Data breaches or leaks involving health or medical data.
Another major US hospital system recently suffered a cyberattack. Bleeping Computer reported: The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyberattack that disrupted computer systems and applications, potentially exposing the data of 1.4 million patients. The organization is a public, academic health institution that is part of the Texas Tech […]
New York State Attorney General Letitia James announced another data security enforcement settlement yesterday. HIPAA Journal writes: A New York healthcare provider that experienced a breach of the personal and protected health information of 242,641 New Yorkers has been ordered to pay a financial penalty of $550,000 and take steps to strengthen its data security […]
No ransomware gang has claimed responsiblity for the November 21 attack on the Wirral University Teaching Hospital NHS Trust but a second attack on a children’s hospital is also causing significant problems. The Register reports: The attack on Liverpool’s Alder Hey Children’s Hospital and Liverpool Heart and Chest Hospital NHS Foundation Trust is apparently unconnected […]
Legislation proposed in September would mandate minimum cybersecurity requirements in the healthcare sector. Kevin Wood, the Chair of Winstead’s Healthcare Industry Group, writes: …. Senators Ron Wyden (D-OR) and Mark Warner (R-VA) introduced the Health Infrastructure Security and Accountability Act (HISAA) on September 26, 2024. Like HIPAA and HITECH before it, which established minimum levels […]
Christopher R. Smith of Epstein Becker & Green, P.C. writes: On July 12, 2024, the FDA provided small dispensers—those employing 25 or fewer full-time pharmacists or pharmacy technicians—with an exemption from the Drug Supply Chain Security Act’s (“DSCSA”) enhanced drug distribution security (“EDDS”) requirements until November 27, 2026.[1] The FDA had previously announced a stabilization period effectively delaying […]
The Change Healthcare ransomware attack that was first disclosed in February 2024 continues to cause problems and make headlines. HIPAA Journal reports on the financial impact: The cost of the Change Healthcare ransomware attack has risen to $2.457 billion, according to UnitedHealth Group’s Q3, 2024 earnings report. Revenues in the third quarter increased by 9% year-over-year […]
A press release from HHS OCR on September 26:
More than a year after other victims of the MOVEit hacking incident notified people, the the Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are notifying people whose protected health information was acquired by the Clop gang: The MOVEit data breach may be long in the rear-view mirror, but […]
The 2022 ransomware attack on Advanced, a National Health Service (NHS) vendor, was devastating to patient care. Now the U.K.’s Information Commissioner’s Office has indicated it plans to impose a substantial fine on the vendor. TechCrunch reports: U.K. data protection authorities have issued a provisional fine of more than £6 million to NHS vendor Advanced […]
More than 6,000 operations and appointments have been postponed at London hospitals affected by the Synnovis cyber attack, NHS England has confirmed. Digital Health reports that on 4 July 2024, NHSE published an update on the ransomware attack. The update indicated that 4,913 acute outpatient appointments and 1,391 elective procedures have been postponed at King’s […]
