Cybersecurity strategies
The healthcare sector faces a variety of cyberthreats, but experts are constantly working to provide organizations with reliable cybersecurity strategies to address them. Learn about the latest tactics for tackling cyber risk, with efforts led by security practitioners, federal agencies and leading cybersecurity companies.
Top Stories
-
News
20 Nov 2024
HHS has not adopted all GAO cybersecurity recommendations
GAO said that it is still waiting on HHS to implement several cybersecurity recommendations laid out for the department in various GAO reports. Continue Reading
-
Feature
18 Nov 2024
Mitigating risk as healthcare supply chain attacks prevail
A focus on cyber resilience is essential for mitigating the risk of healthcare supply chain attacks, which have the potential to cause widespread disruptions. Continue Reading
-
Feature
19 Nov 2021
Using Software Bill of Materials (SBOMs) For Medical Device Security
Software bill of materials (SBOMs) enable healthcare organizations to manage medical device security risks while promoting transparency between manufacturers and providers. Continue Reading
-
News
17 Nov 2021
IoT Security Incidents Increase as Healthcare Leans into Connected Health
IoT security incidents are increasingly common as more healthcare organizations rely on innovative connected health solutions. Continue Reading
-
News
17 Nov 2021
CISA: Iranian Government-Sponsored Threat Actors Targeting Healthcare
The US and its allies are warning healthcare entities about Iranian government-sponsored threat actors targeting Microsoft Exchange and Fortinet vulnerabilities. Continue Reading
-
News
15 Nov 2021
Insufficient Access Controls Cause Philips MRI Vulnerabilities
Inadequate access controls that fail to restrict access by unauthorized individuals resulted in 3 medium severity Philips MRI vulnerabilities. Continue Reading
-
News
12 Nov 2021
HC3 Warns of Cobalt Strike Threat to Healthcare Sector
HC3 issued a threat brief warning the healthcare sector of Cobalt Strike, a remote access tool that can be abused to orchestrate a cyberattack. Continue Reading
-
News
12 Nov 2021
Researchers Discover 13 Medical Device Security Vulnerabilities
Researchers discovered 13 new medical device Security vulnerabilities stemming from the Siemens Nucleus TCP/IP stack that could enable DoS attacks and exploitation. Continue Reading
-
News
11 Nov 2021
Best Practices for Responding to Medical Device Security Incidents
A new playbook from the Cloud Security Alliance aims to help organizations balance clinical considerations and patient safety risks with medical device security incidents. Continue Reading
-
News
11 Nov 2021
DOJ Charges 2 People Connected to REvil/Sodinokibi Ransomware
The Justice Department charged two individuals and seized $6.1 million in connection with Revil/Sodinokibi ransomware. Continue Reading
-
News
10 Nov 2021
Most Patients Unaware of the Magnitude Healthcare Ransomware Attacks
Half of potential patients said they would change hospitals if their provider was hit by a healthcare ransomware attack, but most are unaware of recent attacks. Continue Reading
-
Feature
09 Nov 2021
3 Keys to Third-Party Risk Management at WellSpan Health
WellSpan Health’s third-party risk management strategy focuses on assessing vendors, managing employee and non-employee access, and collaborating to mitigate risk. Continue Reading
-
Feature
08 Nov 2021
3 Barriers to Achieving Medical Device Security
Medical device security challenges include a lack of visibility, out-of-date devices, and an ever-changing threat landscape. Continue Reading
-
News
08 Nov 2021
Security Investments Are Increasing, But So Are Cyberattacks
New research from Accenture highlights the growing challenges that executives face in balancing security investments with risk to achieve cyber resilience. Continue Reading
-
News
05 Nov 2021
Philips TASY EMR Vulnerabilities May Expose Patient Data
