Automation cuts costs and improves productivity, and it is as important in cybersecurity as it is in manufacturing. Many labor-intensive security tasks can be automated to allow network defenders to do more in less time, including monitoring, port scanning, vulnerability scanning, and patching. There is a wide range of security tools that can be used… Read More »
CareFirst Administrators (CFA) has notified 14,538 individuals about a phishing attack on its revenue cycle management vendor, Conifer. CFA was one of several healthcare organizations to be affected by the incident. A security breach was identified by Conifer in late March, with the investigation determining several Microsoft 365 had been accessed by unauthorized individuals between… Read More »
The private information of visitors to telehealth websites is being shared with big tech companies without user consent due to the use of tracking code snippets on the websites, according to a recent analysis by The Markup. The websites of 50 direct-to-consumer telehealth companies were analyzed for the presence of third-party tracking code, 49 of… Read More »
Two healthcare organizations in Massachusetts have chosen to settle class action lawsuits that were filed by patients whose protected health information was stolen in cyberattacks. Sturdy Memorial Hospital Sturdy Memorial Hospital in Attleboro, MA, has agreed to settle a lawsuit filed in response to a September 2021 ransomware attack, where the attackers gained access to… Read More »
Ransomware remains one of the most serious threats to the healthcare industry. Attacks can be incredibly costly to resolve, they can cause considerable disruption to business operations, and can put patient safety at risk. Ransomware gangs are constantly changing their tactics, techniques, and procedures to gain initial access to networks, evade security solutions, and make… Read More »
The Health Sector Cybersecurity Coordination Center (HC3) has released analyses of two ransomware variants that are being used in attacks on the healthcare sector: LockBit 3.0 and BlackCat. LockBit 3.0 LockBit ransomware was first detected in September 2019 when it was known as ABCD ransomware. Over the past three years, the ransomware has been continuously… Read More »
Conway Regional Medical Center, a non-profit healthcare system in north central Arkansas, has proposed a $295,000 settlement to resolve a class action lawsuit that was filed on behalf of individuals affected by a 2019 data breach. The data breach in question occurred in June 2019. Email accounts containing the protected health information of patients were… Read More »
Data breaches have recently been reported by Acuity Brands in Georgia, San Gorgonio Memorial Hospital in California, and Receivables Performance Management in Washington. The latter appears to have affected more than 3.7 million individuals. Receivables Performance Management Receivables Performance Management (RPM) in Lynnwood, WA, a business associate of several HIPAA-covered entities, has recently started notifying… Read More »
CommonSpirit Health has confirmed that the protected health information of at least 623,774 patients was exposed and potentially stolen in its October 2022 ransomware attack. CommonSpirit Health first announced it was dealing with a cyberattack on October 4, 2022, and has been providing regular updates on its website as more information about the attack has… Read More »
The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the healthcare and public health (HPH) sector about Royal ransomware attacks. Royal ransomware is a new ransomware threat that was first observed being used in attacks in September 2022. Attacks have been increasing and organizations in the HPH sector have been targeted. Many… Read More »