healthcare
Safeguard articles tagged "healthcare" — guides, analysis, and best practices for software supply chain and application security.
25 articles
HIPAA Security Rule NPRM: Encryption, MFA, and the End of 'Addressable'
OCR's December 27, 2024 NPRM removes the addressable/required distinction and mandates encryption, MFA, semi-annual vulnerability scans, and annual penetration tests for ePHI.
Qilin Ransomware Group: Dissecting a Rising Threat Actor
Qilin has rapidly become one of the most active ransomware operations, targeting healthcare, manufacturing, and critical infrastructure. A technical breakdown of their methods.
Ascension Health Black Basta Ransomware: 5.6M Patients Impacted
Black Basta encrypted Ascension's network on May 8, 2024 via a malicious file downloaded by an employee, diverting ambulances across 140 hospitals and ultimately notifying 5.6 million patients.
EHR System Dependency Governance
Electronic Health Record platforms carry decades of transitive dependencies. A practical governance model for hospitals, vendors, and compliance officers.
INC Ransom: Inside the Group Targeting Healthcare Infrastructure
INC Ransom has made healthcare a primary target, exploiting the sector's unique vulnerabilities and urgency. A deep dive into their operations and what healthcare security teams should prioritize.
HIPAA Meets HITRUST: Supply Chain Depth
HIPAA's Security Rule is thin on supply chain specifics. HITRUST CSF fills the gap with prescriptive third-party and software controls. Here's how the two frameworks intersect and how to build a program that satisfies both.
Change Healthcare Breach: The Worst Healthcare Data Breach in U.S. History
In February 2024, a ransomware attack on Change Healthcare paralyzed the U.S. healthcare payment system for weeks and ultimately exposed the personal health data of over 100 million Americans, making it the largest healthcare data breach ever recorded.
Change Healthcare Ransomware Attack: The Breach That Disrupted American Healthcare
The BlackCat/ALPHV ransomware attack on Change Healthcare caused the largest healthcare IT disruption in U.S. history, affecting pharmacies, hospitals, and insurance claims processing nationwide.
Norton Healthcare Ransomware Breach Exposes 2.5 Million Patient Records
In December 2023, Norton Healthcare disclosed that a May ransomware attack by the ALPHV/BlackCat group had compromised personal and medical data of 2.5 million patients, revealing the devastating impact of ransomware on healthcare.
Healthcare Software Security: HIPAA, SBOMs, and Patient Safety
Medical devices and healthcare IT systems depend on software with hidden vulnerabilities. Here's how SBOMs and supply chain security intersect with HIPAA.
HIPAA and Software Supply Chain Compliance for Health Tech
HIPAA's Security Rule requires safeguards that extend to software dependencies. Here's what health tech developers and vendors need to address.
Royal Ransomware: Why Healthcare Became the Primary Target
Royal ransomware emerged from the ashes of Conti to become one of the most aggressive operations targeting healthcare organizations in 2022 and 2023.