Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Healthcare. Show all posts
Ransomware
Credential Theft Cyber Attacks Healthcare Ransomware

Healthcare Sector Faces Highest Risk in Third-Party Cyber Attacks

 



Cybersecurity experts have identified the healthcare industry as the most frequently targeted sector for third-party breaches in 2024, with 41.2% of such incidents affecting medical institutions. This highlights a critical need for improved security measures across healthcare networks.


The Growing Threat of Unnoticed Cyber Breaches  

A recent cybersecurity study warns of the increasing risk posed by “silent breaches.” These attacks remain undetected for extended periods, allowing hackers to infiltrate systems through trusted third-party vendors. Such breaches have had severe consequences in multiple industries, demonstrating the dangers of an interconnected digital infrastructure.

Research from Black Kite’s intelligence team examined cybersecurity incidents from regulatory disclosures and public reports, revealing an alarming rise in sophisticated cyber threats. The findings emphasize the importance of strong third-party risk management to prevent security lapses.


Why Healthcare is at Greater Risk  

Several factors contribute to the vulnerability of healthcare institutions. Medical records contain highly valuable personal and financial data, making them prime targets for cybercriminals. Additionally, the healthcare sector relies heavily on external vendors for essential operations, increasing its exposure to supply chain weaknesses. Many institutions also struggle with outdated security infrastructures, further amplifying risks.

Encouragingly, the study found that 62.5% of healthcare vendors improved their security standards following a cyber incident. Regulatory requirements, such as HIPAA compliance, have played a role in compelling organizations to enhance their cybersecurity frameworks.


Major Findings from the Report

The study highlights key security challenges that organizations faced in 2024:

1. Unauthorized Access to Systems: More than half of third-party breaches involved unauthorized access, underscoring the need for stronger access control measures.

2. Ransomware Attacks on the Rise: Ransomware remained a leading method used by cybercriminals, responsible for 66.7% of reported incidents. Attackers frequently exploit vendor-related weaknesses to maximize impact.

3. Software Vulnerabilities as Entry Points: Cybercriminals took advantage of unpatched or misconfigured software, including newly discovered weaknesses, to infiltrate networks.

4. Credential Theft Increasing: About 8% of attacks involved stolen or misused credentials, highlighting the necessity of robust authentication methods, such as multi-factor authentication.

5. Targeting of Software Vendors: A major 25% of breaches were linked to software providers, reflecting an increased focus on exploiting weaknesses in the software supply chain.


With organizations becoming increasingly reliant on digital tools and cloud-based systems, cyber risks continue to escalate. A single vulnerability in a widely used platform can trigger large-scale security incidents. 

To mitigate risks, businesses must adopt proactive strategies, such as continuous monitoring, prompt software updates, and stricter access controls. Strengthening third-party security practices is essential to minimizing the likelihood of breaches and ensuring the safety of sensitive data.

The healthcare sector, given its heightened exposure, must prioritize comprehensive security measures to reduce the impact of future breaches.



Read more »
NHS
AI Advancements AI technology AI-Healthcare system Cyber Security Healthcare NHS

North Yorkshire Hospital Adopts AI for Faster Lung Cancer Detection

 

A hospital in North Yorkshire has introduced artificial intelligence (AI) technology to improve the detection of lung cancer and other serious illnesses. Harrogate and District NHS Foundation Trust announced that the AI-powered system would enhance the efficiency and accuracy of chest X-ray analysis, allowing for faster diagnoses and improved patient care. The newly implemented software can analyze chest X-rays in less than 30 seconds, quickly identifying abnormalities and prioritizing urgent cases. Acting as an additional safeguard, the AI supports clinicians by detecting early signs of diseases, increasing the chances of timely intervention. 

The trust stated that the system is capable of recognizing up to 124 potential issues in under a minute, streamlining the diagnostic process and reducing pressure on radiologists. Dr. Daniel Fascia, a consultant radiologist at the trust, emphasized the significance of this technology in addressing hospital backlogs. He noted that AI-assisted reporting would help medical professionals diagnose conditions more quickly and accurately, which is crucial in reducing delays that built up during the COVID-19 pandemic. 

