In the latest weekly update, ISMG editors discuss how Russia's invasion of Ukraine upended the cybercrime ecosystem, a lawsuit against a U.S. cardiovascular clinic that seeks a long list of security improvements, and the latest endpoint protection technology trends in the Gartner Magic Quadrant.
An Alabama cardiovascular clinic is facing a proposed class action lawsuit filed by one of the nearly 442,000 individuals affected by a data exfiltration breach reported last month. The lawsuit seeks a detailed list of security improvements by the clinic and 10 years of court compliance monitoring.
Healthcare executives called on Congress to ensure minimum cybersecurity standards, saying a wholly voluntary approach is failing clinics and hospitals. Gaps are widest at small rural hospitals, testified a former hospital CISO before the Senate Homeland Security and Governmental Affairs Committee.
A vendor of clinical and third-party administrative services to managed care organizations and healthcare providers serving elderly and disabled patients said a cybersecurity incident last summer has affected more than 4.2 million individuals.
A cancer patient whose partially naked exam photos and personal data were stolen and subsequently posted on a ransomware leak site last month filed a proposed class action lawsuit, alleging that Lehigh Valley Health Network's refusal to pay the ransom "prioritized money over patient privacy."
Emergency medical device provider Zoll Medical Corp. is notifying more than 1 million individuals, including employees, as well as patients and former patients who used its LifeVest wearable cardioverter defibrillator, of a hacking incident that compromised their personal information.
A provider of online mental health services is notifying nearly 3.2 million people that the company used website tracking tools to share sensitive patient information with third parties including Facebook, Google and TikTok - without the individuals' consent.
President Joe Biden's budget request for fiscal 2024 includes a big proposed boost for the federal office charged with enforcing privacy and security within the healthcare industry. The proposal asks for $78 million in appropriations for the Office of Civil Rights.
Community Health Systems will soon begin notifying up to 1 million individuals estimated to have been affected by data compromise when attackers exploited a zero-day vulnerability in vendor Fortra's GoAnywhere MFT, which is secure managed file transfer software.
A healthcare revenue cycle management software vendor is facing a proposed class action lawsuit in the aftermath of a December data exfiltration attack affecting nearly 251,000 patients. Ransomware group Royal took credit for the attack, allegedly leaking samples of the stolen data on its leak site.
The Department of Health and Human Services and the Health Sector Coordinating Council on Wednesday published an updated toolkit that aims to help healthcare entities align security programs with the National Institute of Standards and Technology's Cybersecurity Framework.
Privacy concerns involving the tracking, collection and disclosure of sensitive health data of consumers - without their knowledge or consent - remain top enforcement priorities for federal regulators, as well as top legislative fodder for some members of Congress.
Russian-speaking ransomware gang BlackCat is leaking data stolen from a Pennsylvania-based healthcare group, including photos of breast cancer patients. The gang posted screenshots of patient diagnoses of a handful of patients and pictures of breast cancer patients disrobed from the waist up.
The Biden administration's national cybersecurity strategy emphasizes bolstering critical infrastructure sector protections, including setting minimum security requirements and enhancing collaboration. But observers says the industry needs more resources and a better security posture to comply.
A Georgia man who is the chief operating officer of a network security firm can't escape criminal charges related to a 2018 cyberattack against a local medical center. Vikas Singla faces 18 charges of illegal hacking, including 15 charges for disrupting a Lexmark printer network.