Articles Written By: Nathan Murphy

A new report published by Censinet, KLAS Research, the American Hospital Association, Health-IASAC, and the Healthcare and Public Health Sector Coordinating Council has revealed insights into the current state of cybersecurity preparedness within the healthcare sector. The report, compiled through a survey conducted in November 2023, involved executives and cybersecurity professionals from various healthcare subsectors, including providers, pharma, payers, medical device manufacturers, and health IT. The survey, which received responses from 396 individuals, aimed to identify the top cybersecurity concerns facing healthcare organizations in both 2023 and 2024. Key findings from the survey highlight persistent and emerging threats, as well…

A recent survey conducted by Rock Health, titled “The New Era of Consumer Engagement: Insights from Rock Health’s Ninth Annual Consumer Adoption Survey,” has revealed insights into consumers attitudes towards health data-sharing. Focused on 2023, the survey reflects the transformative impact of the pandemic on virtual care adoption and preferences, offering valuable insights into the current state of consumer engagement with digital health tools.   The survey, which involved over 8,000 U.S. Census-matched adults, revealed the growing role of virtual care in modern healthcare. Results demonstrated a steady increase in digital health adoption over recent years, with virtual care adoption…

Petersen Health Care, recognized as a leading operator of nursing homes in the United States, has filed for bankruptcy protection following a series of cyberattacks and defaults on government-backed loans. Headquartered in Peoria, Illinois, the company includes an expansive network comprising over 90 nursing homes spread across the states of Illinois, Missouri, and Iowa. Amid mounting financial pressures, Petersen Health Care initiated Chapter 11 proceedings in a Delaware bankruptcy court on Wednesday, confronting debts exceeding $295 million. A large portion of this debt, amounting to $45 million, pertains to healthcare facility loans insured by the U.S. Department of Housing and…

A major data breach has affected over 791,000 members of UNITE HERE, a New York labor union serving individuals in Canada and the US, revealing an infiltration of sensitive data. The breach, initially detected on October 20, 2023, signaled a breach in UNITE HERE’s systems, prompting immediate action from the union. Third-party cybersecurity experts were immediately engaged to conduct a thorough investigation, aimed at determining the scope and nature of the breach. It was revealed that unauthorized access had been gained, compromising sensitive data belonging to members of specific local unions, health funds, and the San Diego UNITE HERE Pension…

The U.S. Department of Health and Human Services (HHS) is advancing with plans to establish a dedicated task force in response to the increasing integration of artificial intelligence (AI) into the healthcare sector. This initiative, led by a top HHS official, aims to establish robust “assurance, monitoring, risk-management practices” surrounding the utilization of AI in healthcare applications. President Joe Biden’s executive order, signed in October, mandated the creation of a comprehensive framework for evaluating AI technologies before market entry and ensuring continuous performance monitoring post-implementation. Operating under this directive, the task force faces a stringent timeline, with a deadline of…

Healthcare and Public Health (HPH) organizations have been alerted to the growing threat presented by email bombing attacks, a tactic increasingly utilized by cybercriminals to disrupt operations and compromise security. Email bombing, also referred to as mail bomb or letter bomb attacks, involves inundating an email address or server with a large volume of emails in a short period, overwhelming the recipient’s inbox and rendering it unusable. These attacks, categorized as Denial of Service (DoS) attacks, aim to disrupt regular communication channels by flooding them with spam emails, making it challenging for users to access legitimate messages.   The threat of…

Optum, a subsidiary of UnitedHealth Group, has introduced a temporary funding assistance program aimed at helping organizations manage short-term cash flow challenges resulting from the ongoing Change Healthcare cyberattack. The cyber incident, orchestrated by the BlackCat/ALPHV threat actor, has disrupted healthcare services, leading to widespread concerns and urgent calls for government intervention. The program, accessible through Optum Financial Services, targets providers whose payment distribution has been directly impacted by the cyberattack. Recognizing the immediate financial needs of affected providers, Optum is mobilizing its resources to offer short-term temporary funding assistance, with the understanding that the funds will be repaid once…

The National Institute of Standards and Technology (NIST) has released an update to its Cybersecurity Framework (CSF), marking the first major revision in a decade since its introduction in 2014. This comprehensive update showcases a change in focus, expanding the CSF’s applicability beyond key infrastructure, to include a diverse range of organizations regardless of their cybersecurity maturity levels.   The CSF 2.0’s primary objective is to assist all organizations in effectively managing and mitigating cybersecurity risks. The evolution of this framework stems from extensive discussions and public feedback over several years, aiming to improve its overall effectiveness. The CSF now…