The Harrogate trust has already been using AI to detect trauma-related injuries, such as fractures and dislocations, since July 2023. The latest deployment represents a further step in integrating AI into routine medical diagnostics. Harrogate is the latest of six Yorkshire radiology departments to implement this advanced AI system. The initiative has been supported by NHS England’s AI Diagnostics Fund (AIDF), which has allocated £21 million to aid early lung cancer detection across 64 NHS trusts in England. 

The investment aims to improve imaging networks and expand the use of AI in medical diagnostics nationwide. UK Secretary of State for Science, Innovation, and Technology, Peter Kyle MP, praised the rollout of this AI tool, highlighting its potential to save lives across the country. He emphasized the importance of medical innovation in preventing diseases like cancer from devastating families and underscored the value of collaboration in advancing healthcare technology. As AI continues to revolutionize the medical field, its role in diagnostics is becoming increasingly essential. 

The expansion of AI-driven imaging solutions is expected to transform hospital workflows, enabling faster detection of critical conditions and ensuring patients receive timely and effective treatment. With continued investment and innovation, AI is set to become an integral part of modern healthcare, improving both efficiency and patient outcomes.
Read more »
Network Security
Backdoor China Contec Data Breach Healthcare Network Security

Experts Find Hidden Backdoors Inside Chinese Software Stealing Patient Data

Experts Find Hidden Backdoors Inside Chinese Software Stealing Patient Data

Cybersecurity & Infrastructure Security Agency (CISA) in the US rolled out an investigation report concerning three firmware variants used in Contec CMS800, a patient monitoring system used in healthcare facilities and hospitals. 

CIS finds hidden backdoor in Chinese software

Experts found that the devices had a hidden backdoor with a hard-coded IP address, enabling transmission of patient data. This is doable as the devices will start a link to a central monitoring system through a wireless or wired network, as per the product description. 

The agency disclosed the codes that send data to a select IP address. The decoded data includes detailed information- patients, hospital department, doctor’s name, date of birth, admission date, and other details about the device users. 

Details about three flaws

The flaw is filed under “CVE-2025-0626 with a CVSS v4 score of 7.7 out of 10” says Tom’s Hardware, while also talking about two other vulnerabilities “filed under CVE-2024- 12248, which indicates that it could allow an attacker to write data remotely to execute a code” and “CVE-2025-0683, which relates to privacy vulnerability.”

Impact of vulnerabilities

The three cybersecurity flaws can allow threat actors to dodge cybersecurity checks, get access, and also manipulate the device, the FDA says, not being “aware of any cybersecurity incidents, injuries, or deaths related to these cybersecurity vulnerabilities at this time."

FDA said that Contec Medical Systems is a device manufacturer in China, its products are used in the healthcare industry- clinics, hospitals, etc., in the US and European Union. However, experts found that these can also be bought from eBay for $599. 

About Contec

These devices are also rebranded as Epsimed MN-120, the FDA believes. Contec products are FDA-approved and sold in more than 130 countries. As part of its vulnerability disclosure process, the CISA research team discovered uncovered this flaw. 

The agency has also mentioned that the IP address is not linked with any medical device manufacturer, “Still, it is a third-party university, though it doesn't mention the university, the IP address, or the country it is sending data to,” reports Tom Hardware. 

The CISA has also assessed that the coding was meant to be a substitute update system because it doesn’t include standard update techniques like doing integrity checks or tracking updated versions. Instead, it offers a remote file sent to the IP address. To solve this, the FDA suggests removing the monitoring device from its network and tracking the patient’s physical condition and vital stats.

Read more »
Ransomware
BEC Data Breach Healthcare Manufacturing Ransomware

Cyber Breaches: Why Organizations Need to Work On the Clock

 




Cyberattacks are fast becoming a reality check for businesses worldwide, inflicting massive financial and operational losses. Besides the immediate loss of funds, cyber attacks also have an impact on an organization's reputation, hence losing out in competition. The most common threats range from theft of sensitive data to holding a system hostage using ransomware. To address such challenges, firms need to focus on preventing the most common and expensive attacks, particularly in industries that are sensitive to downtime and data loss. 


