Cybersecurity strategies
The healthcare sector faces a variety of cyberthreats, but experts are constantly working to provide organizations with reliable cybersecurity strategies to address them. Learn about the latest tactics for tackling cyber risk, with efforts led by security practitioners, federal agencies and leading cybersecurity companies.
Top Stories
-
Feature
06 Oct 2025
Securing healthcare data in preparation for a post-quantum era
A post-quantum world may seem far off, but experts say that healthcare leaders should begin planning now to ensure that health data is protected. Continue Reading
-
Feature
02 Oct 2025
Preparing EHR systems for ransomware attacks
Experts weigh in on how proactive cybersecurity planning protects your patients. Continue Reading
-
News
13 Sep 2021
University of Minnesota Unveils Center for Medical Device Cybersecurity
The new Center for Medical Device Cybersecurity aims to cultivate collaboration between students, the tech industry, and government. Continue Reading
-
News
09 Sep 2021
BlackMatter Ransomware Attacks Threaten Healthcare, HC3 Says
HC3, HHS’s cybersecurity arm, released a threat brief breaking down the BlackMatter ransomware group’s origins, threat tactics, and likely targets. Continue Reading
-
News
07 Sep 2021
Biden Administration Announces National Cybersecurity Initiatives
President Biden met with education and private sector leaders to discuss national cybersecurity initiatives following the Administration’s executive order in May. Continue Reading
-
News
06 Sep 2021
FBI Warns of OnePercent Group Ransomware in New Flash Alert
The FBI’s latest flash alert warns of OnePercent Group ransomware, a hacker organization that uses phishing emails to infect networks and encrypt data. Continue Reading
-
News
03 Sep 2021
CISA, FBI Release Holiday Ransomware Awareness Guidance
CISA and the FBI released holiday ransomware awareness guidance in light of increasing reports of ransomware attacks on holidays and weekends this summer. Continue Reading
-
News
01 Sep 2021
Hospital Cybersecurity Ratings Catch Up to Other Industries
Hospital cybersecurity ratings historically lag behind other industries such as finance and retail, but the gap is slowly closing. Continue Reading
-
News
31 Aug 2021
FBI Flash Alert Warns Organizations of Hive Ransomware Group
The FBI's latest flash alert warns organizations about Hive ransomware, the group responsible for a cyberattack on Memorial Health System that resulted in EHR downtime. Continue Reading
-
News
30 Aug 2021
CISA Releases Guidance on Protecting PII From Ransomware Attacks
CISA released a fact sheet on protecting PII from ransomware attacks in light of recent high-profile cyberattacks that put personal data in jeopardy. Continue Reading
-
News
30 Aug 2021
Outpatient Facilities Now Top Targets for Healthcare Data Breaches
Cyber criminals are shifting their healthcare data breach targets away from hospitals and onto outpatient facilities and business associates, a new report shows. Continue Reading
-
News
27 Aug 2021
Infusion Pump Vulnerabilities Point to Gaps in Medical Device Security
McAfee researchers discovered significant gaps in medical device security that may allow hackers to administer deadly doses of medications through an infusion pump. Continue Reading
-
News
18 Aug 2021
CISA Says BlackBerry Vulnerability to Impact Medical Device Security
CISA issued a new alert on medical device security. Continue Reading
-
News
17 Aug 2021
Cyberattack on Vegas Medical Center Exposes Staff, Patients’ PHI
A cyberattack on a Vegas hospital system is impacting PHI of staff and patients. Continue Reading
-
News
16 Aug 2021
Cyberattack Impacting Memorial Health System’s Patient Services
A cyberattack is impacting services of a healthcare system. Continue Reading
-
Answer
16 Aug 2021
Understanding the Risks, Complexity of Healthcare Cybersecurity
One emergency medical physician and health IT adviser shares insights on the growing cybersecurity challenges in healthcare today. Continue Reading
-
News
13 Aug 2021
How Health Facilities Can Prevent, Mitigate Ransomware in 2021
Ransomware is continuing to impact the healthcare industry, which has seen a rise in cyber-attacks since the start of the pandemic. Continue Reading
-
News
12 Aug 2021
Cybersecurity, Vulnerabilities Not Priorities for Most Hospitals
A recent survey found that cybersecurity investment is not a high priority for more than 60% of hospitals, and most are unprotected against common vulnerabilities. Continue Reading
-
News
12 Aug 2021
Ex-NY Hospital Staffer Responsible for Data Breach of Patients’ PHI
The data breach exposed PHI of patients in New York. Continue Reading
-
News
11 Aug 2021
Wisconsin Governor Signs Insurance Cybersecurity Act into Law
