Privacy & Security

Plaintiffs say the apparent theft of identity and other information announced this past week, which could impact as many as 11 million people, happened because the health system did not use "reasonable security procedures and practices."

Artificial intelligence has changed the threat landscape, enabling new cybersecurity risks for health systems: more sophisticated social engineering, automated vulnerability intelligence gathering, endpoint detection evasion and more.

AT&T's annual industry insights report revealed a shift in focus from consumer virtual care in 2022 to richer budgeting for tele-emergency medical services. 

The health system says the patient data, which was posted online, includes names, phone numbers and appointment information, but not clinical or payment info.

Medtronic has released an update for a cybersecurity vulnerability that an unauthorized user could exploit to steal, delete or modify cardiac device data or to gain network access.

An "unwritten requirement" can help healthcare organizations understand their environments and examine vulnerabilities to protect ePHI, says Chad Peterson, managing director at NetSPI.

The agency says that FIN11 uses a variety of TTPs and has gained access to more organizations than it is able to monetize, choosing to initiate zero-day exploits based on an organization's location and security posture.

HHS Office for Civil Rights Director Melanie Rainer describes how her office is helping providers understand and meet their security and compliance requirements.

An April ransomware attack that compromised the PPI and PHI of some 2.5 million members has led to multiple class action lawsuits against the Massachusetts-based health plan and its parent company.

The Illinois Catholic health system has signed a nonbinding letter of intent with OSF Healthcare to acquire the Peru campus.