Judge Knocks Down HHS Guidance Against Hospital Web Trackers
A federal district court judge in Texas ruled that HHS did not have the authority to warn hospitals that website trackers are a violation of health privacy rules. The American Hospital Association challenged the guidance.
Politico:
HHS Overstepped With Web Tracking Guidance, Judge Rules
The Department of Health and Human Services overstepped its authority when it issued a guidance last year warning hospitals that tracking visitors to their websites was a violation of health privacy rules, a federal district court in Fort Worth, Texas, ruled today. The decision, by Judge Mark T. Pittman, is a victory for the American Hospital Association, which sued in November. “HHS tried to tweak the definition [of “individually identifiable health information to include web visits] and got caught,” he wrote in his decision. (Reader, 6/20)
On health care cyberattacks —
The Hill:
Biden Administration Bans Kaspersky Software Over Russian Ties
The Biden administration is issuing a total ban on the use of Kaspersky Lab’s software over its ties to Russia. The company’s software has been a concern of the U.S. government since at least 2017 because of the Russian government’s alleged influence over the software. The Russian government has total access to Kaspersky systems and access to all its customer’s data, ABC News reported. (Irwin, 6/20)
Hawaii News Now:
Maui Health Center Allegedly Attacked By Russian Hackers
Hawaii News Now has learned a Maui health center faced an alleged ransomware attack by one of the largest groups in the world — and whose leaders are based in Russia. Last month, the center was shut down for more than two weeks but now says its systems are “fully operational.” On June 7, FalconFeeds, a cyber security firm based in India, posted on its X social media page. “Lockbit has targeted the Community Clinic of Maui, also known as Malama I Ke Ola Health Center, as their latest victim,” said FalconFeeds. (Richardson, 6/19)
AFP:
Data From London Hospitals Cyberattack Published Online
Sensitive data from a ransomware attack that led to major disruption at London hospitals has been published online, UK health authorities said on Friday. ... According to the BBC, Russian cyber criminal group Qilin shared almost 400 gigabytes of data — including patient names, dates of birth, NHS numbers and descriptions of blood tests — on their darknet site and Telegram channel. (6/21)
The Register:
Crooks Get Their Hands On 500K+ Radiology Patients' Records In Cyber-Attack
Consulting Radiologists has notified almost 512,000 patients that digital intruders accessed their personal and medical information during a February cyberattack. The 90-year-old Minnesota-based healthcare biz provides on-site radiology services for 22 hospitals and clinics, plus remote teleradiology for more than 100 facilities in upper Midwest America. (Lyons, 6/20)
AP:
Change Healthcare To Start Notifying Customers Who Had Data Exposed In Cyberattack
Change Healthcare is starting to notify hospitals, insurers and other customers that they may have had patient information exposed in a massive cyberattack. The company also said Thursday that it expects to begin notifying individuals or patients in late July. (6/20)