HHS has warned that Lazarus Group, a North Korean state-sponsored hacking group, has been targeting U.S. healthcare by exploiting a vulnerability in ManageEngine products.

Patient data from Sioux Falls, S.D.-based Sanford Health has been compromised as the health system's imaging vendor, DMS Health Technologies, experienced a data security incident between March 27 and April 24, Valley News Live reported Sept. 15. 

Richard Duvall, CEO of Carthage (N.Y.) Area Hospital and Ogdensburg, N.Y.-based Claxton-Hepburn Medical Center, said they have received a demand from hackers but will not be paying the ransom, North Country This Week reported Sept. 15. 

Russian ransomware gang Clop is being attributed to the attack on a vulnerability in software called MOVEit that has affected multiple hospitals and health systems around the U.S., Security Affairs reported Sept. 17. 

The FBI, the New York State Department of Health and the Division of Homeland Security and Emergency Services are trying to help Carthage (N.Y.) Area Hospital and Ogdensburg, N.Y.-based Claxton-Hepburn Medical Center recover from a ransomware attack, The Record reported Sept. 14. 

Several hospitals and health systems across the U.S. are facing lawsuits regarding data breach incidents that involved patients' protected health information. 

The American Hospital Association is warning hospitals and health systems to be on the lookout for cybercriminals who may impersonate their executives via deepfakes.

Patients of Chicago-based CommonSpirit Health had their data compromised in the massive MOVEit hack that stole private information from millions of people across the globe.

Culver City, Calif.-based Prospect Medical Holdings has restored its IT systems nearly six weeks after a cyberattack knocked them offline.

The Health Sector Cybersecurity Coordination Center (HC3) is warning healthcare organizations of Akira, a newer ransomware group that has been targeting healthcare organizations.

A federal grand jury in the Southern District of California has charged a man in connection to the May 1, 2021, San Diego-based Scripps Health ransomware attack that affected 1.2 million patients.

Aaron Weismann, the chief information security officer of Radnor Township, Penn.-based Main Line Health, is looking to launch Guardians of the Grid, a ransomware board game that simulates a cyberattack.

Lawyers representing Culver City, Calif.-based Prospect Medical Holdings told the state attorney general's office that the organization is unsure if patients' protected health information was compromised from an Aug. 3 cyberattack, Hartford Business Journal reported Sept. 11. 

Rhysida ransomware group has claimed responsibility for the cyberattacks on Culver City, Calif.-based Prospect Medical Holdings and Ocean Springs, Miss.-based Singing River Health System, Security Affairs reported Sept. 10.   

Seymour, Ind.-based Schneck Medical Center has reached a $250,000 agreement with Indiana after the state filed a lawsuit against the health system for a 2021 cyberattack, Bloomberg Law reported Sept. 7. 

A record number of cyberattacks in 2023 is putting patients at risk as attackers knock out services, according to John Riggi, national advisor for the American Hospital Association, The Wall Street Journal reported Sept. 7.

The Justice Department revealed U.S. hospitals have paid millions of dollars in ransom to a cybercriminal network with suspected ties to Russian intelligence, according to CNN.

Knoxville-based East Tennessee Children's Hospital agreed to pay $1.55 million to resolve claims that it failed to protect patient information in a March 2022 data breach, Top Class Actions reported Sept. 7.

Sioux Falls, S.D.-based Avera Health's imaging vendor, DMS Health Technologies, experienced a cybersecurity event that affected 1,500 of the health system's patients, KELO reported Sept. 6. 

San Antonio-based CentroMed is facing two patient-led lawsuits over a June 9 data breach that affected 350,000 individuals, San-Antonio Express News reported.