The HHS’ Office of Inspector General (OIG) has called for the Health Resources and Services Administration (HRSA) to improve oversight of the cybersecurity of the Organ Procurement and Transplantation Network (OPTN). The OPTN is a national system for allocating and distributing donor organs to individuals in need of organ transplants. The OPTN is a public-private… Read More »
Health-ISAC has published a white paper that serves as a guide for healthcare CISOs looking to implement zero trust security architectures. The traditional security approach is akin to a castle and moat, where perimeter defenses are established to keep unauthorized individuals out. While this security approach has served organizations well in the past, it is… Read More »
Democratic leaders have demanded answers from Meta CEO Mark Zuckerberg about the role the company played in a criminal investigation in Nebraska into an alleged illegal abortion. Democrats from the Committee on Energy and Commerce wrote to the Meta CEO on August 31, 2022, to express their concern about the release of private communications that… Read More »
The Californian legislature has passed a bill (AB-1242) that prohibits companies in the state from complying with warrants from other states that seek access to information about individuals seeking or providing abortions. The decision of the U.S. Supreme Court to overturn Roe v. Wade removed the federal right to obtain an abortion. Several states had… Read More »
Five vulnerabilities have been identified in Contec Health’s CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor. Successful exploitation of the vulnerabilities could allow a threat actor to conduct a denial-of-service attack, access a root shell, make configuration changes, modify firmware, and cause the monitor to display incorrect information. The Cybersecurity and Infrastructure Security Agency (CISA)… Read More »
CorrectHealth Notifies 54,000 Patients About November 2021 Email System Breach Alpharetta, GA-based CorrectHealth is notifying patients about a breach of its email environment. The breach was detected on November 10, 2021, with the investigation confirming several employee email accounts had been accessed by an unauthorized individual. Legal counsel for CorrectHealth said the third-party forensic investigation… Read More »
The number of individuals affected by the ransomware attack on the Hartland, WI-based mailing and printing vendor, OneTouchPoint, has now increased to 2,651,396 individuals, with Common Ground Healthcare Cooperative one of the latest organizations to confirm that it has been affected. Brookfield, WI-based Common Ground Healthcare Cooperative said 133,714 of its members were affected. OneTouchPoint… Read More »
The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the healthcare and public health sector (HPH) about one of the most capable and aggressive cybercrime syndicates currently in operation – Evil Corp. The group operates out of Russia and has been operational since at least 2009 and is responsible for the infamous… Read More »
Salida, CO-based First Street Family Health has suffered a destructive cyberattack, in which files containing patient information were exfiltrated and then deleted from its systems. This method of attack is becoming more common, where data is stolen, deleted, and then threats are issued to publish or sell the data if payment is not made to… Read More »
The Federal Trade Commission (FTC) has sued the Idaho-based data broker Kochava for unlawfully collecting and selling the sensitive data of mobile users, in violation of the FTC Act. According to the lawsuit, Kochava has been collecting and selling consumers’ precise geolocation data along with information that allows individuals to be identified. The location data is… Read More »