In the aftermath of the Change Healthcare cyberattack, the healthcare sector is facing unprecedented challenges, dealing with a cyber event organized by the BlackCat/ALPHV threat actor. Change Healthcare openly acknowledges the security breach and emphasizes collaboration with cybersecurity experts, law enforcement, and third-party consultants Mandiant and Palo Alto Networks. The company takes active measures to address the situation, implementing multiple workarounds to ensure the continuity of key services. Change Healthcare also maintains that the systems of Optum, UnitedHealthcare, and UnitedHealth Group remain unaffected by the cyber incident. The effects continue, causing disruptions for pharmacies nationwide on the sixth day of…

U.S. President Joe Biden is set to sign an executive order on Wednesday, aimed at preventing large-scale transfers of sensitive personal data of Americans to countries, including China. The order, primarily targeting data brokers, directs the Department of Justice to initiate a rule-making process to impede bulk data transfers to “countries of concern,” such as Russia and Iran. The order covers various types of sensitive personal data, including genomic data, biometric data, personal health data, geolocation data, financial data, and specific personally identifiable information. President Biden’s executive order focuses on the national security implications tied to the extensive transfer of…

The U.S. Department of Justice, in collaboration with the United Kingdom and international law enforcement partners, has declared a successful disruption of the notorious LockBit ransomware group. LockBit, a major player in the cybercrime, known for its relentless targeting of over 2,000 victims globally. The group accumulated staggering ransom payments exceeding $120 million and issued demands totaling hundreds of millions of dollars. This collaborative operation engaged the U.K. National Crime Agency’s Cyber Division, working closely with the U.S. Department of Justice, the Federal Bureau of Investigation (FBI), and other international law enforcement agencies. The strategic measures employed in this operation…

The Healthcare Cybersecurity and Communications Integration Center (HC3) has issued a warning regarding the escalating threat presented by the Akira ransomware group, which, since its emergence in March, has actively targeted and victimized over 60 entities, with a considerable impact on the healthcare sector. This recent addition to cybercrime has demonstrated remarkable aggression and proficiency in targeting the U.S. health sector during its relatively short existence.   First identified in May 2023, the Akira ransomware has rapidly expanded its reach, claiming at least 81 victims within a year. It is important to distinguish the current Akira variant from a previous version…

In an era of heightened cyber threats, researchers at cybersecurity firm Imperva have shed new light on the ever-evolving landscape of cyberattacks. Drawing from their recent 10th annual Bad Bot Report, the team offers a comprehensive examination of the escalating threats posed by bad bots, providing invaluable insights for industries across the board. The Imperva report’s findings are informed by an exhaustive analysis of six trillion blocked bad bot requests made across thousands of domains throughout 2022. The scale of the data examined underscores the increasingly pervasive nature of the bad bot problem and illustrates the need for evolving detection…

The ever-shifting terrain of cyber threats continues to pose increasing challenges for organizations across the globe. In particular, the specter of ransomware looms large, as indicated by Fortinet’s 2023 Global Ransomware Report. The comprehensive study, offering invaluable insights from 569 international cybersecurity leaders from diverse sectors, exposes a startling paradox. The majority, over 80% of respondents, express significant concern regarding ransomware, and a nearly equivalent number, 78%, believe they are well-prepared to ward off such an attack. Yet, despite this apparent readiness, a startling 50% of these organizations fell prey to ransomware attacks in the previous year. John Maddison, Fortinet’s…

According to the 2022 Internet Crime Report released by the FBI, losses due to cybercrime have surged by 49% to $10.3 billion in the current year, despite a 5% decline in the number of complaints received. In the past five years, the total loss due to cybercrime has exceeded $27.6 billion, with more than 3.26 million complaints received by the FBI’s Internet Crime Complaint Center (IC3). Established in 2000, the IC3 serves as a crucial component of the FBI’s mission to combat cybercrime, which poses a growing threat in our interconnected world. It serves as a platform to receive and…

The SEC has announced that Blackbaud, a software provider catering to non-profit organizations, will be paying out a $3 million settlement for its inadequate disclosure about a ransomware attack in 2020 that affected more than 13,000 customers. Further investigation revealed that the firm had not accurately conveyed the extent of the incident even after it became aware of the inaccuracy of its original public announcements. This attack was the largest healthcare data breach reported in 2020, affecting over 10 million patients and more than two dozen provider organizations. The attackers went undetected for over three months and were able to…

The healthcare industry continues to be a prime target for cybercriminals, with data exfiltration posing a significant threat to patient privacy and security. According to a recent report published by the HC3, a cybersecurity agency that collaborates with the Department of Health and Human Services, data exfiltration is becoming increasingly prevalent in healthcare cyberattacks, and the implications can be severe. Data exfiltration is a security breach where malware or a malicious actor transfer data from a device without permission. It is one of the last stages in the cyber kill-chain and is the target of advanced persistent threats (APTs). Ransomware…