NHS sharing unfiltered medical data on 1.6M patients with Google AI company

NHS sharing unfiltered medical data on 1.6M patients with Google AI company

As part of a joint venture to develop groundbreaking healthcare apps, the UK's National Health Service (NHS) has agreed to share new and historical healthcare data on 1.6 million patients with Google's AI company DeepMind.

Cybersecurity Caucus: FDA guidelines protect medical devices from hackers

Cybersecurity Caucus: FDA guidelines protect medical devices from hackers

Rep. James Langevin wrote an open letter to the Food and Drug Administration's (FDA) praising draft guidance that would strengthen the cybersecurity of medical devices.

Research: Over 6,000 data breaches in key industry sectors since 2005

Research: Over 6,000 data breaches in key industry sectors since 2005

The Identity Theft Resource Center (ITRC) and IDT911 said that to date, the financial services, business, education, government and healthcare industrial sectors have experienced over 6,000 data breaches since 2005.

California ransomware bill supported by Hollywood hospital passes committee

California ransomware bill supported by Hollywood hospital passes committee

A proposed California legislation imposing specific penalties for ransomware took a step forward yesterday when the state senate's Public Safety Committee passed the bill at a hearing featuring testimony from Hollywood Presbyterian Medical Center.

Federal court bucks trend, rules general liability insurance covers data breach

Federal court bucks trend, rules general liability insurance covers data breach

A federal appeals court upheld a ruling that insurance firm Travelers Indemnity Co., under the terms of a commercial general liability policy, must defend its client, Portal Healthcare Solutions, in a lawsuit stemming from a data breach.

OptumRx customer records on stolen laptop compromised

OptumRx customer records on stolen laptop compromised

The online prescription drug company OptumRx reported that an unknown number of customer records were compromised when a vendor employee's laptop was stolen.

Report: 14% of doctors keep patient data on cell phones, don't use password

Report: 14% of doctors keep patient data on cell phones, don't use password

A new report found 28 percent of doctors store patient data on their cell phones, and 80% of doctors use a mobile device as a tool to assist their daily practice.

Personal laptop, possibly containing data on 5M patients, stolen from HHS facility

Personal laptop, possibly containing data on 5M patients, stolen from HHS facility

A personal laptop and hard drives that may have contained data on close to 5 million medical patients was stolen from a Washington State federal building, prompting calls for the Department of Health and Human Services to reveal the extent of the damage.

Another Canadian hospital hit with ransomware attack, spreads TeslaCrypt

Another Canadian hospital hit with ransomware attack, spreads TeslaCrypt

Malwarebytes researchers spotted another ransomware attack against a Canadian hospital.

Researchers detect surge in Samsam ransomware that spreads via vulnerabilities

Researchers detect surge in Samsam ransomware that spreads via vulnerabilities

A ransomware campaign with an unusual method of propagation—infecting servers via unpatched vulnerabilities, then spreading laterally across the local network—experienced a marked spike in activity Monday, according to researchers at Talos.

Hospitals in Kentucky, SoCal become latest targets of hackers

Hospitals in Kentucky, SoCal become latest targets of hackers

The scourge of malware attacks against hospitals continued this week, including a ransomware assault targeting Henderson, Ky.-based Methodist Hospital and another possible ransomware incident at two Southern California facilities.

FTC, legislators call for improvements in health-care IT laws, including ransomware protection

FTC, legislators call for improvements in health-care IT laws, including ransomware protection

A federal hearing on standardizing and modernizing health information technology resulted in calls for new or revised legislation to fill in gaps in cybersecurity law.

House subcommittee questions VA CIO over security weaknesses

House subcommittee questions VA CIO over security weaknesses

The Department of Veterans Affairs CIO LaVerne Council was questioned by lawmakers Wednesday at a House Oversight subcommittee hearing.

