14 articles tagged with "healthcare".
A Black Basta ransomware attack on Ascension Health, one of the largest US Catholic healthcare systems, forced hospitals to divert emergency patients, delay surgeries, and revert to paper records, affecting 5.6 million patients.
Kaiser Foundation Health Plan disclosed that web tracking technologies including Google Analytics shared personal health information of 13.4 million current and former members with third-party advertisers, the second-largest healthcare breach of 2024.
HITRUST CSF provides a certifiable security framework that harmonizes over 60 regulations including HIPAA, NIST, and ISO 27001. The framework offers three assessment types (e1, i1, r2) for organizations handling healthcare and sensitive data.
HHS proposed sweeping changes to the HIPAA Security Rule in January 2025, eliminating the addressable vs. required distinction and mandating encryption and MFA. Finalization targeted for May 2026.
Healthcare ransomware attacks affected 93% of organizations in 2024-2025, with Ascension's $1.8B loss and 5.6M affected patients illustrating the sector's vulnerability. HIPAA Security Rule update pending.
A ransomware attack on AZ Monica hospital in Antwerp forced cancellation of 70+ surgeries, patient transfers, and revealed a broader breach affecting five Belgian hospitals through a shared software supplier.
AZ Monica hospital in Antwerp shut down all servers at 6:32 AM after detecting ransomware, canceling 70+ operations and transferring 7 critical patients. Belgium pledged €10M for hospital cybersecurity.
A record merge error during a system enhancement exposed member PHI through Blue Shield's member portal. The October 2025 incident was disclosed in January 2026 under HIPAA requirements.
Blue Shield of California disclosed that a Google Analytics misconfiguration shared protected health information of 4.7 million members with Google Ads over nearly three years.
Ryan Goldberg (Sygnia) and Kevin Martin (DigitalMint) admitted to operating as ALPHV/BlackCat affiliates, targeting healthcare organizations and causing $9.5M in losses. They face up to 20 years in prison.
The ALPHV/BlackCat ransomware attack on Change Healthcare caused the most significant disruption to the US healthcare system from a cyberattack, affecting claims processing for months and exposing data of approximately 100 million individuals.
A Qilin ransomware attack on pathology provider Synnovis disrupted blood testing and transfusion services across major London NHS hospitals for months, forcing cancellation of thousands of operations and appointments.
Cencora (formerly AmerisourceBergen), one of the world's largest pharmaceutical distributors, suffered a data breach exposing patient personal and health information from its specialty pharmacy and patient services programs.
Hackers breached Yale New Haven Health's network, stealing personal and medical information of 5.56 million patients in the largest healthcare data breach of 2025, resulting in an $18 million class action settlement.