Second reported data breach in as many days prompts cybersecurity warnings, tips
The health care diagnostics company LabCorp announced that “unauthorized activity” occurred on the webpage of American Medical Collection Agency, LabCorp’s external collection agency, impacting up to 7.7 million patients.
The breach occurred between Aug. 1, 2018, and March 30, 2019 and involved customers’ personal, medical and payment information, but not ordered tests, laboratory results, diagnostic information, Social Security numbers or insurance identification information, according to a U.S. Securities Exchange Commission document filed by LabCorp.
LabCorp said it has stopped sending new collection-related work orders to the American Medical Collection Agency and the company is to stop existing collection work assignments.
These reports come a day after Healio reported that the web payment page of American Medical Collection Agency’s operations with Quest Diagnostics experienced a similar situation, potentially impacting 11.9 million Quest Diagnostics patients.
AMA data suggest these incidents are not isolated. The medical society has previously announced that slightly more than 80% of U.S. physicians have experienced some type of cybersecurity attack, with the most common being phishing and computer viruses.
These reports serve as a reminder that the increasing dependence of the medical community on electronic operations has potential unintended consequences. Healio has previously reported on why medical equipment, physician practices and hospitals are vulnerable to cybersecurity threats and data breaches and how these enterprises can help protect their electronic information. A sampling of this coverage follows. – by Janel Miller
Why health care remains a target to cyberattacks
Zuly Gonzalez, cofounder and CEO of Light Point Security, discusses why health care institutions are becoming more popular targets for hackers and what information cyberattacks are targeting. Gonzalez previously spent more than a decade as a cybersecurity expert at the National Security Agency. Read more.
Cybersecurity should be a research priority for hospitals
Between October 2009 and December 2016, 1,798 data breaches were reported. Among them, 1,225 breaches were reported by health care providers and the remainder were reported by business associates, health plans, or health care clearing houses. Read more.
Concern grows over cybersecurity for diabetes devices
Diabetes devices have shifted toward the “internet of things,” an environment in which common objects are designed to communicate with the internet, as well as with each other. Although this type of seamless transmission of information provides obvious convenience and effectiveness, it also leaves areas of vulnerability. Read more.
5 things physicians should consider to help protect data
Health care organizations need to treat security as a priority and increase their security budgets so that they can implement proper security measures and defenses. Read more.
FDA, DHS coordinate medical device cybersecurity efforts
The FDA and Department of Homeland Security are stepping up efforts to protect patients from cybersecurity attacks on medical devices, according to a press release. Read more.
How to counsel patients on cardiac device cybersecurity
The Heart Rhythm Society released a proceedings statement advising clinicians how to communicate with patients if a cybersecurity threat to their cardiac device has been identified. Read more.
Software update issued for cybersecurity vulnerabilities in Medtronic devices
The FDA issued a safety communication that Medtronic will issue a software update to resolve cybersecurity vulnerabilities associated with two programmers used to implant cardiac implantable electrophysiology devices in patients with heart failure or arrhythmia disorders. Read more.