Security News

Multiple medical groups in the Heritage Provider Network in California have suffered a ransomware attack, exposing sensitive patient information to cybercriminals. The entities collectively issued a notice of data breach at the start of the month and shared a sample letter with the California Attorney General's office earlier this week.

The rising adoption of connected medical devices is accelerating cyberattacks, according to Capterra's Medical IoT Survey of healthcare IT professionals. Medical practices with more than 70% of their devices connected are 24% more likely to experience a cyberattack than practices with 50% or fewer connected devices.

The US federal government is considering several proposals to regulate medical device cybersecurity compliance to counteract the frequent and clinically impactful cyberattacks experienced by healthcare systems across the country. The document provides device manufacturers with guidance on how to approach cybersecurity for device design and associated premarket submissions.

Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs. In a notification to watchdogs last Friday, Pennsylvania's largest primary care group said a "Sophisticated" ransomware crew breached its network security, giving it access to 75,628 individuals' names, addresses and Social Security numbers along with their medical records.

Google on Friday pledged to update its location history system so that visits to medical clinics and similarly sensitive places are automatically deleted. Google keeps a log of its users whereabouts, via its Location History functionality, and provides some controls to delete all or part of those records, or switch it off.

Kaiser Permanente suffered a data breach due to email compromise on April 5 that potentially exposed the medical records of nearly 70,000 patients, the company revealed earlier this month.Attackers gained access to the emails of an employee at Kaiser Foundation Health Plan of Washington that contained "Protected health information," the company revealed in a letter to affected clients on June 3.

In this interview with Help Net Security, Paige Hanson, Chief of Cyber Safety Education at NortonLifeLock, talks about the risks posed by medical ID theft, the repercussions of such criminal activity, and what people as well as organizations can do to protect valuable medical information. Even more worrisome than the possible financial cost of medical identity theft is the potential risk it poses of mingling an identity thief's health information with your own.

In the hopes of helping security professionals better address cybersecurity and regulation, we conducted the 2022 Medical Device Cybersecurity: Trends and Predictions Survey Report, speaking to 150 senior decision makers who oversee product security or cybersecurity compliance in the medical device industry, to learn about their biggest challenges and how they plan to address them. As medical regulation around cybersecurity catches up with today's complex device software ecosystem and new and emerging threats, it is likely that organizations will have a better benchmark with which to determine their security posture.

Built and supported by vast communities of developers, OSS has become the ubiquitous building block of devices and apps in the general information technology community where 92% of applications now contain open source software - and medical devices have been catching up with that trend over the past few years. One open source library could be pulling in any number of dependencies: other open source libraries in a potentially long chain that also need to be examined.

The French data protection authority fined medical software vendor Dedalus Biology with EUR 1.5 million for violating three articles of the GDPR. Dedalus Biology provides services to thousands of medical laboratories in the country and the fine is for exposing sensitive details of of 491,939 patients from 28 laboratories. More specifically, during migration from the software of a different vendor, at the request of two medical laboratories, Dedalus extracted more information than required.