Long-Term Care Services Firm Says Breach Affects 4.2 Million

‘Inaccessible Computers’ Incident Initially Reported as Affecting 501 People   … “Data breaches are time-consuming to investigate,” said Tom Walsh, president of privacy and security consulting firm twSecurity. For example, if phishing or compromised email accounts are implicated in a cybersecurity incident, “all of the saved email messages from the mailboxes of each employee – […]

Read More

California Medical Group’s Ransomware Breach Affects 3.3M

Regal Medical Group Says Patients of Several Affiliates Are Among Those Affected   … “The entire organization is going to be at risk once a connected network is in place. This is why understanding the security stance of a potential acquisition before implementation to the network is so important,” says Susan Lucci, senior privacy and security […]

Read More

VA Hospital ‘High-Risk’ Vulnerability Unaddressed for Years

OIG Audit Findings Include Weaknesses Familiar to Other Healthcare Entities   … Still, “a ‘high-risk’ vulnerability identified over seven years ago that has still not yet been remediated: In the IT world, that’s a really long time,” says Tom Walsh, president of privacy and security consulting firm tw-Security, who reviewed the audit report at Information […]

Read More

Colonoscopy Prep Retail Website Breach Festered for Years

Personal Data of 244,000 in Flux After Malware Probe of Gastroenterologist Vendor   … The stretched out time frame of the malware incident – including the apparent 19-month-long investigation and potential lag in notifying individuals of a breach – is concerning for a variety of reasons, says Tom Walsh, CEO of privacy and security consultancy […]

Read More

Pediatric EMR Vendor Hack Affects 2.2 Million

Incident Spotlights Multiple Common But Serious Data and Vendor Concerns … Complicating matters, pediatric data typically has longer data retention requirements, says Wendell Bobst, senior security consultant at privacy and security consultancy tw-Security. “This means that pediatric providers tend to keep data longer than adult patients,” he says. … Connexin provides its Office Practicum as […]

Read More

CommonSpirit’s Ransomware Incident Taking Toll on Patients

Also: Why Some Facilities Are Affected While Others Are Not … “The reliance on the electronic medical record continues to grow and that is to be expected,” says Susan Lucci, senior privacy and security consultant at tw-Security. Information like allergies, recent diagnoses, and current medications can influence patient care decision-making, she says. “This is another […]

Read More

Feds Warn Healthcare Over Cobalt Strike Infections

Red-Teaming Tool Poses Ongoing Risks When Used by Hackers, HHS Warns … Detection should lead to quick action, says Keith Fricke, principal consultant at privacy and security consultancy tw-Security. Cobalt Strike and other red-teaming tools are ”’legitimate’ in the sense that they can be used by red teamers, but are offensive security tools,” he says. […]

Read More

VA Center’s IT Legacy Flaws Common at Other Health Entities

OIG Security Audit of Texas VA Facility Found Familiar Problems … There are other reasons why many healthcare entities continue to keep legacy IT systems and equipment running long after they are no longer supported by vendors, says senior privacy and security consultant Susan Lucci of tw-Security. Risks associated with obsolescence are “not generally top of mind, […]

Read More