A ransomware incident last fall that disrupted some of hospital chain CommonSpirit's operations for at least a month has cost the organization $150 million in lost revenue, remediation and other expenses so far. CommonSpirit also likely faces additional legal expenses.
Federal authorities are urging healthcare sector entities to take steps to protect their web applications, connected devices and other critical systems against distributed denial-of-service attacks. The warning comes weeks after a wave of DDoS attacks from Russian nuisance hacking group KillNet.
Community Health Systems has reported to the U.S. Securities and Exchange Commission that a security incident involving vendor Fortra's GoAnywhere secure file transfer software has compromised the data of about 1 million patients. Did attackers exploit a recent zero-day vulnerability?
Federal regulators said true health data interoperability is on its way for hundreds of millions of American patients now that six tech providers have committed to a rigorous set of trust and security criteria for swapping patient information. The agreement is a milestone years in the making.
Before healthcare entities can promise advanced identity and access management technologies and practices, their IAM programs need to address important fundamentals, which many entities still struggle with due to the complexity of healthcare itself, says Erik Decker, CISO of Intermountain Health.
As ransomware attacks continue to target the healthcare industry, cyber risk is now patient safety risk. Unfortunately, many cyber risk management programs are woefully understaffed and resource-constrained. As such, leading healthcare CIOs, CISOs, and Supply Chain executives are rapidly automating best practices and...
Regal Medical Group, one of the largest medical groups in Southern California, has reported that a December ransomware incident involving data exfiltration has potentially compromised the protected health information of more than 3.3 million individuals.
Multiple government agencies in the U.S. and South Korea issued a joint alert warning critical infrastructure sectors - and especially the healthcare sector - of ongoing ransomware threats involving North Korean state-sponsored cybercriminals.
A group of bipartisan U.S. senators is seeking answers from three telehealth companies about their data tracking and sharing practices. The move comes as privacy and security concerns about broader data sharing by technology firms also are growing.
An Ontario hospital says it is operating under "Code Grey" as it deals with a cybersecurity incident that occurred over the weekend. Meanwhile, hospitals in Maryland and Florida say they are still recovering from cyberattacks that hit last week and continue to affect a variety of patient services.
Cedars-Sinai Medical Center in Los Angeles has joined a growing list of organizations being sued for allegations that its use of website tracking codes is unlawfully sharing individuals' personal and health information to third-party social media and marketing companies.
During the height of the coronavirus pandemic, mergers and acquisitions in the healthcare sector slumped, but they now appear to be slowly rebounding. What does this mean in terms of potential security risks that organizations undergoing consolidation face?
A Florida healthcare system says it is diverting emergency patients and is only accepting certain Level 1 trauma cases while it deals with an "IT security incident." Meanwhile, a Maryland hospital is responding to its own ransomware incident.
In the latest weekly update, ISMG editors discuss the lasting effects of the takedown of the Hive ransomware group, why the U.S. government is warning of a surge in Russian DDoS attacks on hospitals, and why the lack of transparency in U.S. breach notices is creating more risk for consumers.
Federal regulators hit Banner Health, which operates hospitals and other care facilities in multiple states, with a $1.25 million HIPAA settlement in the wake of a 2016 hacking incident that affected nearly 3 million individuals. Banner Health will also implement a corrective action plan.