Health data threats

The healthcare sector is an attractive target for cyberthreat actors due to the quantity of sensitive data healthcare organizations typically maintain, the sector's dependence on technology and the unique effects a cyberattack can have on operations. Understanding health data threats and common attack vectors can help organizations mitigate risk.

Top Stories

News 27 Jun 2024
Former Nuance employee arrested over Geisinger data breach

Geisinger notified more than one million individuals of a data breach that resulted from improper access to patient data by a former Nuance employee. Continue Reading
News 17 Jul 2023
CISA Warns Critical Infrastructure of APT Actors Targeting Outlook Online

CISA urged critical infrastructure to leverage enhanced logging capabilities to aid in detecting suspicious activity within Microsoft Exchange Online environments. Continue Reading

News 17 May 2023

Healthcare Continues to Spearhead Public Cloud Adoption

More than 70 percent of healthcare organizations surveyed by Forrester reported using multiple public clouds, highlighting the popularity of public cloud adoption in the sector. Continue Reading
News 06 Apr 2023

Attackers Increasingly Targeting Cloud Apps to Deliver Malware in Healthcare

As cloud adoption in healthcare increases, threat actors are increasingly leveraging cloud apps to infiltrate networks and infect victims with malware, Netskope found. Continue Reading
News 24 Mar 2023

HC3 Checklist Helps Healthcare Sector Ensure Mobile Device Security

HC3 emphasized the importance of authentication, encryption, and physical security when it comes to mobile device security in a healthcare setting. Continue Reading
News 28 Feb 2023

Cyberattacks Drive Multi-Cloud Security Solution Market Growth

More stringent regulatory standards and increased cyber threats are driving multi-cloud security solution adoption, Research and Markets reported. Continue Reading
News 31 Jan 2023

Security Is Key to Maximizing Cloud Adoption Success in Healthcare

Security must be considered throughout the cloud adoption process and beyond when it comes to healthcare. Continue Reading
News 20 Jan 2023

Cloud Security Risk Management Among ECRI’s Top Health Tech Hazards This Year

ECRI identified cloud security risk management as one of the top health tech hazards of the coming year, especially as it relates to the deployment of cloud-based clinical systems. Continue Reading
News 12 Jan 2023

Cybersecurity Risks Spike Within Cloud-Based Apps, Report Shows

More than 400 distinct cloud applications delivered malware in 2022 as cloud adoption continues to rise, Netskope data shows. Continue Reading
News 09 Dec 2022

KLAS: Security is a Top Factor in Public Cloud Adoption For HIT Vendors

Vendors want to see improvements in security, cost, and product enhancements when it comes to public cloud adoption, KLAS reported. Continue Reading
News 30 Nov 2022

Six Healthcare Workflows Primed for Cloud Faxing

Cloud faxing is more than capable of meeting the healthcare industry's demand for secure, efficient, and useful information sharing. Continue Reading
News 23 Nov 2022

10 State AGs Call on Apple to Bolster Reproductive Health Data Privacy in App Store

Ten state attorneys general sent a letter to Apple urging the company to take steps to better protect reproductive health data in third-party apps available on the App Store. Continue Reading
News 15 Nov 2022

Many Cloud Attacks End in Financial Loss for Healthcare Sector

The healthcare sector is a lucrative target for threat actors, with 86 percent of cloud attacks ending in financial loss, a new report stated. Continue Reading
News 30 Aug 2022

Small Healthcare Orgs Point to Cybersecurity As Barrier to Cloud Adoption

Increasing complexity and cybersecurity concerns are stalling cloud adoption at small and midsize healthcare organizations, survey results suggest. Continue Reading
News 15 Aug 2022

HC3 Calls Attention to Cloud Security Concerns, Mitigation Tactics

In its latest analyst note, HC3 dives into cloud security concerns and mitigation tactics that organizations can use to safeguard data. Continue Reading
News 02 Aug 2022

Addressing Mobile Device Security Risks in Healthcare

Nearly half of surveyed healthcare organizations that suffered a mobile-related security breach said that device-based threats were a contributing factor, Verizon found. Continue Reading
News 15 Jun 2022

Cybersecurity Professionals Identify Top Cloud Computing Security Risks

The Cloud Security Alliance (CSA) released a report outlining the top cloud computing security risks that cybersecurity experts frequently encounter. Continue Reading
News 05 Apr 2022