Philips issued an advisory regarding two security vulnerabilities in its TASY EMR system that may result in patient data exposure if exploited. Continue Reading
-
Feature
04 Nov 2021
The Threat of Distributed Denial-Of-Service Attacks in Healthcare
Rapid7’s chief data scientist explores the threat of distributed denial-of-service (DDoS) attacks in healthcare and how to prevent the emerging threat. Continue Reading
-
Feature
02 Nov 2021
FIN12 Ransomware: Why It’s a Healthcare Threat, How to Prevent an Attack
FIN12 is efficient, unpredictable, and unafraid of targeting the healthcare sector, Mandiant experts warn. Continue Reading
-
News
01 Nov 2021
Cybersecurity Workforce Must Grow 65% to Protect Critical Assets
The current cybersecurity workforce shortage may leave organizations open to more vulnerabilities and cyberattacks, (ISC)² suggests. Continue Reading
-
Feature
01 Nov 2021
The Importance of Third-Party Risk Assessments in Healthcare
Jeremy Huval, chief innovation officer at HITRUST, explains the importance of conducting third-party risk assessments to safeguard healthcare organizations. Continue Reading
-
News
29 Oct 2021
Microsoft Warns of Nobelium Attacks on IT Supply Chain
Microsoft warned that Russian-linked hacking group Nobelium, responsible for the 2020 SolarWinds breach, has been targeting the global IT supply chain. Continue Reading
-
News
29 Oct 2021
42% of Healthcare Organizations Do Not Have Incident Response Plans
Almost half of surveyed healthcare organizations have not implemented an incident response plan in preparation for a cyberattack, research shows. Continue Reading
-
News
28 Oct 2021
Security Automation, Collaboration Prove Critical For Healthcare
As cyberattack surfaces and scopes continue to grow, healthcare organizations must focus on security automation and collaboration to keep defenses up. Continue Reading
-
News
26 Oct 2021
Organization-Wide PHI Access is Commonplace at Most Healthcare Orgs
Overexposed data, loose PHI access controls, and unsecured passwords are common practices at healthcare organizations, posing serious data security risks, research shows. Continue Reading
-
News
25 Oct 2021
International Governments Push REvil Ransomware Group Offline
A multi-country operation forced the REvil ransomware group offline, a criminal organization responsible for multiple cyberattacks on US critical infrastructure. Continue Reading
-
News
25 Oct 2021
Top Healthcare Cyber Threats, Vulnerabilities To Watch For
HC3’s monthly bulletin identified BrakTooth, Conti Ransomware, and Medusa/Tanglebot as some of the most notable current healthcare cyber threats and vulnerabilities. Continue Reading
-
Feature
22 Oct 2021
Exploring Zero Trust Security in Healthcare, How It Protects Health Data
A zero trust security model can help healthcare organizations safeguard their interconnected networks and devices while protecting sensitive health data. Continue Reading
-
News
21 Oct 2021
80% of CISOs Would Consider Paying the Ransom if Attacked
Most CISOs across all sectors believe that a ransomware attack on their organization is inevitable, and 80% said they would consider paying the ransom, research shows. Continue Reading
-
News
20 Oct 2021
CISOs Call for Healthcare Cybersecurity Federal Assistance
A survey of CISOs and other healthcare IT leaders revealed that healthcare cybersecurity is lacking in federal assistance and resources needed to combat cyber threats. Continue Reading
-
News
20 Oct 2021
HC3 Identifies Top 10 Ransomware Threat Actors in Q3 2021 for Healthcare
HC3 identified the top 10 global and US threat actors in Q3 2021, including Conti, REvil/Sodinokibi, and Hive. Continue Reading
-
News
19 Oct 2021
30+ Nations Pledge to Combat Ransomware, Promote Cyber Resilience
The US, along with more than 30 countries, pledged to improve cyber resilience, counter illicit finance, and focus on diplomacy in order to combat ransomware threats. Continue Reading
-
Feature
19 Oct 2021
2021’s Top Healthcare Cybersecurity Threats, What’s Coming in 2022
