What Healthcare Organizations Need to Know
Clearwater
Moving healthcare organizations to a more secure, compliant, and resilient state so they can achieve their mission?
Every month, Clearwater’s Monthly Cyber Briefing delivers the latest threat intelligence, regulatory updates, and expert insights to help healthcare organizations stay ahead. This digest highlights the key takeaways from our latest briefing—covering major breaches, rising ransomware threats, and the security challenges shaping the industry.
?? Looking ahead? Our next live Cyber Briefing is March 6 at 12 PM CT, where we’ll dive into Early 2025 Vulnerability Trends and the Future Data Encryption Risk Hackers Are Betting On Now.
Register now---https://clearwatersecurity.com/monthly-cyber-briefing/
1?? OCR Breach Portal Data & the Largest Breaches of January
The Change Healthcare breach continues to expand, with nearly 190 million individuals affected and costs surpassing $3.1 billion. This is one of the most expensive and widespread breaches in healthcare history—highlighting the urgent need for stronger security measures.
?? See below for a breakdown of the latest breach data and major incidents.
2?? Ransomware Attacks Surge Across Healthcare
January saw a wave of ransomware attacks with 67% of surveyed healthcare organizations reporting a ransomware attack in the last year, it’s clear that healthcare remains a prime target.
?? See below an overview of ransomware attacks seen in January.
3?? Emerging Cyber Threat: Interlock Ransomware
Interlock Ransomware is emerging as a serious threat in healthcare. Using fake software updates to trick victims, this group deploys credential-stealing malware and evades detection by disabling security tools. Cybercriminals are constantly evolving—organizations must stay vigilant.
?? See below for insights on this new ransomware group and its tactics.
4?? Medical Device Vulnerabilities: The Contec CMS8000 Backdoor
A newly discovered backdoor in Contec CMS8000 patient monitors could allow unauthorized remote access to sensitive patient data. With the device beaconing to an IP address owned by a university in China, this finding raises serious concerns about supply chain security in medical technology.
?? See below for details on a critical security flaw in patient monitors.
5?? HIPAA Security Rule Updates & Recent Enforcement Actions
OCR has proposed changes to strengthen the HIPAA Security Rule, and enforcement activity is ramping up. In January alone, five organizations faced significant penalties for failing to conduct a compliant risk analysis. Compliance is no longer optional—it's essential.
HIPAA Security Rule NPRM
Clearwater Blog:
Polsinelli Blog:
Clearwater Webinar
?? See below for updates on HIPAA Regulatory Update.
6?? Strengthening Healthcare Cybersecurity: Key Recommendations
With threats on the rise, how can healthcare leaders protect their organizations? From segmenting networks to improving vendor risk assessments, these best practices can help build a more resilient cybersecurity posture.
?? See below for best practices to strengthen cybersecurity defenses.