2.9M Victims, 42 Healthcare Data Breaches Reported to HHS in March

HHS OCR’s breach portal showed a decrease in healthcare data breach reports in March compared to the first two months of the year. Continue Reading
News 15 Mar 2022

Top Challenges to Multi-Cloud Adoption in Healthcare

Multi-cloud adoption is growing in healthcare, but data integration, application mobility, and cost continue to pose challenges, a survey found. Continue Reading
Feature 08 Mar 2022

Driving Digital Transformation in Healthcare With Industry Clouds

Industry clouds allow healthcare organizations to accelerate digital transformation and tailor cloud technology to specific business needs. Continue Reading
News 24 Feb 2022

NIST Issues Final Guidance on RPM, Telehealth Security

The National Cybersecurity Center of Excellence (NCCoE) released NIST’s final guidance on RPM and telehealth security. Continue Reading
Feature 27 Jan 2022

Managing Telehealth, Remote Patient Monitoring Security Concerns

Industry experts weigh in on how the healthcare sector can manage telehealth and remote patient monitoring security concerns. Continue Reading
Feature 05 Jan 2022

Pros and Cons of Public, Private, Hybrid, Multi-Cloud Architectures

Healthcare organizations must consider scalability and security risks when it comes to choosing between a public, private, hybrid, or multi-cloud architecture. Continue Reading
News 06 Dec 2021

81% of Telehealth Providers Are Concerned About Data Leakage

More than half of surveyed telehealth providers reported having patients refuse telehealth treatment because of data security and privacy concerns. Continue Reading
News 18 Nov 2021

Security Defines Multi-Cloud Infrastructure Success, IT Leaders Say

Over 60 percent of survey respondents said that ensuring consistent security measures across apps, users, and devices was critical to multi-cloud infrastructure success. Continue Reading
News 03 Nov 2021

Cloud Adoption Shifts to Hybrid, Multicloud IT Architecture

IBM’s global study on cloud adoption found that organizations are shifting away from a single cloud vendor in favor of a hybrid, multicloud IT architecture in part to ease security concerns. Continue Reading
News 07 Oct 2021

73% of Ransomware Detections in Q2 2021 Credited to REvil/Sodinokibi

McAfee’s cyber threat report revealed that healthcare was the second-most targeted sector for cloud security incidents in Q2, and REvil/Sodinokibi is still going strong. Continue Reading
News 27 Sep 2021

Public Cloud Adoption Rises, But Health Security Concerns Remain

Research shows that public cloud adoption is correlated with a lower likelihood of suffering a data breach, but other health security concerns persist. Continue Reading
News 23 Sep 2021

CSA Offers Guidance on Preventing Ransomware in the Healthcare Cloud

New guidance from the Cloud Security Alliance warns organizations about the prevalence of ransomware in the healthcare cloud and shows how to mitigate risk. Continue Reading
News 02 Jul 2021

DoD: Staff Need Healthcare Privacy, Cloud Security Certifications

Two (ISC)² certifications for healthcare privacy and cloud security are now perquisites for certain US Department of Defense cybersecurity staff. Continue Reading
News 23 Jun 2021

What Data Privacy Risks Are Associated with Mobile Health Apps?

Analysis reveals inconsistent privacy practices and risk of personal data exposure for users of mobile health apps, according to a recent study. Continue Reading
News 03 Jun 2021

NIST Unveils Guide to Mobile Device Authentication for First Responders

An increasing number of organizations are employing mobile devices to give first responders immediate access to data. NIST insights shed light on the role of biometrics for authentication. Continue Reading
Answer 20 May 2021

The Telehealth Security Impact: Now and Beyond the COVID-19 Pandemic

IEEE and Impact Advisor leaders share best practice policies for encryption, risk remediation, and security reviews to reduce possible telehealth security impacts beyond COVID-19. Continue Reading
News 17 May 2021

CISA Eviction Guide for SolarWinds, Microsoft O365 Compromises

Five months after disclosing the SolarWinds supply-chain attack, DHS CISA has shared eviction guidance for compromises of the Orion platform and Microsoft Active Directory and O365. Continue Reading
News 30 Apr 2021

