Healthcare

  • Potential Backdoor Embedded in Contec Health CMS8000 Patient Monitor Firmware

    January 31, 2025

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a medical product advisory for the Contec Health CMS8000 Patient Monitor to address one critical and two high severity vulnerabilities. The Contec CMS8000 is a patient monitor used to display real-time information such as the vital signs of a patient, including temperature, heartbeat, and blood pressure. ...

  • UnitedHealth hid its Change Healthcare data breach notice for months

    January 15, 2025

    Change Healthcare, the UnitedHealth-owned health tech company that lost more than 100 million people’s sensitive health data in a ransomware attack last year, said on Tuesday that the company has “substantially” completed notifying affected individuals about the massive data breach. The February 2024 ransomware attack on Change Healthcare, one of the biggest processors of patient billing ...

  • EU lines up intel-sharing, cyber squads to stop hospital hacks

    January 15, 2025

    The European Union is ramping up support, an early-warning system and rapid response teams to help its hospitals fight off cyberattacks from hacker groups, it said Wednesday. The plan proposes setting up a European Cybersecurity Support Center for hospitals and the health care sector at the EU’s cybersecurity agency ENISA. That support center will provide tools ...

  • Ransomware attack on health giant Ascension hits 5.6 million patients

    December 20, 2024

    A May ransomware attack on Ascension, a U.S. healthcare giant with more than 140 hospitals and dozens of senior living facilities, allowed hackers to steal personal and sensitive health information on 5.6 million patients, according to a new filing with Maine’s attorney general. The cyberattack caused widespread disruption across its hospital system, with some staff describing ...

  • How the ransomware attack at Change Healthcare went down – a timeline

    December 18, 2024

    A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history. Months after the February data breach, a “substantial proportion of people living in America” are receiving notice by mail that their personal and health information was ...

  • UK: Ransomware hackers target NHS hospitals with new cyberattacks

    December 4, 2024

    Ransomware hackers have continued an assault on National Health Service trusts across the United Kingdom by compromising multiple hospitals, exposing sensitive patient data and disrupting emergency services. Inc Ransom, a prolific Russia-linked ransomware group that claimed responsibility for an attack on NHS Scotland earlier this year, now claims to have breached the Alder Hey Children’s Hospital ...

  • Medical testing company LifeLabs failed to protect customer data, report finds

    November 27, 2024

    In 2019, a ransomware attack hit LifeLabs, a Canadian medical testing company. The ransomware encrypted the lab results of 15 million Canadians, and personally identifiable information (PII) of 8.6 million people was stolen. After noticing the attack, LifeLabs informed its customers and the Canadian privacy regulators, which immediately announced an investigation. The privacy commissioners of both ...

  • 9 months after the largest healthcare breach in history, UnitedHealth subsidiary back online

    November 22, 2024

    Change Healthcare—a subsidiary of the global health company UnitedHealth Group — has restored its medical billing services nine months after suffering an unprecedented ransomware attack that left providers with serious cashflow problems, threatened access to care, and leaked sensitive information onto the dark web. Change Healthcare, one of the largest health payment processing companies in the ...

  • 100 million people hit in largest healthcare data breach in history – medical info, SSNs and more

    October 26, 2024

    More than 100 million people had their personal information and healthcare data stolen in the massive UnitedHealth ransomware attack earlier this year, making it the largest healthcare data breach in the country. After completing its investigation into February’s data breach, the US Department of Health and Human Services said this week that roughly a third of ...

  • Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action

    October 22, 2024

    Healthcare organizations are an increasingly attractive target for threat actors. In a new Microsoft Threat Intelligence report, US healthcare at risk: strengthening resiliency against ransomware attacks, our researchers identified that ransomware continues to be among the most common and impactful cyberthreats targeting organizations. The report offers a holistic view of the healthcare threat landscape with a ...

  • EU Network and Information Security (NIS) Directive: Parliament adopts new law to strengthen EU-wide resilience

    October 11, 2024

    Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on Thursday. The legislation, already agreed between MEPs and the Council in May, will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, ...

  • British Columbia: Clients of Indigenous health authority react to ransomware attack

    October 9, 2024

    The First Nations Health Authority (FNHA) in British Columbia says it has concluded its investigation into a ransomware attack in May, but some clients remain concerned about the theft of their medical and personal information. The FNHA said it “uncovered evidence that health insurance plan billing data, procurement contracts, business contracts, FNHA budgets, cheques, information on ...

  • Awareness of Cyber Risks to Healthcare Organizations is not Always Translating to Adequate Protections

    October 8, 2024

    Despite growing awareness and widespread acknowledgment of the impact of cyber threats facing the healthcare industry, many within it are still struggling to keep them at bay. The third annual Ponemon Institute Report, commissioned by Proofpoint, found that 92% of US healthcare organizations surveyed experienced at least one cyber attack in the past 12 month, with ...

  • Cyber Security Bill will prevent future attacks on NHS

    October 2, 2024

    New legislation to improve UK cyber defences and protect public services will prevent attacks similar to the ransomware attack impacting London hospitals, according to the Department of Science, Innovation and Technology (DSIT). The Cyber Security and Resilience Bill, which is due to be introduced to Parliament in 2025, was first announced in the King’s Speech on ...

  • Storm-0501: Ransomware attacks expanding to hybrid cloud environments

    September 26, 2024

    Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and ...

  • Australia’s biggest medical imaging provider I-MED data breach exposes tens of thousands of patient files

    September 26, 2024

    Tens of thousands of patients from Australia’s biggest medical imaging provider I-MED have had swaths of sensitive health and personal information exposed in a data breach using details that have been public for a year. This information includes medical reports, scan images, names, addresses and other details that were stored in I-MED’s internal systems, which were ...

  • ‘Two-factor authentication may have stopped Synnovis cyber attack’

    September 25, 2024

    The cyber attack on pathology provider Synnovis could have been prevented by two-factor authentication, according to Beverley Bryant, strategic advisor in the frontline digitisation team at NHS England. Speaking at the Health Excellence Through Technology (HETT) conference on 24 September 2024, in a session titled ‘Best practice in cyber security: Achieving excellence in the health and ...

  • Education, Health Sectors Facing Challenges as Nigeria Records 586,130 Cyber Threats in 6 Months

    September 14, 2024

    Between January and June 2024, a staggering 586,130 cyber threats were launched against Nigeria, especially the financial institutions and telecoms companies, with other sectors also facing specific challenges. According to the report, various industries face unique cybersecurity challenges. The education sector grappled with maintaining security amidst digital transformation. The healthcare industry struggled to balance handling sensitive ...

  • Thousands of US medical professionals have data exposed in major data breach

    September 11, 2024

    Researchers have found a database backup belonging to Florida-based recruitment company MNA Healthcare left unsecured online, leaving the details of thousands of workers open to anyone. The company offers staffing services for healthcare workers and matches them with hospitals and organizations across nine states. The leaked information included full names, addresses, phone numbers, job titles, work ...

  • Nearly 1M Medicare beneficiaries potentially affected after data breach

    September 10, 2024

    Nearly 1 million Medicare beneficiaries are being warned that their personal information may have been compromised in a cybersecurity incident last year. The Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS), the contractor that utilized the affected MOVEit software, said last week that 946,801 people on Medicare were notified that ...