In the middle of 2017, healthcare organizations and other companies were hit with two huge ransomware attacks. The struggle for digital security continues.
The group, called Orangeworm, has targeted healthcare providers, medical manufacturers and others in the supply chain.
While healthcare organizations continue to struggle with ransomware, they also suffer breaches when their employees make mistakes, like leaving a laptop in a car where it can be stolen.
As the plague of cyberattacks on health systems continues, HHS' Office for Civil Rights wants healthcare organizations to establish contingency plans to keep patient data secure.
HHS' Office for Civil Rights is investigating Banner Health following a 2016 cyberattack that may have affected 3.7 million patients. The Phoenix-based not-for-profit system anticipates that it may receive negative findings and be fined.
A Florida-based provider accused Allscripts of failing to take necessary precautions to prevent a ransomware attack that shut down its cloud-based EHR and forced clients to cancel business.
Medical devices that are connected to hospital computer systems create vulnerabilities that can be difficult to manage.
Hancock Health paid a roughly $55,000 ransom to hackers from an "unidentified criminal group" to regain access to hospital computer systems. The network said it found no evidence that patient information was adversely affected.
Florida officials say hackers may have accessed the personal information and medical records of up to 30,000 Medicaid recipients two months ago.
21st Century Oncology, a cancer-care provider, has agreed to pay HHS $2.3 million to settle allegations that it didn't implement proper protocols to protect patient information from hackers.
More than 18,000 Henry Ford Health System patients' personal health information was viewed or stolen in early October by an unknown person or entity who hacked the Detroit-based health system's electronic health records.
The announcement of the breach comes just over a month after Anthem reached the largest ever settlement in a data-breach case.