Healthcare Cybersecurity

On average, businesses with 500 or more employees are losing an average of $19.5 million a year due to insider...

North Korean state-sponsored hackers are targeting U.S. healthcare organizations and non-profits and deploying Medusa ransomware, according to a joint investigation...

There has been a sharp increase in data-only extortion incidents, with ransomware gangs increasingly opting not to encrypt files, instead...

A new record was set for ransomware attacks last year, with disclosed ransomware attacks increasing by 49% year-over-year to a...

The Federal Bureau of Investigation (FBI) has launched a campaign to improve the resilience of industry, government, and critical infrastructure...

An audit of a large Southeastern hospital by the Department of Health and Human Services Office of Inspector General (HHS-OIG)...

Insider threats are one of the leading causes of data breaches in healthcare, more so than in many other industry...

An unwanted new record was set in 2025 for data compromises, which increased by 4% from the record-breaking total in...

The U.S. Department of Health and Human Services Office of Inspector General has published its annual report on the Top...

In the first of its 2026 quarterly cybersecurity newsletters, the Department of Health and Human Services (HHS) Office for Civil...

The HIPAA Safe Harbor Law, as integrated into the proposed HIPAA Security Rule update, potentially benefits organizations that can prove...

The threat from ransomware is greater than ever, according to a new report from GuidePoint Security. The cybersecurity firm recorded...

To best explain how to secure patient information and PHI, it is necessary to distinguish between what is patient information...

The relationship between HITECH, HIPAA, and electronic health and medical records is primarily that certain provisions of the HITECH Act...

Criminals target medical records because they are valuable, and misuse of medical records is harder to detect than the misuse...

A delayed October 2025 healthcare data breach report due to the government shutdown for the whole of the month, which...

The HIPAA password requirements are a combination of Administrative and Technical Safeguards designed to manage and monitor access to PHI....

The HIPAA encryption requirements have increased in relevance since an amendment to the HITECH Act in 2021 gave HHS’ Office...

A critical vulnerability has been identified in certain models of WHILL electric wheelchairs that could be exploited by an attacker...

New HIPAA regulations may be implemented in 2026, such as the proposed update to the HIPAA Privacy Rule, a final...

A medium-severity vulnerability has been identified in the Grassroots DICOM open source library for DICOM medical image files.  The vulnerability...

A patch has been released to fix a high-severity vulnerability in AJAT Panoramic Dental Imaging software. The bug, tracked as...

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Department of Defense Cyber Crime Center (DC3), Canadian...

In the first part of its 2025 review of healthcare cybersecurity, the American Hospital Association (AHA) reports that in the...

A bipartisan quartet of Senators has reintroduced the Health Care Cybersecurity and Resiliency Act of 2025 in another attempt to...

The College of Healthcare Information Management Executives (CHIME) and more than 100 U.S. hospital systems, healthcare provider organizations, and provider...

Mirion Medical has issued patches to fix five high-severity vulnerabilities in its EC2 Software NMIS BioDose software. Successful exploitation of the...

A cryptocurrency mixing service used by criminals to launder the proceeds from their illegal activities has been shut down by...

One of the benefits of cryptocurrencies is greater financial accessibility for unbanked populations, which includes individuals in remote areas who do...

Thanksgiving weekend is just a few days away, and while many healthcare employees will be enjoying time off work, it...

The Health Sector Coordinating Council (HSCC) has published updated Model Contract Language for MedTech Cybersecurity to help healthcare delivery organizations...

A critical vulnerability in Oracle Identity Manager is under active exploitation, according to the U.S. Cybersecurity and Infrastructure Security Agency...

A critical vulnerability has been identified in Emerson Appleton UPSMON-PRO, monitoring and power management software for uninterruptible power supplies. The...

Several cybersecurity firms have tracked a surge in ransomware attacks in Q3, 2025, as groups such as Akira, Qilin, and...

Outdated systems are causing healthcare professionals to lose hours each week, impacting patient care, organizational performance, efficiency, and security, according...

Patches have been released to fix a critical OS command injection vulnerability affecting Fortinet web application firewalls. The FortiWeb zero-day...

