A number of Websense threat predictions point back to the vulnerable healthcare industry as a major target for cybercriminals.
Security firm Bitglass analyzed three years worth of HHS breach records for its report.
News about data breaches in the healthcare sector continues unabated.
Alberta Health Services is apologizing following a data breach at Alberta Children's Hospital.
A new system aimed at not only promoting threat intelligence in the health care industry, but automating it, was announced Wednesday.
The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.
Cybercriminals are primarily after patient data as it really gets them more money.
Healthcare IT professionals deal with an increasing array of critical security issues that involve privacy, BYOD and network access, managing live-saving medical devices, and ensuring compliance federal regulations.
Aventura Hospital and Medical Center has reported a data breach for the third time in two years.
The top Democrat on the House Oversight and Government Reform Committee asked for a hearing to investigate the CHS breach.
The unencrypted desktop computer was stolen from a university physician's office in July.
The clinic is warning patients of a potential breach after an unauthorized party accessed a server.
Administrator Marilyn Tavenner will have to testify in front of the House Committee on Oversight and Government Reform on Sept. 18.
An employee accessed medical records at Memorial Hermann Health System for nonprofessional purposes.
More than 750 healthcare organizations will test their cyber attack responses in October as part of a HITRUST initiative.
Under its new protocol, app developers are prohibited from selling users' personal health information.
GMR Transcription Services in California agreed to settle FTC charges related to its security practices.
Sources close to the breach investigation tipped off TrustedSec CEO David Kennedy.
As breaches hitting the health care industry continue to ramp up, more than 30 million individuals have been affected by these incidents thus far.
The ruling comes nearly three years after a computer theft occurred at the organization.
Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.
About 18,000 doctors had Social Security numbers included in rosters provided to the Department of Managed Health Care by Blue Cross of California.
St. Vincent Breast Center mailed more than 63,000 letters containing personal information to the wrong people due to a clerical error.
A security intelligence report analyzed 150 health care vendors, both small and large.
A Salina Family Healthcare Center employee inadvertently left patient information in a database that was submitted to the National Commission for Quality Assurance.
Riverside County Regional Medical Center has notified 563 patients that their data was on a laptop stolen from a hospital procedure room.
A former employee radiologist accessed and acquired data on as many as 97,000 current and former patients of NRAD Medical Associates.
An investigation into a Rady Children's Hospital breach involving more than 14,000 patients revealed a separate incident involving more than 6,000 patients.
A clinical laboratory technician took patient data home, outside the secured Penn State Hershey Medical Center system.
Adherence to HIPAA, the national law that aims to protect patient information, is about to get trickier, reports Alan Earls.
An employee of Bay Park Hospital in Ohio accessed information on about 600 patients over the course of a year.
More than 1,200 patients of Elliot Hospital in New Hampshire are being notified that their personal information was on four computers that were stolen from an employee's vehicle.
In Georgia, an encrypted laptop and unencrypted USB drive containing information on nearly 3,000 members of health care provider Humana were stolen from an associate's vehicle.
Student and non-student data may have been compromised after keylogger malware was discovered on three computers in the University of California, Irvine, Student Health Center.
The agreement marks the largest HIPAA settlement to date.
Social Security numbers may have been printed on postcards sent to more than 5,000 former members of New Mexico-based Molina Healthcare.
A former UMass Memorial Medical Center employee accessed patient data, and the information could have been used to open commercial accounts.
Unauthorized access may have been gained to the email accounts, which contained patient data, of a small group of Centura Health employees after they responded to phishing emails.
Boston Medical Center fired a vendor that did not use password protection on a website used by physicians to store patient records.
A Texas-based company, Concentra, paid the HIPAA settlement stemming from a 2011 breach.
No evidence directly links the group to the attacks, but clues hint at Anonymous' signature traits.
Roughly 8,830 current and former members of Tufts Health Plan are being notified that their personal information was stolen.
Officials haven't confirmed a DDoS scheme, but noted the attackers hit the hospital's website with large attacks designed to overwhelm it with traffic.
The FBI believes that the lax security systems that the health care industry has in place make it a prime target for cyber attacks.
