Update: This incident was reported to HHS as affecting 1,362,470 patients. The Centers for Medicare and Medicaid (CMS) has posted a notice on its site about a data breach at one of its contractors, Maximus Federal Services, Inc. Maximus was one of hundreds of victims of a 0day attack on MOVEit file transfer software by the…
Category: Health Data
Read more Health3PT Releases Blueprint for Third Party Risk Management to Fix the Ineffective Cyber Risk Assessment Process for the Healthcare Industry
Survey finds 60% of covered entities and 72% of their vendors believe today’s third-party risk management practices are not effective: new guidance provides a consistent set of practices to reduce cyber risk for the health industry FRISCO, Texas–July 27, 2023–The Health 3rd Party Trust (Health3PT) Initiative today announced the release of the Health3PT Recommended Practices &…
Health data of more than 8 million people accessed by MOVEit hackers: US govt contractor
In what may be the largest health data breach reported so far in 2023, a government contractor affected by the MOVEit breach disclosed the breach in an SEC filing. ANS reports: Maximus, a US government services contracting company, has confirmed that hackers exploited a vulnerability in MOVEit Transfer to access the protected health information of…
CardioComm, a provider of ECG monitoring devices, confirms cyberattack downed its services
Carly Page reports: CardioComm Solutions, a Canadian provider of consumer and professional-grade heart monitoring technologies, has been downed by an ongoing cybersecurity incident. The Toronto-based organization said on Tuesday that its business operations will be “impacted for several days and potentially longer” following a “cybersecurity incident on the Company’s servers.” At the time of writing,…
Rush Health Must Face Suit Over Health-Info Sharing With Google
Christopher Brown reports: Rush System for Health must defend a proposed class action alleging it shared health information of patients using its patient portal with Google Inc. and other third parties, in breach of its contract with patients and in violation of the Illinois Eavesdropping Act. Marguerite Kurowski successfully stated a claim for breach of contract regarding…
UK: Ambulance patient records system hauled offline for cyber-attack probe
Lindsay Clark reports: Several UK NHS ambulance organizations have been struggling to record patient data and pass it to other providers following a cyber-attack aimed at health software company Ortivus. In a statement, the Sweden-headquartered software vendor said it was subject to a cyber-attack on July 18 which hit UK customer systems within its hosted datacenter…