Literature Review

Healthcare data breaches hit new highs in 2023Modern Healthcare, by Tim Broderick; 1/25/24A record 133 million individuals were impacted by healthcare data breaches. Imagine after purchasing a car the salesperson slaps the hood and says there's a 40% chance in the coming year that an unauthorized person will gain access to it or just outright steal the car.Full access to article requires a subscription  

How can hospitals prepare for 2024’s cyberthreats?MedCity News, by Katie Adams; 12/27/23Many hospitals remain underprepared to protect themselves against cybercriminals’ barrage of increasingly sophisticated attacks, but there are a couple concrete steps they can take to build a stronger defense structure — like virtual patching and thinking twice about moving to the cloud.

Ohio hospital, vendor hit with class action suit after data breachHealthcare DiveDecember 22, 2023A nonprofit hospital in Ohio and a medical transcription services company are facing a class action lawsuit after a data breach at the vendor earlier this year may have exposed personal and health information of nearly nine million people. The suit, filed this week in a district court in Ohio, alleges Salem Community Hospital and Perry Johnson & Associates, or PJ&A, waited six months to inform people who could have been affected by the breach, leaving patients vulnerable to identify theft. 

Norton Healthcare ransomware attack exposes 2.5M peopleHealthcare DiveDecember 11, 2023Norton Healthcare said sensitive data on 2.5 million people was exposed by a ransomware attack in May, the clinic and hospital group said Friday in a data breach notification filed with Maine’s attorney general. Norton Healthcare discovered the cyberattack on May 9, which it later determined was ransomware. The threat actors had access to some network storage devices between May 7–9, but the healthcare group’s medical record system was not compromised, the company said in the filing. An investigation into the attack, which was completed in mid-November, determined names, contact information, Social Security numbers, dates of birth, health and insurance information, and medical ID numbers were compromised. .... [Kentucky-based] Norton Healthcare said it did not make a ransom payment and has not detected any additional indicators of compromise since it began restoring its systems from backups on May 10. The delayed disclosure, seven months after the intrusion was detected, underscores the complicated nature of post-incident investigations. 

Dameron Hospital in Stockton hit by cyberattackKCRA-TV (Sacramento, CA)December 5, 2023Stockton, CA—Dameron Hospital in Stockton said it is investigating a cyberattack that has forced some patients to reschedule their procedures. The hospital said in a statement Tuesday that “patient care operations are functioning normally,” which includes its emergency department. The hospital described the issue as a “data security incident that has impacted certain systems on our network.” It did not say when the attack happened or describe which systems may have been compromised.