Oncology clinic breached, patient data stolen

Oncology clinic breached, patient data stolen

21st Century Oncology was asked by the Federal Bureau of investigation to delay notification of patients that there information had been taken when a third-party gained unauthorized access to one of its databases.

Stolen laptop exposes PII of over 200K Premier Healthcare patients

Premier Healthcare, a Bloomington, Indiana-based healthcare provider, suffered a data breach when a thief stole a laptop containing patient information from the company's billing department.

First, do no harm: Medical devices

First, do no harm: Medical devices

The growing value of medical data and the rise of IoT are testing health care's lagging infrastructure. Alan Earls reports.

Health care horror stories...and cures

The health care industry must step up when it comes to addressing its steady stream of IT security risks, says Illena Armstrong, VP, editorial, SC Magazine.

York Hospital breach compromises PII of 1,400 employees

York Hospital breach compromises PII of 1,400 employees

York Hospital in Maine reported a breach of employees' identifying information but said patient information was not targeted.

Hackers of the Caribbean: Alleged cyber activist arrested after Disney Cruise rescues his boat

Hackers of the Caribbean: Alleged cyber activist arrested after Disney Cruise rescues his boat

Martin Gottesfeld, 31, under investigation for a cyberattack on Boston Children's Hospital, was arrested after a Disney Cruise ship rescued him and his wife from a stranded boat off Cuba.

Magnolia Health Corporation suffers breach after falling for spoofed CEO email

An authorized party obtained employee data from California rehabilitation and nursing home health-care provider Magnolia Health Corporation, after posing as the company's CEO in a spoofed email.

Employees mishandle data, violate HIPAA in Washington State Medicaid breach

The Washington State Health Care Authority (HCA) announced yesterday that employees at two state agencies committed a HIPAA violation by improperly exchanging private data pertaining to its Apple Health Medicaid clients.

Missing drives contained PHI on 950K Centene customers

During an inventory of its IT assets, health insurer Centene discovered that six hard drives containing personal and health information on 950,000 customers had gone missing.

Flint hospital hit with cyber attack after Anonymous threatens action

Flint hospital hit with cyber attack after Anonymous threatens action

Hurley Medical Center in Flint, Mich. was hit by a cyber attack Thursday after Anonymous threatened to take action over for the city's water crisis.

Henry Schein to pay $250K to FTC for misleading encryption claims

Henry Schein to pay $250K to FTC for misleading encryption claims

The Henry Schein Practice Solutions, Inc. agreed to pay a $250,000 fine to the FTC for falsely advertising the level of encryption it used to safeguard patient data.

Asbestos bill would expose victims' personal data, medical histories

Asbestos bill would expose victims' personal data, medical histories

Privacy and public interest organizations are petitioning against a bill that attempts to prevent fraud in asbestos lawsuits.

USB ports pose hidden risk for medical facilities

USB ports pose hidden risk for medical facilities

When visiting a medical facility, it can be tempting to charge a mobile device into a spare USB port, but the free charge may contain an unpleasant after-effect.

HHS, HITRUST, Deloitte 'attack' healthcare orgs to test cyber preparedness

HHS, HITRUST, Deloitte 'attack' healthcare orgs to test cyber preparedness

Mock attacks on 12 healthcare organizations to tested the organizations' capabilities in responding to cyber incidents.

North Carolina DHHS reports second email incident in two months

The North Caroline DHHS has announced a second email incident that affected more than 500 patients.

Health and Human Services CIO will be stepping down

Health and Human Services CIO will be stepping down

HHS CIO Frank Baitman is stepping down from his post at the end of the month.

Three-quarters of industry pros say a breach caused by an IoT device is likely

Three-quarters of industry pros say a breach caused by an IoT device is likely

A new report found that nearly three-quarters of industry professionals believe there is a medium or high likelihood of their organization being hacked as a result of the interconnectivity of Internet of Things.

Equipment containing patient data stolen from Illinois orthopedic provider

A laptop and EMG machine containing personal information were stolen from a Barrington Orthopedic Specialists transport vehicle.

