SCAN Health Plan is notifying users that remote attackers were able to gain access to the contact sheets system and accessed the personal information of past and current members and some non-plan members.
Eschewing the bug bounty route, a cybersecurity firm which detected a flaw in a medical device from St. Jude Medical, partnered with an investment firm to capitalize on its knowledge and short sell stock in the device manufacturer.
The explosive growth in ransomware has once again heated up the debate as to whether infected organizations have an ethical responsibility to refuse payment. But are some companies exacerbating the problem by paying up even when they have viable data backups?
A laptop taken home by an employee of the Whitehead Nursing Home was stolen.
In a revision of its policies, the U.S. Department of Health and Human Services' Office for Civil Rights has instructed its regional offices to place more of an emphasis on investigating smaller health-care data breaches that affect fewer than 500 individuals.
Patient records were compromised at Bon Secours, a nonprofit health care provider.
In what is being flagged as a threat to the health care sector, the source code of all of PilotFish Technology's software has been posted to the dark web.
Oregon State Hospital's maximum security ward is notifying patients of a data breach.
Advocate Health Care will pay $5.55 million for a breach that led to the exposure of personally identifiable information of four million patients.
An analysis of malicious threats tracked by managed security services provider Solutionary reported that ransomware attacks targeting healthcare companies comprised 88 percent of all ransomware attacks.
Health care consortium Kaiser Permanente's Northern California division has publicly disclosed a data breach after two of its employees allegedly stole an unspecified number of ultrasound machines containing protected health information.
Two critical reports showed a lack of public trust in NHS security and confidentiality handling patient records causing the government to scrap plans for a unified doctor and hosptial patient database.
Fingers are pointing at a third-party vendor as the culpable party behind the exposure of personally identifiable information of 4,300 patients of Massachusetts General Hospital (MGH).
An x-ray machine, an oncology system, an MRI machine: These are all important healthcare devices that researchers found harboring malware capable of installing backdoors on other connected systems for the purpose of exfiltrating data.
A hacker with the ominous nickname "thedarkoverlord" appears to have stolen more than 650,000 medical records from three separate healthcare institution databases, and has made them available for sale on the darknet online marketplace TheRealDeal.
Citing the success enjoyed by the DoD's Hack the Pentagon bug bounty program, the HHS is considering using ethical hackers to discover flaws in medical devices and systems.
As the healthcare industry strives to bring data from different sources together to create longitudinal patient records, organizations must find ways to minimize and de-identify data to better protect its privacy.
Researchers at endpoint security solutions company Invincea have discovered a new variant of Cerber ransomware that could lock out legitimate users, while still allowing attackers to potentially launch DDoS attacks against other networks.
FDA official provided detail about the agency's IT strategy that aims to strengthen protection of pharmaceutical companies' data submitted in regulatory filings during the approval process of new drugs.
For the second consecutive year, Ponemon Institute's annual study on the state of security and privacy in health care found that cybercrime was the leading cause of data breaches among hospitals and other medical providers.
As part of a joint venture to develop groundbreaking healthcare apps, the UK's National Health Service (NHS) has agreed to share new and historical healthcare data on 1.6 million patients with Google's AI company DeepMind.
Rep. James Langevin wrote an open letter to the Food and Drug Administration's (FDA) praising draft guidance that would strengthen the cybersecurity of medical devices.
The Identity Theft Resource Center (ITRC) and IDT911 said that to date, the financial services, business, education, government and healthcare industrial sectors have experienced over 6,000 data breaches since 2005.
A proposed California legislation imposing specific penalties for ransomware took a step forward yesterday when the state senate's Public Safety Committee passed the bill at a hearing featuring testimony from Hollywood Presbyterian Medical Center.
A federal appeals court upheld a ruling that insurance firm Travelers Indemnity Co., under the terms of a commercial general liability policy, must defend its client, Portal Healthcare Solutions, in a lawsuit stemming from a data breach.
The online prescription drug company OptumRx reported that an unknown number of customer records were compromised when a vendor employee's laptop was stolen.
A new report found 28 percent of doctors store patient data on their cell phones, and 80% of doctors use a mobile device as a tool to assist their daily practice.
A personal laptop and hard drives that may have contained data on close to 5 million medical patients was stolen from a Washington State federal building, prompting calls for the Department of Health and Human Services to reveal the extent of the damage.
