San Juan Regional Medical Center in Farmington, New Mexico is facing a class action lawsuit over a data breach that was announced in June 2021. The breach investigation confirmed an unauthorized individual gained access to its network and exfiltrated files containing sensitive patient data between September 7, 2020, and September 8, 2020. The data breach… Read More »
The Health Information Sharing and Analysis Center (Health-ISAC) has released guidance for Chief Information Security Officers (CISOs) on adopting an identity-centric approach to enabling secure and easy access to patient data to meet the interoperability, patient access, and data sharing requirements of the 21st Century Cures Act. New federal regulations tied to the 21st Century… Read More »
A highly sophisticated malware capable of aggressively spreading within networks is being used in targeted attacks on the biomanufacturing sector. The malware has been named Tardigrade by security researchers and initial research suggests it may be a variant of SmokeLoader – A commonly used malware loader and backdoor, although SmokeLoader and Tardigrade malware are quite… Read More »
An APT actor that was targeting a vulnerability in the enterprise password management and single sign-on solution Zoho ManageEngine ADSelfService Plus has started exploiting another critical vulnerability in a different Zoho product, the IT helpdesk and asset management solution Zoho ManageEngine ServiceDesk Plus. The APT group had been exploiting a critical vulnerability in ManageEngine ADSelfService… Read More »
The Department of Health and Human Services has launched a new website that offers advice and resources to help the healthcare and public health sector mitigate cybersecurity threats. The website was created as part of the HHS 405(d) Aligning Health Care Industry Security Approaches Program, which was established in response to the Cybersecurity Act of… Read More »
Planned Parenthood has recently confirmed it was a recent victim of a ransomware attack in October that affected its Los Angeles branch. According to the announcement, a ransomware gang gained access to the network between October 9, 2021, and October 17, 2021, and deployed ransomware to encrypt files. A ransom demand was then issued, payment… Read More »
An Eskenazi Health patient whose protected health information was stolen in an August 2021 ransomware attack is suing the healthcare provider over the data breach. It is now common for ransomware gangs to exfiltrate sensitive data prior to using ransomware to encrypt files. The stolen data is used to threaten victims to encourage payment of… Read More »
An Ohio-based DNA testing company has recently disclosed a hacking incident that exposed the sensitive data of 2,102,436 individuals. DNA Diagnostics Center (DDC) said it detected suspicious activity in its network on August 6, 2021, and confirmed unauthorized individuals had accessed and acquired files from an archived database between May 24, 2021, and July 28, 2021.… Read More »
A lawsuit has been filed in the US District Court for the District of Massachusetts against Quest Diagnostics and its subsidiary, ReproSource Fertility Diagnostics, over an August 2021 ransomware attack that affected 350,000 patients. On October 8, 2021, ReproSource started sending notification letters to affected patients informing them that some of their protected health information… Read More »
The Health Care Compliance Association (HCCA) will be hosting the 26th Annual Compliance Institute at the Phoenix Convention Center, AZ, March 28 – 31, 2022. The HCCA is a member-based association for healthcare compliance professionals that is dedicated to enabling the lasting success and integrity of all professionals working for, with, or supporting healthcare organizations.… Read More »