On April 16th, healthcare industry leaders gathered in Washington, DC to testify to the Energy and Commerce Health Subcommittee on the topic of “Examining Health Sector Cybersecurity in the Wake of the Change Healthcare Attack.” The insights these leaders shared around the sector-wide risks facing healthcare and the potential steps forward to address them were timely and enlightening. While Change Healthcare was the focal point of this discussion, there were many areas of concern that were brought up during the hearing, including: Vertical consolidation The industry experts testified to concer ..read more

The “evolving threat landscape” is more than just a ubiquitous cybersecurity term; it represents some of the biggest challenges cybersecurity leaders contend with, especially in healthcare. From increasingly sophisticated and dangerous threat actors, expanding attack surfaces, and competing priorities to budget constraints, fragmented technology, and an often confusing regulatory environment, healthcare cybersecurity is a volatile, high-stakes situation for IT security teams. Exacerbating these challenges is the critical shortage of cybersecurity talent. The ISC2’s 2023 Cybersecurity Workforce ..read more

The journey to cybersecurity resilience in healthcare is not a solo endeavor. It requires coordination among several pivotal organizations. At the heart of this collaborative effort is the Health Sector Coordinating Council Cybersecurity Working Group (HSCC CWG), a team designated by the U.S. government as a critical infrastructure advisory council. The HSCC CWG exemplifies a public-private partnership that works hand in hand with the government to tackle systemic cyber threats through strategic initiatives and the development of cybersecurity best practices. As the healthcare sector navigates ..read more

Even though spring has officially sprung, recent Ivanti and Fortinet vulnerabilities have made it feel a bit like Groundhog Day. As we’ve examined the vulnerabilities associated with Ivanti’s Secure Connect and FortiClient solutions over the past few months, it’s become clear that closing the security loopholes has posed significant challenges. While the coverage may start to sound a bit repetitive, the risks related to these vulnerabilities remain real and present, especially for healthcare organizations. Challenges fixing Ivanti Connect Secure vulnerabilities  A lot has happened in the ..read more

Healthcare data breaches can be costly, difficult to resolve, and dangerous for patients. Yet despite the best preventative practices, breaches can still happen, underscoring the critical need for prompt detection and response. As healthcare organizations are responsible for safeguarding private patient data, swiftly identifying signs of a data breach is essential. If such sensitive information were to fall into the wrong hands, the repercussions could be severe. However, the signs of a healthcare data breach aren’t always obvious. The early signals may seem like routine technology glitches. T ..read more

Recent changes have gone into effect that give the Food and Drug Administration (FDA) a stately feather in their cap: the authority to require cybersecurity standards for medical devices. However, this increased influence did not happen overnight. Nor did it happen in a vacuum. To unpack how it came about, who is likely to be impacted, and what it means for existing and future medical devices, we have summarized the key components for you. 1. How should one refer to this new law? The easiest shorthand is “524B.” That said, it is also commonly referred to as the “PATCH (Protecting and Transform ..read more

When a patient chooses a healthcare organization, they aren’t just trusting them with their physical health; they’re also trusting that healthcare organization with their most sensitive personal information. However, that trust can be undermined if a security breach compromises their data. Unfortunately, cyber attacks against healthcare are on the rise. Over the past decade, theft of electronic Protected Health Information (ePHI) in the United States has increased steadily, resulting in healthcare organizations incurring both reputational and financial costs. Impact of cyber attacks on healthc ..read more

Since its detection in February, the impact of Change Healthcare’s cyber attack has been staggering. Unfortunately, this is not the only incident that’s impacted healthcare organizations. Several others have sparked urgent calls for updates and heightened vigilance among IT teams, stressing the cyber pressures that constantly confront the healthcare sector. Change Healthcare cyber attack Throughout the latter part of February, the headlines were focused on Change Healthcare’s disclosure of a breach on the 21st, coinciding with a surge in ConnectWise ScreenConnect attacks. The investigations li ..read more

In November, new details emerged about the Okta incident, coinciding with the discovery of critical vulnerabilities in Orthanc software and Windows Defender SmartScreen. These vulnerabilities pose significant risks to healthcare organizations, their networks, patients, and data. Read on to explore these threats in-depth and how to mitigate them. Okta’s security breach update On November 3rd, Okta issued a Root Cause Analysis (RCA) report, providing an update on its October security breach. The company determined that a threat actor had run and downloaded a report that contained the names and e ..read more

More than 87 million. That’s the estimated number of patient records that have been compromised as of the end of October 2023, according to data gathered from the Office for Civil Rights (OCR). That’s a 55 percent year-over-year increase from 2022.  Throughout the month of October, threat actors increasingly exploited vulnerabilities and used nefarious tactics that put patient records at risk. Threats to PHI data from Progress WS_FTP Server vulnerability Progress Software, the maker of MOVEit, has a vulnerability in their WS_FTP Server software. WS_FTP Server and MOVEit are file transfer ..read more