 Why Some Attacks Are More Costly

Not every attack hits businesses in the same way. Some methods, like ransomware and pretexting, stand out because of their high costs.

Ransomware Attacks: It locks organizations out of their systems until they pay the ransom. Today, reported cases of ransomware infection claim the average business lost $45,000. In some cases, the damage is higher than one million dollars. For organizations with operations dependent on continuous performance, like manufacturing or logistics, just an hour or two of lost time can mean millions in losses.

Pretexting and Business Email Compromise (BEC): Pretexting refers to the practice of deceiving employees into providing sensitive information under false pretenses. It is the primary source of BEC attacks, where cybercriminals target executives who have access to confidential information. The average case of these attacks costs organizations approximately $50,000.  


Which Industries Are at Risk?

Some industries are at higher risk because of the critical nature of their operations. 

Manufacturing: A ransomware attack on a manufacturing plant can bring the production to a standstill, delay supply chains, and disrupt relationships with suppliers. The financial and reputational costs can mount rapidly, causing companies to pay ransoms to resume operations.

Healthcare: Hospitals face a dual challenge—protecting patient data and ensuring medical equipment remains functional. Cyberattacks can leak sensitive health records or disrupt life-saving devices, putting patient lives at risk and forcing hospitals to make difficult choices.  

Interestingly, most breaches (68%) are not due to their nature of hacking but simple human mistakes. Employees often click on phishing links or send sensitive data to the wrong person by accident. These errors highlight the need for better training and stronger internal processes to reduce vulnerabilities.  


Steps to Reduce Risks  

Organizations can take several steps to minimize the financial and operational impact of cyberattacks:

1. Focus on Critical Threats: Prevent ransomware or BEC scams that are the most destructive attacks.

2. Improved Training: Train employees to recognize phishing emails and how to handle sensitive information carefully. 

3. Invest in Security: Invest in tools like threat detection systems and access controls to reduce potential damage.

4. Have a Recovery Plan: Develop clear protocols for responding to breaches, including backup and recovery systems to minimize downtime.  

 

Cybersecurity requires proactive efforts and investments. While these may seem costly initially, they spare organizations from far greater expense recoveries from breaches. By focusing on prevention, businesses can protect their resources and maintain trust in an increasingly digital world.



Read more »
Technology
Artificial Intelligence Blockchain Developers Healthcare Marketing Technology

AI and Blockchain: Shaping the Future of Personalization and Security

 

The integration of Artificial Intelligence (AI) and blockchain technology is revolutionizing digital experiences, especially for developers aiming to enhance user interaction and improve security. By combining these cutting-edge technologies, digital platforms are becoming more personalized while ensuring that user data remains secure. 

Why Personalization and Security Are Essential 

A global survey conducted in the third quarter of 2024 revealed that 64% of consumers prefer to engage with companies that offer personalized experiences. Simultaneously, 53% of respondents expressed significant concerns about data privacy. These findings highlight a critical balance: users desire tailored interactions but are equally cautious about how their data is managed. The integration of AI and blockchain offers innovative solutions to address both personalization and privacy concerns. 

AI has seamlessly integrated into daily life, with tools like ChatGPT becoming indispensable across industries. A notable advancement in AI is the adoption of Common Crawl's customized blockchain. This system securely stores vast datasets used by AI models, enhancing data transparency and security. Blockchain’s immutable nature ensures data integrity, making it ideal for managing the extensive data required to train AI systems in applications like ChatGPT. 

The combined power of AI and blockchain is already transforming sectors like marketing and healthcare, where personalization and data privacy are paramount.