Thousands of medical systems found vulnerable to attack

Thousands of medical systems found vulnerable to attack

Researchers presented findings at Derbycon this past weekend that indicated vulnerabilities in thousands of medical systems.

Members of NJ health insurer had data accessed, used in fraud scheme

Several individuals posed as health care professionals and used member information to submit false claims to Horizon Blue Cross Blue Shield of NJ.

London clinic leaks HIV status of 780 patients in newsletter

London clinic leaks HIV status of 780 patients in newsletter

A London sexual health clinic accidentally leaked the HIV status, names, and email addresses of 780 patients in a newsletter.

American Airlines denies hack, but reinforces security efforts

American Airlines denies hack, but reinforces security efforts

American Airlines denied involvement in an apparent security incident at its one-time subsidiary Sabre, but is redoubling its own security measures as a precaution.

UCLA target of class-action suit after breach

A lawsuit filed in a federal court in California accused UCLA Health System of not adequately protecting the personal data of 4.5 million individuals affected by a 2014 breach.

UPMC Health Plan compromises personal data of 722 patients

University of Pittsburgh Medical Center (UPMC) Health Plan announced its third breach in two years, information of 722 patients compromised.

Health orgs asking third party associates to get CSF certification

Recognizing the increased risk of breach from the interconnectedness of healthcare systems, some healthcare organizations will require third parties to obtain CSF certification.

Reports tie together Anthem and OPM data breaches

Evidence seems to indicate that the Anthem data breach and OPM data breaches were carried out by the same Chinese actors.

Medical Information Engineering's network breached; undisclosed number of patients compromised

The personal health information, including Social Security numbers and medical conditions, might have been compromised in a cyber attack in May on Medical Information Engineering.

Researcher who found Hospira drug pump flaws says more models are vulnerable

Researcher who found Hospira drug pump flaws says more models are vulnerable

Security researcher Billy Rios has verified that more Hospira infusion pumps are vulnerable to the same security issues, since they use "identical software."

'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected

'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected

TrapX published a report on "medical device hijack," or MEDJACK, which allows attackers to build backdoors into healthcare providers' networks.

Researchers publish developer guidance for medical device security

Researchers publish developer guidance for medical device security

The guidance is organized into 10 categories, and serves as "starting point for a more complete code," report authors said.

Three MetroHealth computers infected with malware, patients notified

The Ohio-based health care provider is notifying nearly 1,000 patients that three computers in its Cardiac Cath Lab were infected with malware.

DHS adds more bug disclosures to Hospira drug pump alert, FDA joins call

DHS adds more bug disclosures to Hospira drug pump alert, FDA joins call

ICS-CERT is now aware of more vulnerabilities impacting Hospira infusion pumps.

Study: Root cause of health care breaches shifts to criminal attacks

Study: Root cause of health care breaches shifts to criminal attacks

An annual health care study found that criminal attacks replaced device theft and loss as the leading cause of breaches.

ICS-CERT issues advisory on Hospira infusion pump flaws

ICS-CERT issues advisory on Hospira infusion pump flaws

An independent researcher identified the improper authorization vulnerability and insufficient verification of data authenticity flaw.

Sign on the digital line: Case study

Sign on the digital line: Case study

Biopharma companies need a secure digital signing infrastructure. SureClinical found an answer for them, reports Greg Masters.

In latest filing, LabMD claims lack of due process, prejudice taint FTC case

In latest filing, LabMD claims lack of due process, prejudice taint FTC case

The Atlanta-based medical testing lab has, again, filed to have FTC's complaint dismissed.

Hospitals testing AC monitoring platform to spot malware in medical devices

Two unnamed hospitals have signed on to test the WhatsAppDoc platform developed to detect malware in outdated medical devices by monitoring AC consumption.