Cyber threat actors had a busy October, with attack volume up 2% month-over-month and 5% year-over-year. In October, organizations experienced...

In Q1, 2026, the Health Sector Coordinating Council (HSCC) plans to publish AI cybersecurity guidelines for the healthcare sector. Last...

A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA),...

Threat actors are actively exploiting multiple Cisco vulnerabilities for which patches were previously issued in August; however, attacks are ongoing,...

The UK pathology lab Synnovis suffered a ransomware attack last year. It has taken 17 months to complete the highly...

There has been a significant increase in cyberattacks targeting Android mobile devices in critical infrastructure sectors in the past year,...

The US Healthcare Cyber Resilience Survey from EY and KLAS Research has revealed that more than 7 out of 10...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have issued new guidance for organizations...

Vulnerabilities have been identified in the Hospital Manager Backend Services, a hospital information management system from Vertikal Systems. One of...

The ransomware remediation firm Coveware has reported a growing divide in the ransomware landscape, with larger enterprises facing increasingly targeted,...

Penetration tests conducted on ten State Medicaid Management Information Systems (MMIS) and Eligibility & Enrollment (E&E) systems have revealed they...

Ransomware groups are conducting fewer attacks than a year ago, and are increasingly adopting a more targeted approach using stealthy...

Cybersecurity firm Black Fog has released its Q3 2025 State of Ransomware Report, which shows ransomware attacks have increased by...

The latest data from the Identity Theft Resource Center (ITRC) has confirmed that system compromises and data breaches are still...

A recent survey of U.S. healthcare IT and cybersecurity professionals found that 93% of the surveyed organizations had experienced at...

A zero-day vulnerability in Oracle E-Business Suite is under active exploitation by the Cl0p ransomware group. The vulnerability is tracked...

A critical vulnerability in Fortra’s GoAnywhere MFT secure web-based file transfer tool is being actively exploited in Medusa ransomware attacks....

Over the 12 months from March 2024 to March 2025, almost half of healthcare organizations experienced at least one data...

October is Cybersecurity Awareness Month – a global initiative that aims to educate the public and businesses about the importance...

There’s good and bad news on the ransomware front. Attacks are down year-over-year; however, successful attacks are proving even costlier...

Microsoft has announced the seizure of hundreds of websites used by a popular phishing-as-a-service (PhaaS) operation that targets Microsoft 365...

The U.S. Government Accountability Office has written to Clark Minor, Chief Information Officer (CIO) of the U.S. Department of Health...

Senator Ron Wyden (D-OR) has written to Andrew Ferguson, Chair of the Federal Trade Commission (FTC), requesting the FTC investigate...

The U.S. Department of Justice has charged a Ukrainian serial ransomware criminal who is alleged to have been the administrator...

Healthcare organizations are relatively unlikely to have serious cybersecurity vulnerabilities compared to other industry sectors, as they are generally good...

Cybercriminals have been abusing agentic AI to perform sophisticated cyberattacks at scale, incorporating AI tools throughout all stages of their...

One of the biggest security headaches in healthcare is managing third-party risk. Healthcare organizations can implement extensive security measures to...

A medium-severity privilege escalation vulnerability has been identified in FujiFilm Healthcare Americas Synapse Mobility medical image viewing software that could...

Warnings have been issued about a critical vulnerability in Fortinet FortiSIEM with publicly available exploit code and two actively exploited...

Five vulnerabilities have been identified in the Santesoft Sante PACS Server medical image archiving and communication system, including a critical...

Homeland Security Investigations (HSI), the investigative arm of the Department of Homeland Security (DHS) and part of U.S. Immigration and...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Microsoft have issued warnings about a high-severity flaw affecting Exchange hybrid...

A new report from the cybersecurity firm Semperis suggests ransomware attacks have decreased year-over-year, albeit only slightly. The ransomware risk...

IBM has published the 2025 Cost of a Data Breach Report, which shows a fall in the global average cost...

An audit of a large northeastern hospital by the Department of Health and Human Services Office of Inspector General (HHS-OIG)...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Department of Health and Human Services (HHS),...

Microsoft has released emergency patches to fix two actively exploited zero-day vulnerabilities in Microsoft SharePoint Server. The two vulnerabilities are...