  • Marketing: Tools such as AURA by AdEx allow businesses to analyze user activity on blockchain platforms like Ethereum. By studying transaction data, AURA helps companies implement personalized marketing strategies. For instance, users frequently interacting with decentralized exchanges (DEXs) or moving assets across blockchains can receive tailored marketing content aligned with their behavior.
  • Healthcare: Blockchain technology is being used to store medical records securely, enabling AI systems to develop personalized treatment plans. This approach allows healthcare professionals to offer customized recommendations for nutrition, medication, and therapies while safeguarding sensitive patient data from unauthorized access.
Enhancing Data Security 

Despite AI's transformative capabilities, data privacy has been a longstanding concern. Earlier AI tools, such as previous versions of ChatGPT, stored user data to refine models without clear consent, raising privacy issues. However, the industry is evolving with the introduction of privacy-centric tools like Sentinel and Scribe. These platforms employ advanced encryption to protect user data, ensuring that information remains secure—even from large technology companies like Google and Microsoft. 
 
The future holds immense potential for developers leveraging AI and blockchain technologies. These innovations not only enhance user experiences through personalized interactions but also address critical privacy challenges that have persisted within the tech industry. As AI and blockchain continue to evolve, industries such as marketing, healthcare, and beyond can expect more powerful tools that prioritize customization and data security. By embracing these technologies, businesses can create engaging, secure digital environments that meet users' growing demands for personalization and privacy.
Read more »
Healthcare
Ascension Cyber Attacks Financial Data Healthcare

New Finds from The June Ascension Hack




Healthcare industry giant Ascension has broken the silence and revealed more sensitive information concerning the recent hack in June. Through a worker opening a suspicious file without even knowing the malware was actually very harmful to download, it gave room for hackers into their network exposing patient information, among others.


During the past months, the healthcare system has worked with experts in cybersecurity to analyze how the breach affected them and the amount of patient and employee data that was taken. Since the investigation has been concluded, Ascension has informed the public regarding the data stolen and measures undertaken to safeguard the victims.

The investigation established that several kinds of personal information were accessed during the breach. Though the specifics vary for each individual, the leaked information may include:  

  • Medical Records: Medical record numbers, service dates, types of lab tests, and procedure codes.  
  • Financial Data: Credit card numbers, bank account information, and insurance details such as Medicaid and Medicare IDs.
  • Government Identifications: Social Security numbers and other governmental IDs. 

Ascension has come out to clarify that their main Electronic Health Records, which hold extensive patient's medical histories, were unaffected. This means that those operations that are considered most core in healthcare, such as viewing patient records and prescribing drug therapies, remain safe and unimpeded.


How Ascension is Reacting

To make amends for the breach, Ascension is offering free credit monitoring and identity protection services to anyone affected. Those affected will be sent formal notification letters within the next two to three weeks, which will detail step-by-step instructions to enroll in protection services so those affected may protect themselves from potential misuse of their data.

The credit monitoring service will be offered for two years and can be used to track suspicious activity regarding an individual's personal information. Ascension also informed those who had already enrolled in protection services after the initial breach that they could continue coverage without any interruption.


If you receive a notification, enrolling in the complimentary identity protection services is crucial. For assistance, you can visit Ascension’s website or contact their support line at (866) 724-3233 during business hours.  

Additionally, Ascension advises practicing general security measures, such as monitoring bank statements and staying alert for unusual activity. These steps can help minimize potential risks.

Ascension acknowledged the hurdle caused by the cyberattack and gave thanks to its patients, employees, and clinicians for their continued support. The organization highlighted its ability to persevere with such a team, and it assured the community that utmost care will be taken in protecting the information of its patients in the future.




Read more »
Ransomware
Cyber Attacks Health Healthcare Hospital Patient Ransomware

Rise in Cyberattacks, Healthcare Industry Top Victim

Rise in Cyberattacks, Healthcare Industry Top Victim


Hospitals in Merseyside, including Arrowe Park Hospital in the Wirral, are facing significant disruptions following a cyber attack on the Wirral University Teaching Hospital Trust. Outpatient appointments have been canceled, and patients have been advised to avoid visiting the A&E department unless in a medical emergency. 

A spokesperson for the Trust confirmed, “A major incident was declared yesterday for cyber security reasons and remains ongoing. Our business continuity processes are in place, and our priority remains ensuring patient safety. We apologize for any inconvenience and will contact patients to reschedule canceled appointments.” 

