Threat Group Impersonates IT Support for Remote Access and In-Person Data Theft
A cybercriminal group that targets law firms, healthcare providers, insurance, and finance companies using [...]
The HIPAA Guide - Celebrating Over 15 Years Online
Healthcare Cybersecurity
This section of The HIPAA Guide on Healthcare Cybersecurity focuses on safeguarding sensitive health data from the increasing threats of cyberattacks, which target healthcare organizations. The section provides insights into the latest cybersecurity threats, best practices for protecting Protected Health Information (PHI), and the necessary compliance with HIPAA’s Security Rule. It also highlights the importance of security training, awareness, and the use of advanced technologies like encryption, multi-factor authentication, and phishing prevention to reduce the risk of data breaches in the healthcare sector.
Delta Dental Fined $2.25M for Violations of New York Cybersecurity Regulations
The New York State Department of Financial Services (NYDFS) has announced that Delta Dental Insurance Company [...]
HSCC Issues Guide to Tackle Third Party AI Risk
The Health Sector Coordinating Council (HSCC) has issued new guidance for healthcare organizations to help [...]
OCR HIPAA Enforcement Priorities in 2026 and Risk Management Recommendations
Earlier this month, the Director of the Department of Health and Human Services (HHS) Office for Civil Rights [...]
Bipartisan Group of Senators has Second Stab at Improving Healthcare Cybersecurity and Resiliency
A bipartisan healthcare cybersecurity bill – The Health Care Cybersecurity and Resiliency Act of 2025 [...]
Hospitals and Industry Associations Urge HHS to Withdraw Proposed Security Rule Update
More than 100 hospital systems, healthcare provider organizations, and industry associations have petitioned [...]
HSCC Updates Model Contract Language to Improve Medical Device Cybersecurity
When negotiating contracts with medical device manufacturers (MDMs), the responsibility for ensuring the [...]
Healthcare Sector Warned of Changing Akira Ransomware Tactics
Another warning has been issued about the Akira ransomware group in light of evolving tactics and accelerated [...]
Healthcare’s Reliance on Legacy Technology Increases Risk of Cyberattacks and Clinician Burnout
The use of outdated technology in healthcare is putting patient safety at risk, contributing to clinician [...]
Ransomware Negotiators Accused of Conducting Their Own Ransomware Attacks
Three former employees of cybersecurity firms have been accused of conducting ALPHV/BlackCat ransomware [...]
Vulnerabilities Identified in Hospital Management Solution from Vertical Systems
A hospital management system from the Romanian company, Vertical Systems, has two vulnerabilities that could, [...]
Ransomware Attacks on HIPAA Business Associates up 30% in 2025
A recent analysis has shown that healthcare ransomware attacks are continuing at the high levels seen in [...]
72% of Healthcare Organizations Say Cyberattacks Have Disrupted Patient Care
A recent survey of healthcare IT and security professionals has highlighted the impact cyberattacks are [...]
New York Hospitals Face Enforcement of 2024 Cybersecurity Requirements
The state of New York adopted new cybersecurity requirements for general hospitals on October 2, 2024. The [...]
Healthcare Cyberattack Losses Balloon in 2025
A new report from Netwrix has revealed that almost half of organizations in the healthcare sector experienced [...]
What is HIPAA Certification for Healthcare Vendors?
If your organization sells – or is planning to sell – software, products, or services to the U.S. [...]
Feds Disrupt Ransomware Group That Targeted Healthcare
A ransomware group that has targeted hospitals and other critical infrastructure entities since 2022 has had [...]
U.S. Data Breach Costs Reach All Time High; Healthcare Data Breach Costs Fall
Healthcare organizations have to cover the highest costs for data breaches, although costs have fallen by [...]
Health Sector Warned About Increasing Interlock Ransomware Attacks
Federal agencies have issued a joint alert about the Interlock ransomware group, which has increased its [...]
Healthcare Organizations Targeted in Ongoing Phishing Campaigns
U.S. healthcare organizations are being targeted with ongoing phishing and SMS-phishing (smishing) campaigns. [...]
Lawmakers Introduce Bipartisan Healthcare Cybersecurity Act
Earlier this month, lawmakers in the House and Senate introduced the bipartisan Healthcare Cybersecurity Act [...]
Patient Care Disrupted by Cyberattacks at 20% of Healthcare Orgs
For some time now, it hasn’t been a case of whether there will be a cyberattack, but rather when and how [...]
Feds Issue Update on Play Ransomware as Group Accelerates Attacks
The healthcare industry is targeted by ransomware groups, one of which has been accelerating attacks. The [...]
Healthcare Ransomware Attacks Increased in Q1, 2025
Several reports published this month on the current state of ransomware indicate Q1, 2025 has been a [...]
U.S. Hospitals Warned of Potential Multi-City Terror Threat
Hospitals in the United States have been warned about a potential terror threat and have been urged to [...]