There has been a 16.67% month-over-month increase in healthcare data breaches, and a 302.71% month-over-month increase in the number of...

A high-severity vulnerability has been identified in Panoramic Dental Imaging Software that could allow a standard user to elevate privileges...

This year is set to become another record-breaking year for data breaches, according to the Identity Theft Resource Center (ITRC)....

Ransomware attacks declined by 23% from the previous quarter, although they are up 43% on this time last year, with...

A new ransomware group has recently emerged that is targeting multiple sectors, especially healthcare, technology, and event services. According to...

The Hunters International threat group announced on Thursday that its operation is being shut down and claimed that it will...

The Federal Bureau of Investigation (FBI), its Internet Crime Complaint Center (IC3), and the HHS Centers for Medicare & Medicaid...

The U.S. Food and Drug Administration (FDA) is urging medical device manufacturers to ensure the security of connected operational technologies...

An investigation of the unexpected death of a patient during the ransomware attack on Synnovis, a provider of pathology services...

Ransomware still poses a significant threat to U.S. healthcare organizations; however, many ransomware groups have abandoned data encryption and are...

The National Institute of Standards and Technology (NIST) has published new guidance on implementing zero trust architecture (ZTA) to help...

Last week, bipartisan bills were introduced in the House of Representatives and Senate that seek to enhance the cybersecurity of...

A high-severity vulnerability has been identified in the MicroDicom DICOM Viewer, a popular free-to-use software for viewing and manipulating DICOM...

The Qilin ransomware group has been observed exploiting two critical vulnerabilities in FortiOS/FortiProxy devices. While the group appears to be...

An analysis by the cybersecurity firm ReliaQuest has confirmed that the financially motivated threat group Scattered Spider (aka UNC3944, Octo...

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an update to a...

A high severity vulnerability has been identified in Santesoft Sante DICOM Viewer Pro, a professional DICOM medical image viewer, anonymizer,...

Patching software to fix known vulnerabilities is an endless process and one that is vital for cybersecurity; however, with so...

The Cyber Division of the Federal Bureau of Investigation (FBI) has issued a warning to U.S. law firms about targeted...

There has been a flurry of announcements in the past few days about disruption actions and law enforcement operations targeting...

Ransomware is one of the leading causes of healthcare data breaches, according to a new study by researchers at Michigan...

A recent data analysis by Comparitech has revealed that the average time for a U.S. healthcare organization to report a...

Microsoft, Fortinet & Ivanti have all notified customers about vulnerabilities in their products that are known to have been exploited...

New research from Black Kite has shed light on the changing ransomware ecosystem. Over the past year, there has been...

A new report from a leading cyber insurance provider shows a slight decline in claims for ransomware attacks in 2024....

The National Institute of Standards and Technology (NIST) has issued a draft update to its Privacy Framework to incorporate the...

Three vulnerabilities have been identified in Pixmeo OsiriX MD, the most widely used DICOM medical image viewing software in the...

The LockBit ransomware group, one of the most active ransomware operations in recent years with thousands of attacks to its...

Users of SonicWall Secure Mobile Access (SMA) appliances have been warned about three vulnerabilities that are potentially being targeted by...

Two high-severity remotely exploitable vulnerabilities have been identified in MicroDicom DICOM Viewer that can be exploited in a low-complexity attack....

The healthcare sector is being targeted by a new ransomware group called ELENOR-corp, according to the cybersecurity firm Morphisec. Researchers...

The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has released its 2024 Internet Crime Complaint Report, which shows...

Breach reporting data from the HHS’ Office for Civil Rights (OCR) is starting to show a reduction in healthcare data...

The Verizon 2025 Data Breach Investigations Report has revealed a sharp rise in vulnerability exploitation for initial access to victim...

Healthcare organizations are still taking a reactive approach to cybersecurity rather than proactively taking steps to reduce risk, according to...

Healthcare organizations and pharmaceutical companies are being targeted in a malware campaign involving ResolverRAT, a recently discovered stealthy remote access...

Healthcare continues to be the sector most targeted by ransomware groups, according to the BakerHostetler 2025 Data Security Incident Response...

