Security news aggregator

Latest coverage for Healthcare

Stay updated with the latest healthcare cybersecurity trends, news, and tips to protect patient data and comply with medical industry security standards.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Healthcare is the delivery of clinical care and related services through hospitals, clinics, laboratories, pharmacies, insurers, and connected medical devices. It depends on electronic health records (EHRs), patient identity systems, diagnostic and imaging platforms, medication and scheduling systems, and data exchanges between organizations. These environments hold sensitive health and payment information, while the availability and integrity of systems can affect treatment, diagnostics, and patient safety.

Security concerns include unauthorized access or disclosure of records, alteration of clinical data, and disruption of care through attacks on EHRs, connected devices, or third-party services. Defenses require risk-based access controls, strong authentication, network separation where appropriate, secure device and software maintenance, backups that support clinical continuity, and tested downtime and incident-response procedures. Vulnerability management must account for legacy systems and devices that cannot be patched quickly. Privacy and compliance obligations, such as HIPAA in the United States, shape how organizations collect, use, share, retain, and report health information.

Showing 7 most recent headlines Filtered view
Bank Info Security 2 years, 3 months ago

Feds Warn of Credential Harvesting Threats in Healthcare

HHS Says Tried-and-True Hacker Methods Can Compromise Patient Data, SafetyFederal regulators are sounding an alarm to warn healthcare sector entities of cyberattacks involving a tried-and-true hacking method - credential harvesting, which can be used to compromise patient data, disrupt healthcare operations and enable other crimes.

Bank Info Security 2 years, 3 months ago

UnitedHealth Admits Patient Data Was 'Taken' in Mega Attack

US Government Offers $10M Bounty to Track Down Leadership of BlackCat Crime GroupUnitedHealth Group has admitted data was "taken" in the cyberattack on Change Healthcare and has just started analyzing the types of personal, financial and health information potentially compromised. The U.S. is offering a $10 million bounty for BlackCat, which claims to have launched the attack.

Bank Info Security 2 years, 3 months ago

Change Healthcare Wake-Up Call: Is Sector Too Codependent?

Denise Anderson and Errol Weiss of Health-ISAC Discuss Critical Cyber IssuesThe Change Healthcare attack - the most disruptive cyber incident to ever hit the U.S. healthcare ecosystem - spotlights the risks that come from relying on a handful of major suppliers, said leaders of the Health Information Sharing and Analysis Center.

Bank Info Security 2 years, 3 months ago

Feds Wave Sticks & Carrots at Health Sector to Bolster Cyber

Industry Groups Welcome Help for Hospitals and Others - But Oppose PenaltiesProposed federal sticks and carrots to incentivize the health sector to implement stronger cybersecurity standards are already meeting opposition from some industry groups that say financial help is welcome but payment penalties for perceived laggards likely will do more harm than good.

ARPA-H joins the challenge, adds $20M to cash rewards Interview As ransomware gangs target critical infrastructure – especially hospitals and other healthcare organizations – DARPA has added another government agency partner to its Artificial Intelligence Cyber Challenge (AIxCC).…

Bank Info Security 2 years, 3 months ago

Hospitals Lobby Feds to Clarify Breach Duties in UHG Attack

AHA Wants Change Healthcare on Hook for Notification in Potential BreachAs thousands of hospitals, clinics and doctor practices potentially have to notify millions of patients about the Change Healthcare breach, the American Hospital Association said the IT services firm and parent company, UnitedHealth Group, should be the sole sender of notifications.