Business Email Compromise scams are the biggest cause of losses to cybercrime. Over the past 5 years, more than $43 billion has been lost to the scams, according to the FBI’s Internet Crime Complaint Center (IC3). In its March 2022 report, the FBI said IC3 had received reports of $2.4 billion in losses to BEC… Read More »
Malicious actors used a variety of methods to gain initial access to victims’ networks but in 2022, cybercriminal groups appeared to focus on Remote Desktop Protocol and attacking cloud databases, according to cyber insurer Coalition. RDP is one of the most common ways that initial access brokers (IABs) and ransomware gangs gain access to victims’ networks… Read More »
The risk and financial advisory solution provider Kroll reports that healthcare has overtaken finance as the most breached industry, based on the number of data breaches the firm has been called upon to assist with. In 2022, 22% of the data breaches investigated by Kroll occurred at healthcare organizations, up from 16% in 2021 –… Read More »
HIPAA Journal is conducting interviews with healthcare professionals and vendors to get their points of view on HIPAA, how the legislation relates to their roles, and the successes and challenges they face with HIPAA compliance. This week, J. Veronica Xu, Chief Compliance Officer, Saber Healthcare Group, shared her thoughts. J. Veronica Xu, Chief Compliance Officer,… Read More »
Healthcare organizations have been investing in cybersecurity to improve their defenses against increasingly numerous and sophisticated cyberattacks; however, while an organization’s security posture can be improved, it can only be as good as the weakest link. Cybercriminals are increasingly targeting the supply chain in their attacks, as these are usually the weakest links in the… Read More »
A lawsuit has been filed against Cedars-Sinai Medical Center alleging impermissible disclosures of patient data to Google, Meta, and other third parties due to the use of website tracking technologies without either a business associate agreement with the code providers or authorizations from patients. In the summer of 2022, an investigation into the use of… Read More »
Sharp HealthCare in San Diego has recently notified almost 63,000 patients that some of their personal and protected health information has potentially been stolen in a recent cyberattack on its web server. Sharp HealthCare detected the cyberattack on January 12, 2023, and immediately shut down the web server while the incident was investigated. A third-party… Read More »
Last week, the Federal Trade Commission (FTC) announced its first-ever financial penalty for a violation of the FTC Health Breach Notification Rule. GoodRx was alleged to have failed to issue notification letters to customers whose PHI was disclosed to third parties such as Google and Facebook via tracking technologies on its website and mobile app.… Read More »
Regal Medical Group, a San Bernardino, CA-based affiliate of the Heritage Provider Network, recently announced that it was attacked with ransomware. On December 2, 2022, employees experienced difficulty accessing data. Third-party cybersecurity experts were engaged to investigate the attack and assist with the breach response and confirmed that malware had been used to encrypt files… Read More »
Pittsburg, PA-based Highmark Health, the second largest integrated delivery and financing system in the U.S., has recently announced that an unauthorized individual has accessed the email account of one of its employees following a response to a phishing email. After the employee clicked the link in the email and disclosed their credentials, the account was… Read More »