Editor's Note A November 13 report from The Government Accountability Office (GAO) identifies critical gaps in the Department of Health and Human Services' (HHS) ability to manage cybersecurity risks in the healthcare and public health sector. HHS, the lead federal agency for cybersecurity in this sector, faces challenges in monitoring…

Read More

Editor's Note Cybersecurity threats in healthcare are increasingly driven by third-party vendors, affecting millions of patients and hospital systems globally, experts John Riggi and Richard Staynings emphasized at the HIMSS Healthcare Cybersecurity Forum. Healthcare Finance News reported on the experts’ testimony November 5. According to the article, cyberattacks have surged…

Read More

Editor's Note Iranian cyber actors employing techniques such as brute force, password spraying, and multifactor authentication (MFA) "push bombing" to compromise healthcare and other critical infrastructure sectors, the American Hospital Association (AHA) reported October 17. The report cites an October 16 joint advisory issued on October 16 by the FBI,…

Read More

Editor's Note The Health Infrastructure Security and Accountability Act, introduced by Senators Ron Wyden (D-Ore.) and Mark Warner (D-Va.), proposes new mandatory cybersecurity standards for the healthcare sector, with oversight from the Department of Health and Human Services (HHS), Nextgov/FCW reported September 26. The bill, which amends the Health Insurance…

Read More

Editor's Note Cyberattacks in August 2024 are the latest examples of a specific Iranian group intensifying efforts against US organizations since 2017, Healthcare IT News reported September 3. Citing an advisory issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense…

Read More

Editor's Note The Red Cross is reporting a 25-percent drop in its national blood inventory due to hot weather a month after the American Hospital Association (AHA) warned about the impact of cyberattacks on critical supplies at hospitals. According to an August 6 report in The Hill, heat-related challenges have…

Read More

Editor's Note Responding to and recovering from data breaches in healthcare is more expensive than any other industry, according to a report by IBM and the Ponemon Institute. Healthcare Dive reported on the results August 1. According to that article, the $9.8 million average cost for a breach this year…

Read More

Editor's Note Although SecurityScorecard gave the US healthcare a “better than expected” B+ rating for cybersecurity in 2024, the supply chain cybersecurity firm also highlighted significant risks in application and endpoint security, HealthcareIT News reported June 25.   Overall, 35% of third-party data breaches in 2023 affected healthcare organizations, the…

Read More

Editor's Note A June 24 advisory from the FBI and Department of Health and Human Services warns healthcare organizations about attempts to steal payments through phishing and social engineering tactics, according to a post from the American Hospital Association (AHA). The attackers target employee email accounts to access login information…

Read More

Editor's Note Qilin, a ransomware group based in Russia, claimed responsibility for a cyberattack against pathology services provider Synnovis that paralyzed London Hospitals and is now requesting $50 million, Becker’s Health IT reported June 20. Citing a report from Bloomberg, the article notes that the attack disrupted services at London-based hospitals…

Read More