EY Americas cybersecurity leader Elizabeth Butwin Mann reviews some of this year’s biggest healthcare cybersecurity threats and discusses what to watch for in 2022. Continue Reading
-
News
18 Oct 2021
Ransom Disclosure Act Would Require Victims to Report Payments to DHS
Sen. Elizabeth Warren and Rep. Deborah Ross introduced the Ransom Disclosure Act, which would require ransomware victims to disclose payment information to DHS. Continue Reading
-
News
18 Oct 2021
HC3: Applications, Benefits of Blockchain in Healthcare
Blockchain in healthcare is tamper-resistant and shows extreme potential for ensuring healthcare supply chain transparency and electronic health record management. Continue Reading
-
News
14 Oct 2021
MITRE Launches Critical Infrastructure, Public Health Data Orgs
MITRE's new innovation organizations aim to tackle public health data challenges surrounding clinical trials and improve critical infrastructure cybersecurity. Continue Reading
-
News
13 Oct 2021
DOJ Announces National Cryptocurrency Enforcement Team
The DOJ’s National Cryptocurrency Enforcement Team will bring actions against ransomware actors and other cybercriminals who regularly use cryptocurrency platforms. Continue Reading
-
News
13 Oct 2021
5 Strategies to Improve Healthcare Cyber Resiliency
Seasoned security expert and CynergisTek CEO Mac McMillian shares tips on improving healthcare cyber resiliency and safeguarding your organization against a cyberattack. Continue Reading
-
News
12 Oct 2021
HITRUST Announces Risk Assessment Portfolio Expansion
HITRUST will offer an expanded assessment portfolio to help organizations with risk management and cyber resilience. Continue Reading
-
News
12 Oct 2021
FIN12 Ransomware Group Specializes in Healthcare Cyberattacks
Almost 20 percent of FIN12 ransomware group’s victims were in the healthcare sector, a new report from Mandiant reveals. Continue Reading
-
News
11 Oct 2021
Biden to Convene 30-Nation Meeting to Combat Ransomware
President Biden announced that the United States will bring together 30 countries for a meeting to discuss and combat ransomware and cybercrime. Continue Reading
-
News
08 Oct 2021
FDA Recalls Medtronic Insulin Pump Controller, Cites Cybersecurity Risks
The FDA issued a medical device recall on all Medtronic MiniMed remote controllers due to potential cybersecurity risks. Continue Reading
-
News
08 Oct 2021
FDA’s Best Practices on Communicating Medical Device Vulnerabilities
The FDA’s Center for Devices and Radiological Health released best practices for communicating medical device vulnerabilities to patients and caregivers. Continue Reading
-
News
06 Oct 2021
Workers Report Burnout Due to Healthcare Cybersecurity Concerns
Three-quarters of industry professionals reported having healthcare cybersecurity concerns about protected health information being communicated via unsecured communication devices. Continue Reading
-
News
06 Oct 2021
HC3 Warns Health Sector Against LockBit Ransomware Variant
LockBit Ransomware launched in September 2019 and claimed responsibility for an August 2021 attack on Accenture. Continue Reading
-
News
05 Oct 2021
How the FTC’s Health Breach Notification Rule Will Impact Health Apps
A healthcare regulatory attorney shares insight into what health apps should expect moving forward due to the FTC’s recent health breach notification policy statement. Continue Reading
-
News
04 Oct 2021
Healthcare Organizations Deprioritize Third-Party Risk Management
Organizations spanning a variety of industries reported being cognizant of third-party risks, but many fail to develop effective third-party risk management practices. Continue Reading
-
News
01 Oct 2021
Lawsuit Links Baby Death to AL Healthcare Ransomware Attack
The lawsuit marks the first public allegation of a healthcare ransomware attack directly resulting in a patient's death. Continue Reading
-
News
29 Sep 2021
CISA, FBI, NSA Release Advisory Warning of Conti Ransomware Attacks