Medusa Ransomware Attacks on Critical Infrastructure Entities Continue to Increase
Healthcare and other critical infrastructure sectors are being targeted by the Medusa ransomware group, which [...]
Warnings Issued About Ghost Ransomware
A warning has been issued about the Ghost ransomware group following attacks on healthcare organizations and [...]
DICOM Viewers Impersonated in Malware Distribution Campaign
A China-based threat group is conducting a malware distribution campaign using malicious installers disguised [...]
Healthcare Suffered More Data Breaches Than Finance in 2024
Finance and healthcare have long been the two industries most targeted by cybercriminals; however, healthcare [...]
Healthcare Cyber Threat Insights for 2025
One of the biggest concerns in healthcare in 2025 is the continuing threat of cyberattacks. Last year was a [...]
Ransomware Payments Fell by 35% in 2024
A recent report from the blockchain analytics firm Chainalysis has revealed ransomware attacks are becoming [...]
HHS Proposes HIPAA Security Rule Update to Strengthen Healthcare Cybersecurity
HIPAA-covered entities and their business associates are facing much tougher cybersecurity requirements, [...]
Health Care Cybersecurity Resiliency Act Aims to Harden Healthcare Cybersecurity
A bipartisan group of Senators has introduced the Health Care Cybersecurity Resiliency Act of 2024, the aim [...]
Feds Warn Healthcare Sector About Stealthy Godzilla Webshell
The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) has [...]
HHS Updates the HIPAA Security Risk Assessment Tool
The HHS’ Office for Civil Rights (OCR) in conjunction with the Assistant Secretary for Technology Policy [...]
HIPAA Security Rule Compliance Improves Defenses Against Social Engineering
Malicious actors often use social engineering in their attacks on individuals to trick them into installing [...]
New Cybersecurity and Incident Reporting Requirements for New York Hospitals
Hospitals in New York must report cyberattacks to the State Department of Health within 72 hours of discovery [...]
Vice Society Using INC Ransomware in Attacks on Healthcare Orgs
The threat actor Vice Society, tracked by Microsoft as Vanilla Tempest, is targeting the healthcare sector [...]
Alarm Bells Sounded About RansomHub Ransomware Group
The RansomHub ransomware group emerged in February 2024 and has already conducted at least 210 attacks, [...]
OCR: Physical Security Measures Essential for HIPAA Security Rule Compliance
Cyberattacks on healthcare organizations have increased significantly in recent years. According to the [...]
Feds Issue Warning About BlackSuit Ransomware as Ransom Demands Top $500M
For the past two years, Royal ransomware has been one of the most prolific ransomware groups; however, in [...]
CrowdStrike Provides Update on Cause of Global Windows Crash
On Friday, the cybersecurity firm CrowdStrike released an update for its Falcon Sensor endpoint detection and [...]
Senate Finance Committee Calls for HHS to Strengthen Healthcare Cybersecurity Regulations
The harm caused by the ransomware attack on Change Healthcare is unprecedented and while it has yet to be [...]
HHS Agency Launches Program to Develop Software Tools to Automate Healthcare Cybersecurity
The Advanced Research Projects Agency for Health (ARPA-H), part of the HHS, has launched the Universal [...]
HHS Issues Warning to HPH Sector About Business Email Compromise Scams
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has [...]
Feds Warn Healthcare Sector About Targeted Black Basta Ransomware Attacks
A joint cybersecurity advisory has been issued about the Black Basta ransomware group. Black Basta is known [...]
Healthcare is the Critical Infrastructure Sector Most Targeted by Ransomware Groups
The FBI has released its annual Internet Crime Report which confirms that healthcare suffered more ransomware [...]
HHS Releases Cybersecurity Performance Goals for the Healthcare and Public Health Sector
The Department of Health and Human Services (HHS) has released details of the voluntary cybersecurity goals [...]
Healthcare Cybersecurity Mitigation Guide Published by CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a healthcare cybersecurity [...]
New York Proposes Stricter Cybersecurity Regulations for Hospitals
New York has proposed new cybersecurity regulations for hospitals in a bid to combat increasing numbers of [...]
Feds Warn of Active Exploitation of Zoho and Fortinet Vulnerabilities
A joint cybersecurity advisory has been issued by the U.S. Cybersecurity and Infrastructure Security Agency [...]
59% Year-Over-Year Increase in Medical Device Vulnerabilities
There has been a 59% increase in vulnerabilities in medical devices and the software applications on which [...]
Cyber Safety Review Board Shares Insights Gained from Lapsus$ Cyberattacks
The Cyber Safety Review Board (CSRB) has recently shared details of the tactics, techniques, and procedures [...]
Healthcare Sector Warned About Rhysida Ransomware Group
The healthcare and public health (HPH) sector has been warned about a new ransomware-as-a-service (RaaS) [...]
Healthcare Employees Targeted in SEO Poisoning Attacks
SEO poisoning (search engine poisoning) is a tactic used by cybercriminals to manipulate search results and [...]