Wisconsin's new cybersecurity law will help protect PHI and PII. Continue Reading
-
News
11 Aug 2021
Ransomware Attack on GA Health System Impacts Staff, Patients’ PHI
A Georgia healthcare system sustained a cyberattack, with hackers targeting patients' and staff members' PHI. Continue Reading
-
News
10 Aug 2021
NY Law Shows Reasonable Cybersecurity Standards For Health Providers
A Journal of AHIMA article states that reasonable cybersecurity standards for healthcare providers to follow are needed. Continue Reading
-
News
10 Aug 2021
Email Hack Results in Health Data Breach in NJ Lab
An email hacking event led to a health data breach for one lab that provides testing for patients across the country. Continue Reading
-
News
09 Aug 2021
Cyberattack Hits Health Payer Third-Party Vendor, Exposes PHI
A health and life insurance company's third-party vendor experienced a data breach, impacting protected health information (PHI.) Continue Reading
-
News
09 Aug 2021
COVID-19 Pandemic Sparks Upswing in Healthcare Data Breaches
A new study cites the increase in health data breaches during the COVID-19 pandemic. Continue Reading
-
News
06 Aug 2021
Malware Attack Exposes IL Health Centers’ Patient and Staff PHI
A cyberattack is impacting the health data of patients and staff of several Illinois health centers. Continue Reading
-
News
06 Aug 2021
Patients Cite Privacy, Cybersecurity Fears with Vax Credentials
A new poll shows that Americans have doubts about the cybersecurity of a digital vaccine card. Continue Reading
-
News
05 Aug 2021
Health Plan Email Phishing Attack Exposes Student PHI
A Microsoft Office 365 email phishing attack exposed students' PHI. Continue Reading
-
News
05 Aug 2021
Third-Party Health Data Breach Hits Pennsylvania Health Network
A Pennsylvania health network is the latest victim of a cyber attack which exposed PHI. Continue Reading
-
News
04 Aug 2021
Healthcare Data Breaches Most Common Threats to Date in 2021
A new study reports an increase in data breaches in 2021. Continue Reading
-
News
04 Aug 2021
PwnedPiper Vulnerabilities Impact Over 3K Hospitals in North America
The vulnerabilities are impacting the pneumatic tube systems of hospitals. Continue Reading
-
News
03 Aug 2021
Health IT Security Challenges Persist for Hospital Systems
Cybersecurity remains a challenge for healthcare systems. Continue Reading
-
News
03 Aug 2021
Harris County Health Data Breach Exposes PHI of 26K
A health data breach is impacting 26,000 county jail patients. Continue Reading
-
News
02 Aug 2021
Illinois Health Department Data Breaches Impact Over 24K Patients
One of the breaches includes COVID-19 vaccination status of some patients. Continue Reading
-
News
02 Aug 2021
Wisconsin Patients’ Health Data Exposed After Email Hacking Incident
A cyberattack on a Wisconsin urology office is impacting patients' health information. Continue Reading
-
News
30 Jul 2021
CA Cyberattack Targets Patient Protected Health Information
A cyberattack struck a third-party vendor, exposing some patients' PHI. Continue Reading
-
News
30 Jul 2021
Florida Health Practice Target of Cyberattack, PHI Exposed
A Florida physicians' group is the latest victim of an email phishing attack. Continue Reading
-
News
29 Jul 2021
Healthcare Data Breach Costs Surged During Pandemic
IBM Security and Ponemon Institute released a report on July 28, noting the surging costs of health data breaches. Continue Reading
-
News
29 Jul 2021
MassHealth Members Impacted by Health Data Breach
A third-party vendor's data breach is impacting over 2,000 MassHealth patients' PHI. Continue Reading
-
News
28 Jul 2021
San Diego Health Data Breach Impacts Patients, Staff, Student PHI
An email hacking incident is impacting students, staff and patients' PHI. Continue Reading
-
News
28 Jul 2021
Cyberthief Who Stole PHI Sentenced To Prison
A Texas woman was sentenced after her role in a cybercrime ring that stole PHI. Continue Reading
-
News
27 Jul 2021
Medical Imaging Center Notifies Patients of Health Data Breach
The Georgia location is notifying patients of a health data breach. Continue Reading
-
News
26 Jul 2021
Healthcare Cyberattacks, Data Breaches Pressuring Nonprofit Orgs
A new Fitch report notes the increase in cyberattacks against nonprofit healthcare facilities and hospitals. Continue Reading
-
News
23 Jul 2021
West Virginia Center’s Health Data Breach Includes Patients’ PHI
A cyberattack at the Prestera Center impacted patients' PHI. Continue Reading
-
News
22 Jul 2021
Ransomware Attack Targets Protected Health Information at Law Firm
The law firm announced the ransomware attack included medical and health information. Continue Reading
-
News
22 Jul 2021
How Can Congress Aid Healthcare Cybersecurity, Fight Ransomware?