Google Sued, Lawsuit Claims COVID-19 Contact Tracing Tool Exposes Data

A lawsuit has been filed against Google by individuals who used California’s public health COVID-19 contact tracing app, claiming it exposed their data and violated privacy laws. Continue Reading
News 19 Apr 2021

HSCC Shares Telehealth Cybersecurity Assessment, Mitigation Guidance

In the wake of a surge in telehealth implementations during last year’s pandemic response, new HSCC guidance supports providers with cybersecurity assessment and mitigation. Continue Reading
News 01 Apr 2021

VMware Issues Patch for 2 Severe Flaws Posing Credential Theft Risk

Two severe flaws found in VMware’s vRealize Operations, Cloud Foundation, and Lifecycle Manager should be addressed, as an exploit could lead to the theft of admin credentials. Continue Reading
News 22 Mar 2021

NIST Shares Mobile Device Privacy, Security Guide for BYOD Policies

Designed to support enterprise bring-your-own-device (BYOD) policies, the NIST guide sheds light on security challenges and privacy risks brought on by employees’ mobile devices. Continue Reading
Answer 10 Mar 2021

Verkada Security Camera Hack Allows Access, Leak of Hospital Live Feeds

First reported by Bloomberg, the hack of Verkada allowed hackers to gain access to the live feeds of 150,000 security cameras, including those belonging to several hospitals and Tesla. Continue Reading
News 08 Mar 2021

Congress Urges FTC Crackdown on Health Apps Via Breach Notice Rule

Three Congressional members are urging the FTC to enforce its Health Breach Notification Rule to penalize mobile apps sharing personal health data with third-party sources. Continue Reading
News 10 Feb 2021

30 Popular mHealth Apps Vulnerable to API Attacks, Posing PHI Risk

A damning new report shows a vast number of mHealth app and API vulnerabilities, including hardcoded APIs keys, are putting patients’ protected health information (PHI) at risk. Continue Reading
News 25 Jan 2021

Threat Actors Can Leverage RDP Servers to Amplify DDoS Attacks

A recent Netscout report shows threat actors can exploit Microsoft RDP flaws to amplify DDoS attacks and 14,000 Windows RDP servers are susceptible to abuse. Continue Reading
News 14 Jan 2021

Top Health IT Security Challenges? Medical Devices, Cloud Security

More than half of health IT leadership sees connected medical devices and cloud security as the leading health IT security challenges brought on by COVID-19 measures. Continue Reading
News 14 Jan 2021

CISA: Poor Cyber Hygiene Exploited to Compromise Cloud Security Services

Threat actors are successfully exploiting enterprises with poor cyber hygiene to compromise cloud security services through phishing attacks and brute force attempts, DHS CISA warns. Continue Reading
News 17 Dec 2020

Report: COVID-19 Telehealth Risks and Best Practice Privacy, Security

A report published in JAMIA spotlights both the cybersecurity risks associated with telehealth use amid COVID-19 and best practice privacy and security measures needed in response. Continue Reading
News 16 Oct 2020

350M Voicemails, Health Details Exposed by Misconfigured Database

A trove of 10 data collections owned by vendor Broadvoice was left exposed online without password protection, compromising 350 million voicemails, some including health information. Continue Reading
News 03 Sep 2020

OCR Updates HIPAA Resource for mHealth Apps, Cloud Computing

The update to OCR’s former Health App Developer Portal provides healthcare entities and mobile health app developers with HIPAA resources regarding health apps, APIs, and cloud computing. Continue Reading
News 13 Aug 2020

Medical Software Database Exposes Personal Data of 3.1M Patients

Researcher Bob Diachenko discovered a database owned by a medical software company leaking the personal details of over 3.1 million patients, which was later deleted and potentially stolen. Continue Reading
News 06 Aug 2020

Researchers Find More Devices, Vendors Vulnerable to Ripple20

Tenable and JSOF identified another 47 devices, some from 34 new vendors, at risk to Ripple20 vulnerabilities, found in the embedded software of the TCP/IP communication stack. Continue Reading
News 31 Jul 2020

Philips Discloses Vulnerability in DreamMapper Mobile App Software

DHS CISA alerted to a vulnerability found in Philips DreamMapper versions 2.24 and earlier, which could allow an attacker to access the log information files of the mobile app software. Continue Reading
News 23 Jul 2020

