News

The agency emphasized the importance of implementing physical and cybersecurity best practices and continued to discourage victims from paying ransoms.

More than 80% of Parkview Medical Center's clinicians agreed the software improved their ability to communicate patient information, while nearly as many said they feel more connected to their care teams.

The Massachusetts Federally Qualified Health Center Telehealth Consortium also announced that it had raised more than $6 million toward ensuring equitable and sustainable virtual care.

A report released Thursday by the cybersecurity firm Critical Insight found that bad actors have begun to shift their healthcare targets.   The report used cyberattack data from the first half of 2021 to show that the number of breaches in the beginning of 2021 was higher than any six-month period between 2018 and the first half of 2020.   "Examining breaches caused by hacking reveals something unexpected – attackers breached outpatient facilities and specialty clinics nearly as much as hospitals," read the report.   WHY IT MATTERS Hospital data breaches have made headlines over the past year, with some recent incidents putting hundreds of thousands of records at risk.  However, the report notes that non-hospital facilities have also been victimized.   "While it may be tempting to think that clinics do not require the same level of cybersecurity diligence as large healthcare systems, that idea is mistaken," wrote the CI team in the report.   "Attackers look for the easiest target; if that target is a mental health clinic, that is what they will go after," they continued. Smaller organizations run the same systems and use the same technology as hospital systems, the report notes – but they also typically have less money to spend on security.   For similar reasons, hackers have also focused on business associates, exploiting security gaps in order to steal sensitive data.   "The proportion of business associates impacted by hacking-related breaches has increased with time, standing at roughly half of the breaches reported during the first half of 2021," said the report.   The CI team found that the number of attacks reported to the U.S. Department of Health and Human Services in the first half of 2021 was roughly 77% higher than the same time period in 2018.    Many of the attacks involve phishing, ransomware and vulnerable software exploitation.    The team says organizations must prioritize several key areas in order to respond: Assess third-party risk Regularly review business associate agreements Develop ransomware prevention and response plan Implement strong access controls Practice basic security hygiene   "The healthcare industry is a target-rich crucible of remote workers, medical devices running outdated software, and third-party vendors with access to sensitive information," wrote the team.   "Managing risk in an era of digital transformation comes with a mandate to review their security policies and controls and adjust to a complex threat landscape," they added.   THE LARGER TREND A particularly challenging aspect of third-party breaches is their ripple effect: Attacks on business associates are rarely confined to patient data at just one facility. For instance, a cyberattack on the healthcare administrative-service provider CaptureRx in February exposed patient information from at least five provider systems.   And a breach at the radiation treatment software company Elekta impacted dozens of hospitals and health systems across the country.    ON THE RECORD   "Our analysis of the HHS data reveals that healthcare organizations must focus on a holistic approach to cybersecurity that combines third-party risk management, regular security and compliance assessments, incident response, and 24x7x365 detection and response to ensure patient data is defended," the CI team wrote. Kat Jercich is senior editor of Healthcare IT News. Twitter: @kjercich Email: kjercich@himss.org Healthcare IT News is a HIMSS Media publication.

The latest update to the incident mentions that the IT system at the Eye & Retina Surgeons Camden branch has been securely restored. 

A researcher took a deep dive into the behavior of commercially insured individuals within and outside of one of the country's largest health systems.

A physician expert talks pre-pandemic regulations, ethical telemedicine across state lines, how virtual care technologies are boosting access and more.

"We just don’t have enough psychiatrists and psychologists to meet the demand," said one expert during HIMSS21 Digital.

Earlier this year, the NHS was issued a legal challenge over its contract with Palantir.