Healthcare Organizations Warned About Clop and MedusaLocker Ransomware Gangs
The healthcare and public health (HPH) sector is in the crosshairs of the Clop and MedusaLocker ransomware [...]
Healthcare Organizations Warned About Use of AI for Developing Malware
Artificial Intelligence tools have been incorporated into many cybersecurity solutions to improve their [...]
White Paper Outlines Potential Policy Changes to Address Healthcare Cybersecurity
Data breaches are being reported by healthcare organizations at a rate of around two per day when just four [...]
Feds Sound Alarm About Threat of Cyberattacks on HPH Sector by Evil Corp Hackers
A warning has been issued to the healthcare and public health (HPH) sector by the U.S. Office of Information [...]
North Korean Hackers Using Ransomware to Attack Healthcare Organizations
The healthcare and public health sector have long been attractive targets for cybercriminals due to the value [...]
Emotet is Back and Poses Significant Threat to the Healthcare Sector
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has [...]
Ransomware Attacks Increased by 13% in 2021
Ransomware attacks are increasing at an alarming rate. Attacks increased by 13% in 2021, which is a bigger [...]
New Legislation Considered for Improving Medical Device Cybersecurity
A bipartisan bill has been proposed to update the Federal Food, Drug, and Cosmetic Act (FD&C Act) to [...]
Zero-Day Vulnerabilities Allow Hackers to Take Control of Hospital Robots
A warning has been issued to hospitals that use the Atheon TUG mobile robots about five vulnerabilities – [...]
Feds Issue Updated Security Alert About Conti Ransomware
The United States Cybersecurity and Infrastructure Security Agency (CISA), in conjunction with the U.S. [...]
CISA Warns All U.S. Organizations to Raise Their Shields
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to all organizations in [...]
Excellus Health Plan Settles Class Action Data Breach Lawsuit
Excellus Blue Cross Blue Shield has agreed to settle a class action lawsuit filed in response to the data [...]
HHS Launches Cybersecurity Web Resource for the Healthcare and Public Health Sector
The Department of Health and Human Services is facing an unprecedented number of cyber threats and more data [...]
States Introduce Laws Covering the Collection, Use, and Sharing of Genetic Data
Most healthcare organizations in the United States are required to comply with the Health Insurance [...]
HC3: Cobalt Strike Penetration Testing Tool Increasingly Abused in Attacks on the Healthcare and Public Health Sector
Cybercriminals and Advanced Persistent Threat (APT) actors are increasingly using Cobalt Strike in attacks on [...]
Study Reveals Healthcare Organizations Are Overexposing Sensitive Data
Limiting access to protected health information (PHI) is one of the fundamental requirements of the Health [...]
Maximum 7-Year Sentence for University of Pittsburg Medical Center Hacker
A Michigan man who hacked into the human resources databases of University of Pittsburg Medical Center (UPMC) [...]
FTC Confirms Health Apps and Wearable Devices Covered by FTC Health Breach Notification Rule
The HIPAA Breach Notification Rule requires HIPAA-regulated entities to report data breaches and issue [...]
Cloud Security Alliance Issues Guidance on Combatting Ransomware in the Healthcare Cloud
New guidance has recently been released by the Cloud Security Alliance (CSA) Health Information Management [...]
Scripps Health Ransomware Attack Cost Increases to $112.7 Million
The 2021 IBM Security/Ponemon Institute Cost of a Data Breach Study determined the average cost of a data [...]
NIST Publishes Draft Update of Guidance on Developing Cyber-Resilient Systems
The National Institute of Standards and Technology (NIST) has released a draft version of updated guidance to [...]
Low Cybersecurity Risk Ratings Associated with Higher Risk of a Hospital Data Breach
A new study published in the Journal of the American Medical Informatics Association has explored the link [...]
Average Healthcare Data Breach Cost Increases to $9.23 Million
According to the 2021 IBM Security Cost of a Data Breach report, the average cost of a data breach has risen [...]
Irish Health Service Executive Ransomware Attack Expected to Cost $600 Million
On May 14, 2021, the Health Service Executive (HSE) in Ireland suffered a ransomware attack. The attack was [...]
President Biden Urged to Provide More Funding and Support to Improve Healthcare Sector Cybersecurity
The recently enacted American Rescue Plan has made funding available to speed the recovery from the pandemic, [...]
External Actors Now Cause More Healthcare Data Breaches than Insiders
Verizon has published its 2021 Data Breach Investigations Report (DBIR) which shows the majority of [...]
Medical Debt Collection Firm Settles Data Breach Case with Coalition of 41 State AGs
In 2019, the largest reported healthcare data breach was at American Medical Collection Agency (AMCA), a debt [...]
Small and Medium Sized Healthcare Organizations Targeted by Ransomware Gangs
Ransomware gangs stepped up their attacks on healthcare organizations in 2020 with some ransomware operations [...]
NIST Releases Final Guidance on Securing the Picture Archiving and Communication System (PACS)
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology [...]