Reports Finds IoT Devices Host Social Media Apps, FDA-Recalled Platforms

Ordr finds many IoT and medical devices use platforms recalled by the FDA, while some MRIs and CTs allow the use of social media apps like Facebook, which pose serious security risks. Continue Reading
News 07 Jul 2020

NSA Shares Guide to Securing IPSec VPNs, Telework, Remote Sites

In light of the expansion of remote sites and telework, the NSA released insights for organizations designed to help better secure the IPSec Virtual Private Network (VPN) environment. Continue Reading
News 19 Jun 2020

Majority of COVID-19 Contact Tracing Apps Lack Adequate Security

Guardsquare analyzed 17 global government COVID-19 contact tracing apps, including those from the US, finding most lacked sufficient security and pose a serious hacking risk. Continue Reading
Answer 16 Jun 2020

Cloud Mitigation for Ransomware, as COVID-19 Spurs Cyberattacks

Providers are increasingly being targeted with cyberattacks and ransomware throughout COVID-19; edge-to-cloud security tactics could reduce the increased risk to the healthcare sector. Continue Reading
Answer 11 Jun 2020

Breach of Telehealth App Babylon Health Raises Privacy Concerns

While Babylon Health is UK-based, its recent breach that allowed patients to view appointments of other patients raises a host of privacy concerns in light of telehealth expansion in the US. Continue Reading
Answer 10 Jun 2020

COVID-19 Security: Reducing Risk of Temporary Hospitals, Remote Care

The rapid deployment of remote tech, telehealth, and temporary hospitals amid COVID-19 has significantly increased vulnerabilities in healthcare, which could have lasting impacts beyond the crisis. Continue Reading
News 04 Jun 2020

Enterprise Mobile Phishing Attacks Spike Amid COVID-19 Crisis

Lookout research shows healthcare is the most targeted sector for phishing attacks, while enterprise mobile phishing attempts have steadily increased amid the COVID-19 crisis. Continue Reading
News 01 Jun 2020

Remote Attacks on Cloud Service Targets Rose 630% Amid COVID-19

As noted in recent federal agency alerts, McAfee confirms hackers are continuing attempts to exploit the COVID-19 pandemic with remote attacks on cloud services increasing by 630 percent. Continue Reading
News 30 Apr 2020

DHS Shares Cloud, Microsoft Office 365 Insights for COVID-19 Telework

DHS shares guidance for Microsoft Office 365 and other cloud services centered around multi-factor authentication and access controls, given the increase in telework amid the COVID-19 pandemic. Continue Reading
News 29 Apr 2020

EFF Warns COVID-19 Tracing Apps Pose Cybersecurity, Privacy Risks

Google, Apple, and others are racing to develop contract tracing apps to help individuals determine potential COVID-19 exposures, but EFF warns the tech may put privacy and cybersecurity at risk. Continue Reading
News 27 Apr 2020

Apple, Google Address COVID-19 Contact Tracing App Privacy Concerns

After reviewing feedback from industry stakeholders, Apple and Google have revised their COVID-19 contact tracing app proposal to address privacy concerns, stressing transparency. Continue Reading
Answer 10 Apr 2020

Critical VPN Security for Telehealth, Remote Access Amid COVID-19

In a recent Healthcare Strategies podcast, CynergisTek CEO and President Caleb Barlow sheds light on best practice tech and practices for telehealth and remote work during COVID-19. Continue Reading
News 06 Apr 2020

FBI: COVID-19 Spurs Increase in Zoom, Video-Conferencing Hijacking

DHS CISA alerts to FBI insights on the rise in hijacking attacks on Zoom and other video-conferencing platforms during the COVID-19 pandemic, sharing tips to defend against hacking attempts. Continue Reading
News 01 Apr 2020

Amid COVID-19 Telehealth Use, Sen. Probes Zoom on Privacy Practices

Zoom's popularity has drastically increased during the COVID-19 pandemic, prompting Sen. Richard Blumenthal to examine the video conferencing app’s encryption and privacy practices. Continue Reading
Answer 31 Mar 2020

Must-Have Telehealth, Remote Work Privacy and Security for COVID-19

COVID-19 has drastically increased the threat landscape for healthcare with the spike in telehealth and remote work; here are the must-have privacy and security needs during the pandemic. Continue Reading
News 30 Mar 2020