Conti ransomware group successfully attacked at least 16 healthcare sector and first responder networks in the last year and continues to be a significant threat. Continue Reading
-
News
28 Sep 2021
US Treasury Sanctions Crypto Exchange For Aiding Ransomware Payments
The US Treasury will impose sanctions on SUEX, a cryptocurrency exchange that allegedly facilitated ransomware payments on behalf of cybercriminals. Continue Reading
-
News
28 Sep 2021
HHS Announces Former DHS Official Lisa J. Pino as New OCR Director
Pino served as a senior executive at DHS and as the New York State Department of Health’s executive deputy commissioner before assuming the role of OCR director. Continue Reading
-
News
28 Sep 2021
BSIMM Study: Healthcare Lags Other Industries in Software Security
The 2021 BSIMM study shows that while organizations across all sectors prioritize software security initiatives and risk management, healthcare lags behind. Continue Reading
-
News
27 Sep 2021
Healthcare Employee Cybersecurity Training is Lacking, Report Finds
A new report shows employee security awareness is lacking, exposing a major gap in healthcare employee cybersecurity training. Continue Reading
-
News
24 Sep 2021
4 Ways Organizations Can Prevent Healthcare Phishing Attacks
Healthcare phishing attacks are an easy way for cybercriminals to take advantage of organizations but implementing certain safeguards can protect patients, providers, and health systems. Continue Reading
-
News
22 Sep 2021
Data Management, Cybersecurity Top Priorities for New FDA Office
The FDA announced the new Office of Digital Transformation, an agency-wide reorganization of its IT, data management and cybersecurity functions. Continue Reading
-
News
22 Sep 2021
Healthcare Ransomware Attacks Lead to Increased Patient Mortality
One in four healthcare organizations reported increased patient mortality rates resulting from ransomware attacks, a new Ponemon Institute study reveals. Continue Reading
-
News
21 Sep 2021
FTC: Health Apps Must Comply with Health Breach Notification Rule
The FTC issued a policy statement warning health apps and connected device companies to comply with the Health Breach Notification Rule. Continue Reading
-
News
20 Sep 2021
Could Artificial Intelligence Transform Healthcare Cybersecurity?
Using artificial intelligence tools in healthcare cybersecurity may help to streamline threat detection efforts, ensure compliance, and mitigate human error. Continue Reading
-
News
16 Sep 2021
Google, Microsoft Amassed the Most Vulnerabilities in H1 2021
Research revealed that tech giants Google and Microsoft accumulated the most vulnerabilities in the first half of 2021, leaving them open to potential cyberattacks. Continue Reading
-
News
15 Sep 2021
OMB, CISA Unveil Plans to Shift to Zero Trust Architecture
CISA and OMB are requesting public comment on newly proposed strategies and guidance that support shifting the US government toward a zero trust architecture. Continue Reading
-
News
14 Sep 2021
Understanding the Fraud Risks of Expanded Telehealth Use
Telehealth adoption has increased dramatically due to the pandemic, but the technology's expanded use also raises concerns over healthcare fraud. Continue Reading
-
News
13 Sep 2021
AL Providers Illegally Accessed COVID-19 Immunization Registry
Alabama’s attorney general warned providers against unlawfully using the state’s COVID-19 immunization registry to verify vaccination status for patients' employers. Continue Reading
-
News
13 Sep 2021
University of Minnesota Unveils Center for Medical Device Cybersecurity
The new Center for Medical Device Cybersecurity aims to cultivate collaboration between students, the tech industry, and government. Continue Reading
-
News
09 Sep 2021
BlackMatter Ransomware Attacks Threaten Healthcare, HC3 Says
HC3, HHS’s cybersecurity arm, released a threat brief breaking down the BlackMatter ransomware group’s origins, threat tactics, and likely targets. Continue Reading
-
News
