California has taken further steps to improve protections for individuals seeking abortion care and birth control. A package of bills has recently been signed into law by state governor Gavin Newsom, including new data privacy legislation that prohibits healthcare providers from releasing individuals’ medical information in response to subpoenas and requests from out-of-state. The bill… Read More »

Neurology Center of Nevada Cyberattack Impacts 11,700 Patients The Neurology Center of Nevada (NCNV), in Henderson, NV, has confirmed a data security event was detected on July 17, 2022, which rendered certain computer systems inaccessible.  Prompt action was taken to secure its systems and an investigation was launched to determine the nature and scope of… Read More »

The deadline for compliance with the information blocking requirements of the 21st Century Cures Act is October 6, 2022, after which the HHS can impose financial penalties and healthcare providers will be subject to appropriate disincentives if they are determined to have failed to facilitate the easy digital sharing of patient data. Information blocking is… Read More »

October is Cybersecurity Awareness Month – a 19-year collaborative effort between the government and industry to improve awareness of cybersecurity in the United States, led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA). 2022 Cybersecurity Awareness Month – See Yourself in Cyber The theme of this year’s Cybersecurity Awareness… Read More »

Microsoft was warned that two zero-day vulnerabilities in Microsoft Exchange Server are being actively exploited in the wild and has shared mitigations ahead of the vulnerabilities being patched. The two flaws are being chained together and are being exploited by a Chinese threat actor. The attacks have been limited so far, but the healthcare and… Read More »

FMC (Family Medicine Centers) Services, an Amarillo, TX-based network of primary care clinics in Amarillo and Canyon, has recently announced it was the victim of a hacking incident that was detected and blocked on July 26, 2022. A forensic investigation was conducted by a third-party cybersecurity firm to determine the nature and scope of the… Read More »

The National Institutes of Health (NIH) failed to implement adequate cybersecurity measures to protect sensitive data in its pre-award risk assessment process, according to a recent audit conducted by the HHS’ Office of Inspector General (OIG). NIH invests more than $30 billion each year in medical research for the American people, with more than 80%… Read More »

The U.S Food and Drug Administration (FDA) user fee reauthorization bill passed by the House of Representatives in June included new provisions requiring medical device manufacturers to monitor for and address postmarket cybersecurity vulnerabilities in their devices, ensure medical devices are labeled with a software bill of materials and are capable of receiving patches to… Read More »

Magellan Health has agreed to settle a class action data breach lawsuit and will create a $1.43 million fund to cover claims from patients affected by the breach. The lawsuit – Dearing v. Magellan Health Inc. et al. – was filed in the Arizona Superior Court against Magellan Health Inc. and Magellan RX Management, LLC… Read More »

Physicians Business Office (PBO), a Parkersburg, WV-based provider of medical practice management and administrative services, has recently disclosed a security incident that occurred in April 2022. PBO detected unusual activity within its network and took immediate steps to isolate the affected systems and prevent further unauthorized access. A third-party computer forensics company was engaged to… Read More »