Cybersecurity News

The Department of Health and Human Services Health Sector Cybersecurity Coordination Center June 27 issued an alert about a critical vulnerability in MOVEit, a common file transfer platform utilized in the health sector. The vulnerability exposes health care organizations to cyberattacks, especially ransomware and data breaches.

A joint report released June 26 by the Cybersecurity and Infrastructure Security Agency, FBI, the Australian Cyber Security Centre and Canadian Centre for Cybersecurity provides roadmaps for addressing memory safety vulnerabilities in open source software.

The Health Information Sharing and Analysis Center June 27 issued a threat bulletin alerting the health sector to active cyberthreats exploiting TeamViewer.

The FBI and Department of Health and Human Services June 24 released an advisory about cyberthreat actors targeting health care organizations in attempts to steal payments.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) this week released an advisory about Qilin, formerly "Agenda," a ransomware-as-a-service group targeting health care and other industries worldwide.

Change Healthcare June 20 began notifying health care providers and other customers with patient data stolen following February’s cyberattack, the company announced.

The Centers for Medicare & Medicaid Services June 17 announced it will close its accelerated and advance payment program July 12 for Medicare providers and suppliers disrupted by the Change Healthcare cyberattack in February.

The health care sector should swiftly implement patches or mitigations to address 14 new cyber vulnerabilities identified by the Cybersecurity and Infrastructure Security Agency in May, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) advised this week.

The Departments of Health and Human Services, Labor, and the Treasury June 14 announced a 120-day extension for parties impacted by the cyberattack on Change Healthcare to open disputes under the No Surprises Act independent dispute resolution process.

Microsoft and Google will provide a range of free or discounted cybersecurity services to rural hospitals across the country to help them in their efforts to prevent cyberattacks. The announcement was made June 10 in collaboration with the White House and the AHA.

The AHA June 6 participated in a Wall Street Journal Tech Live Cybersecurity event to discuss the historic Feb. 21 cyberattack on Change Healthcare.

Hospitals and health systems have their hands full coping with the scary reality of a ransomware attack, but there are also civil liability concerns that arise in the fallout of a health care cybercrime.

In response to the alarming rise of ransomware attacks, hospitals and health systems must stay vigilant by playing defense, having a mitigation plan and keeping lines of communication open with federal law enforcement.

The Department of Health and Human Services May 31 announced that hospitals and health systems can require UnitedHealth Group to notify patients if their data was stolen during the Change Healthcare cyberattack Feb. 22.

The Department of Health and Human Services' Advanced Research Projects Agency for Health May 20 announced the launch of a $50 million cybersecurity program that would create tools for information technology teams in health care to enhance cybersecurity measures.

The Cybersecurity and Infrastructure Security Agency along with international agencies May 14 released guidance for high-risk nonprofit and other resource-constrained community organizations to assist in understanding and mitigating cyberthreats.

Hospitals and health systems nationwide saw a sizable increase in delayed or missing payments in first quarter 2024, according to a report released May 10 by Strata on health care performance trends.

The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center May 10 released a joint cybersecurity advisory to provide information on Black Basta, a ransomware variant whose actors have encrypted and stolen data from at least 12 out of 16 critical infrastructure sectors, including the health care and public health sector.

The Department of Justice May 7 announced more than two dozen criminal charges against Dimitry Yuryevich Khoroshev, 31, of Voronezh, Russia, for his alleged role as the creator, developer and administrator of the LockBit ransomware group.

The AHA and other national hospital groups May 8 sent a letter to UnitedHealth Group, urging the organization to formally accept responsibility for issuing breach notifications on behalf of providers or customers following cyberattacks if protected health information or personally identifiable information is stolen.