Latest coverage for Healthcare

Healthcare Sector AI Expansion Raises Questions on Governance, Privacy and SafetyMayo Clinic and Microsoft are planning a new healthcare-specific frontier artificial intelligence model that aims to help clinicians make earlier diagnoses and deliver more personalized treatments to their patients. The clinic plans to make the new model available to patients and doctors.

Healthcare Coordinating Council Highlights AI Risks, Potential Medical MishapsHealthcare organizations face an array of difficult cybersecurity, privacy, patient safety, supply chain and operational resiliency issues as they roll out artificial intelligence tools. A new Health Sector Coordinating Council playbook aims to help by providing a voluntary governance framework.

Project Glasswing Expansion Reaches Power, Healthcare, Telecom and Water OperatorsAnthropic expanded Project Glasswing to 150 additional organizations across more than 15 countries, granting critical infrastructure operators, NATO and cybersecurity agencies controlled access to Claude Mythos Preview as the company seeks broader cyber defense coverage while limiting misuse risks.

ENISA NIS360 2026 shows cybersecurity improving across EU critical sectors, but health, water, rail, and space remain in the risk zone. ENISA has published its third annual NIS360 report, assessing the cybersecurity maturity and criticality of all sectors covered by the NIS2 directive. The headline finding is that things are improving across the board. The […]

Study: Monitoring Vendor Risk Remains Much Harder Than Onboarding Third PartiesHealthcare organizations are getting better vetting third-party vendors, including suppliers of medical devices, software and other products. But once these vendors are on board, healthcare firms still struggle with monitoring their security posture and ensuring they keep their promises.

OT Firm Looks to Secure IoT, Industrial and Medical DevicesDragos, one of the first OT cybersecurity companies, announced Monday it acquired Phosphorus, the IoT security and management player, a move analysts said was designed to catch Dragos up with its competitors and expand its offerings to cover the quickly growing IoT sector.

California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failure to protect sensitive customer genetic and personal information. [...]

Attackers Attempted to Reroute Hospital Medicaid ReimbursementsA hack on a Connecticut Medicaid web portal involving compromised credentials of a healthcare provider has affected the payment account and other information for about 22,500 patients. The data theft is the latest breach involving a healthcare related web portal hack. Why does this keep happening?

Also, Kali365 Bypasses MFA, Silent Ransom Group Makes Office CallsThis week, active duty troops tracked, Kali365 bypassed MFA, Australian lawmakers phished on WhatsApp, Silent Ransom escalated IT scams, Lithuania and German hospitals disclosed breaches, pro-Russian infrastructure providers arrested, CISA warned of active LiteSpeed exploitation.

Health-ISAC Warns About Weak Governance and Credential MisuseHumans make mistakes. They fall for phishing scams and click on malicious links. Machines aren't necessarily better: Delegating decisions to agentic artificial tools can significantly intensify cybersecurity risks, warns a healthcare association.

Breach Is Among Several Recent Major Incidents Involving Billing Software ProvidersA publicly traded cancer treatment firm notified investors that a yet-undisclosed number of patients' information was compromised in a 2025 cybersecurity incident involving a third-party billing software vendor. The Oncology Institute provides cancer treatment care to nearly 2 million patients.

The Oncology Institute disclosed a data breach tied to a third-party vendor, potentially exposing patient information after a 2025 cyberattack. The Oncology Institute has confirmed that patient information was impacted in a cybersecurity incident involving a third-party software provider. The healthcare network first disclosed the security breach in November 2025 while the vendor’s investigation was […]

Ransomware and vendor breaches persist. The "2026 Data Breach Investigations Report" (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable.

Recent Hacks Underscore Persistent and Growing Threats to Smaller OrganizationsSmall and mid-sized healthcare organizations - including medical specialty practices and regional clinics - continue to fall victim disproportionately to hacking incidents, including ransomware attacks and data thefts - affecting large populations of patients. Why does this keep happening?

Incident Involved an Unnamed Third-Party VendorNew York City's municipal healthcare system is notifying nearly 2 million patients of a hacking incident discovered earlier this year involving a third-party vendor. The breach compromised a long list of information, including biometric data such as fingerprints.

Déjà Vu: Is Mythos in Hands of Bad Actors Akin to Cobalt Strike, Brute Ratel Abuse?Anthropic's Claude Mythos and similarly powerful artificial intelligence tools pose elevated cyber risk to the healthcare sector, warns a new report. Addressing the onslaught of newly discovered bugs will require healthcare organizations to evolve their vulnerability mindsets.

License Frontier AI to Practice Medicine, Argues JAMA ArticleScrutiny is intensifying around the quickly evolving role that AI is playing in healthcare. That includes issues around the transparency and safety of consumer health chatbots and also whether a new clinical AI licensing framework is necessary to protect the integrity of medicine.

Will Regulators Make the May Deadline, and What Changes Will Make the Cut?Federal regulators are scheduled to issue a rule this month finalizing a proposed massive overhaul of the 23-year-old HIPAA Security Rule. Will the Department of Health and Human Services make the deadline, and what should HIPAA regulated organization expect?

Medical Board Urged State to Ditch Pilot, Citing Patient Safety ConcernsThe state of Utah is forging ahead with a pilot program that allows patients with chronic conditions to autonomously refill medication prescriptions using an artificial intelligence-powered telehealth platform despite opposition from its state medical licensing board.

Josephine Wolff on Why Healthcare Must Scrutinize Cyber and AI CoverageHealthcare organizations face growing pressure to reassess cyber insurance policies as cyberattacks disrupt patient care and AI tools introduce new liability risks. Josephine Wolff of Tufts University discusses how exclusions, compliance demands and AI-related uncertainty shape insurance decisions.