Three vulnerabilities have been identified in the INFINITT Healthcare INFINITT PACS, including a high-severity vulnerability for which there are publicly...

Several cybersecurity companies have released Q1, 2025 reports on the current state of ransomware, and while the figures vary across...

Microsoft has patched a vulnerability in the Windows Common Log File System (CLFS) that is being actively exploited by a...

A class action lawsuit has been filed against University of Maryland Medical System Corporation and University of Maryland Medical Center...

Fortinet is advising FortiSwitch users to urgently update their firmware to fix a critical vulnerability that could be exploited by...

A House Energy and Commerce Committee Subcommittee on Oversight hearing last week explored the current cybersecurity challenges associated with legacy...

A vulnerability affecting Ivanti Connect Secure, Policy Secure, Neurons for ZTA Gateways, and Pulse Connect Secure is being actively exploited...

The Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) has urged the Trump administration to initiate a series of...

Cyber actors are increasingly exploiting vulnerabilities at vendors, suppliers, and software providers to infiltrate the networks of organizations. According to...

A recent analysis of connected medical devices, patient systems, and operational technology (OT) in hospitals and other healthcare delivery organizations...

On March 26, 2025, after an extensive investigation, the Federal Bureau of Investigation concluded that there is no specific credible...

Earlier this month, Microsoft provided an update on its Cybersecurity for Rural Hospitals Program, an initiative designed to protect access...

There has been a 36% month-over-month reduction in healthcare data breaches, with 46 large healthcare data breaches reported to the...

Two high-severity vulnerabilities have been identified in Philips Intellispace Cardiovascular (ISCV), a popular multi-modality image and information management solution for...

Efforts have been ongoing for several years to crack down on illegal use of Cobalt Strike. Those efforts appear to...

A warning has been issued about the Medusa ransomware-as-a-service (RaaS) group, which has now claimed more than 300 victims in...

A new report from the cyber insurance and security services provider Coalition has revealed the most common initial access vectors...

An annual survey of healthcare leaders by the Healthcare Information and Management Systems Society (HIMSS) has revealed that more than...

The upward trend in ransomware attacks in 2024 has continued in 2025 with large numbers of new victims added to...

Seven vulnerabilities have been identified in Dario Health’s Android app and Internet-based server infrastructure. If exploited, an attacker could access...

A lawsuit has been filed against Amazon alleging its software development kit (SDK) has unlawfully collected consumers’ health and location...

Ransomware groups are targeting healthcare organizations for financial gain, infiltrating networks, stealing data, then using ransomware to encrypt files. Cyber...

In 2024, the healthcare industry was rocked by a ransomware attack on Change Healthcare that caused massive disruption to healthcare...

A recent report from the financial and risk advisory firm Kroll has confirmed that healthcare is now the primary target...

A vulnerability has been identified in the Medixant RadiAnt DICOM Viewer, a commonly used PACS DICOM viewer for medical images. The...

You can make WordPress HIPAA compliant by installing plug-ins into a WordPress site that collect and secure Protected Health Information...

U.S authorities have issued a warning about the China-based Ghost ransomware group, which has conducted ransomware attacks in around 70...

Last week, the United States, United Kingdom, and Australia announced further action in ongoing efforts to disrupt the LockBit ransomware-as-a-service...

December was a relatively quiet month for healthcare data breaches but data breaches were reported at a higher-than-average level in...

A new ransomware-as-a-service (RaaS) group has rapidly accelerated attacks and could well become the most dominant RaaS group in 2025....

Two recent reports provide insights into the current threat landscape and the evolving tactics, techniques, and procedures of the growing...

New research has confirmed that healthcare is the industry most impacted by third-party breaches, accounting for 41.2% of all third-party...

An international law enforcement operation has taken down the negotiation and data leak sites of the 8Base ransomware group. The...

Two vulnerabilities have been identified in DICOM medical imaging products – A critical vulnerability in the standalone DICOM server, Orthanc...

A blockchain analysis suggests an increasing reluctance to pay money to ransomware groups. A new report from Chainalysis revealed a...

Three vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software are thought to be under active exploitation. The American Hospital...

