Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Breached Change Healthcare server lacked multifactor authentication, UnitedHealth CEO admits
UnitedHealth CEO Andrew Witty told the Senate Finance Committee that systems have been rebuilt “from scratch” in light of the oversight.
Kaiser Permanente exposed data on 13.4 million members to tech companies
Tracking technologies sent patient information to advertisers such as Microsoft, Google and Meta.
Hackers were inside Change Healthcare’s systems 9 days before attack
UnitedHealth Group confirms hackers have personal data on “a substantial proportion of people in America."
Atrium Health sued for violating patient privacy, sharing data with Facebook and Google
In a court filing, the plaintiffs claim Atrium Health used Meta's Pixel code on its website, resulting in patients receiving targeted ads.
Massive data trove from Change Healthcare hack now for sale on dark web
Cybercriminal group RansomHub claims to have protected health information from nearly every American.

Medical societies are asking Congress to be involved in Medicare reform efforts.

Senate passes CISA for coordinated cyberthreat sharing

The Senate voted 74-21 in favor of the Cybersecurity Information Sharing Act of 2015 which incentivizes companies to share cyberthreat data with the government.

October 29, 2015

S.C. hospital employee fired for inappropriate record access, fraudulent claims

An employee's inappropriate access to patient records and fraudulent claims led to termination from Bon Secours St. Francis Health System.

October 28, 2015

CEA develops voluntary privacy guidelines for consumer wellness devices

A set of voluntary guidelines for private sector organizations that handle personal wellness data is now available. The Consumer Electronics Association (CEA) developed the guidelines to show that "wellness technology companies are making consumer privacy a top priority."

October 27, 2015

CISA headed for Senate vote despite criticism

The Cybersecurity Information Sharing Act (CISA) has cleared numerous hurdles but faces more before it becomes a law that secures private data networks against malicious hackers.

October 27, 2015

Three stories highlight HIT's impact this week

This week saw some interesting facts and figures indicative of the changes facing the healthcare industry.

October 22, 2015

Cyberattacks to cost $305B over next five years

Cyberattacks over the next five years will cost U.S. health systems $305 billion in cumulative lifetime revenue, according to a report from Accenture.

October 16, 2015

Texas provider takes the lead on plan to share cybersecurity threat info

After calls to launch a national cyberthreat information sharing system, the Department of Health and Human Services (HHS) has taken the first steps with a $150,000 grant to a Texas provider.

October 14, 2015

Calif. amends its data notification law

Calif. Gov. Jerry Brown has signed a breach notification amendment into law that clarifies the definition of encrypted data, standardizes breach notification language and expands the definition of personal information.

October 14, 2015

Around the web

AI in Healthcare

Biden Administration itemizes AI accomplishments to date

Half a year after President Biden officially directed federal agencies in the executive branch’s bailiwick to “seize the promise and manage the risks” of AI, the White House has posted a status report.

Cardiovascular Business

‘Concerning’ data connect industry payments to cardiologists with medical device use

U.S. physicians often receive payments from medical device manufacturers and pharmaceutical companies. New research in JAMA found a connection between receiving such payments and using specific devices—should the industry be concerned?

Cardiovascular Business

Cardiology groups share key update: ABMS seeking feedback on proposed Board of Cardiovascular Medicine

Five of the largest U.S. medical societies focused on cardiovascular health are one step closer to seeing their paradigm-shifting proposal become a reality.

Cybersecurity

Breached Change Healthcare server lacked multifactor authentication, UnitedHealth CEO admits

Kaiser Permanente exposed data on 13.4 million members to tech companies

Hackers were inside Change Healthcare’s systems 9 days before attack

Atrium Health sued for violating patient privacy, sharing data with Facebook and Google

Massive data trove from Change Healthcare hack now for sale on dark web

Around the web