The Albuquerque, NM-based health insurance agency True Health New Mexico has started notifying certain health plan members about the exposure and potential theft of some of their protected health information. A data security incident was detected on October 5, 2021, and steps were immediately taken to secure its IT systems. The internal incident response team… Read More »
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned organizations in the United States about the increased risk of cyberattacks over Thanksgiving weekend. Cyber threat actors are often at their most active during holidays and weekends, as there are likely to be fewer IT and security employees available… Read More »
The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a threat brief warning the healthcare and public health sector about an increase in financially motivated zero-day attacks, outlining mitigation tactics that should be adopted to reduce risk to a low and acceptable level. A zero-day attack leverages a vulnerability for which a patch has… Read More »
October saw 59 healthcare data breaches of 500 or more records reported to the Department of Health and Human Services’ Office for Civil Rights, which represents a 25.5% increase from September. Over the past 12 months, from November 2020 to October 2021, there have been 655 reported breaches of 500 or more records, 546 of… Read More »
Five vulnerabilities have been identified that affect the IntelliBridge EC 40 and EC 80 Hub, Philips Patient Information Center iX, and Efficia CM series patient monitors. IntelliBride EC 40 and EC 80 Hub Two vulnerabilities have been identified that affect C.00.04 and prior versions of the IntelliBridge EC 40 and EC 80 Hub. Successful exploitation of… Read More »
A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) warning of ongoing attacks by an Iranian Advanced Persistent Threat (APT) actor on critical infrastructure sectors including the healthcare and public health… Read More »
A new study conducted by Medigate and CrowdStrike has highlighted the extent to which healthcare Internet of Things (IoT) devices are being targeted by threat actors and warns about the worrying state of IoT security in the healthcare industry. The number of IoT devices being used in healthcare has increased significantly in recent years as… Read More »
NorthCare, an Oklahoma City, OK-based mental health clinic, was the victim of a ransomware attack in June 2021 in which patients protected health information may have been compromised. NorthCare identified suspicious network activity on June 1, 2021, when ransomware was used to encrypt files. The investigation into the attack confirmed its network was breached on… Read More »
Lakeshore Bone & Joint Institute, an orthopedic practice in Indiana, has experienced a breach of its Microsoft Office 365 environment, which included emails and attachments that contained the protected health information of certain patients. Unusual activity was detected in an employee email account on July 7, 2021. Steps were immediately taken to prevent further unauthorized… Read More »
A recent survey conducted by the unified asset visibility and security platform provider Armis has explored the state of cybersecurity in healthcare and the security risks that are now faced by healthcare organizations. The survey was conducted by Censuswide on 400 IT professionals at healthcare organizations across the United States, and 2,000 U.S. patients to… Read More »