One in four (27%) employees of healthcare organizations in North America admit to being aware of a ransomware attack targeting their employer over the past year, a new Kaspersky Lab survey reveals.
Ransomware attacks have plagued organizations in numerous sectors over the past several years, and the healthcare industry was one of their preferred victims, although security researchers have already noticed a downward trend in such incidents.
Read more about the findings of the new report on SecurityWeek.
State Attorneys General from a dozen states have filed a lawsuit against several health IT companies, and their subsidiaries, alleging that poor security practices led to theft of protected health information (PHI) of 3.9 million individuals during a data security incident in 2015.
The 66-page complaint names four companies or subsidiaries, the state AGs allege that the companies failed to take “adequate and reasonable measures” to ensure their computer systems were protected. The lawsuit marks the first time state Attorneys General have joined together to pursue a HIPAA-related (Health Insurance Portability and Accountability Act) multistate data breach case in federal court.
Abbott and The Chertoff Group released a white paper that shares key findings from a recent study of 300 physicians and 100 hospital administrators on cybersecurity challenges in the hospital environment. Results found that while physicians and hospital administrators view cybersecurity as a priority, the majority of them feel underprepared to combat cyber risks in the connected hospital.
“Cybersecurity is a shared responsibility across all of us working in today’s healthcare system,” said Chris Tyberg, Divisional Vice President, Product Security, Abbott. “It is important for us to understand the challenges hospitals face and how we can collaborate on potential solutions.”
Two hospitals in Ohio and West Virginia have been forced to turn away emergency patients after their computer systems were crippled in a ransomware attack over the weekend. The hospitals — the Ohio Valley Medical Center in Wheeling, West Virginia, and East Ohio Regional Hospital in Martins Ferry, detected the ransomware attack on Nov. 23. It spread through their networks over the weekend.
The details of the form of ransomware were not known, but the attack caused system failures. The hospitals could not process incoming emergency patients, forcing them to divert those requiring medical treatment to other local hospitals.
Your personal identity may fall at the mercy of attackers on many websites, but when it comes to health data breaches, hospitals, doctors offices and even insurance companies are oftentimes the culprits.
New research from Michigan State University and Johns Hopkins University found that more than half of the recent personal health information, or PHI, data breaches were because of internal issues with medical providers – not because of hackers or external parties.
The Altus Baytown Hospital (ABH) has revealed a ransomware outbreak which may have led to the leak of patient data. In a statement on its website, the Texas-based hospital said that ABH discovered an unauthorized threat actor rifling through the organization’s systems on roughly September 3.
The “unauthorized party” deployed malicious code and infected the hospital’s systems with a strain of ransomware. The ransomware at fault for the infection is known as Dharma. As with most strains, the malware was able to encrypt files and then demanded a ransom payment in return for access. As the threat actor was present on ABH servers and details are thin on the ground, it is possible data has also made its way into the wrong hands.
Read more about the ransomware attack on a Texas hospital on ZDNet.
Bankers Life is notifying more than 566,000 individuals, including Medicare supplemental insurance policyholders, that their personal information was exposed in a hacking incident. Employee credentials were compromised, enabling unauthorized third parties to gain access to certain company websites containing personal data on policyholders and applicants, the insurer says.
The incident, which was reported by Bankers Life’s parent company, CNO Financial Group, to the Department of Health and Human Services as an “unauthorized access/disclosure” breach, is the fifth largest incident added to the HIPAA Breach Reporting Tool website so far this year. Commonly called the “wall of shame,” the HHS website lists health data breaches impacting 500 or more individuals.
Hackers have breached a HealthCare.gov sign-up system and have gotten their hands on the personal information of roughly 75,000 people, the government said on Friday, October 19. The CMS said that it detected “anomalous system activity” in the FFE on October 13, 2018, and started an immediate investigation. A breach was confirmed on October 16.
The system is named Federally Facilitated Exchanges (FFE), and is managed by the Centers for Medicare & Medicaid Services (CMS). Healthcare insurance agents and brokers use the FFE to enroll users into Obamacare plans made available through the official HealthCare.gov portal.
Further research indicated that in a survey of 100 internet users, 89% had used a medical website to help self-diagnose an ailment at some point, yet only 42% understood that the activity they conducted was then shared with other third-party companies. This means 58% of the users surveyed had no idea that their information was being passed onto companies after they had clicked ‘Accept’ on the site’s cookies policy.
Hackers are leveraging error messages from connected medical devices — including radiology, X-ray and other imaging systems — to gain valuable insights, according to Zingbox. These insights are then used to refine the attacks, increasing the chance of successful hack.
The research revealed that hackers can “trick” or induce medical devices into sharing detailed information about the device’s inner workings, and that leveraging this information quickens a hacker’s access to a hospital’s network.