07 Sep 2021
Biden Administration Announces National Cybersecurity Initiatives
President Biden met with education and private sector leaders to discuss national cybersecurity initiatives following the Administration’s executive order in May. Continue Reading
-
News
06 Sep 2021
FBI Warns of OnePercent Group Ransomware in New Flash Alert
The FBI’s latest flash alert warns of OnePercent Group ransomware, a hacker organization that uses phishing emails to infect networks and encrypt data. Continue Reading
-
News
03 Sep 2021
CISA, FBI Release Holiday Ransomware Awareness Guidance
CISA and the FBI released holiday ransomware awareness guidance in light of increasing reports of ransomware attacks on holidays and weekends this summer. Continue Reading
-
News
01 Sep 2021
Hospital Cybersecurity Ratings Catch Up to Other Industries
Hospital cybersecurity ratings historically lag behind other industries such as finance and retail, but the gap is slowly closing. Continue Reading
-
News
31 Aug 2021
FBI Flash Alert Warns Organizations of Hive Ransomware Group
The FBI's latest flash alert warns organizations about Hive ransomware, the group responsible for a cyberattack on Memorial Health System that resulted in EHR downtime. Continue Reading
-
News
30 Aug 2021
CISA Releases Guidance on Protecting PII From Ransomware Attacks
CISA released a fact sheet on protecting PII from ransomware attacks in light of recent high-profile cyberattacks that put personal data in jeopardy. Continue Reading
-
News
30 Aug 2021
Outpatient Facilities Now Top Targets for Healthcare Data Breaches
Cyber criminals are shifting their healthcare data breach targets away from hospitals and onto outpatient facilities and business associates, a new report shows. Continue Reading
-
News
27 Aug 2021
Infusion Pump Vulnerabilities Point to Gaps in Medical Device Security
McAfee researchers discovered significant gaps in medical device security that may allow hackers to administer deadly doses of medications through an infusion pump. Continue Reading
-
News
18 Aug 2021
CISA Says BlackBerry Vulnerability to Impact Medical Device Security
CISA issued a new alert on medical device security. Continue Reading
-
News
17 Aug 2021
Cyberattack on Vegas Medical Center Exposes Staff, Patients’ PHI
A cyberattack on a Vegas hospital system is impacting PHI of staff and patients. Continue Reading
-
News
16 Aug 2021
Cyberattack Impacting Memorial Health System’s Patient Services
A cyberattack is impacting services of a healthcare system. Continue Reading
-
Answer
16 Aug 2021
Understanding the Risks, Complexity of Healthcare Cybersecurity
One emergency medical physician and health IT adviser shares insights on the growing cybersecurity challenges in healthcare today. Continue Reading
-
News
13 Aug 2021
How Health Facilities Can Prevent, Mitigate Ransomware in 2021
Ransomware is continuing to impact the healthcare industry, which has seen a rise in cyber-attacks since the start of the pandemic. Continue Reading
-
News
12 Aug 2021
Cybersecurity, Vulnerabilities Not Priorities for Most Hospitals
A recent survey found that cybersecurity investment is not a high priority for more than 60% of hospitals, and most are unprotected against common vulnerabilities. Continue Reading
-
News
12 Aug 2021
Ex-NY Hospital Staffer Responsible for Data Breach of Patients’ PHI
The data breach exposed PHI of patients in New York. Continue Reading
-
News
11 Aug 2021
Wisconsin Governor Signs Insurance Cybersecurity Act into Law
Wisconsin's new cybersecurity law will help protect PHI and PII. Continue Reading
-
News
11 Aug 2021
Ransomware Attack on GA Health System Impacts Staff, Patients’ PHI
A Georgia healthcare system sustained a cyberattack, with hackers targeting patients' and staff members' PHI. Continue Reading
-
News
10 Aug 2021
NY Law Shows Reasonable Cybersecurity Standards For Health Providers
A Journal of AHIMA article states that reasonable cybersecurity standards for healthcare providers to follow are needed. Continue Reading
