Image by freepik What You Should Know:  – UnitedHealth Group is embroiled in a new ransomware saga, just as it recovers from a February attack, according to a blog post from threat intelligence firm SOCRadar. – A hacking group called RansomHub claims to possess 4 terabytes of stolen data from UnitedHealth’s subsidiary, Change Healthcare and is demanding a ransom to prevent its release. RansomHub’s Demands and Allegations This data supposedly includes the personal details and medical records of “millions” of patients. RansomHub demands payment from UnitedHealth to prevent the data from bei ..read more

What You Should Know: – The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced an investigation into the recent cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group (UHG). – The cybersecurity attack has significantly disrupted healthcare billing and information systems nationwide, potentially impacting patient care. Investigation Focuses on HIPAA Compliance The OCR enforces the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules. These rules establish minimum standards for protecting pat ..read more

Chris Bowen, founder and CISO at ClearDATA In healthcare, sensitive data comes with great responsibility. For companies entrusted with managing and protecting patients’ personal information, ensuring the privacy of that data must be the highest priority. These companies are called to act as vigilant guardians, especially when you consider that secure and accurate data can literally save lives. Enter the concept of ‘privacy and security by design,’ an approach that goes beyond merely meeting compliance standards and, instead, embedding security at the very core of business operations. With priv ..read more

Cam Roberson, VP at Beachhead Solutions Healthcare delivery organizations and those working with them that are still in business are either well aware of their duties under HIPAA, work with managed service providers that understand the law well, or…are lucky to have made it this far. Even for organizations that have steered clear of both cyberattacks and regulatory fines, vigilance is essential to maintaining a clean bill of (cybersecurity) health. With HIPAA guidance and enforcement practices shifting increasingly quickly right now, businesses must adapt their cybersecurity strategies to rema ..read more

What You Should Know: – A new critical vulnerability was discovered in NeuroWorks Natus Electroencephalogram (EEG) Software that could allow cybercriminals to take control of affected devices and steal medical data. NeuroWorks Natus Electroencephalogram (EEG) software solution is widely used across clinics, hospitals, large teaching facilities and medical device providers for EEG, LTM, ICU, sleep, and research studies. – Trustwave SpiderLabs discovered the vulnerability affects the software’s default credentials, could be exploited by cybercriminals to remotely execute code on target devices ..read more

What You Should Know:  – Cybercriminals have been highly successful in their ransomware attacks on healthcare organizations, according to a new survey conducted by Sophos. “The State of Ransomware in Healthcare 2023, report reveals nearly 75% of the surveyed healthcare organizations reported that their data was successfully encrypted by the attackers.  – In addition, only 24% of healthcare organizations were able to disrupt a ransomware attack before the attackers encrypted their data—down from 34% in 2022; this is the lowest rate of disruption reported by the sector over the past t ..read more

Rebecca Gazda, Sr Director of Labs at DNSFilter There’s no denying it – the need for stronger cyber defense is urgent. More ransomware attacks targeted healthcare in 2022 than any other critical infrastructure sector, according to the FBI’s Internet Crime Complaint Center (IC3). With attacks on healthcare negatively impacting patient care – including increased mortality rates – healthcare organizations must adopt proactive approaches to better protect their patients and sensitive information.  In the spring, the Multi-State Information Sharing and Analysis Center(MS-ISAC) released new gui ..read more

What You Should Know: Zscaler, Inc., the leader in cloud security, today announced that it has teamed up with CrowdStrike and Imprivata to deliver a zero-trust cybersecurity solution from device to cloud that’s custom-made for medical institutions. The new Zscaler integration with the Imprivata Digital Identity Platform will provide visibility, threat protection and traceability for end-to-end, multi-user, shared device access control that are required for organizations to meet regulatory requirements, including HIPAA and HITECH. Increasing Visibility and Creating Better Mult ..read more

Dr. Sean Kelly, Chief Medical Officer and SVP of Customer Strategy, Imprivata In the wake of the pandemic, the nursing field has continued to suffer large-scale burnout and a wave of retirements. An estimated 100,000 registered nurses have left the field since 2020 due to Covid-related stress, according to the National Council of State Boards of Nursing (NCSBN), accelerating the chronic understaffing crisis that already strained hospitals and healthcare organizations pre-pandemic.  The remaining nurses are caught in a vicious burnout cycle, forced to bear an ever-increasing burden as thei ..read more

Jon Moore, MS, JD, HCISPP, Chief Risk Officer and SVP of Clearwater Recent advances in Generative AI Large Language Models, such as ChatGPT, have been making waves across various industries, not least in healthcare. With the ability to converse with users much like a friend, adviser, or assistant, these models have a broad appeal and immense potential. Their user-friendly nature is democratizing access to AI and stirring a cauldron of innovation, with healthcare emerging as a field ripe for exploration. Nevertheless, as with any powerful tool, there’s a double-edged sword at play here. The ver ..read more