HSCC medical device contracting guidance outlines what’s needed to ensure strong security policies between providers and manufacturers: sometimes that means paying more upfront for better measures.

Instances of Log4j have drastically reduced among entities with advanced security tools like automation. But in healthcare the vulnerability has only highlighted continued resource gaps.

Adoption of the security standards years after voluntary federal guidelines are low, and the majority of healthcare organizations are still struggling to keep pace, a cybersecurity expert testified at a May 18 Senate hearing.

A judge has dismissed a breach lawsuit against Northeast Radiology and its vendor Alliance Healthcare Services, as the patients did not provide evidence of concrete harm, as required by a June 2021 Supreme Court ruling.

Sequoia Project updates includes possible security requirements for Qualified Health Information Networks (QHINs), as part of the ongoing Trusted Exchange Framework and Common Agreement (TEFCA) development.

This week’s breach roundup contains updates on two cyberattack-related network outages from September, as well as a massive data theft reported by community-based provider RefuahHealth.

New guidance from the Cloud Security Alliance aims to support delivery organizations with assessing and managing cybersecurity risks to the healthcare supply chain.

Oklahoma City Indian Clinic is continuing to recover from a March ransomware attack. This week’s breach roundup also includes more issues for Eye Care Leaders following a lawsuit over "concealed" ransomware.

April 2022 saw a record number of vulnerabilities, of which HC3 has assessed those with the potential to disrupt healthcare services to support patch prioritization in the sector.

A newly proposed bill targeting FDA user-fee program includes a number of medical device security requirements for manufacturers, including monitoring and identifying post-market cybersecurity vulnerabilities.