RSA 2015: In the healthcare industry, security must innovate with business

RSA 2015: In the healthcare industry, security must innovate with business

Legislation, mobility and personalization are forces driving healthcare in the U.S., Frank Kim said at RSA Conference 2015.

In growing market for genetic data, privacy implications prove lasting

In growing market for genetic data, privacy implications prove lasting

Experts consider the lasting impact of data brokers, and potential breaches, on genetic information.

Researchers investigate link between Axiom spy group, Anthem breach

Researchers investigate link between Axiom spy group, Anthem breach

Anthem breach investigators initially claimed that tools, linked exclusively to Chinese espionage attackers, were used against the health insurer.

Up to 18.8 million non-Anthem members possibly affected in breach

Of the approximate 78.8 million people whose information was accessed by hackers earlier this month, anywhere from 8.8 to 18.8 million of those affected include non-members.

Think you should just be worried about fines? Think again. And think like an attacker.

Think you should just be worried about fines? Think again. And think like an attacker.

When it comes to healthcare security, if you think compliance is the only thing you need to worry about, think again.

Report: Anthem may have up to $200M in cyber insurance

A unit of AIG Inc. is the primary cyber insurer for Anthem, according to a recent report in Business Insurance.

Lawsuits filed against Anthem, phishing scams abound

Lawsuits filed against Anthem, phishing scams abound

Plaintiffs in California, Georgia, Indiana and Alabama have filed suits and Anthem warned customers to brace for more phishing scams.

Community debates encryption's value in Anthem incident

Community debates encryption's value in Anthem incident

Experts argue that encryption is not the key piece in the Anthem breach if the incident involved a targeted attack on admin credentials.

Exclusive: Mandiant speaks on Anthem attack, custom backdoors used

Exclusive: Mandiant speaks on Anthem attack, custom backdoors used

Mandiant was brought on site Tuesday, after Anthem started their own internal investigation.

Skills in demand: Information security analysts - health care

Skills in demand: Information security analysts - health care

The amount of information stored in our medical records creates a ripe environment for security breaches. The health care sector is in search of information security analysts.

Eleventh Circuit dismisses LabMD motion questioning FTC authority

LabMD can challenge the FTC's enforcement authority in federal court once the agency comes to a final decision on the exposure of patient data.

HITRUST, Deloitte slate cyber town halls for health care orgs

The HITRUST Alliance and Deloitte will coordinate cyber town hall meetings in major U.S. cities.

HITRUST forms working group for medical device, health system security

The mission of the working group will be to enhance health information technology (HIT) security.

NJ law requires health insurance carriers to encrypt sensitive data

New Jersey Governor Chris Christie signed the legislation last Friday.

HITRUST adds privacy controls to Common Security Framework

The privacy controls will be added to version 7 of HITRUST's CSF due out later this month.

Landmark HIPAA settlement confirms push to firm up patching schedules

Landmark HIPAA settlement confirms push to firm up patching schedules

Anchorage Community Mental Health Services (ACMHS) must pay $150,000 and integrate an action plan to meet HIPAA compliance.

Health billing co., former CEO settle with FTC over data collection

PaymentsMD and its former CEO will have to destroy all information collected related to its Patient Health Report service.

Healthcare sector's broad data sets will attract increased attacks in 2015

Healthcare sector's broad data sets will attract increased attacks in 2015

A number of Websense threat predictions point back to the vulnerable healthcare industry as a major target for cybercriminals.

Study: 68 percent of healthcare breaches caused by loss or theft of devices, files

Study: 68 percent of healthcare breaches caused by loss or theft of devices, files

Security firm Bitglass analyzed three years worth of HHS breach records for its report.

PHI is more valuable than credit cards: Time to get serious about data security!

News about data breaches in the healthcare sector continues unabated.

Childrens' Hospital apologizes for rogue employee breach

Alberta Health Services is apologizing following a data breach at Alberta Children's Hospital.

