Editor's Note The ransomware group behind a recent cyberattack on one of the nation’s largest health systems has its sights set on hospitals, the FBI and the Department of Health and Human Services (HHS) warned February 27. According to a report in Chief Healthcare Executive one day later, systems were…

Read More

Editor's Note Nationwide pharmacy delays and disrupted internal systems are among the effects of a February 21 cyberattack on Change Healthcare, one of the largest healthcare technology companies in the United States. Systems were immediately disconnected to protect partners and patients, the organization reports, and “all other systems across UnitedHealth…

Read More

Editor's Note Billing, records, appointment scheduling and other systems at Lurie Children’s Hospital were still offline a week after representatives of had to cancel a planned OR Business Management Conference presentation due to a cyberattack. According to a February 12 report from the Chicago Sun-Times, the January 31 cyberattack is…

Read More

Editor's Note A near doubling of ransomware attacks on healthcare systems from 2022 to 2023 could point to a problematic trend, according to a January 2 report from cybersecurity firm Emsisoft. Specifically, findings show 46 ransomware attacks in 2023 compared to 25 in 2022 and 27 in 2021. The 2023…

Read More

Editor's Note The FBI has infiltrated the ransomware group BlackCat—the group responsible for a February cyberattack on the Lehigh Valley Health Network—and issued a decryption tool enabling victims around the world to restore their systems, according to a December 19 Justice Department press release.   Emerging during the past 18…

Read More

Editor's Note The United States, in coordination with the United Kingdom, has imposed sanctions on 11 individuals linked to the Russia-based cybercrime group known as Trickbot, a US Department of the Treasury September 7 press release reports. These sanctions were issued by the US Department of the Treasury's Office of…

Read More

Editor's Note The Joint Commission, on August 15, issued “Sentinel Event Alert 67: Preserving patient safety after a cyberattack.” The Alert focuses on risks associated with cyberattacks and provides recommendations on how healthcare organizations can deliver safe patient care if a cyberattack occurs. Actions suggested by The Joint Commission include:…

Read More

Takeaways • Patient data & safety are at risk: 94% of hospitals have experienced at least one cyberattack. • Less than half of hospitals in the US carry cybersecurity insurance. • Security is a two-part strategy: cybersecurity insurance as well as preventative measures (eg, encrypted backups, patches, and training). When…

Read More

Editor's Note On June 29, the Cybersecurity & Infrastructure Security Agency (CISA) issued a medical advisory alert "warning of a significant, high-risk vulnerability in Medtronic’s Paceart Optima System, which is used to compile and manage patients’ cardiac device data," the American Hospital Association (AHA) July 6 reports. According to CISA,…

Read More

Editor's Note On Friday, June 16, the Department of Health and Human Services (HHS) alerted the healthcare sector of a recent ransomware attack on a US cancer center that “reduced cancer treatment capability, rendered digital services unavailable, and threatened exposure of patient personal health information,” the American Hospital Association (AHA)…

Read More