The Office of Inadequate Security
Here’s today’s reminder of the insider threat. We start with a notice from Geisinger about a security incident involving Nuance Communications: Nuance Communications Inc., an outside vendor that provides information technology services for Geisinger, is notifying Geisinger patients that some personal information may have been accessed by a former Nuance employee. On Nov. 29, 2023,…
Scott Ikeda writes: A cyber attack on London hospitals that has unfolded over the course of June has had a devastating impact on the city’s blood supply, and has caused hundreds of operations to be postponed. New reporting from Bloomberg indicates that the city’s hospitals have long known that Synnovis, the pathology lab at the center of…
Matt Burgess reports: Crippling ransomware attacks against hospitals and health care providers are on the rise. These ruthless cyberattacks can take medical systems offline for weeks—canceling appointments and surgeries and causing harm to patients. Doctors and nurses are plunged into crisis situations where they resort to using pen and paper, while IT staff work to make…
Jan Vermeulen reports: The National Health Laboratory Service (NHLS) has shut down its IT systems following a breach over the weekend. Its emails, website, and system for retrieving and storing patients’ lab test results are offline. Based on a memo from NHLS chief executive officer Prof Koleka Mlisana, the intrusion caused damage, suggesting the NHLS…
Alexa Lardieri reports: A cyberattack on a major American hospital system has caused dangerous medication mix ups including patients administered narcotics by mistake, leading to an admission to intensive care for life-threatening breathing difficulties. In another case, a female patient suffered a cardiac arrest and died after data mishaps delayed test results that would determine her…
Is the following case an example of insider threat or it is a whistleblower situation — or both? The U.S. Attorney’s Office of Southern Texas issued the following press release on June 17: A Houston doctor has been indicted for obtaining protected individual health information for patients that were not under his care and without…