Although just 14,000 patients were impacted by its 2017 data breach, Diamond Institute must overhaul its cybersecurity program and pay a hefty penalty over serious security flaws found by New Jersey’s acting attorney general.
Researcher Alissa Knight found pervasive authorization vulnerabilities in an app ecosystem of 48 FHIR apps and APIs that enabled access to patient data. APIs are intended as the backbone of health care interoperability.
This week's health care breach roundup is led by a ransomware attack on Quest Diagnostics' subsidiary ReproSource, which led to the possible access or theft of health information tied to 350,000 patients. Other health care security incidents include multiple systems' hacks and email incidents.
HC3, CISA, and the FDA released separate guides that tackle some of the largest challenges facing health care: communicating medical device risks to patients, evaluating insider vulnerabilities, and securing VPNs.
In the last week, one lawsuit claims a ransomware attack on a hospital caused her infant’s death and another patients claims harm from a vendor-related ransomware attack. Providers need to prepare as these lawsuits become more common.