Security News

A collection of six cybersecurity vulnerabilities in a range of GE Healthcare devices for hospitals has been discovered. Dubbed "MDhex" by the researchers at CyberMDX who discovered them, the bugs would allow attackers to disable the devices, harvest personal health information, change alarm settings and alter device functionality.

In light of rising tensions between the U.S. and Iran, the Association of Executives in Healthcare Information Security recently issued new data security guidance to help the healthcare sector prepare for potential nation-state attacks, says Christopher Frenz, one of the document's authors. After an Iranian general was killed in a recent U.S. drone strike in Baghdad, security experts and the Department of Homeland Security warned of possible retaliatory cyber strikes from Iran that could target critical infrastructure, government agencies as well as private businesses.

A Stoke-on-Trent hospital administrator has avoided prison after hacking his NHS trust and helping himself to almost 9,000 heart scan images. As part of the police caution he agreed not to access any IT system within the hospital, not to enter the hospital unless he was ill or visiting a patient, and not to contact hospital staff unless asked to by the HR department.

To prepare for the transition into Windows 7 End of Life, Cynerio is offering hospitals a complementary risk assessment until February 14, 2020. Connected medical devices are the weakest link in healthcare security and the prevalence of devices running on the Windows 7 operating system puts hospitals at even greater risk of cyber attack.

A breach stemming from malware infecting a medical imaging server at a small, rural New Mexico hospital serves as a reminder of medical equipment data security and privacy vulnerabilities and risks faced by facilities of all sizes. While Roosevelt General says in its statement that the malware infecting a digital imaging server did not affect EHRs, the risk of medical device security incidents also affecting records systems is a growing worry, some experts say.

The ransomware attack earlier this month led the hospital system to reschedule surgeries and appointments.

New Jersey’s largest hospital system said Friday that a ransomware attack last week disrupted its computer network and that it paid a ransom to stop it. read more

Cheyenne Regional Medical Center has added security measures and is informing people whose personal information was exposed due to a data breach earlier this year, hospital officials said. read more

OCR Says Organization Dropped the Ball on Breach Reporting, Business Associate AgreementFederal regulators have slapped Norfolk, Va.-based Sentara Hospitals with a $2.2 million HIPAA settlement...

Good news? They're not paying the ransom A French hospital has suffered a ransomware attack that reportedly caused the lockdown of 6,000 computers.…