The healthcare and public health sector (HPH) issued an alert about a continuing phishing campaign that uses the DocuSign e-signature software to impersonate popular companies. The target of the phishing campaign is to mislead company staff into allowing their billing...

The Critical Infrastructure Security and Resilience Month is celebrated this November. One month is devoted to increasing knowledge of why fortifying critical infrastructure security and resilience is important. The U.S. Cybersecurity and Infrastructure Security...

Microsoft tracked a foreign threat actor called Midnight Blizzard (also known as APT29, Cozy Bear). It is performing a spear phishing campaign attacking companies in several sectors, such as academia, government, defense, information technology, non-governmental...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Communications Security Establishment Canada (CSE), the National Security Agency (NSA), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), and the Australian Federal...

Gryphon Healthcare has reported a security incident wherein the files of approximately 400,000 people with protected health information (PHI) had been accessed by unauthorized individuals. Gryphon Healthcare based in Houston, TX is a revenue cycle, coding, HIPAA...

Omni Family Health, a healthcare provider with centers across Kings, Kern, Fresno, and Tulare counties in California, has informed patients and staff about the potential theft of their protected health information (PHI) in a recent cyberattack. The organization...

A global law enforcement campaign called Operation Cronos has led to the arrest of four people who are allegedly involved in LockBit ransomware attacks and the shutdown of nine servers tied to the LockBit ransomware network. These actions are included in the third...

The State of Ransomware in Healthcare 2024 report by Sophos revealed that ransomware attacks on healthcare organizations continue to rise, even as incidents in other industries have declined. Across all sectors, the percentage of organizations reporting a ransomware...

The Centers for Medicare and Medicaid Services (CMS) reported a data breach to the Department of Health and Human Services (HHS) that affected 3,112,815 people. This breach, initially announced by CMS and Wisconsin Physicians Service Insurance Corporation (WPS)...

CorrectCare Integrated Health LLC (CorrectCare) settled a class action lawsuit associated with a 2022 data breach impacting approximately 600,000 individuals. The court gave the final approval for the settlement that cost CorrectCare $6.49 million. Third-party...

The lawsuit against IU Health and IU Health Associates filed by Attorney General Todd Rokita of Indiana related to violations of the Indiana Deceptive Consumer Sales Act and the Health Insurance Portability and Accountability Act (HIPAA) has been dismissed. The case...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a report detailing the findings from risk and vulnerability assessments (RVAs) conducted across various organizations, including state, local, tribal, and territorial (SLTT) entities,...

The Wisconsin Physicians Service Insurance Corporation (WPS) and Centers for Medicare & Medicaid Services (CMS) are notifying approximately 947,000 people about the compromise of some of their protected health information (PHI) and personally identifiable...

Texas Attorney General Ken Paxton took legal action against the Department of Health and Human Services (HHS) and its Secretary Xavier Becerra, for the alleged legitimacy of a new HHS final rule about reproductive healthcare privacy. The rule, HIPAA Privacy Rule to...

Software solutions provider Young Consulting (also known as Connexure) based in Atlanta services the employer stop-loss insurance industry. It recently encountered a BlackSuit ransomware attack that compromised the medical insurance data of 954,177 persons. The...

Ransomware continues to be a threat in 2024, with recent reports about its persistence, profitability, and evolving tactics. Despite efforts by law enforcement to combat these cyberattacks, ransomware groups show no signs of retreating. A report by blockchain analysis...

Humana has consented to resolve a lawsuit filed by a whistleblower concerning the submission of fraudulent bids by the health insurer to the Centers for Medicare and Medicaid Services (CMS) for Medicare Part D contracts between 2011 and 2017. The Medicare Part D...

The Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA), together with their global partners, have...

Health system McLaren Health Care based in Grand Blanc, MI manages 13 hospitals in Michigan and several doctor offices, ambulatory surgery centers, and other patient care facilities in the state. It reported an investigation of an outage impacting its telephone and...

In early July, a data breach report was submitted by HealthEquity, a financial technology and business services company based in Draper, UT. HealthEquity mentioned in its 8-K filing with the Securities and Exchange Commission (SEC) that suspicious activity was...

United of Omaha Life Insurance Company based in Nebraska has reported a phishing email that led to a protected health information (PHI) breach involving 107,894 individuals. The insurer discovered the breach on April 23, 2024 upon identification of anomalous activity...

MediSecure, an Australian company providing electronic prescription services, encountered a ransomware attack that enabled the theft of 6.5TB of data, which included the sensitive information of approximately 12.9 million Australians - about 50% of the population of...