Security news aggregator

Latest coverage for Healthcare

Stay updated with the latest healthcare cybersecurity trends, news, and tips to protect patient data and comply with medical industry security standards.

11 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Healthcare is the delivery of clinical care and related services through hospitals, clinics, laboratories, pharmacies, insurers, and connected medical devices. It depends on electronic health records (EHRs), patient identity systems, diagnostic and imaging platforms, medication and scheduling systems, and data exchanges between organizations. These environments hold sensitive health and payment information, while the availability and integrity of systems can affect treatment, diagnostics, and patient safety.

Security concerns include unauthorized access or disclosure of records, alteration of clinical data, and disruption of care through attacks on EHRs, connected devices, or third-party services. Defenses require risk-based access controls, strong authentication, network separation where appropriate, secure device and software maintenance, backups that support clinical continuity, and tested downtime and incident-response procedures. Vulnerability management must account for legacy systems and devices that cannot be patched quickly. Privacy and compliance obligations, such as HIPAA in the United States, shape how organizations collect, use, share, retain, and report health information.

Showing 11 most recent headlines Filtered view

InfoSys McCamish Systems Earlier Alerted 57,000 Bank of America Clients of BreachInfosys McCamish Systems, an insurance software product and services vendor, is notifying nearly 6.1 million people of a 2023 ransomware incident that potentially comprised their sensitive data, including Social Security numbers, medical treatment, and financial and biometric information.

Scammers Use Social Engineering and Phishing to Fool Workers and IT Help Desk StaffFederal authorities warn of social engineering and phishing scams - sometimes targeting IT help desk workers - that allow attackers to steal login credentials and access healthcare sector entities' IT systems so they can divert automated clearinghouse payments to bank accounts the attackers control.

Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. Among their fascinating stories: how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves "got a little religion."

Researchers Say Manufacturer Proges Plus Hasn't Responded to Vulnerability FindingsVulnerabilities in internet-connected temperature monitoring devices - and an accompanying desktop application - mainly used in hospitals could be exploited by hackers to exfiltrate sensitive data or compromise temperature monitoring integrity, researchers warn.

DOJ Says Vendor's Terminated Worker Unlawfully Accessed Geisinger Patient InfoAn ex-employee of Microsoft's Nuance Communications unit is at the center of a 2023 data breach that affected more than 1 million patients of Pennsylvania-based healthcare system Geisinger. The Department of Justice has criminally charged the former Nuance worker in the incident.

Probe: Worker at speech-recog outfit Nuance wasn't locked out after firing Updated American healthcare provider Geisinger fears highly personal data on more than a million of its patients has been stolen – and claimed a former employee at a Microsoft subsidiary is the likely culprit.…

John Riggi of the American Hospital Association on HHS' Upcoming Cyber RegulationsWhite House efforts to ratchet up health sector cybersecurity are critically important, but possible financial penalties levied for non-compliance with upcoming cyber requirements that are directed only at hospitals could do more harm than good, said John Riggi of the American Hospital Association.

Final HHS Rule Cuts Financial Payments to Healthcare Firms That Violate Cures ActFederal regulators have issued a final rule that sets financial disincentives for healthcare providers that commit information blocking - or practices that they know are unreasonable and likely to interfere with patient access to electronic health information.