NIH Needs to Improve Cybersecurity Requirements for its Grant Program

The National Institutes of Health (NIH) failed to implement adequate cybersecurity measures to protect sensitive data in its pre-award risk assessment process, according to a recent audit conducted by the HHS’ Office of Inspector General (OIG). NIH invests more than $30 billion each year in medical research for the American people, with more than 80%… Read More »

Physicians Business Office Reports Data Breach Affecting 196,573 Individuals

Physicians Business Office (PBO), a Parkersburg, WV-based provider of medical practice management and administrative services, has recently disclosed a security incident that occurred in April 2022. PBO detected unusual activity within its network and took immediate steps to isolate the affected systems and prevent further unauthorized access. A third-party computer forensics company was engaged to… Read More »

GAO: HHS Should Strengthen Oversight of Medicare Telehealth and Help Providers Communicate Privacy Risks

The Government Accountability Office (GAO) recently conducted a review of Medicare telehealth services provided during the COVID-19 pandemic, when a waiver was in place that greatly expanded access to telehealth and virtual visits. The review covered the utilization of telehealth services, how the CMS identified and monitored risks under the Medicare waivers, and how the… Read More »

Humana Members Impacted by Choice Health Data Breach

Humana has recently announced that the protected health information of 22,767 individuals has potentially been compromised in a security incident and data breach at one of its business associates – Choice Health – which Human used to sell Medicare products on its behalf. On May 18, 2022, Choice Health learned that a Choice Health database… Read More »

Healthcare Industry Warned About Risk Posed by APT41 Threat Group

The Health Secord Cybersecurity Coordination Center (HC3) has issued a warning about the Chinese state-sponsored threat actor tracked as APT41. The group has been active since at least 2012 and has a history of targeting the healthcare sector, as well as education, high-tech, media, retail, software, pharma, telecoms, video games, travel services, and virtual currencies,… Read More »

Vulnerability Identified in Medtronic MiniMed 600 Series Insulin Pumps

The Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued a warning about a recently discovered vulnerability that affects certain Medtronic insulin pumps. The flaw could be exploited by a malicious actor to manipulate patients’ insulin doses, resulting in too much or too little insulin being delivered. The vulnerability… Read More »

Monkeypox Phishing Campaign Targets Healthcare Providers

A warning has been issued to the healthcare and public health (HPH) sector about an ongoing Monkeypox phishing campaign targeting U.S. healthcare providers that attempts to steal Outlook, Office 365, and other email credentials. Monkeypox is a highly contagious viral disease caused by a virus from the same family as smallpox. According to the Centers… Read More »