Google Drive is HIPAA compliant if it is used as part of a paid-for Google Workspace plan with the capabilities...

A remote code execution vulnerability and a hidden backdoor have been identified in the firmware of widely used patient monitors...

A recent survey conducted by the Ponemon Institute on behalf of Illumio, a zero-trust segmentation platform provider, revealed 88% of...

There was a slight fall (1%) in data compromises in 2024, although only 44 fewer than last year’s record-breaking total....

Hackers are exploiting a critical zero-day vulnerability in SonicWall Secure Mobile Access (SMA) 1000 series appliances. SonicWall customers should ensure...

Research recently published by Black Kite has confirmed that ransomware groups are disproportionately targeting the healthcare sector, with some ransomware-as-a-service...

A recent survey of 1,309 healthcare IT and security professionals by Netwrix revealed 84% detected a cyberattack or intrusion in...

International law enforcement operations against the prolific ransomware-as-a-service (RaaS) groups LockBit and ALPHV/BlackCat resulted in infrastructure seizures and caused significant...

It was a relatively quiet end to the year in terms of healthcare data breaches, with only 46 data breaches...

A recently published analysis by Comparitech has revealed the extent to which ransomware groups have been breaching networks, encrypting files,...

Ivanti has released patches for two Connect Secure vulnerabilities including a critical zero-day remote code execution vulnerability that is being...

The Department of Health and Human Services (HHS) has urged healthcare organizations to take steps to safeguard operational technology (OT)...

The Health Sector Cybersecurity Coordination Center (HC3) has issued an updated Analyst Note about credential harvesting, which includes a warning...

The Cybersecurity and Infrastructure Security Agency (CISA) is seeking comment on the draft National Cyber Incident Response Plan (NCIRP) Update,...

Becton, Dickinson, and Company (BD) has discovered a high-severity vulnerability affecting several of its BD Diagnostic Solutions Products. The vulnerability,...

Organizations invest in cybersecurity solutions and develop policies and procedures to ensure compliance and minimize risk, only for employees to...

The Food and Drug Administration (FDA) has issued an alert advising blood suppliers and transfusion services about a spate of...

A critical flaw in Cleo file-transfer software is being actively exploited by threat actors. The vulnerability is believed to be...

A bipartisan bill has been introduced in the Senate that calls for the Department of Health and Human Services (HHS)...

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Cyber Security Centre (ACSC) have...

In October, 57 healthcare data breaches of 500 or more records were reported to the U.S. Department of Health and...

Ransomware attacks continue to be conducted at elevated levels, with the number of new victims added to data leak sites...

The healthcare and public health sector (HPH) has been warned about an ongoing widespread phishing campaign that abuses DocuSign e-signature...

The suspected administrator of the Phobos ransomware operation has been arrested and extradited to the United States where he faces...

To help small- and medium-sized manufacturers of medical products develop effective incident response plans, the Health Sector Coordinating Council Cybersecurity...

A recent U.S. Government Accountability Office (GAO) report has warned that the Department of Health and Human Services (HHS) is...

An emerging ransomware group has its sights set on the healthcare industry and has been conducting attacks since at least...

Anne Neuberger, the Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology on the...

November is Critical Infrastructure Security and Resilience Month, a month dedicated to improving awareness of the importance of strengthening critical...

The use of ransomware in cyberattacks decreased slightly in the first half of the year; however, the severity of ransomware...

A foreign threat actor tracked by Microsoft as Midnight Blizzard (aka APT29, Cozy Bear) is conducting a spear phishing campaign...

A critical vulnerability affecting multiple Oracle products is being exploited in the wild. The vulnerability was dubbed The Miracle Exploit...

A warning has been issued by the HHS’ Health Sector Cybersecurity Coordination Center (HC3) about a financially motivated group known...

The majority of healthcare data breaches reported in the past few years are due to hacking incidents but many of...

A zero-day vulnerability in Fortinet’s FortiManager appliances is being mass exploited by at least one threat actor. The first known...

Two Sudanese nationals have been charged for their role in a series of cyberattacks on corporate networks, government agencies, and...

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has published a video presentation offering guidance...