Rising Cyber Threats to Healthcare   


The breach has also affected staff, who are struggling to access electronic records, highlighting the increasing frequency of cyber attacks on healthcare systems in the UK and globally. Research by KnowBe4 shows that the global healthcare sector faced an average of 1,613 attacks per week during the first three quarters of 2023 — four times higher than the global average.   

Earlier in 2024, a cyber attack on Kings College Hospital Foundation forced the shutdown of critical operations due to a breach at blood test supplier Synnovis.   

In recent years, similar incidents have plagued the UK healthcare system:   

- A ransomware attack on Barts NHS Trust by the Russian BlackCat gang resulted in the theft of 7TB of sensitive data.   
- In February 2023, NHS Dumfries and Galloway faced a breach compromising patient and staff information.   

In response to these escalating threats, the National Data Guardian (NDG) and NHS England introduced a new cyber resilience framework in September 2023. Dr. Nicola Byrne, National Data Guardian, stated that the framework provides organizations with a "current and evolving approach to enhance data protection and cyber resilience."
Read more »
Synthetic Data
CyberCrime Cyberhackers Cybersecurity CyberThreat Healthcare Privacy Synthetic Data

Reimagining Healthcare with Synthetic Data

 


It has been espoused in the generative AI phenomenon that the technology's key uses would include providing personalized shopping experiences for customers and creating content. Nonetheless, generative AI can also be seen to be having a very real impact on fields such as healthcare, for example. There is a tectonic shift in healthcare and life sciences, as technology is being implemented and data-driven systems are being integrated. 

A must-follow trend in this revolution is the burgeoning use of synthetic data, a breakthrough advancement poised to reshape how medical research is conducted, AI is developed, and patient privacy will be protected in the coming years. Data available in synthetic format is comparable to data available in real-world format (such as real fibers such as hemp). In the course of human evolution, humans have created synthetic products to achieve our goals and to develop new products that improve our lives in many different ways. 

It's widely known that synthetic fiber is used in clothing, rope, industrial equipment, automobiles, and many other places. It is because of the ability to create synthetic fiber that a wide range of products can be created that are needed in modern life. Healthcare is another area where synthetic data can have an impact similar to that of traditional data. Synthetic data is created based on real-world data using a data synthesizer. 

These synthesizers may leverage different methods to create synthetic data that have the same statistical and correlative properties as the original data; however, they are completely independent from the real-world data (1, 2). Notably, synthetic data do not contain any personal identifying information which ensures personal privacy and full compliance with privacy regulations such as the EU’s General Data Protection Regulation (GDPR). 

The use of high-fidelity synthetic data for data augmentation is an area of growing interest in data science, generating virtual patient cohorts, such as digital twins, to estimate counterfactuals in silico trials, allowing for better prediction of treatment outcomes and personalised medicine. Synthetic data allows clinicians to use prompts to generate a conversation between a patient with depression and a therapist where they are discussing the onset of symptoms. 

Healthcare providers can also use partially synthetic data, which takes a real-life transcript and has AI adjust it to remove personally identifiable information or private health information, while still telling a cohesive story. This data can then be used to train AI models to develop transcripts, training materials and so on. Regardless of whether the data is fully or partially synthetic, the data can (and often is) adjusted as needed with additional prompts until it reaches the desired result. Healthcare is subjected to a variety of privacy rules through HIPAA. 

Eliminating these privacy concerns is a primary reason Read feels synthetic data is valuable in training models. With synthetic data, healthcare providers don’t need to use real people’s data to train models. Instead, they can generate a conversation that is representative of a specific therapeutic intervention without involving anyone’s protected health information. As Read explains, “Synthetic data also makes it easy to calibrate what we’re looking for — like to generate different examples of how a healthcare provider could say something explicitly or implicitly. This makes it easier to provide different examples and tighten up the information we provide to AI models to learn from, ensuring that we can teach it the right data for providing training or feedback to real-world clinicians.” 

Synthetic data also democratizes the ability of different healthcare organizations to train and fine-tune their own machine learning models. Whereas previously, an organization might need to provide hundreds (or even thousands) of hours of transcribed sessions between patients and clinicians as well as other data points, synthetic data erases this barrier to entry. Synthetic data allows for models to learn and build out responses at a much faster rate — which also makes it easier for new players in healthcare to enter the field. 

