Federal regulators have hit a California physician services organization with a $240,000 HIPAA civil penalty following an investigation into three ransomware attacks that occurred within a three-week span in early 2018, compromising the sensitive information of 85,000 patients.
A misconfigured web server and the exposure of sensitive information for nearly 600,000 prison inmates in 2022 will cost medical claims processing company CorrectCare $6.49 million to settle a consolidated proposed class action lawsuit, according to court records.
Two U.S. senators are proposing stricter cyber mandates for the healthcare sector. The bill provides funding to help hospitals adopt enhanced requirements, but lifts HIPAA enforcement fine caps and threatens executives with prison time for falsely attesting their organizations' compliance in audits.
Threat actors tracked as "Vanilla Tempest" - and also known as Vice Society - appear to be changing up the ransomware they use to attack on U.S. healthcare organizations. Likely in a move to avoid detection, the ransomware-as-a-service group has shifted to INC Ransom malware, according to Microsoft.
The U.S. Centers for Medicare and Medicaid Services has updated the scope of the MOVEit hacking breach last year, telling a sister agency that the software supply chain attack affected more than 3.1 million individuals - about three times the number of victims disclosed publicly earlier this month.
Recent mega data breaches involving third-party vendors - such as the Change Healthcare cyberattack - are intensifying the spotlight on critical security risk management and governance issues for business associates and other suppliers, said regulatory attorney Rachel Rose.
A Louisiana-based ambulance company that provides emergency medical care services in four states is notifying nearly 3 million people that their sensitive health information was potentially stolen in a June hack. Ransomware gang Daixin claims to have published the data on its dark web leak site.
Texas Attorney General Ken Paxton is suing the Biden administration, alleging that "unlawful" HIPAA Privacy Rule regulations are hindering the state's law enforcement investigations into abortion cases and other reproductive health care cases.
Planned Parenthood of Montana, which provides patients with reproductive healthcare services including birth control and abortion, is responding to a hack and a threat by cybercriminal group RansomHub to leak 93 gigabytes of data allegedly stolen from the organization.
The Department of Health and Human Services has dropped its appeal of a recent federal court decision saying that HHS exceeded its authority in warning HIPAA-regulated entities that it's unlawful to use online tracking tools to capture certain identifiers in user visits to health-related websites.
A vendor that provides information systems and transcription services to radiology practices is alerting 411,037 people of a hack discovered last December involving the theft of sensitive data. The firm already faces at least four proposed federal class action lawsuits related to the hack.
A bipartisan House bill aims to bolster cybersecurity in the healthcare sector by requiring stronger collaboration between CISA and the Department of Health and Human Services. The bill is a companion to nearly identical bipartisan legislation introduced in the Senate in July.
Two months after RansomHub claimed to have published 100GBs of its stolen data on the dark web, the Florida Department of Health is notifying citizens that their sensitive information has been compromised. The attack affected the vital statistics system used to issue birth and death certificates.
Some dentists don't have much to smile about these days when it comes to cyberattacks. More than 1.2 million of their patients have had their sensitive data compromised in at least two dozen hacks and other breaches so far in 2024, including several incidents reported in the past month.
A small rural Alabama hospital is notifying more than 61,000 patients that their sensitive information was potentially compromised in an October 2023 hacking incident. Why the many months-long delay in notifying regulators and affected individuals?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.