Censys, a provider of an Internet intelligence platform for threat hunting and attack surface management, has identified thousands of IP...

Healthcare and public health (HPH) and other critical infrastructure sectors have been warned that Iranian cyber actors are using brute...

This year was on track to set a new record for data compromise incidents; however, there has been some good...

Ransomware actors have been observed exploiting a critical vulnerability in Veeam Backup & Replication, a data protection and recovery solution...

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to F5 BIG-IP users that threat actors are...

On October 2, 2024, New York implemented new legislation that requires “general hospitals” in the state of New York to...

Virtually all healthcare organizations have experienced at least one cyberattack in the past 12 months, according to a recent survey...

The Health Sector Cybersecurity Coordination Center (HC3) has shared information on the Trinity Ransomware group, a relatively new threat actor...

Hackers are mass exploiting a critical command injection vulnerability to gain access to vulnerable Zimbra email servers. Successful exploitation of...

An international law enforcement operation has resulted in the arrests of four individuals suspected of involvement in LockBit ransomware attacks...

A new report from the cyber-physical systems (CPS) protection company, Claroty, provides insights into the financial impact of cyberattacks and...

Ransomware attacks continue to increase in healthcare despite a fall in attacks in many other sectors, according to the State...

The National Institute of Standards and Technology (NIST) has updated its password security guidelines and now recommends longer passwords rather...

Two Democratic senators have announced new legislation to update XI and XVIII of the Social Security Act to strengthen, increase...

October is National Cybersecurity Awareness Month – a month-long effort to raise awareness of the importance of cybersecurity and highlight...

There has been an alarming increase in phishing attacks targeting enterprise mobile devices, according to the mobile security vendor Zimperium. Mobile...

Microsoft has issued a warning about a threat group it tracks as Vanilla Tempest, which has been observed using INC...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published the results of an analysis of risk and vulnerability assessments...

A vulnerability patched by Microsoft on September Patch Tuesday is being exploited to deliver information stealing malware. The Microsoft Windows...

The Federal Bureau of Investigation (FBI) has issued a warning to businesses about business email compromise (BEC) scams, which have...

The RansomHub ransomware group has recently claimed responsibility for attacks on two healthcare providers, Millinocket Regional Hospital in Maine and...

The Health Sector Cybersecurity Coordination Center (HC3) has issued a sector alert about a grant donation email scam that impersonates...

Microsoft issued patches to fix 79 vulnerabilities on September 2024 Patch Tuesday, including 3 actively exploited vulnerabilities and one that...

A critical vulnerability in SonicWall firewalls is being exploited by ransomware actors to gain initial access to victims’ networks. The...

Two vulnerabilities have been identified in the Baxter Connex Health Portal that, if exploited, could lead to the remote injection...

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and their partners have...

There has been a significant increase in the number of ransomware groups conducting attacks, according to Searchlight Cyber. In H1,...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new portal to make it easier for organizations to...

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing and Analysis Center (MS-ISAC), and...

The bipartisan Senate bill, the Healthcare Cybersecurity Act, which was introduced following the ransomware attack on Change Healthcare, now has...

An Iranian hacking group has been collaborating with ransomware groups to extort organizations in the defense, education, finance, and healthcare...

Several ransomware reports have been released in the past few weeks that shed light on the extent to which ransomware...

The Health Sector Cybersecurity Coordination Center has issued a threat profile of the Everest Ransomware group, which was behind the...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Signals Directorate’s...

A critical vulnerability in SolarWinds Web Help Desk is being actively exploited by threat actors. Web Health Desk is a...

The National Institute of Standards and Technology has released three new encryption standards that have been developed to resist decryption...

Two vulnerabilities have been identified in the Azure Health Bot Service that can be exploited to access cross-tenant resources including...

The Federal Bureau of Investigation (FBI) led an international operation against the Radar/Dispossessor ransomware group, resulting in the dismantling of...

Cybercriminals and nation-state threat actors are targeting software vendors. A successful attack on a vendor could see the threat actor...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning about...

As promised, CrowdStrike has published the root cause analysis of the faulty Falcon Sensor software update that caused Windows devices...

