Health Care News, Articles and Updates

Aetna agrees to $17M to settle data breach

Aetna will pay a $17.1 million as part of a settlement for a July 2017 data breach that may have compromised the information of thousands of HIV patients.

Separate ransomware attacks strike New Mexico city, Indiana health care provider

A New Mexican city of roughly 45,000 people and an Indianan hospital operator have fallen victim to separate ransomware attacks this month. In other localized news, a data breach at a third-party educational testing service exposed information belonging to 52 students in New York State.

SSM Health call center agent with access to records allegedly violated patient privacy

A one-time employee of Midwestern health care system SSM Health with legitimate access to thousands of patients' records allegedly violated HIPAA privacy regulations in a data breach incident, the St. Louis-based company disclosed on Dec. 29.

Cyberattack forces New York State hospital to run on downtime procedures

A cyberattack disrupted computer systems at Jones Memorial Hospital (JMH) in Wellsville, N.Y. on Thursday, the Buffalo-area health care facility has announced on its website.

House committee asks HHS to boost cybersecurity by requiring component list for medical devices

The House Committee on Energy and Commerce is asking the Department of Health and Human Services require that manufactures list the components and materials used in medical equipment as one way of helping ensure these devices are safe from cyberattacks.

Study: Organizations suffer critical and costly IT incidents five times a month

On average, organizations suffer a critical IT incident five times per month, with each one costing a mean of $141,628, according to a Quocirca/Splunk study. Another study, from Ponemon Research/Radware, found that 45 percent of 600 surveyed CISOs experienced a data breach in the last year.

WannaCry, Cerber most used ransomware types, hospitals most hit sector, report

WannaCry and Cerber has totally dominated the ransomware landscape so far this year comprising almost all the attacks that have taken place, while other big names such as Locky were barely a blip on the radar.

Wannacry - North Korea blamed by UK; NHS didn't follow recommendations

National Audit Office (NAO) report says NHS trusts were left vulnerable to the unsophisticated Wannacry attack because NHS chiefs ignored cyber-security recommendations. UK Government holds North Korea responsible.

Dark Overlord threatens to release plastic surgery images of royals, celebrities

The Dark Overlord cybergang has at least temporarily moved away from attacking school districts and has turned back to threatening to release celebrity private information by hacking a London, UK plastic surgery firm.

ShopRite Kingston, N.Y. pharmacy customers data exposed

ShopRite supermarket customers who patronized the chain's store in Kingston, N.Y. may have had their payment card and some health information compromised when the store improperly discarded an electronic signature device used in the store's pharmacy.

128,000 Arkansas Oral & Facial Surgery Center patients compromised

In late July the Arkansas Oral & Facial Surgery Center was hit with a ransomware attack that not only locked up patient records, but may have also exposed their personal information.

WannaCry and Hollywood hospital ransomware attacks crossed a line for some cybercriminals

The ransomware infection that disrupted Hollywood Presbyterian Medical Center and the worldwide WannaCry attack in 2017 caused an ethical and philosophical rift among members of the Russian and Eastern European cybercriminal community.

Houston man sentenced to 27 months for hospital hack

A Houston man was sentenced to 27 months in prison for hacking into the Centerville Clinic computer system, disabling all administrative controls and using the health care facilities credit card to make purchases at Staples.

Medfusion 4000 Wireless Syringe Infusion Pump can be exploited to compromise operations

Until a new version of Smiths Medical's Medfusion 4000 Wireless Syringe Infusion Pump is issued in January 2018, its operators should be wary of eight vulnerabilities that can be remotely exploited to gain access to the device and compromise its functionality.

19,000 Medical Oncology Hematology Consultants, PA records exposed in ransomware attack

More than 19,000 patient records were exposed during a ransomware attack on Medical Oncology Hematology Consultants, PA that took place in June.

Silver Cross Hospital vendor exposes information on 9,000 patients

Almost 9,000 patients of Silver Cross hospital, outside of Chicago, possibly had their data exposed due to an error made by a third-party vendor.

Abbott Laboratories securing vulnerable pacemakers with firmware and software updates

Healthcare product manufacturer Abbott Laboratories is updating the firmware and software in its line of implantable pacemakers to shore up a security vulnerability that could lead to unauthorized access.

Flaws in web-based radiological solution could allow attackers to see right through database

A web-based reporting tool that tracks radiation doses delivered by X-ray machines and related devices contains vulnerabilities that could impact patient confidentiality, system integrity, or system availability, Dutch tech company Philips reported.

Almost 5,000 The Daniel Drake Center for Post-Acute Care patient records exposed

The Daniel Drake Center (DDC) for Post-Acute Care, which is part of the University of California's health system, reported patient information was accessed and viewed by an unauthorized employee over a two-year period.

Staffing agency employee allegedly distributes patient information illegally

The Detroit Medical Center (DMC) has alerted more than 1,500 of a data breach caused by an employee who shared personal information with unauthorized individuals.

5,300 University of Iowa Health Care records exposed for two years

Thousands of University of Iowa Health Care (UIHC) patients had some of their private information inadvertently posted for more than two years on a web application development site.

Indiana Medicaid patient information exposed

Indiana Medicaid members may have had their personally identifiable information compromised when a third-party vendor mistakenly made public a link to the data.

UPDATED: Information-stealing malware found targeting Israeli hospitals

Researchers from Trend Micro have discovered a malware campaign seemingly targeting Israeli hospitals with highly obfuscated information-stealing malware that abuses LNK shortcut files.

2,000 Texas HHSC clients health data compromised

The Texas Health and Human Services Commission (HHSC) reported a data breach possibly affecting almost 2,000 people in the Houston area.