The National Institutes of Health (NIH) failed to implement adequate cybersecurity measures to protect sensitive data in its pre-award risk assessment process, according to a recent audit conducted by the HHS’ Office of Inspector General (OIG). NIH invests more than $30 billion each year in medical research for the American people, with more than 80%… Read More »
The U.S Food and Drug Administration (FDA) user fee reauthorization bill passed by the House of Representatives in June included new provisions requiring medical device manufacturers to monitor for and address postmarket cybersecurity vulnerabilities in their devices, ensure medical devices are labeled with a software bill of materials and are capable of receiving patches to… Read More »
Magellan Health has agreed to settle a class action data breach lawsuit and will create a $1.43 million fund to cover claims from patients affected by the breach. The lawsuit – Dearing v. Magellan Health Inc. et al. – was filed in the Arizona Superior Court against Magellan Health Inc. and Magellan RX Management, LLC… Read More »
Physicians Business Office (PBO), a Parkersburg, WV-based provider of medical practice management and administrative services, has recently disclosed a security incident that occurred in April 2022. PBO detected unusual activity within its network and took immediate steps to isolate the affected systems and prevent further unauthorized access. A third-party computer forensics company was engaged to… Read More »
The Government Accountability Office (GAO) recently conducted a review of Medicare telehealth services provided during the COVID-19 pandemic, when a waiver was in place that greatly expanded access to telehealth and virtual visits. The review covered the utilization of telehealth services, how the CMS identified and monitored risks under the Medicare waivers, and how the… Read More »
Humana has recently announced that the protected health information of 22,767 individuals has potentially been compromised in a security incident and data breach at one of its business associates – Choice Health – which Human used to sell Medicare products on its behalf. On May 18, 2022, Choice Health learned that a Choice Health database… Read More »
The Health Secord Cybersecurity Coordination Center (HC3) has issued a warning about the Chinese state-sponsored threat actor tracked as APT41. The group has been active since at least 2012 and has a history of targeting the healthcare sector, as well as education, high-tech, media, retail, software, pharma, telecoms, video games, travel services, and virtual currencies,… Read More »
Wolfe Clinic, P.C in Iowa has recently confirmed that it was affected by the data breach at the electronic medical record provider, Eye Care Leaders. The attack exposed the protected health information of 542,776 current and former Wolfe Clinic patients. Wolfe Clinic used the myCare Integrity medical records platform, which was accessed by an unauthorized… Read More »
The Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued a warning about a recently discovered vulnerability that affects certain Medtronic insulin pumps. The flaw could be exploited by a malicious actor to manipulate patients’ insulin doses, resulting in too much or too little insulin being delivered. The vulnerability… Read More »
A warning has been issued to the healthcare and public health (HPH) sector about an ongoing Monkeypox phishing campaign targeting U.S. healthcare providers that attempts to steal Outlook, Office 365, and other email credentials. Monkeypox is a highly contagious viral disease caused by a virus from the same family as smallpox. According to the Centers… Read More »