Tag: healthcare
-
Information Security Manual (ISM)
What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats. The ISM is relevant to industries like government, defense, finance, healthcare, and other sectors where sensitive……
-
How organizations can secure their AI code
Tags: ai, application-security, awareness, backdoor, breach, business, chatgpt, ciso, compliance, control, credentials, crime, cybersecurity, data, data-breach, finance, github, healthcare, LLM, malicious, ml, open-source, organized, programming, risk, risk-management, software, startup, strategy, supply-chain, technology, tool, training, vulnerabilityIn 2023, the team at data extraction startup Reworkd was under tight deadlines. Investors pressured them to monetize the platform, and they needed to migrate everything from Next.js to Python/FastAPI. To speed things up, the team decided to turn to ChatGPT to do some of the work. The AI-generated code appeared to function, so they…
-
Cyber Essentials NHS and Healthcare Organisations
What is Cyber Essentials? Cyber Essentials scheme is a UK government-backed initiative designed to help organisations, large or small, shield themselves from common cyber threats. It outlines a straightforward set of technical security controls that, when appropriately implemented, can reduce an organisation’s attack surface. This is particularly vital for NHS and healthcare organisations. They handle……
-
No new funding in EU plan to tackle ransomware attacks against hospitals
The European Commission has a new “action plan” to reduce the health sector’s vulnerability to cyberattacks. For funding, it only offers healthcare entities guidance on opportunities available elsewhere. ]]> First seen on therecord.media Jump to article: therecord.media/ransomware-hospitals-european-commission-plan
-
UnitedHealth hid its Change Healthcare data breach notice for months
The ransomware attack on Change Healthcare affected over 100 million Americans, the health giant told regulators. First seen on techcrunch.com Jump to article: techcrunch.com/2025/01/15/unitedhealth-hid-its-change-healthcare-data-breach-notice-for-months/
-
OneBlood Notifying Donors Affected by 2024 Ransomware Hack
Attack on Blood Center Spotlights Ongoing Supply Chain Risk in Healthcare Sector. Six months after a ransomware attack temporarily crippled its blood donation and distribution activities, Florida-based nonprofit OneBlood is reporting a data breach to regulators that affected donors’ personal information. Why is the incident reawakening healthcare supply chain concerns? First seen on govinfosecurity.com Jump…
-
HIPPA Updates Loom as Healthcare Breaches Boom: Prevent and Protect with Microsegmentation
First seen on scworld.com Jump to article: www.scworld.com/perspective/hippa-updates-loom-as-healthcare-breaches-boom-prevent-and-protect-with-microsegmentation
-
UK proposes banning hospitals and schools from making ransomware payments
The proposed rules would ban public sector bodies in the UK from making extortion payments and require all victims to report ransomware incidents to the government.]]> First seen on therecord.media Jump to article: therecord.media/uk-proposes-banning-ransoms-hospitals
-
Feds Tell Health Sector to Watch for Bias in AI Decisions
HHS OCR Letter Also Reminds Entities That AI Tool Use Must Comply with HIPAA. Federal regulators are reminding healthcare providers, insurers and other regulated firms of their duty to ensure that AI and other emerging technologies for clinical decision making and patient support are not used in a discriminatory manner – and comply with HIPAA.…
-
HHS Proposes Major Overhaul of HIPAA Security Rule in the Wake of Change Healthcare Breach
The new rules come in the wake of the Change Healthcare breach, which exposed the electronic personal health information of about 100 million Americans. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/hhs-proposes-major-overhaul-of-hipaa-security-rule-in-the-wake-of-change-healthcare-breach/
-
CISOs embrace rise in prominence, with broader business authority
Tags: ai, attack, business, ceo, cio, ciso, compliance, control, corporate, cyber, cyberattack, cybersecurity, data, governance, healthcare, infrastructure, intelligence, network, privacy, regulation, risk, risk-management, security-incident, strategy, technology, threat, updateIt’s a familiar refrain: As cybersecurity has become a core business priority, it is no longer a siloed operation, and the responsibilities of CISOs have grown, giving them greater prominence within the organization.According to CSO’s 2024 Security Priorities Study, 72% of security decision-makers say their role has grown to include additional responsibilities over the past…
-
The Future of CISA in Healthcare in the New Administration
Many important efforts by the Cybersecurity Infrastructure and Security Agency to help the healthcare sector and other critical infrastructure sectors bolster their cybersecurity are likely to continue under the incoming Trump administration, predicted CISA Deputy Director Nitin Natarajan. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/future-cisa-in-healthcare-in-new-administration-i-5437
-
Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity
Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints from legacy medical devices to IoT sensors onto their production networks. First seen on thehackernews.com Jump to article:…
-
U.S. Medical billing provider Medusind suffered a sata breach