Malwarebytes researchers spotted another ransomware attack against a Canadian hospital.
A ransomware campaign with an unusual method of propagation—infecting servers via unpatched vulnerabilities, then spreading laterally across the local network—experienced a marked spike in activity Monday, according to researchers at Talos.
The scourge of malware attacks against hospitals continued this week, including a ransomware assault targeting Henderson, Ky.-based Methodist Hospital and another possible ransomware incident at two Southern California facilities.
A federal hearing on standardizing and modernizing health information technology resulted in calls for new or revised legislation to fill in gaps in cybersecurity law.
The Department of Veterans Affairs CIO LaVerne Council was questioned by lawmakers Wednesday at a House Oversight subcommittee hearing.
21st Century Oncology was asked by the Federal Bureau of investigation to delay notification of patients that there information had been taken when a third-party gained unauthorized access to one of its databases.
Premier Healthcare, a Bloomington, Indiana-based healthcare provider, suffered a data breach when a thief stole a laptop containing patient information from the company's billing department.
The growing value of medical data and the rise of IoT are testing health care's lagging infrastructure. Alan Earls reports.
The health care industry must step up when it comes to addressing its steady stream of IT security risks, says Illena Armstrong, VP, editorial, SC Magazine.
York Hospital in Maine reported a breach of employees' identifying information but said patient information was not targeted.
Martin Gottesfeld, 31, under investigation for a cyberattack on Boston Children's Hospital, was arrested after a Disney Cruise ship rescued him and his wife from a stranded boat off Cuba.
An authorized party obtained employee data from California rehabilitation and nursing home health-care provider Magnolia Health Corporation, after posing as the company's CEO in a spoofed email.
The Washington State Health Care Authority (HCA) announced yesterday that employees at two state agencies committed a HIPAA violation by improperly exchanging private data pertaining to its Apple Health Medicaid clients.
During an inventory of its IT assets, health insurer Centene discovered that six hard drives containing personal and health information on 950,000 customers had gone missing.
Hurley Medical Center in Flint, Mich. was hit by a cyber attack Thursday after Anonymous threatened to take action over for the city's water crisis.
The Henry Schein Practice Solutions, Inc. agreed to pay a $250,000 fine to the FTC for falsely advertising the level of encryption it used to safeguard patient data.
Privacy and public interest organizations are petitioning against a bill that attempts to prevent fraud in asbestos lawsuits.
When visiting a medical facility, it can be tempting to charge a mobile device into a spare USB port, but the free charge may contain an unpleasant after-effect.
Mock attacks on 12 healthcare organizations to tested the organizations' capabilities in responding to cyber incidents.
The North Caroline DHHS has announced a second email incident that affected more than 500 patients.
HHS CIO Frank Baitman is stepping down from his post at the end of the month.
A new report found that nearly three-quarters of industry professionals believe there is a medium or high likelihood of their organization being hacked as a result of the interconnectivity of Internet of Things.
A laptop and EMG machine containing personal information were stolen from a Barrington Orthopedic Specialists transport vehicle.
Researchers presented findings at Derbycon this past weekend that indicated vulnerabilities in thousands of medical systems.
Several individuals posed as health care professionals and used member information to submit false claims to Horizon Blue Cross Blue Shield of NJ.
A London sexual health clinic accidentally leaked the HIV status, names, and email addresses of 780 patients in a newsletter.
American Airlines denied involvement in an apparent security incident at its one-time subsidiary Sabre, but is redoubling its own security measures as a precaution.
A lawsuit filed in a federal court in California accused UCLA Health System of not adequately protecting the personal data of 4.5 million individuals affected by a 2014 breach.
University of Pittsburgh Medical Center (UPMC) Health Plan announced its third breach in two years, information of 722 patients compromised.
Recognizing the increased risk of breach from the interconnectedness of healthcare systems, some healthcare organizations will require third parties to obtain CSF certification.
Evidence seems to indicate that the Anthem data breach and OPM data breaches were carried out by the same Chinese actors.
The personal health information, including Social Security numbers and medical conditions, might have been compromised in a cyber attack in May on Medical Information Engineering.
Security researcher Billy Rios has verified that more Hospira infusion pumps are vulnerable to the same security issues, since they use "identical software."
TrapX published a report on "medical device hijack," or MEDJACK, which allows attackers to build backdoors into healthcare providers' networks.
The guidance is organized into 10 categories, and serves as "starting point for a more complete code," report authors said.
