Bipartisan Legislation Seeks Stronger Healthcare Cybersecurity

November 27, 2024 at 06:07AM US senators have introduced the Health Care Cybersecurity and Resiliency Act of 2024, aiming to enhance cybersecurity in healthcare by updating HIPAA regulations, providing financial aid, and facilitating training. The law mandates information sharing on incidents and requires public disclosure of affected individuals, responding to rising cyber threats in the … Read more

Healthcare’s Grim Cyber Prognosis Requires Security Booster

October 8, 2024 at 03:17PM The healthcare sector’s resilience against ransomware attacks has worsened, with two-thirds of organizations experiencing attacks. New threats, such as the Trinity ransomware, continue to emerge. Legislation is being proposed to improve cybersecurity in the industry, as cybercriminals target healthcare due to its critical operations and willingness to pay ransoms. Healthcare … Read more

Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities

August 13, 2024 at 02:40PM Multiple privilege escalation issues in Microsoft Azure’s Health Bot service allowed server-side request forgery and potential access to cross-tenant resources. Quickly patched by Microsoft, these vulnerabilities highlight concerns about chatbot risks, specifically regarding access to sensitive health information. Tenable Research found that exploitation could lead to management capabilities for other … Read more

Healthcare Providers Must Plan for Ransomware Attacks on Third-Party Suppliers

August 9, 2024 at 08:18AM The American Hospital Association and the Health-ISAC issued a joint threat bulletin cautioning about ransomware attacks causing blood shortages and disrupting patient care in the U.S. and U.K. The bulletin highlighted recent attacks and urged healthcare organizations to prepare for supply chain disruptions and develop risk management plans for third-party … Read more

South Africa National Healthcare Lab Still Reeling from Ransomware Attack

July 3, 2024 at 03:03AM The South African National Health Laboratory Service (NHLS) continues to recover from a ransomware attack, causing disruptions in lab testing and access to test results. This adds pressure to the already strained healthcare system, potentially leading to more infections and worsened health outcomes. The government and organizations must enhance cybersecurity … Read more

Ascension Healthcare Suffers Major Cyberattack

May 10, 2024 at 12:47PM Ascension, a healthcare provider operating 140 hospitals, suffered a cyberattack affecting essential systems like electronic health records and patient communication platforms. The organization has paused non-emergency procedures and is diverting some emergency services. Incident response help has been sought, and patient data exposure is being investigated. The attack highlights healthcare’s … Read more

Ascension healthcare takes systems offline after cyberattack

May 8, 2024 at 05:33PM Ascension, a major U.S. nonprofit health system with 140 hospitals and 40 senior care facilities across 19 states and the District of Columbia, has detected a cybersecurity event, prompting the organization to advise business partners to suspend connections to its systems. The incident has disrupted clinical operations, and an investigation … Read more

MedSec Launches Cybersecurity Program For Resource-Constrained Hospitals

April 10, 2024 at 05:22PM MedSec, a medical device security firm, has launched the Hospital Roadmap to Resilience ProgramSM, assisting hospitals in enhancing cybersecurity to protect patients. With a focus on resource-constrained hospitals, the program offers foundational policies, processes, and procedures, enabling informed risk decisions and basic network risk management. MedSec aims to address the … Read more

Healthcare IT Help Desk Employees Targeted in Payment-Hijacking Attacks

April 8, 2024 at 09:54AM Healthcare and public health (HPH) organizations are being targeted by threat actors aiming to infiltrate corporate networks and divert payments. The US Department of Health warns of a recent attack in which an IT help desk employee was impersonated over the phone to gain network access and initiate unauthorized payment … Read more

White House Budget Proposal Seeks Cybersecurity Funding Boost 

March 13, 2024 at 10:45AM The White House has released a $7.3 trillion budget proposal for fiscal year 2025, emphasizing increased cybersecurity spending. This includes specific allocations such as $13 billion across civilian departments, $3 billion for the cybersecurity agency CISA, and additional funding for the Justice Department and healthcare sector. The budget also addresses … Read more