More Than 45 Million Medical Images Containing PHI Stored on Unprotected Servers
A study conducted by the cybersecurity firm CyberAngel has revealed more than 45 million medical images are [...]
September is National Insider Threat Awareness Month
September is National Insider Threat Awareness Month – A month dedicated to raising awareness of the [...]
Malicious Activity Detection and Mitigation Guidance Published by CISA
The HIPAA Security Rule requires covered entities and their business associates to implement safeguards to [...]
Medical Data Being Exposed via Public GitHub Repositories
Research recently published in a collaborative report by security researcher Jelle Ursem and DataBreaches has [...]
Guidance Issued by HSCC and H-ISAC on Managing the Cybersecurity Tactical Response During a Pandemic
Joint guidance on managing the cybersecurity tactical response has recently been published by the Healthcare [...]
FTC Seeks Feedback on the Health Data Breach Notification Rule
The Federal Trade Commission is seeking feedback from healthcare industry stakeholders about its breach [...]
CISA and NCSC Issue Joint Cybersecurity Alert About Ongoing Cyberattacks on Healthcare Organizations
Advanced Persistent Threat (APT) groups are continuing to exploit the SARS-CoV-2 (COVID-19) pandemic and are [...]
FBI Warns About COVID-19 Cyberattacks and Healthcare Providers Targeted by Individuals Posing as OCR Investigators
The Federal Bureau of Investigation (FBI) has issued a fresh warning about the use of the 2019 Novel [...]
Medical Devices Affected by SweynTooth Vulnerabilities, Warns FDA, CISA
The U.S. Food and Drug Administration (FDA) and the Department of Homeland Security’s Cybersecurity [...]
Immediately Patch Windows Vulnerabilities Warns DHS and OCR
On January 14, 2020 Microsoft issued patches to correct critical vulnerabilities in Windows and Windows [...]
Study Suggests Security Enhancements After a Hospital Data Breach Negatively Affects Patient Outcomes
Following a data breach, hospitals implement additional measures to improve their security posture and make [...]
Guidance Issued on Securing Picture Archiving and Communications Systems
New guidance has been released by the National Cybersecurity Center of Excellence (NCCoE) on securing picture [...]
Guidance on Securing Corporate-Owned Personally Enabled Devices in Healthcare
and transmit patient information. They ensure healthcare professionals are always contactable and can quickly [...]
Summary of July 2019 Healthcare Data Breaches
It has been another terrible month for healthcare data breaches – The worst of the year to date in terms of [...]
912,992 Records Exposed in Healthcare Data Breaches in March 2019
February was a particularly bad month for healthcare data breaches, so it is no surprise there was a fall in [...]
Improving Healthcare Organizations Cybersecurity Through Cross-sector and Bi-partisan Collaboration
On February 21, 2019, Sen. Mark Warner (D-Va) requested feedback from a number of healthcare organizations [...]
Alert on Advanced Persistent Threats and Zero-Day Exploits Issued by OCR
In its spring cybersecurity newsletter, the HHS’ Office for Civil Rights has warned healthcare [...]
Health Data is the Least Likely Type of Data to Use Encryption
The Ponemon Institute conducted a survey for the Global Encryption Trends Study on behalf of nCipher, a [...]
Concerns Expressed about FDA Medical Device Security Guidance
The U.S. Food and Drug Administration (FDA) is assessing the responses to its draft guidance for medical [...]
Healthcare Laptops are a Serious Security Risk
Clearwater CyberIntelligence Institute (CCI) has analyzed security risks in healthcare and found that laptops [...]
Study Confirms Healthcare Employees are Susceptible to Phishing Attacks
Cybercriminals are targeting the healthcare industry and one of the leading ways that access to healthcare [...]
25% of Healthcare Companies Had a Mobile Security Breach Last Year
The Verizon Mobile Security Index 2019 report shows 25% of healthcare companies have had a security breach [...]
HIPAA Compliance in Conflict with Healthcare Cybersecurity
The College of Healthcare Information Management Executives (CHIME) has told Congress that HIPAA compliance [...]
Senator Seeks Answers on Healthcare Cybersecurity from Government Agencies and Healthcare Orgaizations
Senator Mark Warner (D-Va) has written letters to the leaders of the Department of Health and Human Services [...]
Healthcare Associations Request Safe Harbor for Entities That Have Followed Cybersecurity Best Practices
The College of Healthcare Information Management Executives (CHIME), the Association for Executives in [...]
Third-Party Apps’ Health Data Sharing With Facebook Investigated
An analysis of the data collection practices of Facebook by the Wall Street Journal recently revealed [...]
NHS Announces Pagers will be Phased Out by the End of 2021
The Department of Health in the United Kingdom has commissioned a report on the costs of pagers and their use [...]
Final Mobile Device Security Guide Released by NIST NCCoE
The National Cybersecurity Center of Excellence (NCCoE) recently published final guidance on mobile device [...]
