Health Care

Health Care

Premera Blue Cross to cough up $10 million to 30 states over data breach

Premera Blue Cross has consented to pay $10 million as compensation for a nearly year-long data breach that impacted more than 10.4 million health patients, the Washington state’s Attorney General Bob Ferguson announced yesterday. More than half of those funds, roughly $5.4 million, will be allocated to Washington, and will be applied toward the enforcement…

Medtronic recalls insulin pumps due to potential of hacker sabotage

Medical device manufacturer Medtronic plc took the unusual step of issuing a recall for several of its insulin pump products due to serious hacking concerns that were detailed in a pair of security alerts from the Food and Drug Administration (FDA) and ICS-CERT. The root cause of the scare is an improper access control vulnerability…

Ransomware attack on software company ResiDex may have exposed data on assisted-living residents, workers

Personal information belonging to residents and employees of multiple assisted living facilities were potentially exposed in an April 2019 cyberattack that infected third-party software company Tenx Systems, LLC with ransomware. The Minneapolis-based company, which operates under the name ResiDex Software and provides software to assisted-living homes, group facilities and care-giving organizations for seniors and the…

645,000 Oregonians affected in previously disclosed Dept. of Human Services breach

Oregon’s Department of Human Services (DHS) is in the process of mailing notifications to roughly 645,000 of its reportedly 1.6 million clients, following a data breach incident last January that resulted from a phishing scam. When DHS first publicly disclosed the incident last March, it said the number of affected Oregonians exceeded 350,000, but it…

Facebook’s xSocialMedia ad agency exposes 150K medical histories

Multiple databases belonging to the Facebook ad agency xSocialMedia have been found open exposing almost 150,000 records containing a wide variety of medical information derived from marketing campaigns run for medical malpractice lawsuits. The files were found by vpnMentor on June 2, and which have since been secured. The exposed information was gathered through Facebook…

Flaw in Alaris medical devices exposes infusion pumps to possible sabotage

Medical tech company Becton, Dickinson and Company (BD) has advised users of its Alaris Gateway Workstation – a smart connectivity and integration solution for infusion pump devices – to update their firmware, following the discovery of a highly critical remote code execution vulnerability. CyberMDX researcher Elad Luz found that multiple versions of the workstation –…

Medical cybersecurity execs may have priorities misplaced, study

A recent study sought out how the healthcare industry is dealing with the increasing number of cyberattacks targeting patient data found those charged with securing the data may have their priorities misplaced. Carbon Black surveyed 20 leading CISOs from the healthcare industry and found 83 percent of surveyed healthcare organizations said they’ve seen an increase…

7.7 million LabCorp patients affected by same breach that impacted Quest Diagnostics

One day after Quest Diagnostics reported that nearly 12 million of its patients were potentially affected by a malicious breach of third-party bill collection vendor American Medical Collection Agency (AMCA), fellow clinical testing firm LabCorp acknowledged that roughly 7.7 million of its customers may be affected by the same incident. Burlington, North Carolina-based LabCorp publicly…

UChicago Medicine secures database after publicly exposing info on donors and patients

The University of Chicago Medicine scrambled to secure a database containing information on patients as well as existing and potential financial donors, after a researcher discovered that a misconfiguration left nearly 1.68 million records exposed to the public. Bob Diachenko, cyber threat intelligence director at Security Discovery, said in a June 3 company report that…

Breach of bill collection agency may affect 11.9 million Quest Diagnostics patients

Quest Diagnostics today disclosed that roughly 11.9 million patients who sought medical testing through its clinical labs may be affected by the breach of a third-party bill collection agency. The compromised records include personally identifying information such as financial data and Social Security numbers, as well as medical information, but not lab test results. In…

Next post in Security News