Top Stories
CISA: Why Healthcare Is No Longer Off-Bounds for Attackers
Healthcare entities of all types and sizes could be the next targets of major cybersecurity attacks, said Nitin Natarajan, deputy director of the Cybersecurity and Infrastructure Security Agency.
Breaches
Patient Seeks to Force Hospital Network to Pay Hackers Ransom to Remove Naked Photos Online - WSJ
A patient suing a Pennsylvania-based hospital network over a data breach has asked a judge to force the organization to pay a ransom fee to hackers in a bid to have stolen photos of naked patients taken off the internet.
Over 20,000 Iowa Medicaid Members Affected By Data Breach - Infosecurity Magazine
According to the department, the Iowa Medicaid system itself was not compromised. Instead, the breach was due to an attack on a contractor’s computer systems that occurred between June 30 and July 5 2022.
Parent of 2 Major Massachusetts Health Insurers Suffers Ransomware Attack
Massachusetts-based Point32Health, the parent of Harvard Pilgrim Health Care and Tufts Health Plan, posted a notice on its website regarding a “cybersecurity ransomware incident” that it discovered on April 17. Harvard Pilgrim Health Care and Tufts Health Plan merged in 2021, creating one of the state’s largest health insurers.
Poorly Set Server, Human Error Blamed for DC Health Breach
House Oversight committee members called for the firing of whoever caused the DC Health Benefit Exchange breach and exposed the personal information of lawmakers to a dark web criminal forum. An exchange executive testified Thursday that the breach had been caused by "human error" and a server that was configured with no authentication controls.
Security
Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP 2023 Edition)
Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP 2023 Edition) outlines the top threats facing the HPH Sector. Developed with every stakeholder in mind, organizations from small to large can benefit from the resources and best practices provided in the main document and additional two technical volumes. HICP aims to provide organizations with recommendations and best practices to prepare and fight against cybersecurity threats that can impact patient safety.
HHS 405(d): Hospital Cyber Resiliency Initiative - Landscape Analysis
The Department of Health and Human Services' 405(d) Program released on Monday the Hospital Cyber Resiliency Initiative Landscape Analysis - a report on hospitals' current state of cybersecurity preparedness.
Europe
OpenAI’s hunger for data is coming back to bite it | MIT Technology Review
OpenAI has just over a week to comply with European data protection laws following a temporary ban in Italy and a slew of investigations in other EU countries. If it fails, it could face hefty fines, be forced to delete data, or even be banned. But experts have told MIT Technology Review that it will be next to impossible for OpenAI to comply with the rules. That’s because of the way data used to train its AI models has been collected: by hoovering up content off the internet.
Misc
CFPB Says Staffer Sent 250,000 Consumers’ Data to Personal Account - WSJ
A Consumer Financial Protection Bureau employee forwarded to a personal email account confidential information on thousands of consumers and dozens of financial firms, in what the agency has described to U.S. lawmakers as a major incident.