Sensitive Health Information Shared in Facebook Closed Groups Allegedly Exposed
A complaint has been submitted to the FTC alleging Facebook as engaged in deceptive practices and has [...]
New Free Decryptor for GandCrab Ransomware v5.1 Now Available
The Romanian police has developed a new free decryptor for GandCrab ransomware, assisted by [...]
Report Reveals 473% Increase in Healthcare Email Fraud Attacks in 2 Years
Proofpoint revealed in its recent healthcare email security report that there has been a 473% increase in [...]
OIG Audit Findings of National Institutes of Health
The Department of Health and Human Services’ Office of Inspector General (OIG) has released a report of the [...]
Massive Annual Increase in Exposed Healthcare Records
2018 saw a massive increase in the number of exposed healthcare records according to the 2019 Breach [...]
HIMSS Cybersecurity Survey Reveals Phishing and Legacy Systems Major Security Concerns
HIMSS has published the results of its annual cybersecurity survey. The aim of the survey is to identify [...]
Hackers Can Exploit Vulnerabilities in Security Cameras
Hackers could exploit vulnerabilities in networked security and surveillance cameras to gain access to the [...]
HSCC’s New Cybersecurity Framework for Medical Devices
The Healthcare and Public Health Sector Coordinating Council (HSCC) has published a new cybersecurity [...]
Radware Report Talks About Increasing Cost of Cyberattacks
Radware’s new report provides information regarding the threat landscape in 2018 and the dramatic [...]
CMS Issues New Medicare Cards to Fight Fraud
People with Medicare have now been issued new Medicare cards that have no Social Security numbers printed on [...]
Patient Health Information at Risk Due to Security Failures of the Department of Defense Health Agency
According to a recently issued Department of Defense (DoD) Office of Inspector General report (PDF), the [...]
Feds Launch Awareness Campaign on Private Sector Cyber Risks
The National Counterintelligence and Security Center (NCSC) at the at the Office of the Director of National [...]
Hospitals Incur 64% Higher Advertising Costs After a Healthcare Data Breach
A new study has investigated how advertising expenditures are affected by healthcare data breaches. The [...]
Increased Chinese Malicious Cyber Activity Prompts US-CERT to Issue IT Service Provider Warning
The Department of Homeland Security (DHS) United States Computer Emergency Readiness Team (US-CERT) has [...]
Voluntary Cybersecurity Best Practices for Healthcare Organizations Published by HHS
The U.S. Department of Health and Human Services (HHS) has published voluntary cybersecurity best practices [...]
The Three Most Prevalent Security Weaknesses in Healthcare
Clearwater has identified the most prevalent security weaknesses in healthcare from IRM analyses carried out [...]
Risk Management Framework Updated by NIST
The National Institute of Standards and Technology (NIST) has released the final version of its updated Risk [...]
Study Reveals the Scale of Phishing Attacks and Value of Security Awareness Training
New research has revealed the scale of phishing attacks and the number of employees being misled by phishing [...]
Intsights Found a Huge Number of Open and Misconfigured Healthcare Databases in the Cloud
Intsights, an enterprise threat management platform provider, conducted a survey which revealed an alarming [...]
ONC’s Easy EHR Issues Reporting Challenge Winners Announced
The Easy EHR Issues Reporting Challenge was launched by the Department of Health and Human Services’ Office [...]
Serious Security Vulnerabilities Identified at Arizona Managed Care Organizations
The Department of Health and Human Services’ Office of Inspector General (OIG) has conducted security [...]
Two Iranian Hackers Indicted for SamSam Ransomware Attacks
The U.S. Department of Justice (DOJ) has announced that two threat actors responsible for SamSam ransomware [...]
New Draft Paper on Telehealth and Remote Monitoring Device Cybersecurity Open for Feedback
The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence (NCCoE) [...]
OIG Reports on Top Management and Performance Challenges of HHS
The Department of Health and Human Services’ Office of Inspector General (OIG) has released its yearly [...]
CISA Act Calls for New Cybersecurity Agency Inside DHS
The U.S. Department of Homeland Security will be forming a new agency exclusively focused on cybersecurity [...]
OIG Publishes Findings of Audit of FDA’s Policies and Procedures Covering Postmarket Cybersecurity Risk to Medical Devices
The HHS’ Office of Inspector General (OIG) has released the results of an audit of the policies and [...]
Less Than a Third of Healthcare Organizations Have a Comprehensive Cybersecurity Program
The 2018 CHIME Healthcare’s Most Wired survey has revealed many healthcare organizations do not have a [...]
Healthcare Organizations Pummeled by SamSam Ransomware
The cybercriminals behind SamSam ransomware have been highly active this year. 67 organizations have been [...]
Beazley’s Q3 Breach Insights Reports Shows Increase in Ransomware Attacks
The Beazley’s Q3 Breach Insights Report shows there has been a significant increase in ransomware attacks [...]
OCR Recommends Cybersecurity Best Practices for Healthcare Organizations
The Department of Health and Human Services’ Office for Civil Rights has reminded healthcare organizations [...]
