Edinburg-based South Texas Health System is notifying patients that some of their protected health information may have been compromised when an unauthorized party accessed a business associate's email account using a phishing tactic.

Allentown, Pa.-based Lehigh Valley Health Network has started notifying patients affected by a February ransomware attack.

Microsoft and software company Qualtrics are facing a patient-led lawsuit that alleges that the company's online analytics technologies violates health privacy protection laws, according to a May 15 lawsuit obtained by Becker's.

UMass Memorial Medical Center has paid $1.2 million to settle a March 2022 lawsuit regarding a data breach of its payroll management system Kronos, Telegram & Gazette reported May 16.  

The FBI has stepped in to help investigate a cybersecurity event at Louisville, Ky.-based Norton Healthcare, CBS affiliate WLKY reported May 17. 

A breach at Credit Control Corp., a Virginia-based credit reporting agency, may affect several hospitals, health systems and healthcare practices in the state. 

Sens. Josh Hawley, R-Mo., and Gary Peters, D-Miss., introduced new legislation that would require the Cybersecurity and Infrastructure Security Agency to develop a rural hospital protection strategy.

Louisville, Ky.-based Norton Healthcare said its information services and cybersecurity experts have launched an investigation into a cybersecurity event that forced the hospital to shut down its email and internet access. 

Here are five hospitals and health systems dealing with cyberattacks Becker's has reported on since May 5:

Murfreesboro (Tenn.) Medical Clinic & SurgiCenter said it has begun resuming all appointments at its clinics and main campus, but said its patient portal is still down due to an ongoing cyberattack. 

The Health Sector Cybersecurity Coordination Center issued a new alert warning of the vulnerabilities in the popular data backup software Veeam Backup & Replication.

A ransomware attack has caused some care and IT network disruptions at Staten Island, N.Y.-based Richmond University Medical Center, SILive reported May 11.

Roosevelt, Utah-based Uintah Basin Healthcare is notifying patients who have received care from the organization since 2012 that some of their protected health information may have been compromised.  

Several hospitals and health systems across the U.S. are facing lawsuits regarding data breach incidents that involved patients' protected health information.

After Louisville, Ky.-based Norton Healthcare discovered "suspicious communication" on May 9, the health system temporarily shut down email and internet access as a precaution.

The White House is considering a rule that would ban companies from paying hackers' ransoms, but for hospitals and health systems, this rule could result in delays in care, Politico reported May 11. 

NextGen Healthcare, a provider of EHR software, said it experienced a data breach that compromised the information of 1 million patients. 

Buffalo, N.Y.-based Catholic Health notified long-term care patients that some of their protected health information may have been compromised due to a data breach at its consulting services vendor, Minimum Data Set Consultants.

Hospital and health system IT security chiefs told Becker's the industry is dealing with increased pressure from ransomware attacks, budget constraints and personal liability concerns.

Hospital ransomware attacks can also constrain resources at nearby facilities and should be considered a "regional disaster," a May 8 study in JAMA Network Open found.