More than 700 Pennsylvania patients have been impacted after Coordinated Health experienced its second burglary-related data breach within a month.
A Virginia-based chiropractic center is not quite sure what happened to an unencrypted thumb drive, which contained personal information - including Social Security numbers - on more than 5,500 patients.
Nearly 6,500 patients of New York-based Sims and Associates Podiatry may have had personal information compromised after three laptops were stolen.
In the "CyberRx" exercise, many organizations expressed concerns about communicating threat information to integral team members outside IT.
More than 1,400 medical records were compromised after unauthorized access was gained to the health records system used by a Texas cardiology clinic.
An HHS report, based on audits between 2010 and 2012, noted serious vulnerabilities affecting 10 state Medicaid agencies.
Nearly 20 staffers with Washington-based Franciscan Medical Group were tricked by phishing emails, resulting in a compromise of personal information for 8,300 patients.
With the addition of 15,000 mobile devices accessing its network, a medical center found assurance - and met compliance mandates, reports Greg Masters.
An encrypted laptop and two unencrypted flash drives containing personal information on 5,000 patients were stolen from a Palomar Health employee.
Legal experts say the settlement serves as a small win for plaintiffs, and a much bigger one for their attorneys.
A password protected laptop stolen from Talyst, a provider of pharmacy billing management services, has resulted in the compromise of personal information for more than 1,000 patients of University of Kentucky HealthCare.
The San Francisco Department of Public Health is warning more than 55,000 patients served in DPH facilities that their personal information may have been compromised in a Feb. 5 breach of Sutherland Healthcare Solutions.
Roughly 38,000 members of Minnesota-based HealthPartners may have personal information at risk after an employee brought home electronic files containing the data.
A file containing personal information on almost 9,000 patients of HealthSource of Ohio was viewed 47 times in the roughly five-week span it was inadvertently made available on the internet.
Social Security numbers and payment card data is among the personal information that may have been compromised for about 5,400 Colorado patients after a computer virus was identified on some hospital computers.
On Thursday, Kevin Charest, the U.S. Department of Health and Human Services CISO, spoke to SCMagazine.com about the new initiative.
Nearly 10,000 patients of University of California San Francisco Family Medicine Center at Lakeshore may have personal information at risk after unencrypted desktop computers containing their data were stolen.
An annual study on patient privacy and security marked improvements on the data breach front, though organizations voiced concerns with health information exchanges (HIEs).
Information on more than 2,000 individuals leaked outside a secure network because, since 2008, two employees with the Iowa Department of Human Services used personal online accounts and storage devices.
Personal information on multiple patients was compromised after a Wisconsin hospital unknowingly faxed their records to an Oregon man.
More than 43,000 former and current employees of Chicago-based Assisted Living Concepts are being notified that their personal data may be at risk after an unauthorized third party gained access to sensitive payroll files.
More than a thousand patients of St. Vincent Indianapolis hospital are being notified that their personal information may have been compromised after a password-protected laptop containing the data was stolen.
Security researchers discovered new documents online containing details about equipment and network firewall passwords that put multiple nursing homes' electronic medical records and payment information at risk.
More than 3,500 patients of The University of Texas MD Anderson Cancer Center may have had personal information compromised after a researcher's unencrypted USB thumb drive went missing.
U.S. intelligence agencies were concerned that developers, with ties to Belarus, helped "produce the website," The Washington Free Beacon reported.
More than 400,000 patients and employees of St. Joseph Health System in Texas are being notified that their personal information may have been accessed following an attack on the health system's computer system.
Apple executives had a discussion with FDA Commissioner Margaret Hamburg in mid-December.
About 41,000 members of Wisconsin-based Unity Health Insurance are being notified that their personal information may be at risk after a portable hard drive was reported missing.
A laptop containing personal information - including Social Security numbers - on roughly 900 individuals at Washington nursing homes was stolen from the vehicle of a South Sound doctor.
Roughly 1,800 patients of UC Davis Health System in California are being notified that their personal information may be at risk after the email accounts of three physicians were compromised in a phishing scam.