An IT and software services provider in the United Kingdom is facing a £6.09 million ($7.74 million) financial penalty over...

There has been a surge in business email compromise attacks in the past year and cybercriminals are increasingly using AI...

Health-ISAC and the American Hospital Association (AHA) have issued a joint threat bulletin following three ransomware attacks by Russian ransomware...

The Hunters International threat group is targeting IT workers by impersonating a legitimate IP and port scanning tool to deliver...

A recent study conducted by the cybersecurity firm Semperis has revealed that companies are often targeted by ransomware groups multiple...

The average cost of a data breach has risen to $4.88 million with the highest breach costs at critical infrastructure...

The Department of Health and Human Services (HHS) has announced a major restructuring that will allow the department to streamline...

A North Korean government hacker has been indicted for his involvement in Maui ransomware attacks on U.S. hospitals and healthcare...

A report published this week has warned about gaps in data security and compliance at healthcare organizations, where files containing...

Kiteworks (formerly Accellion, Inc.) has published the findings of a 2024 survey of professionals in the IT, security, and compliance...

Mandiant has announced that the North Korean Threat group Andariel (UNC614) has been designated an Advanced Persistent Threat (APT) actor,...

New data released by Guidepoint Security shows there has been a 9% quarter-over-quarter increase in ransomware attacks, with H1, 2024...

A ransomware attack on the Australian electronic prescription service provider MediSecure resulted in the theft of 6.5TB of data, including...

The Department of Justice has announced that two foreign nationals have pleaded guilty to charges related to their participation in...

After the massive disruption and financial difficulties caused by the Change Healthcare ransomware attack, the last thing healthcare providers need...

More than a dozen vulnerabilities have been identified in the Philips Vue PACS image management and communication system, including critical...

The first half of 2024 saw a significant increase in the number of victims of data breaches, according to a...

An analysis of ransomware groups’ data leak sites by Reliaquest has shown a marked increase in activity in Q2, 2024,...

A bipartisan group of three senators has introduced legislation to improve cybersecurity in the healthcare and public health (HPH) sector. The...

Cyberattacks on the healthcare sector are increasing in severity, frequency, and sophistication and unless greater effort is made to harden...

There are many ways that the HIPAA Rules can be violated via email, from simple errors involving protected health information...

The Health Information Sharing and Analysis Center (Health-ISAC) has issued a warning to the healthcare and public health sector about...

Multiple vulnerabilities have been identified in Proges Plus temperature monitoring devices and their associated software. The vulnerabilities affect the Sensor...

Progress Software has recently disclosed two flaws in its MOVEit Transfer managed file transfer solution, and one flaw in MOVEit...

A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI) and the Department of Health and...

SecurityScorecard has given the U.S. healthcare industry a B+ rating for cybersecurity for the first half of 2024 with the...

A warning has been issued to the healthcare and public health (HPH) sector about the Qilin ransomware group, which is...

In 2022, a hacker breached the network of the Australian health insurance provider Medibank, obtained the personal and medical information...

Record numbers of cyber claims were filed against insurance policies in North America in 2023, according to a recent analysis...

Two high-severity vulnerabilities have been identified in MicroDicom DICOM Viewer medical image viewer, one of which could lead to the...

A financially motivated threat actor tracked as UNC5537 has been conducting a campaign targeting Snowflake customer databases. At least 165...

Under the Biden administration’s Health Sector Cyber Initiative, Microsoft and Google have committed to providing critical access and rural hospitals...

The Federal Bureau of Investigation (FBI) is urging victims of LockBit ransomware attacks to get in touch with the Internet...

Senate Finance Committee chair, Senator Ron Wyden (D-OR) wrote to Department of Health and Human Services (HHS) Secretary Xavier Becerra...

A new report from the Google-owned cybersecurity firm Mandiant has confirmed that there was a significant rise in ransomware activity...

The HHS Health Sector Cybersecurity Coordination Center has shared a guide to Distributed Denial of Service (DDoS) attacks that includes...

Two critical vulnerabilities have been identified in Baxter Welch Allyn products – The Welch Allyn Product Configuration Tool and Welch...

A ransomware attack on a hospital involves the encryption of computer networks, rendering essential systems and data unavailable. Hospitals have...