New system aims to automate threat intelligence in health care industry

A new system aimed at not only promoting threat intelligence in the health care industry, but automating it, was announced Wednesday.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.

Securing critical patient privacy & care: Visibility, control and response for healthcare providers

Healthcare IT professionals deal with an increasing array of critical security issues that involve privacy, BYOD and network access, managing live-saving medical devices, and ensuring compliance federal regulations.

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.

Congressman asks Issa for hearing on CHS breach

The top Democrat on the House Oversight and Government Reform Committee asked for a hearing to investigate the CHS breach.

Temple University patients impacted by possible breach

The unencrypted desktop computer was stolen from a university physician's office in July.

Central Utah Clinic notifies over 30K patients of potential HIPAA breach

The clinic is warning patients of a potential breach after an unauthorized party accessed a server.

CMS administrator to testify before committee on HealthCare.gov hack

Administrator Marilyn Tavenner will have to testify in front of the House Committee on Oversight and Government Reform on Sept. 18.

More than 10K electronic medical records compromised at Houston health system

An employee accessed medical records at Memorial Hermann Health System for nonprofessional purposes.

Healthcare orgs prepare for cyber threat readiness test

More than 750 healthcare organizations will test their cyber attack responses in October as part of a HITRUST initiative.

Apple health app protocol bars developers from selling user info

Under its new protocol, app developers are prohibited from selling users' personal health information.

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Sources close to the breach investigation tipped off TrustedSec CEO David Kennedy.

Health care breaches continue to rise, over 30M affected

As breaches hitting the health care industry continue to ramp up, more than 30 million individuals have been affected by these incidents thus far.

$4 billion breach suit against Sutter Health dismissed

The ruling comes nearly three years after a computer theft occurred at the organization.

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

About 18K doctors may have had Social Security numbers exposed

About 18,000 doctors had Social Security numbers included in rosters provided to the Department of Managed Health Care by Blue Cross of California.

St. Vincent Breast Center mails 63K letters to wrong people

St. Vincent Breast Center mailed more than 63,000 letters containing personal information to the wrong people due to a clerical error.

Most health care vendors earn 'D' in data protection, study finds

Most health care vendors earn 'D' in data protection, study finds

A security intelligence report analyzed 150 health care vendors, both small and large.

Salina Family Healthcare Center email gaffe impacts about 10K patients

A Salina Family Healthcare Center employee inadvertently left patient information in a database that was submitted to the National Commission for Quality Assurance.

Laptop stolen from Calif. hospital stored data on more than 500 patients

Riverside County Regional Medical Center has notified 563 patients that their data was on a laptop stolen from a hospital procedure room.

Employee accesses nearly 100K patient files in NRAD Medical Associates breach

A former employee radiologist accessed and acquired data on as many as 97,000 current and former patients of NRAD Medical Associates.

San Diego hospital breach investigation reveals second incident, both human error

An investigation into a Rady Children's Hospital breach involving more than 14,000 patients revealed a separate incident involving more than 6,000 patients.

Penn State Hershey employee takes data home, puts 1,801 patients at risk

A clinical laboratory technician took patient data home, outside the secured Penn State Hershey Medical Center system.

HIPAA shake: Health care

HIPAA shake: Health care

Adherence to HIPAA, the national law that aims to protect patient information, is about to get trickier, reports Alan Earls.

Former employee accessed Bay Park Hospital patient data for a year

An employee of Bay Park Hospital in Ohio accessed information on about 600 patients over the course of a year.

Four computers containing patient data stolen in New Hampshire

More than 1,200 patients of Elliot Hospital in New Hampshire are being notified that their personal information was on four computers that were stolen from an employee's vehicle.

Unencrypted USB drive stolen, 3,000 Humana members in Atlanta impacted

In Georgia, an encrypted laptop and unencrypted USB drive containing information on nearly 3,000 members of health care provider Humana were stolen from an associate's vehicle.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US