Health Care News, Articles and Updates

FDA pushes for medical devices to include mandatory built in update mechanisms

As researchers continue to find security flaws in medical devices and threat actors continue to target the healthcare sector, the FDA is looking to impose new security measures.

Doctors at RSA simulate emergency overdose caused by hacked medical pump

Doctors at RSA on Thursday presented a riveting simulation of a health care emergency caused by a medical device hack -- showing that physicians' trust in the integrity of their equipment can be misplaced.

Texas Health Resources' patient information exposed in October 2017 email compromise

Texas Health Resources, a nonprofit health care delivery system in north Central Texas, has disclosed that an unauthorized party may have gained access to patient information back in October 2017 by compromising some of the organization's email accounts.

Medical supplier Inogen hit with breach, 30,000 possibly affected

A California-based medical device manufacturer reported that 30,000 former and current customers may have had their personal information exposed when a company employee's email account was compromised.

GAO report recommends stronger security controls for third parties that receive Medicare beneficiary data

The U.S. Government Accountability Office (GAO) last week publicly released a report warning that the Centers for Medicare and Medicaid Services (CMS) has failed to provide specific security controls guidance to research organizations with whom it shares Medicare beneficiary data.

Natus reportedly updates EEG device software to squash RCE, DoS bugs

Health care device manufacturer Natus Medical Incorporated has reportedly updated the software used in its Xltek EEG products, which monitor brain activity, after a researcher discovered five vulnerabilities that a remote, unauthenticated attacker could exploit to trigger code execution of a denial of service condition.

Information on 6,800 CareFirst members exposed in phishing attack

CareFirst BlueCross BlueShield said one of its employees fell victim to a phishing attack that led to thousands of its members' personal information being exposed.

Unsecured N.Y. medical practice server exposes 42,000 records

A Long Island, N.Y., medical practice left an exposed port normally used for remote synchronization open exposing at least 42,000 medical records.

Malicious bot traffic climbs 9.5 percent in 2017, says report

The number of malicious bots circulating around the internet and impacting website performance increased by 9.5 in 2017, accounting for 21.8 percent of all traffic, according to a new report today from bot detection and mitigation firm Distil Networks, based on data collected from its global network.

N.Y. hospital data breach, 135,000 patients potentially affected

An Albany, N.Y. hospital suffered a data breach affecting about 135,000 patients when an unauthorized party gained access to its servers.

Healthcare sector's biggest threats come from insiders, report

Healthcare is the only industry in which internal threat actors are the biggest threat to an organization, according to a recent study.

Companies still sacrificing security for expediency, study

Companies are sacrificing security for expediency and intentionally putting speed and profits before mobile security.

Adversary breaches Tennessee hospital's medical records server to install cryptominer

Decatur County General Hospital in Parsons, Tenn., has publicly disclosed that an unauthorized party accessed the server for its electronic medical record system and secretly implanted cryptomining malware.

Security experts play script doctor, as Grey's Anatomy resolves hospital hacker plot

The ABC hospital drama concluded its hacker storyline in the Jan. 18 midseason premier. To gauge the accuracy of the episode, SC Media invited back the same three health care cyber experts who analyzed "part one" back in November.

Norwegian healthcare org fails GDPR breach notification standard

The difficulty organizations may have complying with the EU's General Data Protection Regulation (GDPR) became apparent when a Norwegian health care group took too long to report a data breach earlier this month.

Aetna agrees to $17M to settle data breach

Aetna will pay a $17.1 million as part of a settlement for a July 2017 data breach that may have compromised the information of thousands of HIV patients.

Separate ransomware attacks strike New Mexico city, Indiana health care provider

A New Mexican city of roughly 45,000 people and an Indianan hospital operator have fallen victim to separate ransomware attacks this month. In other localized news, a data breach at a third-party educational testing service exposed information belonging to 52 students in New York State.

SSM Health call center agent with access to records allegedly violated patient privacy

A one-time employee of Midwestern health care system SSM Health with legitimate access to thousands of patients' records allegedly violated HIPAA privacy regulations in a data breach incident, the St. Louis-based company disclosed on Dec. 29.

Cyberattack forces New York State hospital to run on downtime procedures

A cyberattack disrupted computer systems at Jones Memorial Hospital (JMH) in Wellsville, N.Y. on Thursday, the Buffalo-area health care facility has announced on its website.

House committee asks HHS to boost cybersecurity by requiring component list for medical devices

The House Committee on Energy and Commerce is asking the Department of Health and Human Services require that manufactures list the components and materials used in medical equipment as one way of helping ensure these devices are safe from cyberattacks.

Study: Organizations suffer critical and costly IT incidents five times a month

On average, organizations suffer a critical IT incident five times per month, with each one costing a mean of $141,628, according to a Quocirca/Splunk study. Another study, from Ponemon Research/Radware, found that 45 percent of 600 surveyed CISOs experienced a data breach in the last year.

WannaCry, Cerber most used ransomware types, hospitals most hit sector, report

WannaCry and Cerber has totally dominated the ransomware landscape so far this year comprising almost all the attacks that have taken place, while other big names such as Locky were barely a blip on the radar.

Wannacry - North Korea blamed by UK; NHS didn't follow recommendations

National Audit Office (NAO) report says NHS trusts were left vulnerable to the unsophisticated Wannacry attack because NHS chiefs ignored cyber-security recommendations. UK Government holds North Korea responsible.

Dark Overlord threatens to release plastic surgery images of royals, celebrities

The Dark Overlord cybergang has at least temporarily moved away from attacking school districts and has turned back to threatening to release celebrity private information by hacking a London, UK plastic surgery firm.

ShopRite Kingston, N.Y. pharmacy customers data exposed

ShopRite supermarket customers who patronized the chain's store in Kingston, N.Y. may have had their payment card and some health information compromised when the store improperly discarded an electronic signature device used in the store's pharmacy.

128,000 Arkansas Oral & Facial Surgery Center patients compromised

In late July the Arkansas Oral & Facial Surgery Center was hit with a ransomware attack that not only locked up patient records, but may have also exposed their personal information.

WannaCry and Hollywood hospital ransomware attacks crossed a line for some cybercriminals

The ransomware infection that disrupted Hollywood Presbyterian Medical Center and the worldwide WannaCry attack in 2017 caused an ethical and philosophical rift among members of the Russian and Eastern European cybercriminal community.