Federal regulators have hit a California physician services organization with a $240,000 HIPAA civil penalty following an investigation into three ransomware attacks that occurred within a three-week span in early 2018, compromising the sensitive information of 85,000 patients.
In the latest weekly update, ISMG editors discussed recent international law enforcement efforts against Russian cybercrime organizations, the latest U.S. cybersecurity bill aimed at protecting the healthcare sector and key takeaways from ISMG's Canada Summit.
A misconfigured web server and the exposure of sensitive information for nearly 600,000 prison inmates in 2022 will cost medical claims processing company CorrectCare $6.49 million to settle a consolidated proposed class action lawsuit, according to court records.
A clinic in Hawaii is notifying 124,000 patients that their health data was potentially compromised in a May hack. LockBit 3.0 claims to have published the stolen records on its data leak site in June - months before global authorities this week disclosed a crackdown on the cybercrime gang.
California-based Graybill Medical Group physicians' practice says it's splitting up with its affiliate practice, Palomar Medical Group, which handles a variety of management services, because the firm allegedly provided an "inadequate" response to a cyberattack detected in May.
University Medical Center, a Lubbock, Texas-based public health system that includes a level-one trauma center and a children's hospital, is diverting ambulances and working to restore an IT outage affecting some patient services in the wake of a ransomware attack late last week.
Two U.S. senators are proposing stricter cyber mandates for the healthcare sector. The bill provides funding to help hospitals adopt enhanced requirements, but lifts HIPAA enforcement fine caps and threatens executives with prison time for falsely attesting their organizations' compliance in audits.
Threat actors tracked as "Vanilla Tempest" - and also known as Vice Society - appear to be changing up the ransomware they use to attack on U.S. healthcare organizations. Likely in a move to avoid detection, the ransomware-as-a-service group has shifted to INC Ransom malware, according to Microsoft.
The U.S. Centers for Medicare and Medicaid Services has updated the scope of the MOVEit hacking breach last year, telling a sister agency that the software supply chain attack affected more than 3.1 million individuals - about three times the number of victims disclosed publicly earlier this month.
Genetics testing firm 23andMe will offer cash payments to millions of individuals whose sensitive data was compromised in a 2023 credential stuffing incident. Under the proposed $30 million lawsuit settlement, affected customers will also be offered dark web monitoring of their genetic data.
A Pennsylvania-based healthcare system that was hacked by ransomware group BlackCat in 2023 and extorted over stolen exam photos of breast cancer patients posted to a data leak site has agreed to pay $65 million under a proposed settlement of a lawsuit affecting 134,000 patients and employees.
It's yet to be determined whether a handful of states or the federal government will lead the charge in adopting comprehensive regulations involving the use of artificial intelligence in healthcare, said regulatory attorney Betsy Hodge, a partner in law firm Akerman.
As threat actors continue to evolve their attacks to circumvent security measures, cyber insurers are raising the bar for prospective healthcare security clients. Underwriters are increasing their scrutiny and adding new coverage requirements, said Chris Henderson of cybersecurity company Huntress.
As cloud computing, DevOps and automation continue to evolve, the lines between IT functions are fading, making security integral to these processes. Hiren Dave, CIO and CISO at Essen Health Care, shares how combining the roles of CIO and CISO improves risk management and communication.
Recent mega data breaches involving third-party vendors - such as the Change Healthcare cyberattack - are intensifying the spotlight on critical security risk management and governance issues for business associates and other suppliers, said regulatory attorney Rachel Rose.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.