Witnesses testified before Congress this week, noting that the healthcare sector needs help battling cyberattacks and ransomware. Continue Reading
-
News
21 Jul 2021
Patient Privacy Incident Leads to Accidental PHI Disclosure
An Oklahoma hospital is notifying patients about a recent data breach. Continue Reading
-
News
21 Jul 2021
MS Cancer Center Joins List Affected by Elekta Data Breach
A Mississippi cancer center is alerting patients of a recent data breach that impacts protected health information. Continue Reading
-
News
20 Jul 2021
Elekta Health Data Breach Strikes Jefferson Health, Disclosing PHI
Jefferson Health is notifying patients of a health data breach that exposed patient PHI. Continue Reading
-
News
20 Jul 2021
Over 68K Advocate Aurora Patients Impacted by Elekta Health Data Breach
Advocate Aurora is informing over 68,000 patients of a recent data breach. Continue Reading
-
News
19 Jul 2021
Intermountain Says Patients’ PHI Exposed in Elekta Health Data Breach
Intermountain Healthcare was impacted by the Elekta health data breach. Continue Reading
-
News
19 Jul 2021
Healthcare Data Breach in IL Exposes COVID-19 Vaccination Status
A data breach exposed PHI in Illinois, including COVID-19 vaccination status. Continue Reading
-
News
16 Jul 2021
New CISA PrintNightmare Order Spurs Health IT Security Concern
The CISA alert directs agencies to stop service and deploy a fix to resolve PrintNightmare and the health IT sector is responding. Continue Reading
-
News
16 Jul 2021
Cardinal Contracting Data Breach Includes Medical Information
Cardinal Contracting began notifying individuals about the medical data breach this week. Continue Reading
-
News
15 Jul 2021
Cyberattack Exposes Protected Health Information of 43K New Yorkers
A cyberattack exposed the PHI of over 43,000 New Yorkers. Continue Reading
-
News
15 Jul 2021
California Updates Health Facility Data Breach Requirements
California updated its health facility data breach regulations. Continue Reading
-
News
14 Jul 2021
Connecticut’s Updated Cybersecurity Law Now Protects Patient Data
Connecticut's new cybersecurity law will help protect patients' private medical information. Continue Reading
-
News
14 Jul 2021
OIG: Gaps in CMS ERM Puts Genomic Data Security at Risk
A new OIG report notes flaws in CMS ERM processes. Continue Reading
-
News
13 Jul 2021
ClearBalance Data Incident Impacts Over 200,000 US Patients' PII
A new cyber attack is impacting over 200,000 ClearBalance customers. Continue Reading
-
News
13 Jul 2021
Colorado Governor Signs The Colorado Privacy Act Into Law
The governor of Colorado signed the new privacy act into law. Continue Reading
-
News
12 Jul 2021
IRS: Cyberthief Sentenced to Prison After Stealing Patients PHI
A Texas mas was sentenced to prison for stealing patients' private health information. Continue Reading
-
News
12 Jul 2021
Patient Info Exposed in Health Clinic Cyberattack Data Breach
An Iowa-based health clinic is the latest victim of a cyberattack. Continue Reading
-
News
09 Jul 2021
Data Breach Impacts Patients, Employees of Dermatology Practice
A cyber attack impacted both patients and employees of a dermatology practice. Continue Reading
-
News
09 Jul 2021
HHS Warns Health PACS: Patient Data Vulnerable to Cyber Exploitation
Health PACS are vulnerable to hackers according to a new alert from the Department of Health & Human Services (HHS.) Continue Reading
-
News
08 Jul 2021
Report Draws Patient Privacy Concern with Prenatal Test
A Reuters report says that a globally used, prenatal test is being used by a Chinese company to collect patients’ data. Continue Reading
-
News
08 Jul 2021
Report: Privacy Concerns With Apps Used For Opioid Addiction Treatment
A new report on smartphone apps used for opioid addiction treatment is raising concerns over patient privacy. Continue Reading
-
News
07 Jul 2021
Mississippi’s Coastal Family Health Center Falls Victim To Hacker, PHI Exposed
The May incident did not interfere with patient care, but did expose patients’ private information. Continue Reading
-
News
06 Jul 2021
GAO: Some Progress, But Changes Still Needed For The Department of Veterans Affairs HIT System
GAO released its latest findings on the VA in a July 1 report. Continue Reading
-
News