The exercises are expected to occur in March and July and will be conducted in partnership with the U.S. Department of Health and Human Services and major health care companies.
Two employees at Georgia-based Phoebe Putney Memorial Hospital have been fired after a desktop computer containing information on nearly 6,800 individuals was mistakenly thrown away.
Data on nearly 12,000 past and present clients of the Wyoming Department of Health Special Supplemental Nutrition Program for Women, Infants and Children may be at risk after an unsecured file was sent to a partner.
A laptop stolen from the office of a New Mexico Oncology Hematology Consultants employee may have led to a compromise of unsecured protected health information for more than 12,000 individuals.
It was a computer programming error in the North Carolina Department of Health and Human Services that led to the Medicaid cards of almost 50,000 children being mailed to wrong addresses.
An employee with Riverside Health System in Virginia was fired for inappropriately accessing the medical records of nearly 1,000 patients over the span of four years.
Network-connected-and-configured devices can be infected by malware that provides access to patient data, monitoring systems and implanted patient devices.
Nearly 3,500 members of the South Carolina Health Insurance Pool may have had personal information compromised after a password-protected laptop containing the sensitive data was stolen from an independent auditor's car.
An employee with a private contractor for Colorado Medicaid was fired after sending an email to a personal account that contained sensitive information on almost 2,000 people.
An undisclosed number of individuals may have had personal information compromised after a secured California Employment Development Department facility was broken into and computers were stolen.
Kurt DelBene will now serve as a senior advisor to the Secretary of Health and Human Services, replacing Jeff Zients, who previously managed healthcare.gov.
Horizon Blue Cross Blue Shield of New Jersey is notifying more than 800,000 members that their personal information may have been compromised after two unencrypted laptops were stolen.
The Fairfax County Health Department in Virginia is sending notification letters to roughly 1,500 individuals after one of the county's health care clinics inadvertently left private pharmaceutical records on an unsecured computer server.
Representatives of the Energy and Commerce Committee have asked the FDA to hire experts to investigate the incident which occurred in October.
More than a thousand patients treated at a variety of University of Pittsburgh Medical Center locations over the past year are being notified that their personal information was viewed inappropriately by a former employee.
A UW Medicine employee opened an email attachment and unknowingly downloaded malware, which led to the compromise of about 90,000 patients of Seattle-based Harborview Medical Center and University of Washington Medical Center.
Jay Radcliffe showed how his insulin pump was vulnerable to a remote takeover.
Florida Digestive Health Specialists LLP is notifying about 4,400 patients that a former employee improperly accessed their personal information and photographed the data.
More than 8,000 patients of University of California, San Francisco are receiving notification letters after a possibly unencrypted laptop that contained the personal information was stolen from a physician's vehicle.
Thousands of doctors at Anthem Blue Cross of California are being notified that their personal information was mistakenly posted online.
More than a thousand patients of a California hospital are being notified that their personal information may have been compromised.
Thousands of city workers in Milwaukee, as well as their spouses and domestic partners, had personal information compromised after a flash drive that contained the data was stolen.
More than 11,000 patients and some employees of Colorado-based kidney care company DaVita are being alerted after an unencrypted laptop containing their personal data was stolen from a staffer's vehicle.
The HealthCare Information Security and Privacy Practitioner (HCISPP) certification program was introduced on Monday.
The device records the wearer's body temperature and uploads the data to any Android device via Bluetooth.
Two former nurses' aides for Virginia-based nonprofit Sentara Healthcare have pleaded guilty to accessing thousands of electronic patient records and using the information to file fraudulent tax returns.
Sign up to our newsletters
SC Magazine Articles
- Microsoft report explores dangers of running expired security software
- Survey: real-time SIEM solutions help orgs detect attacks within minutes
- Vulnerabilities identified in three Advantech products
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- State Department hack may be tied to White House network breach
- Operators disable firewall features to increase network performance, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Upping the ante: PCI Security Standard
- Study: Third of employees use company devices for social media and online shopping
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Swedish appeals court nixes Assange's plea
- Critical XSS vulnerability addressed in WordPress
- The Internet of Things (IoT) will fail if security has no context