Privacy & Security
Threat actors are using artificial intelligence for both designing and executing attacks on hospitals and health systems. HC3 used ChatGPT to show how bad actors leverage generative AI to design spear-phishing emails and malware.
Plaintiffs say the apparent theft of identity and other information announced this past week, which could impact as many as 11 million people, happened because the health system did not use "reasonable security procedures and practices."
Artificial intelligence has changed the threat landscape, enabling new cybersecurity risks for health systems: more sophisticated social engineering, automated vulnerability intelligence gathering, endpoint detection evasion and more.
AT&T's annual industry insights report revealed a shift in focus from consumer virtual care in 2022 to richer budgeting for tele-emergency medical services.
The health system says the patient data, which was posted online, includes names, phone numbers and appointment information, but not clinical or payment info.
Medtronic has released an update for a cybersecurity vulnerability that an unauthorized user could exploit to steal, delete or modify cardiac device data or to gain network access.
The agency says that FIN11 uses a variety of TTPs and has gained access to more organizations than it is able to monetize, choosing to initiate zero-day exploits based on an organization's location and security posture.
An April ransomware attack that compromised the PPI and PHI of some 2.5 million members has led to multiple class action lawsuits against the Massachusetts-based health plan and its parent company.
The Illinois Catholic health system has signed a nonbinding letter of intent with OSF Healthcare to acquire the Peru campus.
They say a vulnerability in MOVEit, a managed file transfer product from Progress Software that provides automated high-volume, HIPAA- and GDPR-compliant transfers, could leave hospitals or healthcare organizations at risk.