01 Jul 2021
KLAS: Top Healthcare Security, Privacy Consulting Firms
KLAS researchers spoke with healthcare security and privacy leaders to understand which security consulting firms are true partners with organizations. Continue Reading
-
News
30 Jun 2021
GAO: HHS Must Collaborate to Ensure Healthcare Cybersecurity
A GAO study shows that while HHS has defined roles and responsibilities within its security arm, further collaboration is needed to ensure healthcare cybersecurity. Continue Reading
-
News
29 Jun 2021
NIST Defines “Critical Software” Per Cybersecurity Executive Order
NIST published its definition of “critical software” as directed in President Biden’s executive order aimed at improving the nation’s cybersecurity. Continue Reading
-
News
29 Jun 2021
Health Data Security a Staple of Holy Name’s Vaccine Record System
Holy Name Medical Center in New Jersey tapped a global security firm to offer a COVID-19 vaccination record system with health data security in mind. Continue Reading
-
News
28 Jun 2021
Survey Reveals How Leaders are Overcoming Cybersecurity Hurdles
A recent survey of cybersecurity leaders across all sectors reveals that most organizations see compliance with data privacy regulations as a top priority. Continue Reading
-
News
25 Jun 2021
Most Healthcare Organizations Expect to Be Ransomware Targets
A third of healthcare organizations experienced ransomware attacks in the last year, and the remaining 63 percent expect to be attacked in the future, a survey reveals. Continue Reading
-
News
25 Jun 2021
OIG: Medicare Lacks Oversight of Cybersecurity for Medical Devices
A study from HHS’ Office of the Inspector General reveals that Medicare’s hospital survey protocol does not address the cybersecurity of networked medical devices. Continue Reading
-
News
18 Jun 2021
FCC Finalizes Best Practices to Combat Hospital Robocalls
The Federal Communications Commission released a public notice on how hospitals can implement the Hospital Robocall Protection Group’s best practices. Continue Reading
-
News
17 Jun 2021
Cloud Security Alliance Releases Telehealth Risk Management Paper
A new Cloud Security Alliance paper provides telehealth risk management guidance along with best practices for cybersecurity and HIPAA compliance. Continue Reading
-
News
17 Jun 2021
NIST Releases Draft of Ransomware Risk Management Framework
NIST released a draft of its Cybersecurity Framework Profile for Ransomware Risk Management which aims to help organizations prevent and respond to ransomware attacks. Continue Reading
-
News
16 Jun 2021
FDA Outlines Medical Device Cybersecurity Goals
The FDA outlined its medical device cybersecurity goals in response to NIST’s call for position papers to fulfill President Biden’s executive order signed in May. Continue Reading
-
News
15 Jun 2021
Scripps CEO Reveals Lessons Learned from Ransomware Attack
In an op-ed published in the San Diego Union-Tribune, Scripps Health CEO Van Gorder revealed lessons learned from the healthcare provider's ransomware attack in May. Continue Reading
-
News
14 Jun 2021
IT Security Company COO Charged with Medical Center Cyberattack
Vikas Singla, chief operating officer of a network security company, was charged in connection with a 2018 cyberattack on Gwinnett Medical Center in Georgia. Continue Reading
-
Answer
14 Jun 2021
Sky Lakes Medical: A First-Hand Look at Fall Ransomware Attack, Recovery
Sky Lakes Medical Center was among the dozen healthcare providers caught up in the wave of ransomware attacks last fall. Its analyst shares a first-hand account of the incident and recovery. Continue Reading
-
News
10 Jun 2021
Ransomware Attacks: CISA Shares Operational Tech Asset Security Guide
In response to ongoing ransomware attacks targeting operational tech assets and control systems of critical infrastructure entities, CISA published a guide to mitigation and response. Continue Reading
-
News
10 Jun 2021
HSCC to Biden: Invest in Healthcare Cybersecurity, Partnerships
Through the American Rescue Plan, HSCC urges the Biden Administration to make similar investments in healthcare cybersecurity partnerships to improve its cyber posture. Continue Reading
-
Answer
09 Jun 2021
What Happens After a Ransomware Attack in the Health IT Environment?