-
News
10 Aug 2021
Email Hack Results in Health Data Breach in NJ Lab
An email hacking event led to a health data breach for one lab that provides testing for patients across the country. Continue Reading
-
News
09 Aug 2021
Cyberattack Hits Health Payer Third-Party Vendor, Exposes PHI
A health and life insurance company's third-party vendor experienced a data breach, impacting protected health information (PHI.) Continue Reading
-
News
09 Aug 2021
COVID-19 Pandemic Sparks Upswing in Healthcare Data Breaches
A new study cites the increase in health data breaches during the COVID-19 pandemic. Continue Reading
-
News
06 Aug 2021
Malware Attack Exposes IL Health Centers’ Patient and Staff PHI
A cyberattack is impacting the health data of patients and staff of several Illinois health centers. Continue Reading
-
News
06 Aug 2021
Patients Cite Privacy, Cybersecurity Fears with Vax Credentials
A new poll shows that Americans have doubts about the cybersecurity of a digital vaccine card. Continue Reading
-
News
05 Aug 2021
Health Plan Email Phishing Attack Exposes Student PHI
A Microsoft Office 365 email phishing attack exposed students' PHI. Continue Reading
-
News
05 Aug 2021
Third-Party Health Data Breach Hits Pennsylvania Health Network
A Pennsylvania health network is the latest victim of a cyber attack which exposed PHI. Continue Reading
-
News
04 Aug 2021
Healthcare Data Breaches Most Common Threats to Date in 2021
A new study reports an increase in data breaches in 2021. Continue Reading
-
News
04 Aug 2021
PwnedPiper Vulnerabilities Impact Over 3K Hospitals in North America
The vulnerabilities are impacting the pneumatic tube systems of hospitals. Continue Reading
-
News
03 Aug 2021
Health IT Security Challenges Persist for Hospital Systems
Cybersecurity remains a challenge for healthcare systems. Continue Reading
-
News
03 Aug 2021
Harris County Health Data Breach Exposes PHI of 26K
A health data breach is impacting 26,000 county jail patients. Continue Reading
-
News
02 Aug 2021
Illinois Health Department Data Breaches Impact Over 24K Patients
One of the breaches includes COVID-19 vaccination status of some patients. Continue Reading
-
News
02 Aug 2021
Wisconsin Patients’ Health Data Exposed After Email Hacking Incident
A cyberattack on a Wisconsin urology office is impacting patients' health information. Continue Reading
-
News
30 Jul 2021
CA Cyberattack Targets Patient Protected Health Information
A cyberattack struck a third-party vendor, exposing some patients' PHI. Continue Reading
-
News
30 Jul 2021
Florida Health Practice Target of Cyberattack, PHI Exposed
A Florida physicians' group is the latest victim of an email phishing attack. Continue Reading
-
News
29 Jul 2021
Healthcare Data Breach Costs Surged During Pandemic
IBM Security and Ponemon Institute released a report on July 28, noting the surging costs of health data breaches. Continue Reading
-
News
29 Jul 2021
MassHealth Members Impacted by Health Data Breach
A third-party vendor's data breach is impacting over 2,000 MassHealth patients' PHI. Continue Reading
-
News
28 Jul 2021
San Diego Health Data Breach Impacts Patients, Staff, Student PHI
An email hacking incident is impacting students, staff and patients' PHI. Continue Reading
-
News
28 Jul 2021
Cyberthief Who Stole PHI Sentenced To Prison
A Texas woman was sentenced after her role in a cybercrime ring that stole PHI. Continue Reading
-
News
27 Jul 2021
Medical Imaging Center Notifies Patients of Health Data Breach
The Georgia location is notifying patients of a health data breach. Continue Reading
-
News
26 Jul 2021
Healthcare Cyberattacks, Data Breaches Pressuring Nonprofit Orgs
A new Fitch report notes the increase in cyberattacks against nonprofit healthcare facilities and hospitals. Continue Reading
-
News
23 Jul 2021
West Virginia Center’s Health Data Breach Includes Patients’ PHI
A cyberattack at the Prestera Center impacted patients' PHI. Continue Reading