Issue 49 May 12th 2023

Breaches

Atlanta-based NextGen sued for healthcare data breach of 1M customers

NextGen Healthcare, which makes and sells software for medical and other healthcare providers, is the target of a federal lawsuit charging that it was negligent in defending itself against a cyberattack that permitted hackers access to information about more than a million consumers.

New Mexico Department of Health Data Breach Exposes Decedent Health Information

The New Mexico Department of Health (DOH) reported a breach to HHS that impacted 49,000 individuals. The breach occurred when DOH discovered that a spreadsheet containing information about individual deaths in New Mexico had been sent to a journalist.

SuperCare Health Reaches $2.25M Data Breach Settlement Over Alleged Negligence

SuperCare Health has agreed to a data breach settlement totaling $2.25 million in a class-action lawsuit filed by plaintiff Vickey Angulo and class members, who alleged the organization’s “reckless” approach to cybersecurity had led to the exposure of personal health information for hundreds of thousands of patients.

Security

Malicious Bot Activity On the Rise in Healthcare

Healthcare websites saw more than 31 percent of all traffic originating from bots, Imperva’s latest Bad Bot Report revealed.

Feds Warn of Rise in Attacks Involving Veeam Software Flaw

Federal authorities are warning the healthcare sector of a rise in cyberattacks against a backup application made by software developer Veeam. The attacks appear tied to exploitation of a high-severity vulnerability in the vendor's software disclosed in March.

Young Cyber Companies Face Uncertain Economy - WSJ

Newer cybersecurity companies are grappling with uncertain economic conditions as they find it harder to raise capital, continue to trim their workforces and refocus on profits after long periods of chasing growth.

Europe

European Parliament Rejects EU-US Data Framework

Lawmakers called on the European Commission to reject a draft legal framework facilitating trans-Atlantic commercial data flows in a non-binding vote by the European Parliament.

Breach of Mental-Health Records Challenges Nation’s Court System - WSJ

Following a cyberattack against a psychotherapy treatment center in Helsinki in 2020, the perpetrator threatened to put sensitive patient records online unless the Vastaamo clinic paid 40 bitcoins, equivalent at the time to around 400,000 euros. When the clinic didn’t pay, the hacker pressed individual patients for payment with bullying emails.

Misc

NSA Chief Paul Nakasone Has Said He Expects to Step Down in Coming Months - WSJ

Army Gen. Paul Nakasone, the director of the National Security Agency, has told colleagues in the Biden administration he expects to step down from the helm of the nation’s electronic spy agency and military’s Cyber Command in the coming months, according to people familiar with the matter.

Microsoft Employees Are Hooked on the Company’s Training Videos - WSJ

Modern compliance training began in the 1990s, when the Justice Department changed its sentencing guidelines to underscore the importance of training employees about relevant laws and regulations.

Companies quickly learned that if they were caught breaking the law, they might avoid penalties if they could show they had told employees not to do it. Rather than just flooding employee inboxes with reminders to watch compliance videos, Microsoft and Meta hope people will tune in to see what happens in the next episode.

AI and ML: Changing the way healthcare is delivered - Express Healthcare

AI and ML are reshaping different facets of healthcare delivery, research, and decision-making, which is reinventing the health care industry. AI technologies are currently being integrated into larger healthcare processes and workflows to generate ground-breaking innovations, along with the traditionally relied tasks like medical image analysis or diagnosis support.