As Read’s insights reveal, the use of AI and synthetic data isn’t going to replace clinicians’ value or decision-making authority. But with the help of synthetic data, AI can help push clinicians in the right direction to ensure that there is greater standardization and adherence to best practices. As more providers begin to utilize synthetic data to ensure they are following best practices in all patient interactions and to get feedback on their sessions, they can elevate the quality of care for all. A similar impact could also be felt in the healthcare sector by the use of synthetic data similar to how traditional data would. 

With the help of a data synthesizer, it is possible to create synthetic data based on real-world data. It has been shown that these synthesizers can leverage different methods to produce synthetic data which are capable of being compared to the original data, even if those properties cannot be extracted from the original data, but they are completely independent of real-world data (1, 2). A distinctive feature of synthetic data is the absence of any personal identifying information, which ensures that the data is completely private to the individual and complies with all needed privacy regulations, such as the General Data Protection Regulation (GDPR) of the European Union. 

As a result of increasing interest in data science, the use of high-fidelity synthetic data for data augmentation is becoming increasingly popular. To better predict treatment outcomes and tailor medical treatments for individual patients, digital twins, and virtual cohorts are used to estimate counterfactuals in silico trials, allowing better predictions of treatment outcomes. As a result of synthetic data, clinicians can generate a conversation between patients with depression and therapists to demonstrate how their symptoms began, and these prompts can be used to guide the conversation. 

Providers of healthcare can also use partially synthetic data, which is a combination of a real-life transcript and AI processing that removes any personally identifiable information or private health information, while still telling a coherent story. By using this data, it can then be developed into the types of transcripts, materials for training, etc, that are needed for creating transcripts. Whether the data being used is synthetic data or not, it can (and often is) manipulated or adjusted, as necessary, with additional prompts, until it reaches the result that is desired regardless of whether the data is synthetic or not. 

HIPAA is a sort of Federal law that imposes a variety of privacy rules on the healthcare industry. The fact that Synthetic Data is useful in training models is because it can eliminate these privacy concerns, according to Read. To train models based upon synthetic data, healthcare providers do not need to rely on real person-to-person information. This would allow them to generate a conversation in which they would represent a specific therapeutic intervention, without involving any protected health information of anybody involved in such a conversation. 

Moreover, Read explains, "Synthetic data also allows us to calibrate our search in a much easier way - like for example, generating examples of how a healthcare provider would be able to send an implicit or explicit message to an individual." Moreover, synthetic data democratizes the possibility of various healthcare organizations to train and refine their own artificial intelligence models by enabling them to use synthetic data. 


An organization might have previously been required to provide hundreds (or even thousands) of hours of transcribed sessions between patients and clinicians, along with other information points about these sessions, in order to offer this service, but with synthetic data, businesses are no longer required to do so. Using synthetic data, it is possible for models to learn and develop responses at much faster rates as well, making it easier for new players in healthcare to enter the field to learn and build on existing responses. 

In light of Read's insights, it's important to emphasize that AI and synthetic data are not going to replace clinicians' capabilities or their decision-making authority as Read identifies. By using synthetic data, however, AI has the potential to help clinicians in the right direction to ensure that better standards of care are observed and that best practices are followed. As healthcare providers increasingly adopt synthetic data, they gain a valuable tool for adhering to best practices in patient interactions and enhancing the overall quality of care.

By leveraging synthetic data, practitioners can simulate various clinical scenarios, ensuring their approaches align with industry standards and ethical guidelines. This technology also enables providers to receive constructive feedback on their patient sessions, helping to identify areas for improvement and fostering continuous professional development. The integration of synthetic data into healthcare workflows not only supports more consistent and informed decision-making but also elevates the standard of care delivered to patients across diverse settings. By embracing synthetic data, providers can drive innovation, improve outcomes, and contribute to a more efficient and patient-centered healthcare ecosystem.
Read more »
Subscribe to: Posts (Atom)