Search Results for breaches

Weekend reading: AI cybersecurity tools no panacea, reality v. illusion in healthcare AI, RPM in transitioning to hospital-at-home, Korean study on older adult health tech usage

A potpourri of current articles. Hope you don’t feel like Pepper the Robot after you read them! AI won’t boost cybersecurity, that’s cutting corners (Cybernews) AI tools that make cybersecurity more effective and faster in response are increasingly available. They are estimated in a Techopedia article rounding up multiple studies to be a global market of over $133 billion by 2030. IBM claims that organizations with AI cybersecurity took 100 days less to identify and contain data breaches. Yet AI can also leave organizations more vulnerable to cyberattack. Hackers and ransomwareistes have been using AI for years in phishing and... Continue Reading

Short takes: Humana’s big MA loss (updated); Medicare telemental care bill back in Senate; HHS releases cybersecurity performance goals; Texas Healthcare Challenge hackathon 23-24 February

...directly address common attack vectors against U.S. domestic hospitals as identified in the 2023 Hospital Cyber Resiliency Landscape Analysis. As noted earlier this week, there were 116 million patient records exposed in 2023 data breaches, doubling that in 2022. HHS means well, but this is another ‘blood out of a rock’ situation. Health IT departments all over the US, from providers to payers, have had or are facing layoffs in the ongoing clash of business versus technology, which won’t cease because HHS would like it to. HealthcareDive, HealthcareITNews, The Texas Healthcare Challenge Hackathon is back! After three years dark, this... Continue Reading

News roundup: Bright Health now NeueHealth; breached patient records double, RCM as vector for hacking; Amazon’s CCM marketplace; JPM reflects the new reality; fundings for Vita Health, Turquoise, CardioSignal few. As to the bills coming due for CMS liabilities and debt owed to New Enterprise Associates now that JP Morgan has been paid…not a word. We continue to hand it to Bright, now NeueHealth, for the Best Gordian Knots in Healthcare. Release, Healthcare Dive Patient records exposed in data breaches doubled in 2023 versus 2022. According to an analysis by cybersecurity firm Fortified Health Security of HHS’ Office of Civil Rights (OCR), which tracks data breaches, in 2023 there were 116 million patient records exposed, topping the over 100 million of 2015, with over 655 breaches, a decrease... Continue Reading

Got a data breach? Blame the victims like 23andMe did!

23andMe wished its breached customers Happy New Year by putting the blame…on them! The hacking that started with 14,000 records and grew to exposing the records and personally identifiable information (PII) of 6.9 million users, about half their customer database, has spawned over 30 class action lawsuits in the US, plus lawsuits in Ontario and British Columbia, Canada. 23andMe, in their responses to law firms and on their blog, told lawyers and users–not unexpectedly–that the data breaches were due to 23andMe users recycling log in credentials, such as passwords, that were used on other–breached–websites, and failed to update them on... Continue Reading

Another turkey: potential 9M patients affected by medical transcription vendor data breach

...with transcription providers, having been affected by Nuance Communications’ hack earlier this year by one of their vendors–the Progress Software MOVEit file transfer protocol (FTP) theft traced back to ransomwareistes CLOP [TTA 3 Aug]. Personal health information stolen for all included name, date of birth, address, medical record number, hospital account number, admission diagnosis, and date(s) and time(s) of service. While the records didn’t contain financial information, some patients may have had breaches of their Social Security numbers, insurance information and clinical information from medical transcription files, such as laboratory and diagnostic testing results, medications, the name of the treatment... Continue Reading

New York State drafting proposed cybersecurity regulations for hospitals, allocates $500M for upgrades

...indeed. NYS release, MedCityNews This Editor attended the Official Cybersecurity Summit New York 2023 last Friday, with a security briefing by NY State’s deputy chief cyber officer for operations, Jesse Sloman. He described the overall strategy of the state agency, the first ever, as building a unified, resilient, and prepared cybersecurity strategy across all agencies in the state, with a single point for operations including law enforcement, military, transportation, and of course healthcare. Certainly, internally instigated breaches, ransomware attacks, DDOS, and nation-state/transnational cyberattacks by Russian ransomwareistes like CLOP are expensive. He quoted a five-year loss of $27.6 billion with 3.2... Continue Reading

This ‘n’ that: HHS settles *2017* ransomware breach, Carbon Health lays off 114 in restructuring, why oh why VC General Catalyst wants a $3B health system, when Larry Met Billy, a lexicon of workplace terms

It only took five years to levy a $100,000 fine. Doctors’ Management Services, a Massachusetts-based medical management company, had a ransomware attack back in 2017 that exposed 206,695 individuals to personal health information violations. The Health and Human Services (HHS) Office for Civil Rights (OCR), which is charged with actually enforcing penalties and remedies for data breaches, decided that Doctors’ management hadn’t done quite enough to protect their patients. The cyberattack was identified in December 2018, but Doctors’ didn’t report the breach to OCR until April 2019. Their network had been infected with GandCrab ransomware. After determining various protection failures,... Continue Reading

FTC, HHS OCR scrutiny tightens on third-party ad trackers, sends letter to 130 hospitals and telehealth providers

...FTC’s Bureau of Consumer Protection, said. At OCR, which historically had its hands full with HIPAA violations and data breaches, their scope has broadened. “Although online tracking technologies can be used for beneficial purposes, patients and others should not have to sacrifice the privacy of their health information when using a hospital’s website,” said Melanie Fontes Rainer, OCR Director. “OCR continues to be concerned about impermissible disclosures of health information to third parties and will use all of its resources to address this issue.” Both HHS and FTC can take action without the time-consuming legal actions that DOJ must undertake.... Continue Reading

Mid-week roundup: telehealth success in opioid use disorder treatment, Epic sees fewer followup visits from telehealth vs in-office, telehealth usage slightly lower, HCA data theft may affect 11 million

...of unidentified demands to be responded to by 10 July. It was flagged on Twitter by Brett Callow, an analyst at New Zealand-based Emsisoft. What wasn’t included was typical personal health information (PHI)–sensitive clinical information, payment information, or other PII such as driver’s license and Social Security numbers that can be cross-referenced with other hacked data. The sheer scope of the breach–reportedly 11 million records for patients across 24 states and 171 healthcare facilities, perhaps one of the largest breaches ever–while limited in harm to patients, is still going to create a big headache for HCA. CNBC, Becker’s, HealthcareITNews,,... Continue Reading

Monday roundup: Envision files Ch. 11, who’s to blame for Meta Pixel abuse?, CVS Health to shut clinical trials unit, Amino Health scoops $80M, DocGo flat but optimistic, Owlet way down in revenue

...Orleans plus Willis-Knighton Health in northwest Louisiana (Healthcare Dive). If the District Court finds that Meta, and possibly other ad trackers such as those from Google, Twitter, or Bing were not inherently liable for personal health data violations that monetized PHI, then the health systems are 100% on the hook for the data breaches (or ‘wiretapping’ in a creative use of terminology). It also makes the potential paydays possibly less lucrative–in the eyes of this Editor, as Meta and Google have far deeper pockets than any ol’ health system. SC Media, Paubox The Meta Pixel backstory here CVS Health to... Continue Reading