Safeguard
Tag

healthcare

Safeguard articles tagged "healthcare" — guides, analysis, and best practices for software supply chain and application security.

25 articles

Regulation

HIPAA Security Rule NPRM: Encryption, MFA, and the End of 'Addressable'

OCR's December 27, 2024 NPRM removes the addressable/required distinction and mandates encryption, MFA, semi-annual vulnerability scans, and annual penetration tests for ePHI.

Feb 25, 20256 min read
Threat Intelligence

Qilin Ransomware Group: Dissecting a Rising Threat Actor

Qilin has rapidly become one of the most active ransomware operations, targeting healthcare, manufacturing, and critical infrastructure. A technical breakdown of their methods.

Feb 20, 20255 min read
Incident Analysis

Ascension Health Black Basta Ransomware: 5.6M Patients Impacted

Black Basta encrypted Ascension's network on May 8, 2024 via a malicious file downloaded by an employee, diverting ambulances across 140 hospitals and ultimately notifying 5.6 million patients.

Jan 22, 20256 min read
Best Practices

EHR System Dependency Governance

Electronic Health Record platforms carry decades of transitive dependencies. A practical governance model for hospitals, vendors, and compliance officers.

Oct 28, 20246 min read
Threat Intelligence

INC Ransom: Inside the Group Targeting Healthcare Infrastructure

INC Ransom has made healthcare a primary target, exploiting the sector's unique vulnerabilities and urgency. A deep dive into their operations and what healthcare security teams should prioritize.

Sep 15, 20246 min read
Regulatory Compliance

HIPAA Meets HITRUST: Supply Chain Depth

HIPAA's Security Rule is thin on supply chain specifics. HITRUST CSF fills the gap with prescriptive third-party and software controls. Here's how the two frameworks intersect and how to build a program that satisfies both.

Apr 8, 20246 min read
Incident Analysis

Change Healthcare Breach: The Worst Healthcare Data Breach in U.S. History

In February 2024, a ransomware attack on Change Healthcare paralyzed the U.S. healthcare payment system for weeks and ultimately exposed the personal health data of over 100 million Americans, making it the largest healthcare data breach ever recorded.

Feb 21, 20247 min read
Incident Analysis

Change Healthcare Ransomware Attack: The Breach That Disrupted American Healthcare

The BlackCat/ALPHV ransomware attack on Change Healthcare caused the largest healthcare IT disruption in U.S. history, affecting pharmacies, hospitals, and insurance claims processing nationwide.

Feb 21, 20246 min read
Incident Analysis

Norton Healthcare Ransomware Breach Exposes 2.5 Million Patient Records

In December 2023, Norton Healthcare disclosed that a May ransomware attack by the ALPHV/BlackCat group had compromised personal and medical data of 2.5 million patients, revealing the devastating impact of ransomware on healthcare.

Dec 8, 20238 min read
Industry Guides

Healthcare Software Security: HIPAA, SBOMs, and Patient Safety

Medical devices and healthcare IT systems depend on software with hidden vulnerabilities. Here's how SBOMs and supply chain security intersect with HIPAA.

Nov 15, 20237 min read
Compliance

HIPAA and Software Supply Chain Compliance for Health Tech

HIPAA's Security Rule requires safeguards that extend to software dependencies. Here's what health tech developers and vendors need to address.

May 25, 20236 min read
Ransomware

Royal Ransomware: Why Healthcare Became the Primary Target

Royal ransomware emerged from the ashes of Conti to become one of the most aggressive operations targeting healthcare organizations in 2022 and 2023.

Jan 22, 20237 min read
healthcare (Page 2) — Safeguard Blog