Zoom Domains Targeted by Hackers, as Use Surges with COVID-19

Hackers are banking on the popularity of Zoom during the COVID-19 pandemic, ramping up malicious domains tied to the app; Zoom has also been under fire for privacy concerns. Continue Reading
Answer 20 Mar 2020

Best Practice Cybersecurity Methods for Remote Care, Patient Portals

Experian Health’s Jason Considine shares best practice cybersecurity methods, as providers potentially expose themselves to greater risk with the use of mobile and patient portals. Continue Reading
News 02 Mar 2020

Walgreens Reports Data Breach from Personal Mobile Messaging App Error

A report filed with California shows an internal error on the Walgreens messaging app exposed the personal messages stored on its database to be viewable by other customers. Continue Reading
News 27 Feb 2020

37% Health Orgs Shirk Mobile Security for Efficiency, Increasing Risk

Verizon’s 2020 Mobile Security Index shows two-fifths of healthcare organizations faced a mobile device compromise last year, with some admitting they sacrifice security “to get the job done,” thus increasing risk. Continue Reading
News 24 Feb 2020

Enterprise Public Cloud Adoption Stifled by Privacy, Security Concerns

Globally, organizations believe utilizing the cloud provides significant value to the enterprise. But Barracuda found privacy and security concerns are delaying cloud adoption. Continue Reading
News 27 Jan 2020

NSA Shares Guide for Mitigating Cloud Vulnerabilities, Threats

In its continued effort to increase transparency, the NSA recently shared guidance on shoring up cloud vulnerabilities, threat actors, and best practice mitigation techniques. Continue Reading
News 25 Aug 2019

Why Healthcare Needs Cloud-Based Identity Management

An increasingly complex digital environment necessitates a new scalable approach to identity management that safeguards sensitive data and streamlines access. Continue Reading
News 29 Jul 2019

Using Cloud-Based Faxing to Eliminate Healthcare Inefficiencies

Providers still rely on fax machines for health data exchange, but cloud-based faxing can overcome legacy fax technology challenges, including increased security and scalability. Continue Reading
News 20 May 2019

How Cloud Fax Enables Healthcare Interoperability

Faxing makes healthcare work. Cloud-based faxing makes it work more securely, effectively, and efficiently. Continue Reading
News 28 Jan 2019

Speeding Pharma’s Time to Market with Managed Cloud Services

Drug developers need an IT infrastructure that enables their organizations to focus on innovation and stay competitive, and the cloud is more than ready. Continue Reading
News 21 Jan 2019

Big Rewards Await Pharma Companies with Big Data in the Cloud

Pharmaceutical companies aiming to leverage artificial intelligence and big data analytics without exorbitant spending should look to the cloud for their infrastructure needs. Continue Reading
News 14 Jan 2019

What Pharma Needs to Know about Compliance Regulation in the Cloud

Cloud is a staple of today’s pharmaceutical IT infrastructure for cutting-edge research and development, but it presents many health data compliance challenges for adopters. Continue Reading
News 22 Oct 2018

Developing a Successful, Sustainable Mobile Device Management Program for Healthcare

With the right knowledge and technology, like mobile device management, healthcare organizations can deploy and use mobile devices efficiently and securely. Continue Reading
News 15 Oct 2018

Mobile Devices in Healthcare Increase, as Do Security Challenges

Healthcare organizations are using mobile devices in greater numbers to improve productivity and patient experience, but these same devices can increase risks for a PHI breach. Continue Reading
News 01 Oct 2018

Securing Patient Data While Embracing Innovation

As healthcare organizations look to technology innovation to improve patient care, they also need to make sure they are securing patient data in the face of new threats and vulnerabilities. Continue Reading
News 04 Jun 2018

Why Email Failed To Replace Fax For Secure Document Exchange

Sharing PHI in a HIPAA-compliant fashion using current health IT infrastructure continues to prove a pain point for covered entities. Continue Reading
News 30 Apr 2018

Best Practices for Keeping Patient Data Confidential

Ensuring health data privacy is essential for providers to build meaningful and lasting relationships with their patients. Continue Reading
Feature 05 Apr 2016

Increased EHR Adoption Raises Need for Robust Security

Recent cybersecurity attacks on health systems and hospitals shine the light on the importance of EHR security Continue Reading