Skip to main content

Privacy & Security

2021 Year in Review
By Kat Jercich | 10:54 am | November 16, 2021
More than 40 million patient records have been compromised this past year by incidents reported to the federal government in 2021.
09:29 am | November 16, 2021
Eight C-suite execs offer insights on where they see investments going in the next five years in AI, interoperability, telehealth, cybersecurity, EHRs and emerging technology.
By Kat Jercich | 11:16 am | November 15, 2021
H-ISAC Chief Security Officer Errol Weiss warns that individuals working on COVID-19 vaccines and treatments are of "high interest" to adversaries. He'll discuss more at the upcoming HIMSS Healthcare Cybersecurity Forum.  
By HIMSS TV | 09:48 am | November 12, 2021
This week's top stories include the Justice Department cracking down on international ransomware attacks and Medicare Part D plan consolidation fueling a 23% drop in offerings.
By Kat Jercich | 04:13 pm | November 11, 2021
The thousands of potentially affected healthcare devices include anesthesia machines and patient monitors, according to researchers.
By Kat Jercich | 04:57 pm | November 10, 2021
A new SecureAge study found that 40% of employers said their current company had dealt with a cyberattack in the past – yet many faced hurdles to implementing defense measures.
By Bill Siwicki | 01:18 pm | November 09, 2021
A security expert offers sage advice for CISOs, CIOs and other security leaders to secure the resources they need to ward off attackers and protect health data.
By Kat Jercich | 01:14 pm | November 09, 2021
White House officials testified this past week that they have seen a "discernible decrease" in U.S.-targeted cyberattacks linked to Russia. As reported by The Hill, Chris Inglis, the country's first national cyber director, told the House Homeland Security Committee that it was too soon to tell why the number of incidents had lessened.   "It may well be that the transgressors in this space have simply lain low in understanding that this is for the moment a very hot time for them, and we need to ensure that that continues to be the case," said Inglis.   "I think in the longer term, we will be able to measure in a qualitative and a quantitative fashion what the diminishment of those efforts are," he added.   Inglis emphasized the importance of staying the course when it comes to cyber defenses, saying that the United States needs to "ensure that our strategy is solidified and brought to bear."  Inglis' remarks prefaced news that the Department of Justice had charged two individuals for deploying Russia-linked REvil ransomware against U.S. targets.   EHR vendor reports security breach   QRS, Inc. has begun notifying individuals of a cyberattack that involved the personal information, including the health information, of some of its clients' patients. QRS, a technology services company that offers electronic health record and practice management software, said in a notice on its website that it had discovered in August that one of its dedicated patient portal servers had been accessed. After taking the server offline and investigating, QRS determined that the attacker had accessed the server between August 23 and 26.    During that time, the attacker may have acquired files containing individuals' name, address, date of birth, Social Security number, patient identification number, portal username, and/or medical treatment or diagnosis information. According to the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal, the incident affected 319,778 individuals. "Although QRS is not aware of any identity theft or fraud to any person as a result of this incident, it is notifying the potentially affected patients on behalf of its clients to advise them about the steps QRS has taken to investigate the incident and provide them with guidance about monitoring their information," wrote the company on its site.   Philips flags security vulnerability in EMR systems   Philips has issued an advisory regarding a version of its TASY Electronic Medical Record HTML5 system.   According to the alert, Philips said it had identified two potential vulnerabilities in system versions 3.06.1803 and prior that may allow SQL injection under certain conditions.   "Should this occur, a successful SQL injection attack can result in confidential patient data being exposed or extracted from the TASY database," said the company.    "Attackers could gain unauthorized access to Tasy EMR systems or accounts and, ultimately may lead to a Denial of Service to the database," the advisory continued.   Philips advised affected customers to upgrade to versions 3.06.1804 or later, which are not subject to the vulnerabilities.   "At this time, Philips has received no reports of exploitation of these vulnerabilities or incidents from clinical use that we have been able to associate with this problem. Philips' analysis has shown that it is unlikely that this vulnerability would impact clinical use," said the vendor.    "Philips' analysis also indicates there is no expectation of patient hazard due to this issue," said the alert.   Kat Jercich is senior editor of Healthcare IT News. Twitter: @kjercich Email: kjercich@himss.org Healthcare IT News is a HIMSS Media publication.
By Kat Jercich | 04:36 pm | November 08, 2021
One of the accused, 22-year-old Yaroslav Vasinskyi, is reportedly suspected of attacking about 2,500 victims and raking in $2.3 million in ransom.
By Bill Siwicki | 01:28 pm | November 08, 2021
In her session at the upcoming virtual HIMSS Healthcare Cybersecurity Forum, Aimee Cardwell will walk information security and IT leaders through a risk-fraught landscape – and offer tips for best defenses.