Healthcare

KINGSTON, N.Y. – Patients are being moved from HealthAlliance Hospital after a cyberattack that is under investigation by law enforcement, according to Westchester Medical Center Health Network, the owner of HealthAlliance.

“HealthAlliance Hospital, Margaretville Hospital and Mountainside Residential Care Center experienced a cyberattack that has impacted our IT systems,” the company said in a statement on Thursday afternoon after an inquiry from the Freeman. “After discovering this attack, we quickly notified the New York State Department of Health and Ulster and Delaware County officials of the situation, and have been working with law enforcement officials, including the FBI and a third-party cybersecurity firm, to determine the scope of the attack and specifically what systems were impacted. That investigation is ongoing.”

“All current HealthAlliance Hospital inpatients will be discharged from the hospital or transferred to other hospitals in the WMCHealth Network,” the hospital said in an email when pressed for details.…

In October, the US Food and Drug Administration will start rejecting medical devices that lack a secure design or a post-market cybersecurity plan.

For six months, medical device makers have had to comply with new cybersecurity regulations aimed at hardening medical devices against cyber attacks, but the US Food and Drug Administration has largely refrained from using its "refuse to accept" power up to now. 

On Oct. 1, the FDA's grace period — during which the agency stated it would try not to use its ability to reject medical devices that lack appropriate cybersecurity controls and a post-market patching capability — will end. The manufacturers of medical cyber devices must now submit plans to monitor and patch post-market cybersecurity vulnerabilities, have a process in place for the secure design and development of devices, and provide a software bill of materials (SBOM) to the FDA. Those who do not satisfy the…

Jefferson Cherry Hill Hospital is warning patients that it may have been the victim of a data breach.

Jefferson Health began mailing letters last week to patients “whose information may have been involved in a recent privacy incident,” the health system said in a statement.

A worker conducting maintenance discovered on June 15 that a portable backup device was missing, Jefferson Health said.

“Through this process, Jefferson has determined that the protected health information found on this drive that may be viewable could include names, dates of birth, medical record numbers, the date of studies, and, in some cases, mailing addresses,” the statement said.

MINNEAPOLIS (WTVD) -- UnitedHealthcare said Friday that a data breach may affect some North Carolina residents.

The "data security incident" involves patients' personal health information.

UHC said the personal information breached varied but may have included a combination of names, member ID numbers, plan types, and county and state of residency.

The healthcare giant said the incident did not involve the disclosure of Social Security numbers, driver's license numbers, or any financial account information.

UHC said that on Dec. 29, it discovered an unauthorized third party was able to access a UHC broker portal and notified law enforcement.