Security News

Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code...

Please turn on your JavaScript for this page to function normally. The proliferation of connected medical devices in hospitals demands a holistic approach to cybersecurity beyond just the digital IT realm.

The average total cost of a cyberattack experienced by healthcare organizations was $4.99 million, a 13% increase from the previous year. Among the organizations that suffered the four most common types of attacks-cloud compromise, ransomware, supply chain, and BEC - an average of 66% reported disruption to patient care.

Healthcare organizations are facing many cybersecurity challenges that require them to increasingly prioritize cybersecurity and compliance, according to Claroty. Like many other critical infrastructure organizations, healthcare delivery organizations are becoming increasingly interconnected as they adapt to the reality of digital transformation.

While H1 2023 saw an encouraging decrease in the overall number of data breaches impacting healthcare organizations, it was overshadowed by large-scale breaches resulting in a significant increase in the number of individuals affected, which reached record levels, according to Critical Insight. Notably, the report revealed a decrease in total breaches but an increase in the number of individuals affected; the focus of attacks on the supply chain and third-party associates; and, particularly noteworthy, the shift in some attackers' strategies from encryption to extortion.

While some ransomware operations claim not to target hospitals, one relatively new ransomware gang named Rhysida doesn't seem to care. We also saw additional reports on ransomware about TargetCompany, code leaks impacting the RaaS ecosystem, and a new threat actor using a customized version of Yashma ransomware.

After nearly two decades of my career leading a cybersecurity office, people, vendors, stakeholders and budgets in public health administration as well as in the private healthcare sector, I find that the industry is particularly vulnerable to cyberattacks. Healthcare organizations have experienced a spike in attacks often due to inadequate security, the high likelihood to quickly consort to attackers' payout demand, and sheer value of patient records that they possess.

The Rhysida ransomware operation is making a name for itself after a wave of attacks on healthcare organizations has forced government agencies and cybersecurity companies to pay closer attention to its operations. While some ransomware operations claim not to intentionally target healthcare organizations and even provide free decryption keys if done by mistake, Rhysida does not appear to follow the same policy.

We will explore what the Internet of Medical Things is and will investigate how healthcare organizations should best assess the security of their networks. We will then reveal why and how HIPAA plays a role in securing sensitive medical data and how attack surface management can secure the IoMT for healthcare organizations.

Staff at NHS Lanarkshire - which serves over half a million Scottish residents - used WhatsApp to swap photos and personal info about patients, including children's names and addresses. This, the watchdog said, "Demonstrates that information governance expectations regarding WhatsApp were not understood by staff involved in the WhatsApp Group."