MediaPRO Study Shows 75% of Employees Have Poor Security Awareness
For three years now, MediaPRO, the security awareness training firm, has conducted a yearly study to assess [...]
Healthcare Data Breach Report for September 2018
September saw 25 healthcare data breaches of more than 500 records reported to the Department of Health and [...]
Mobile Data Security and HIPAA Compliance
Healthcare providers and HIPAA-covered entities have been caught up in the mobile technology movement. Many [...]
FDA-DHS Collaborate to Medical Device Cybersecurity
A memorandum of agreement has been announced by the U.S. Food and Drug Administration (FDA) and the [...]
Most Common Phishing Emails Used by Cybercriminals in 2018
The most common types of phishing emails that cybercriminals send to healthcare organizations have been [...]
FDA Issues Alert Concerning Vulnerabilities in Medtronic Implantable Cardiac Device Programmers
The U.S. Food and Drug Administration (FDA) has issued an alert after it confirmed that certain Medtronic [...]
HSCC to Issue Cybersecurity Best Practices for Medical Device Manufacturers and Healthcare Organizations
The Healthcare & Public Health Sector Coordinating Council (HSCC) will soon release voluntary [...]
Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook Issued by FDA
On October 1, 2018, the U.S. Food and Drug Administration released a Medical Device Cybersecurity Regional [...]
Healthcare Industry is More Susceptible to Phishing Attacks Than Other Industries
The healthcare sector is frequently attacked by phishers seeking access to healthcare information located in [...]
NIST’s New Guidance Document on Managing IoT Cybersecurity and Privacy
The National Institute of Standards and Technology (NIST) has released a draft of a guidance document that [...]
California Legislature Approves California Consumer Privacy Act Changes
In June 2018, the California Consumer Privacy Act (CCPA) was approved by the California legislature. The Act [...]
FDA to Improve Reviews of Medical Device Cybersecurity
The Department of Health and Human Services’ Office of Inspector General (OIG) has issued a report [...]
New Privacy Framework To Protect the Privacy of Workers and Customers
The National Institute of Standards and Technology (NIST) developed a Cybersecurity Framework in 2014 to [...]
Two-Thirds of UK Companies Do Not Have Insurance for Data Breaches
A recent report from NTT Security has revealed 66% of UK senior executives believe their company is not fully [...]
Guidance on Securing Wireless Infusion Pumps for Healthcare Delivery Organizations
The final version of the NIST Cybersecurity Practice Guide for Securing Wireless Infusion Pumps in Healthcare [...]
Healthcare Data Breach Report for July 2018
July 2018 is by far the worst month in 2018 with respect to healthcare data breaches. There were 33 [...]
Vulnerabilities Found in Philips IntelliVue Information Center iX and PageWriter Cardiographs
This week, the Industrial Control Systems Cyber Emergency Team (ICS-CERT) has issued two advisories about [...]
70% of Healthcare Companies Do Not Have Cybersecurity Insurance
Ovum conducted a survey recently on behalf of analytics firm FICO, which revealed there has been a major [...]
Survey Reveals Insufficient Anti-Phishing Controls in Place in U.S. Businesses
Phishing is currently the top cyber threat encountered by companies; however, regardless of a high [...]
Serious Vulnerabilities Discovered in Maryland’s Medicaid Management Information System
The Department of Health and Human Services’ Office of Inspector General (OIG) has released the results of [...]
Flaws in Patient Monitors Could Allow Hackers to Alter Vital Signs Data
Douglas McKee, a security researcher at McAfee, discovered a flaw in the communications protocol used to send [...]
Vulnerabilities in Fax Machines May Allow Network Access and Exfiltration of Sensitive Data
Healthcare companies still extensively use faxes for communication and in some hospitals, as much as 75% of [...]
New Phishing Websites Detections Rose By 46 Percent in Q1, 2018
The Anti-Phishing Working Group has published its Q1, 2018 Phishing Activity Trends Report. The report [...]
SamSam Ransomware Attack on Atlanta Likely to Cost $17 Million to Resolve
The SamSam ransomware attack on Atlanta City was expected to cost around $6 million to resolve; however a [...]
More Than 3.14 Million Healthcare Records Were Exposed in Q2, 2018
Protenus has released its Q2 2018 Breach Barometer Report – A summary and analysis of healthcare data [...]
Over 20 Serious Vulnerabilities Found in OpenEMR Platform
OpenEMR is a free, open-source electronic health record (EHR) management system that is used by a large [...]
Hacktivist Convicted for DDoS Attack Facing 15 Years in Jail
The hacktivist, Martin Gottesfeld, 32, who was responsible for the Distributed Denial of Service (DDoS) [...]
Email Account Compromises Leading Cause of Q2 2018 Data Breaches
In the past year, email account compromises have been steadily increasing according to the July edition of [...]