The Ohio-based health care provider is notifying nearly 1,000 patients that three computers in its Cardiac Cath Lab were infected with malware.
ICS-CERT is now aware of more vulnerabilities impacting Hospira infusion pumps.
An annual health care study found that criminal attacks replaced device theft and loss as the leading cause of breaches.
An independent researcher identified the improper authorization vulnerability and insufficient verification of data authenticity flaw.
Biopharma companies need a secure digital signing infrastructure. SureClinical found an answer for them, reports Greg Masters.
The Atlanta-based medical testing lab has, again, filed to have FTC's complaint dismissed.
Two unnamed hospitals have signed on to test the WhatsAppDoc platform developed to detect malware in outdated medical devices by monitoring AC consumption.
Legislation, mobility and personalization are forces driving healthcare in the U.S., Frank Kim said at RSA Conference 2015.
Experts consider the lasting impact of data brokers, and potential breaches, on genetic information.
Anthem breach investigators initially claimed that tools, linked exclusively to Chinese espionage attackers, were used against the health insurer.
Of the approximate 78.8 million people whose information was accessed by hackers earlier this month, anywhere from 8.8 to 18.8 million of those affected include non-members.
When it comes to healthcare security, if you think compliance is the only thing you need to worry about, think again.
A unit of AIG Inc. is the primary cyber insurer for Anthem, according to a recent report in Business Insurance.
Plaintiffs in California, Georgia, Indiana and Alabama have filed suits and Anthem warned customers to brace for more phishing scams.
Experts argue that encryption is not the key piece in the Anthem breach if the incident involved a targeted attack on admin credentials.
Mandiant was brought on site Tuesday, after Anthem started their own internal investigation.
The amount of information stored in our medical records creates a ripe environment for security breaches. The health care sector is in search of information security analysts.
LabMD can challenge the FTC's enforcement authority in federal court once the agency comes to a final decision on the exposure of patient data.
The HITRUST Alliance and Deloitte will coordinate cyber town hall meetings in major U.S. cities.
The mission of the working group will be to enhance health information technology (HIT) security.
New Jersey Governor Chris Christie signed the legislation last Friday.
The privacy controls will be added to version 7 of HITRUST's CSF due out later this month.
Anchorage Community Mental Health Services (ACMHS) must pay $150,000 and integrate an action plan to meet HIPAA compliance.
PaymentsMD and its former CEO will have to destroy all information collected related to its Patient Health Report service.
A number of Websense threat predictions point back to the vulnerable healthcare industry as a major target for cybercriminals.
Security firm Bitglass analyzed three years worth of HHS breach records for its report.
News about data breaches in the healthcare sector continues unabated.
Alberta Health Services is apologizing following a data breach at Alberta Children's Hospital.
A new system aimed at not only promoting threat intelligence in the health care industry, but automating it, was announced Wednesday.
The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.
Cybercriminals are primarily after patient data as it really gets them more money.
Healthcare IT professionals deal with an increasing array of critical security issues that involve privacy, BYOD and network access, managing live-saving medical devices, and ensuring compliance federal regulations.
Aventura Hospital and Medical Center has reported a data breach for the third time in two years.
The top Democrat on the House Oversight and Government Reform Committee asked for a hearing to investigate the CHS breach.
The unencrypted desktop computer was stolen from a university physician's office in July.
The clinic is warning patients of a potential breach after an unauthorized party accessed a server.
Administrator Marilyn Tavenner will have to testify in front of the House Committee on Oversight and Government Reform on Sept. 18.
SC Magazine Articles
- Three zero-days found in iOS, Apple suggests users update their iPhone
- MedSec goes its own way with medical device flaw
- Voter databases in two states breached by foreign hackers, FBI
- Researchers find seven classes of vulnerabilities in iOS sandbox security feature
- Sony enables two-factor authentication for PlayStation
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Wendy's POS breach 'considerably' bigger than first thought
- No hacking required: Israeli researchers show how to steal data through PC components
- New macros attacks use Anti-VM and Anti-Sandbox techniques
- SWIFT warns of new attacks, pushes for security upgrades
- Paypal users targeted in new angler phishing scam, Proofpoint report
- Dropbox commended for its handling of massive data breach involving 68M users
- Google refuses to patch alleged login page flaw
- RIPPER malware suspected behind $350K Thailand ATM heist, report