CyberMDX’s Ido Geffen takes a hard look at ransomware attacks within a healthcare environment, including what providers are getting wrong and needed security mitigations. Continue Reading
-
News
08 Jun 2021
VMware Flaw: Patch Now as Hackers, Malware Exploit Security Gap
A widespread bot campaign has been observed delivering worming malware via a recently disclosed VMware RCE flaw, as CISA warns attackers are seeking to exploit the security gap. Continue Reading
-
News
07 Jun 2021
Report: New Ransomware Variant Targeting Microsoft Exchange Servers
A Sophos report shows threat actors, with likely ties to REvil ransomware, are deploying a new malware variant by exploiting flaws in Microsoft Exchange Servers. Continue Reading
-
News
07 Jun 2021
Medical Device Security, Mitigation Needs to Reduce Patient Safety Risk
Connected medical devices are crucial to supporting patient care, but providers cannot overlook crucial cybersecurity mitigations and processes needed to protect patient safety. Continue Reading
-
News
04 Jun 2021
DOJ, White House Take Aim at Critical Infrastructure Ransomware Attacks
Following disruptive ransomware attacks on NY MTA, MA Steamship Authority, and JBS Meats, the DOJ and the White House announce steps to crack down on threat actors. Continue Reading
-
Answer
02 Jun 2021
Could The SASE Model Move the Needle on Healthcare Cybersecurity?
The threat landscape is evolving faster than healthcare cybersecurity. AT&T Cybersecurity’s Rupesh Chokshi believes secure access service edge (SASE) might better support providers. Continue Reading
-
News
01 Jun 2021
Scripps Reports Data Theft, EHR Back Online, but Global Outages Persist
Providers swept up in the latest ransomware wave are in various stages of recovery. Leading this cyber roundup: Scripps Health has brought its EHR back online four weeks after an attack. Continue Reading
-
News
01 Jun 2021
FBI: Unpatched Fortinet Flaws Remain Under Attack by APT Actors
A recent FBI flash alert warns advanced persistent threat (APT) actors are continuing to exploit unpatched Fortinet flaws to gain access for malicious activities, including data theft. Continue Reading
-
News
28 May 2021
Microsoft: Active NOBELIUM Malware Actors' Spear-Phishing Campaign
The NOBELIUM malware actors, the group behind the SolarWinds compromise, have been rapidly evolving their tactics; Microsoft details an active spear-phishing campaign. Continue Reading
-
News
27 May 2021
NIST IoT Guidance for Network-Based Attacks, Device Communication
Aimed at smaller entities, new NIST guidance provides a standards-based approach to network communication to reduce the risk of network-based attacks. Continue Reading
-
News
27 May 2021
CISA: VMware Patches Critical Server Flaw, Warns of Ransomware Threat
A new CISA alert urges entities to apply the software update provided by VMware, which will patch a critical flaw in all server deployments. Continue Reading
-
News
24 May 2021
FBI: Conti Ransomware Actors Exploit Healthcare, First Responder Networks
An FBI flash alert warns the Conti ransomware hacking group is actively targeting and exploiting the healthcare sector and first responder networks, with at least 16 victims in the last year. Continue Reading
-
Answer
17 May 2021
Critical Infrastructure Attacks: Threat Landscape Forces Security to Evolve
Ongoing and recent outages at critical infrastructure entities highlight the sophistication and evolution of the threat landscape, driving the need for improved security posture in healthcare. Continue Reading
-
News
14 May 2021
Ransomware Keeps Healthcare in Crosshairs, Triple Extortion Emerges
A Check Point report on ransomware attacks seen in the first half of 2021, shows a 102 percent increase from 2020’s numbers, as hackers begin employing triple extortion to increase profits. Continue Reading
-
News
13 May 2021
External Threat Actors Outpace Insiders in Healthcare Data Breaches
For the second consecutive year, the Verizon Data Breach Investigations Report (DBIR) found external threat actors were behind more healthcare data breaches than insider errors. Continue Reading
-
News
13 May 2021
Biden’s Executive Order to Boost Threat Sharing, Supply Chain Security
As the cyberattack on the Colonial Pipeline joins a host of other supply chain security incidents, the President signed an executive order to boost infrastructure security and threat sharing. Continue Reading
-
News
12 May 2021
DHS CISA, FBI Alert to DarkSide Ransomware, After Pipeline Attack
Just five days ago, DarkSide ransomware threat actors attacked a critical pipeline company, disrupting the supply chain. FBI and DHS urge entities to bolster their security defenses. Continue Reading
-
News
12 May 2021
Threat Alert: Russian-Backed Threat Actors, Avaddon Ransomware
Recent federal threat alerts detail ongoing Russian-backed and Avaddon ransomware campaigns targeting global entities, including healthcare and COVID-19 vaccine developers. Continue Reading