New Guide for Securing Electronic Health Records on Mobile Devices Released by NIST/NCCoE
Physical, technical, and administrative controls can be implemented to secure ePHI on servers and desktop [...]
Consumers are Less Concerned About Breaches of Health Data Than Financial Data
The healthcare marketing agency SCOUT recently conducted a survey that revealed consumers are less concerned [...]
US-CERT Warns About Increasing ERP System Attacks
The United States Computer Emergency Readiness Team (US-CERT) has warned companies abut the growing risk of [...]
API Vulnerabilities and USB-Related Cyberattacks Identified
HIMSS has published its June Healthcare and Cross-Sector Cybersecurity Report, in which warnings have been [...]
2017 FBI Internet Crime Report Shows Harm Caused by BEC Attacks
The FBI 2017 Internet Crime Report has been released. The report is based on the complaints received by the [...]
Vulnerabilities Identified in Natus Xltek NeuroWorks Software
ICS-CERT has released an advisory following the discovery of eight vulnerabilities in version 8 of Natus [...]
Cofense Triage is One of the Top Security Software Solutions of 2018
CSO Online’s 2018 list of the best security software solutions for 2018 included Cofense Triage: The [...]
Vulnerabilities in Siemens RAPIDLab and RAPIDPoint Blood Gas Analyzers Announced by Siemens
Siemens published a bulletin about two recently identified vulnerabilities in RAPIDLab and RAPIDPoint Blood [...]
Healthcare Providers Lack Funds to Improve Medical Device Security According to Survey
HIMSS recently conducted a survey that confirmed that medical device security is a major priority at most [...]
Vulnerabilities Found in Philips IntelliVue Patient and Avalon Fetal Monitors
An advisory was issued by the Department of Homeland Security’s Industrial Control Systems Cyber [...]
Update on BeaconMedaes TotalAlert Scroll Medical Air Systems Web Application Vulnerabilities
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a bulletin warning [...]
Difficulty Solving Healthcare Data Breaches Due to Lack of Visibility into Employee Activity
According to Dtex Systems’ 2018 Insider Threat Intelligence Report, security teams are not able to [...]
Many Healthcare Organizations Use DMARC But Fail to Implement It Effectively
Healthcare organizations can use DMARC, the Domain-based Message Authentication, Reporting and Conformance [...]
NIST Cybersecurity Framework Certification Now Available at HITRUST
HITRUST, the security and privacy standards development and accreditation organization, is now providing [...]
Taking on the Challenge to Resolve Cybersecurity Vulnerabilities
Healthcare companies quickly fall victim to cyberattacks as a result of continually utilizing out-of-date [...]
Why Healthcare Organizations Suffer More Cyberattacks than Other Industries
Black Book Research conducted a survey where over 2,400 security professionals from 680 healthcare [...]
90,000 Health Records Exposed Due to Phishing Attacks on Healthcare Organizations
The number of successful phishing attacks on healthcare organizations has increased in the past few weeks. In [...]
Vulnerabilities Found in Phillips, Silex and GE Medical Devices
The Department of Homeland Security’s (DHS) Industrial Control Systems Cyber Emergency Response Team [...]
DoDIG Audit Report on Navy and Air Force EHR and Security Systems
The Defense Health Agency (DHA), the Navy and the Air Force recently had their second Department of Defense [...]
The Impact of Increasing SamSam Ransomware Attacks
Ten SamSam ransomware attacks occurred since December 2017. Most of the attacks were on government and [...]
BD Leads Medical Industry with Proactive Resolution of KRACK Vulnerability
The Department of Homeland Security (DHS) warned about a vulnerability that is affecting a lot of medical [...]
Healthcare Industry Attacked by New Orangeworm Threat Group
As reported by Symantec, there is a recently discovered threat group labeled as Orangeworm, which is [...]
Firmware Update Fixes Vulnerabilities in Abbot Laboratories Defibrillators
The U.S. Food and Drug Administration issued a warning on the cybersecurity vulnerabilities of certain Abbott [...]
6,550 Jemison Internal Medicine Patients Potentially Affected by Ransomware Attack
Jemison Internal Medicine of Alabama had a ransomware attack on December 20, 2017. Electronic health records [...]
Ransomware Attack on Coastal Cape Fear Eye Associates Impacts 925 Patients
The protected health information of 925 patients was compromised because of a ransomware attack on Coastal [...]
How Can Healthcare Organizations Prevent Phishing Attacks?
Phishing threats continue to cause problems for healthcare organizations. Investing in phishing defenses [...]
How HIPAA-Covered Entities Can Prepare Against the Spectre and Meltdown Chip Vulnerabilities
The Office for Civil Rights warned HIPAA-covered entities in an email about the Spectre and Meltdown chip [...]
Cryptocurrency Malware Found in Decatur County General Hospital’s Server
Decatur County General Hospital in Tennessee discovered on November 27, 2017 that its server housing the [...]
Ponemon Institute Surveys CISOs on Cyberattack Risks in 2018
Ponemon Institute conducted a survey regarding data security and cyber risk. The survey was Opus-sponsored [...]