Check Point issued a warning on Monday that hackers are actively targeting VPN solutions with weak security settings to gain...

A recent survey of IT professionals has revealed that 37% of healthcare organizations* do not have a security incident response...

The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the...

On May 20, 2024, The Cybersecurity and Infrastructure Security Agency (CISA) added a critical NextGen Healthcare Mirth Connect remote code...

A Department of Health and Human Services (HHS) agency, The Advanced Research Projects Agency for Health (ARPA-H), has established a...

Healthcare data breaches fell 43% month-over-month, with 54 data breaches of 500 or more records reported to the HHS’ Office...

Almost a dozen vulnerabilities have been identified in GE HealthCare Vivid Ultrasound machines that could be exploited by threat actors...

Microsoft has released a patch to fix a zero-day Windows vulnerability – CVE-2024-30051 – exploited in attacks delivering QakBot malware....

All healthcare and public health (HPH) sector organizations have been warned to be on high alert and to implement mitigations...

In late 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched a Ransomware Vulnerability Warning Pilot (RVWP) program that...

The UK’s National Crime Agency (NCA) has named the leader of the infamous LockBit ransomware group as Russian national Dmitry...

BakerHostetler has released the 10th edition of its Data Security Incident Response Report, which shares data from the incidents the...

Ransomware groups target the healthcare sector because a successful attack gives them access to large amounts of sensitive data that...

On May 1, 2024, the 2024 Verizon Data Breach Investigations Report (DBIR) was released, which this year involved an analysis...

The exploitation of vulnerabilities in software and operating systems is becoming far more common for initial access to networks, with...

March was a particularly bad month for healthcare data breaches with 93 breaches of 500 or more records reported to...

According to the Q1, 2024 ransomware report from the ransomware remediation firm Coveware, ransom payments have fallen to a record...

The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Europol’s European Cybercrime Centre (EC3), and the Netherlands’...

Exploitation of a recently disclosed zero-day vulnerability affecting Palo Alto Networks firewalls has grown since proof-of-concept exploits were released, and...

An analysis of ransomware activity by GuidePoint Security’s Research and Intelligence Team (GRIT) shows a 55% year-over-year increase in active...

An analysis of the websites of non-federal acute care U.S. hospitals has confirmed that 96% of those websites use tracking...

The electronic health record provider Epic Systems has cut off access to data for a startup called Particle Health after...

Ransomware attacks have been reported by Canopy Children’s Solutions, the Sleep Management Institute, the Epilepsy Foundation of Metro New York,...

IT professionals and security executives believe cyberattacks have increased since 2023 according to a recent survey by Keeper Security.  The...

Investing in cybersecurity can help organizations prevent data breaches and avoid regulatory fines, but there are other benefits. A recently...

Warnings have been issued by the American Hospital Association (AHA) and the Health Sector Cybersecurity Coordination Center (HC3) about a...

The Health Sector Cybersecurity Coordination Center (HC3) has issued a healthcare and public health (HPH) sector alert about credential harvesting,...

This week, Senator Mark R. Warner (D-VA) introduced new legislation that will allow for advance and accelerated payments to healthcare...

Senator Bill Cassidy, M.D. (R-LA), ranking member of the Senate Health, Education, Labor, and Pensions (HELP) Committee, has demanded answers...

The HealthSec: Cyber Security for Healthcare Summit returns for its 2nd edition in Boston, Massachusetts on June 12th – 13th!...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and other U.S. and international partners have issued...

Healthcare organizations have been warned about the threat of email bombing attacks, which are a type of denial-of-service (DoS) attack...

A typical U.S. hospital has between 10 and 15 medical devices per bed, which means a 1,000-bed hospital could have...

In 2023, the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) received record numbers of complaints about cybercrime with...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have issued five cybersecurity information sheets...

The National Security Agency (NSA) has issued guidance on implementing zero trust security to limit lateral movement within the network...

Microsoft OneDrive is the most popular cloud app in healthcare, and it is also one of the most popular for...

The Department of Health and Human Services (HHS) has issued a statement about the February 2024 Blackcat ransomware attack on...