Medusind, a medical billing provider, disclosed a data breach that occurred in December 2023 and affected over 360,000 individuals. Medusind is a company that provides medical billing, coding, and revenue cycle management (RCM) services to healthcare organizations, including medical practices, dental practices, and other providers. The company disclosed a data breach discovered on December 29,…
-
December ransomware attacks slam healthcare, public services
In December, one victim organization paid a $1.5 million ransom to restore services, while another continued to experience disruptions for more than one month following an attack. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366617781/December-ransomware-attacks-slam-healthcare-public-services
-
Medical billing firm Medusind discloses breach affecting 360,000 people
Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/medical-billing-firm-medusind-discloses-breach-affecting-360-000-people/
-
Massachusetts health firm reaches $80,000 settlement with HHS following ransomware investigation
The Department of Health and Human Services (HHS) reached the agreement with Elgon Information Systems after the company violated federal rules around the protection of healthcare data.]]> First seen on therecord.media Jump to article: therecord.media/massachusetts-health-firm-reaches-settlement
-
Genetic Engineering Meets Reverse Engineering: DNA Sequencer’s Vulnerable BIOS
Eclypsium’s research team has identified BIOS/UEFI vulnerabilities in a popular DNA gene sequencer made by Illumina, a leading genomics and healthcare technology vendor. More specifically, we found that the Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM mode and without Secure Boot or standard firmware write protections. This would allow……
-
Effective Strategies for Secrets Vaulting
Why is Secrets Vaulting Integral to Secure Cloud Environments? Have you thought about just how secure your cloud environment truly is? For professionals spanning across industries from financial services to healthcare, the urgency to protect sensitive information becomes all the more critical. In the endeavor to keep data safe, secrets vaulting emerges as a pivotal……
-
What to Know About the Proposed New HIPAA Rules
If approved, the proposed new HIPAA rules will reshape the landscape of healthcare cybersecurity, partially addressing the recent OIG report’s findings on the ineffectiveness of current HIPAA audits. For CISOs, these changes present both opportunities and challenges as they work to enhance their organizations’ cybersecurity practices. The updated compliance requirements for electronic protected health information……
-
Staten Island Hospital Notifying 674,000 of May 2023 Hack
Data Theft Incident Also Disrupted IT Systems for Nearly a Month. Richmond University Medical Center, a 440-bed teaching hospital on Staten Island, N.Y, is notifying 674,000 people of a data theft that happened 18 months ago. The breach was part of a ransomware attack that disrupted the organization’s IT systems for several weeks in spring…
-
Is healthcare cybersecurity in critical condition?
This article highlights key findings and trends in healthcare cybersecurity for 2024. From the rising impact of cyberattacks on patient care to the vulnerabilities posed by … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/06/healthcare-cybersecurity-2024-trends/
-
Privacy Roundup: Week 1 of Year 2025
Tags: access, ai, android, apple, authentication, botnet, breach, browser, business, captcha, chrome, compliance, cve, cybersecurity, data, data-breach, detection, email, encryption, exploit, finance, firmware, flaw, google, group, hacker, healthcare, HIPAA, infrastructure, injection, Internet, law, leak, login, malware, open-source, password, phishing, privacy, router, service, software, threat, tool, update, virus, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 – 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things overlap; for…
-
New HIPAA Cybersecurity Rules Pull No Punches
Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/hipaa-security-rules-pull-no-punches
-
Richmond University Medical Center data breach impacted 674,033 individuals
Richmond University Medical Center has confirmed that a ransomware attack in May 2023 affected 670,000 individuals. New York’s Richmond University Medical Center confirmed a May 2023 ransomware attack impacted 674,033 individuals. Richmond University Medical Center (RUMC) is a healthcare institution based in Staten Island, New York. It provides a wide range of medical services, including…
-
Proposed HIPAA Amendments Will Close Healthcare Security Gaps
Tags: authentication, control, cybersecurity, healthcare, HIPAA, mfa, network, privacy, regulation, threatThe changes to the healthcare privacy regulation with technical controls such as network segmentation, multi-factor authentication, and encryption. The changes would strengthen cybersecurity protections for electronic health information and address evolving threats against healthcare entities. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/proposed-hipaa-amendments-close-healthcare-security-gaps
-
New York Hospital Says Ransomware Attack Data Breach Impacts 670,000
Richmond University Medical Center has been investigating a ransomware attack since May 2023 and it recently determined that it affects 670,000 people. The post New York Hospital Says Ransomware Attack Data Breach Impacts 670,000 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-york-hospital-says-ransomware-attack-data-breach-impacts-670000/