have had personal information compromised after three laptops were stolen.

Attack exercise reveals threat-sharing roadblock within health orgs

Attack exercise reveals threat-sharing roadblock within health orgs

In the "CyberRx" exercise, many organizations expressed concerns about communicating threat information to integral team members outside IT.

More than 1,400 medical records compromised in Texas breach

More than 1,400 medical records were compromised after unauthorized access was gained to the health records system used by a Texas cardiology clinic.

HHS reveals "high-risk" security issues at Medicaid agencies

HHS reveals "high-risk" security issues at Medicaid agencies

An HHS report, based on audits between 2010 and 2012, noted serious vulnerabilities affecting 10 state Medicaid agencies.

Medical staffers fall for phishing emails, data on 8,300 compromised

Nearly 20 staffers with Washington-based Franciscan Medical Group were tricked by phishing emails, resulting in a compromise of personal information for 8,300 patients.

Network Rx: Health care security

Network Rx: Health care security

With the addition of 15,000 mobile devices accessing its network, a medical center found assurance - and met compliance mandates, reports Greg Masters.

Devices stolen from Palomar Health staffer, data on 5K patients at risk

An encrypted laptop and two unencrypted flash drives containing personal information on 5,000 patients were stolen from a Palomar Health employee.

AvMed breach settlement awards plaintiffs regardless of suffered fraud

AvMed breach settlement awards plaintiffs regardless of suffered fraud

Legal experts say the settlement serves as a small win for plaintiffs, and a much bigger one for their attorneys.

More than 1,000 UK HealthCare patients impacted by stolen laptop

A password protected laptop stolen from Talyst, a provider of pharmacy billing management services, has resulted in the compromise of personal information for more than 1,000 patients of University of Kentucky HealthCare.

About 55K in San Francisco impacted in theft of Sutherland computers

The San Francisco Department of Public Health is warning more than 55,000 patients served in DPH facilities that their personal information may have been compromised in a Feb. 5 breach of Sutherland Healthcare Solutions.

Employee with Minnesota-based insurer risks data of 38K members

Roughly 38,000 members of Minnesota-based HealthPartners may have personal information at risk after an employee brought home electronic files containing the data.

Personal info ends up online, nearly 9,000 Ohio patients affected

A file containing personal information on almost 9,000 patients of HealthSource of Ohio was viewed 47 times in the roughly five-week span it was inadvertently made available on the internet.

Virus compromises sensitive info on 5,400 Colorado hospital patients

Social Security numbers and payment card data is among the personal information that may have been compromised for about 5,400 Colorado patients after a computer virus was identified on some hospital computers.

HHS CISO talks new threat briefings, alerts for health industry

HHS CISO talks new threat briefings, alerts for health industry

On Thursday, Kevin Charest, the U.S. Department of Health and Human Services CISO, spoke to SCMagazine.com about the new initiative.

Unencrypted desktops stolen from Calif. medical center, 10k impacted

Nearly 10,000 patients of University of California San Francisco Family Medicine Center at Lakeshore may have personal information at risk after unencrypted desktop computers containing their data were stolen.

Study: Health care orgs see modest decline in incidence, cost of data breaches

Study: Health care orgs see modest decline in incidence, cost of data breaches

An annual study on patient privacy and security marked improvements on the data breach front, though organizations voiced concerns with health information exchanges (HIEs).

Iowa DHS data breach dates back 2008, more than 2,000 impacted

Information on more than 2,000 individuals leaked outside a secure network because, since 2008, two employees with the Iowa Department of Human Services used personal online accounts and storage devices.

Oregon man received thousands of medical records on his home fax

Personal information on multiple patients was compromised after a Wisconsin hospital unknowingly faxed their records to an Oregon man.

Payroll vendor breached, data on more than 43,000 employees at risk

More than 43,000 former and current employees of Chicago-based Assisted Living Concepts are being notified that their personal data may be at risk after an unauthorized third party gained access to sensitive payroll files.

Roughly 1,100 Indianapolis patients impacted following laptop theft

More than a thousand patients of St. Vincent Indianapolis hospital are being notified that their personal information may have been compromised after a password-protected laptop containing the data was stolen.

Three nursing homes' security info discovered online

Security researchers discovered new documents online containing details about equipment and network firewall passwords that put multiple nursing homes' electronic medical records and payment information at risk.

Missing thumb drive puts 3,500 Texas cancer center patients at risk

More than 3,500 patients of The University of Texas MD Anderson Cancer Center may have had personal information compromised after a researcher's unencrypted USB thumb drive went missing.

Report: U.S. officials suspect developers in Belarus compromised healthcare.gov

U.S. intelligence agencies were concerned that developers, with ties to Belarus, helped "produce the website," The Washington Free Beacon reported.

Texas health system attacked, data on more than 400K compromised

More than 400,000 patients and employees of St. Joseph Health System in Texas are being notified that their personal information may have been accessed following an attack on the health system's computer system.

Apple meets with FDA over mobile medical apps

Apple executives had a discussion with FDA Commissioner Margaret Hamburg in mid-December.

Wisconsin health insurer loses hard drive, 41K members impacted

About 41,000 members of Wisconsin-based Unity Health Insurance are being notified that their personal information may be at risk after a portable hard drive was reported missing.

Hundreds impacted after Washington doctor's laptop is stolen

A laptop containing personal information - including Social Security numbers - on roughly 900 individuals at Washington nursing homes was stolen from the vehicle of a South Sound doctor.

Phishing scam lures three Calif. physicians, patient data compromised

Roughly 1,800 patients of UC Davis Health System in California are being notified that their personal information may be at risk after the email accounts of three physicians were compromised in a phishing scam.

Health care industry to ready itself for simulated attack exercise "CyberRX"

Health care industry to ready itself for simulated attack exercise "CyberRX"

The exercises are expected to occur in March and July and will be conducted in partnership with the U.S. Department of Health and Human Services and major health care companies.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US