53,000 Pharmacy Patients’ PHI Exposed Due to Phishing Attack
Onco360 and CareMed Specialty Pharmacy notified 53,173 patients that their protected health information was [...]
Things to Remember When Reporting 2017 HIPAA Data Breaches
The last day for reporting 2017 HIPAA data breaches to the Department of Health and Human Services’ Office [...]
Healthcare Industry Affected by the Increasing New Malware Detected in 2017
In 2017, McAfee Labs report a steady increase in the volume of new malware samples detected every quarter. Q3 [...]
Study Reveals Why Healthcare Organizations Fail to Meet Their Cybersecurity Goals
Black Book Research conducted a survey in Q4 2017 that revealed that the healthcare industry is not taking [...]
NIST Accepting Comments on the Second Draft of the Cybersecurity Framework
NIST published Version 1.1 or the second draft of the revised Cybersecurity Framework. Version 1.0 or the [...]
Digital Smart Pen and IV Infusion Pump Vulnerabilities Threaten Patient ePHI
Researcher Saurabh Harit of Spirent SecurityLabs discovered vulnerabilities in digital smart pens and IV [...]
Apple Fixed a Serious Flaw in MacOS High Sierra
On the last week of November, Apple was informed of a flaw in MacOS High Sierra. Devices running High Sierra [...]
PHI of Colorado Mental Health Institute Patients Exposed Due to Phishing Scam
An employee of Colorado Mental Health Institute at Pueblo became a victim of a phishing scam that allowed the [...]
HHS Pressed to Act on Cybersecurity Task Force Recommendations for Medical Device Security
The House Committee on Energy and Commerce is pushing HHS to take the advice of Healthcare Cybersecurity Task [...]
Can HIPAA-Covered Entities Use GoToMeeting?
GoToMeeting is an online meeting and video conferencing tool offered by LogMeIn. It helps businesses improve [...]
British Man Linked to The Dark Overlord Hacking Group Given 3-Year Jail Sentence
A individual connected to the hacking group TheDarkOverlord has been given a three year jail sentence for [...]
MongoDB and AWS Implement New Security Features to Prevent Unauthorized Data Access
Amazon has incorporated new safeguards into its cloud servers so that users won’t misconfigure their S3 [...]
When is the Best Time to Promote HIPAA Awareness?
All staff members must receive training on HIPAA Rules and Compliance, but when is the best time to provide [...]
Lack of Awareness on Phishing and Data Security Training Exposed in New Study
It is a widely held view, among IT staff, that members of staff are the biggest data security risk; however, [...]
Five Current Cybersecurity Threats Highlighted in HIMSS Report
The HIMSS October Cybersecurity has highlighted five current cybersecurity threats that could possibly be [...]
Bad Rabbit Ransomware Spread Via Fake Flash Player Updates
A new ransomware threat has been discovered, labelled Bad Rabbit ransomware, that has affected companies in [...]
NotPetya Wiper Attack: Nuance Communications Urged to Share Information on Cyberattack
While the healthcare sector remained largely unharmed during unaffected by the NotPetya wiper cyberattacks in [...]
Using Blockchain For a More Secure Medical Records System
Blockchain is probably most recognized for maintaining the security of cryptocurrency transactions, however [...]
HIPAA-Compliant Cloud Computing Platforms and Their Benefits
Before cloud providers can be employed by healthcare companies for keeping or processing protected health [...]
OIG Reports Several Security Vulnerabilities with Alabama’s Medicaid Management Information System
The HHS’ Office of Inspector General (OIG) reviewed Alabama’s Medicaid data and information systems to [...]
Delays in Patient Notification By Augusta University Medical Center Unexplained
A phishing attack on Augusta University Medical Center resulted in the unauthorized access of an individual [...]
PHI of Over 26,000 Patients Exposed Due to Arkansas DHS Privacy Breach
Arkansas Department of Human Services (DHS) fired a former employee from her new job at the state hospital [...]
UPMC Employees Found to Have Taken and Disclosed Photos of Patient’s Genital Injury
The University of Pittsburgh Medical Center’s Bedford Memorial hospital was investigated for a privacy [...]
Final Premarket Guidance to Help Medical Device Companies to Secure Data Exchange Now Released By FDA
The U.S. Food and Drug Administration (FDA) published the final guidance about medical device [...]
Greater Oversight Needed to Avoid Mailing Error and PHI Breach
Healthcare providers should be careful not to disclose protected health information (PHI) in mailings. [...]
Neurology Foundation’s Former Employee Violated HIPAA Law and Company Policies
The Neurology Foundation located in Providence, RI found out that one of its employees used the [...]
PHI Breach Reported By Alaska DHSS and Kaiser Permanente
Alaska Department of Health and Social Services found a Trojan horse virus on two of its computers. The virus [...]
The HIPAA Guide is a registered trademark. Copyright © 2007-2026 The HIPAA Guide. All rights reserved.
