Survey finds 60% of covered entities and 72% of their vendors believe today’s third-party risk management practices are not effective: new guidance provides a consistent set of practices to reduce cyber risk for the health industry FRISCO, Texas–July 27, 2023–The Health 3rd Party Trust (Health3PT) Initiative today announced the release of the Health3PT Recommended Practices &…
Category: Health Data
Health data of more than 8 million people accessed by MOVEit hackers: US govt contractor
In what may be the largest health data breach reported so far in 2023, a government contractor affected by the MOVEit breach disclosed the breach in an SEC filing. ANS reports: Maximus, a US government services contracting company, has confirmed that hackers exploited a vulnerability in MOVEit Transfer to access the protected health information of…
CardioComm, a provider of ECG monitoring devices, confirms cyberattack downed its services
Carly Page reports: CardioComm Solutions, a Canadian provider of consumer and professional-grade heart monitoring technologies, has been downed by an ongoing cybersecurity incident. The Toronto-based organization said on Tuesday that its business operations will be “impacted for several days and potentially longer” following a “cybersecurity incident on the Company’s servers.” At the time of writing,…
Rush Health Must Face Suit Over Health-Info Sharing With Google
Christopher Brown reports: Rush System for Health must defend a proposed class action alleging it shared health information of patients using its patient portal with Google Inc. and other third parties, in breach of its contract with patients and in violation of the Illinois Eavesdropping Act. Marguerite Kurowski successfully stated a claim for breach of contract regarding…
UK: Ambulance patient records system hauled offline for cyber-attack probe
Lindsay Clark reports: Several UK NHS ambulance organizations have been struggling to record patient data and pass it to other providers following a cyber-attack aimed at health software company Ortivus. In a statement, the Sweden-headquartered software vendor said it was subject to a cyber-attack on July 18 which hit UK customer systems within its hosted datacenter…
Law Firm Hack Affects Victims of an Earlier Breach Again
Marianne Kolbasuk McGee reports: A global law firm is notifying nearly 153,000 individuals of a hacking incident that compromised several client files. The files contained sensitive personal information and affects vision care patients who had been victims of a breach three years ago. Orrick, Herrington & Sutcliffe on July 20 reported the data breach to…