Privacy & Security

Julia Strandberg, executive vice president and chief business leader of connected care at Royal Philips, told MobiHealthNews she anticipates continued mergers, partnerships and AI innovation in 2025.

Join the editors of Healthcare IT News, Healthcare Finance News and MobiHealthNews as they forecast new trends and developments for the year ahead: AI, cybersecurity, patient engagement, reimbursement and rev cycle, virtual care and more.

Protected health information from Ocean State's online health and human services platform may be part of the cache of personal data posted to the dark web.

That has culminated in an estimated $21.9 billion in downtime losses over the past six years, a new report shows, with medical organizations experiencing 17 days of downtime per incident, on average.

This past year was a busy one, with new policy changes, cybersecurity challenges, EHR optimization advancements, innovations in patient care and, yes, a whole lot of AI.

It was another record-breaking year for healthcare cyberattacks, and healthcare providers' network servers were again prime targets for hackers.

The agency seeks to make its first HIPAA Security Rule update since 2013 to clarify what health plans, healthcare clearinghouses, providers and their business associates must do to protect the security of electronic protected health information.

Chike Okeke, chief information security officer of data exchange company Concord, offers his perspective on the safe and secure transfer of protected health information.

"The usage of AI and automatic vulnerability scanning performed by the attackers allows them to find an exposed IoT device and conduct an attack on it much quicker than they used to be able to," says one security researcher in a new report.

A cyberattack on May 8 against healthcare giant Ascension resulted in the medical data of 5.6 million customers being exposed, according to a filing with the Maine attorney general’s office published on December 20. WHY IT MATTERS In June, the health system determined that an attacker gained access to its systems after an employee at one of its facilities inadvertently downloaded a malicious file, believing it to be legitimate. The organization stated there was no indication that the incident was anything other than an honest mistake. Months of investigation with third-party experts also led to Ascension determining sensitive data belonging to current and former patients, senior living residents, and employees was potentially exposed. A December 19 announcement from Ascension noted the compromised information varies by individual and may include medical details such as medical record numbers, dates of service, lab test types and procedure codes. Payment information, including credit card or bank account numbers, insurance details ranging from Medicaid and Medicare IDs to policy numbers and claims, government identification, including Social Security numbers, tax IDs, driver’s licenses or passports, and personal information such as addresses and dates of birth were potentially involved. Ascension also confirmed its electronic health records and other core clinical systems, where full patient records are securely stored, were not accessed during the attack. THE LARGER TREND Among the other major healthcare breaches in 2024 include a cyberattack against Change Healthcare in February, which impacted 100 million people – the largest breach ever reported to federal regulators. In April, Kaiser Permanente reported that 13.4 million people were affected by a data breach that exposed patient and plan members' information. Meanwhile, legislation is being proposed to bolster healthcare cybersecurity defense in the form of the Health Care Cybersecurity and Resiliency Act. The bipartisan bill, introduced in November, would offer grants to healthcare organizations to help them shore up their ability to prevent and respond to cyberattacks. Meanwhile, governance remains a concerning weak point in healthcare, even as cyberattacks are becoming more prominent and the risks of IoT medical devices are coming into sharper focus. ON THE RECORD Tim Rawlins, senior adviser and director for security at cybersecurity consultancy NCC Group, noted healthcare will always be an attractive target, given the sheer quantity of sensitive data organizations hold and the need to make information available to the medical staff as quickly as possible. "Basic cyber security measures, individual log ins, multi-factor authentication, and patched, secure and monitored systems will go a long way to preventing these attacks," he said. Nathan Eddy is a healthcare and technology freelancer based in Berlin. Email the writer: nathaneddy@gmail.com Twitter: @dropdeaded209