Data breaches or leaks involving health or medical data.
No ransomware gang has claimed responsiblity for the November 21 attack on the Wirral University Teaching Hospital NHS Trust but a second attack on a children’s hospital is also causing significant problems. The Register reports: The attack on Liverpool’s Alder Hey Children’s Hospital and Liverpool Heart and Chest Hospital NHS Foundation Trust is apparently unconnected […]
Legislation proposed in September would mandate minimum cybersecurity requirements in the healthcare sector. Kevin Wood, the Chair of Winstead’s Healthcare Industry Group, writes: …. Senators Ron Wyden (D-OR) and Mark Warner (R-VA) introduced the Health Infrastructure Security and Accountability Act (HISAA) on September 26, 2024. Like HIPAA and HITECH before it, which established minimum levels […]
Christopher R. Smith of Epstein Becker & Green, P.C. writes: On July 12, 2024, the FDA provided small dispensers—those employing 25 or fewer full-time pharmacists or pharmacy technicians—with an exemption from the Drug Supply Chain Security Act’s (“DSCSA”) enhanced drug distribution security (“EDDS”) requirements until November 27, 2026.[1] The FDA had previously announced a stabilization period effectively delaying […]
The Change Healthcare ransomware attack that was first disclosed in February 2024 continues to cause problems and make headlines. HIPAA Journal reports on the financial impact: The cost of the Change Healthcare ransomware attack has risen to $2.457 billion, according to UnitedHealth Group’s Q3, 2024 earnings report. Revenues in the third quarter increased by 9% year-over-year […]
A press release from HHS OCR on September 26:
More than a year after other victims of the MOVEit hacking incident notified people, the the Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are notifying people whose protected health information was acquired by the Clop gang: The MOVEit data breach may be long in the rear-view mirror, but […]
The 2022 ransomware attack on Advanced, a National Health Service (NHS) vendor, was devastating to patient care. Now the U.K.’s Information Commissioner’s Office has indicated it plans to impose a substantial fine on the vendor. TechCrunch reports: U.K. data protection authorities have issued a provisional fine of more than £6 million to NHS vendor Advanced […]
More than 6,000 operations and appointments have been postponed at London hospitals affected by the Synnovis cyber attack, NHS England has confirmed. Digital Health reports that on 4 July 2024, NHSE published an update on the ransomware attack. The update indicated that 4,913 acute outpatient appointments and 1,391 elective procedures have been postponed at King’s […]
When a rural hospital suffers a cyberattack that may knock it offline or encrypt all of its systems and patient records, the human cost can be enormous. Sadly, it is not unusual for criminal groups to attack hospitals, believing that they will have no choice but to pay extortion demands. In a statement issued Monday […]
In February, Cencora (formerly known as AmerisourceBergen/Lash Group) filed notice of a cybersecurity incident with the Securities and Exchange Commission: On February 21, 2024, Cencora, Inc. (the “Company”), learned that data from its information systems had been exfiltrated, some of which may contain personal information. Upon initial detection of the unauthorized activity, the Company immediately took containment […]
