Healthcare Cybersecurity Insights: Dec 25 - Dec 31, 2025

Australia reports a massive 50% drop in health record data breaches following the widespread adoption of passkeys

The Office of the Australian Information Commissioner (OAIC) has released a promising new report indicating a 50% decline in data breaches affecting the country's national "My Health Record" system over the past year. This significant reduction is largely attributed to the integration of biometric passkey security within the myGov public services app, which has effectively curbed widespread identity scams and unauthorized access. During the 2024-2025 reporting period, the OAIC received only 18 breach notifications related to the system, down from 39 the previous year. Additionally, privacy complaints regarding the system plummeted, with only three filed compared to 15 previously. The report underscores the effectiveness of modern authentication methods in protecting sensitive patient data, such as prescriptions and hospital summaries, against increasingly sophisticated cyber threats. While the OAIC praised these security advancements, it also recommended greater transparency regarding overseas data disclosure for related mobile apps. This success story offers a compelling case study for other nations looking to fortify their digital health infrastructure against identity theft.

Read the original article at: https://www.biometricupdate.com/202510/data-breaches-of-australias-health-records-drop-50-after-passkey-adoption-oaic

Researchers propose a new Blockchain-Empowered Federated Learning (BCFL) framework to secure EHRs while enabling AI development

A new study published in Scientific Reports proposes a robust solution to the privacy challenges plaguing centralized Electronic Health Record (EHR) systems. Researchers have developed the Enhanced Privacy-Preserving Blockchain-Enabled Federated Learning (EPP-BCFL) framework, designed to eliminate single points of failure while enabling secure AI collaboration. The system combines blockchain technology for tamper-proof, decentralized record-keeping with federated learning, allowing hospitals to train shared AI models without ever exchanging raw patient data. To further enhance security, the framework integrates differential privacy and secure multi-party computation. Performance tests using standard datasets revealed impressive results: the model achieved 95.2% accuracy while reducing network latency by 43% compared to traditional methods. Crucially, the system demonstrated high resilience against data poisoning and adversarial attacks, maintaining over 93% accuracy even under active threat conditions. This innovation offers a scalable path forward for healthcare institutions, enabling them to leverage collective data for medical AI breakthroughs while strictly adhering to data sovereignty and patient privacy requirements.

Read the original article at: https://www.nature.com/articles/s41598-025-12225-x

Experts warn that your health tech gadgets could be vulnerable access points for cybercriminals

With the holiday shopping season concluding, cybersecurity experts are issuing warnings about the privacy risks hidden within popular health tech gadgets. Smartwatches, sleep trackers, and meditation apps, often purchased during Cyber Monday sales, can serve as invasive data collection points if not properly secured. The American Health Information Management Association (AHIMA) highlights that unlike clinical devices, many consumer wearables fall outside HIPAA regulations, meaning their data protection standards vary wildly. Privacy policies are often vague, potentially allowing sensitive health metrics to be shared with third-party advertisers or data brokers. Experts advise users to rigorously audit app permissions—denying access to contacts or microphones unless essential—and to prioritize devices from reputable developers with a history of regular security updates. Furthermore, users are urged to treat these devices as endpoints that require strong, unique passwords and two-factor authentication. As health tech becomes ubiquitous, understanding the distinction between a "fun gadget" and a medical tool is critical to preventing personal health data from being exposed to the dark web.

Read the original article at: https://www.healthitanswers.net/your-cyber-monday-health-tech-haul-may-expose-you/

Three major U.S. healthcare providers agree to class-action settlements to resolve significant data breach lawsuits

Three prominent U.S. healthcare providers have agreed to settle class-action lawsuits following significant data breaches that compromised patient information. Hypertension Nephrology Associates (Pennsylvania) agreed to a $625,000 settlement after a ransomware attack exposed the data of nearly 40,000 patients. Similarly, Asheville Arthritis and Osteoporosis Center (North Carolina) established a $500,000 settlement fund to resolve claims related to a breach affecting over 58,000 individuals. Intermountain Planned Parenthood (Montana) also reached a settlement for a breach involving nearly 57,000 patients, though the total fund amount varies based on claims. In all three cases, the lawsuits alleged negligence in failing to implement reasonable security protections and delays in notifying victims. The settlements allow affected patients to claim reimbursement for out-of-pocket losses, lost time, and credit monitoring services. These agreements highlight the growing legal and financial accountability healthcare organizations face when they fail to safeguard Protected Health Information (PHI) against cyberattacks, emphasizing that the cost of a breach extends far beyond immediate technical remediation.

Read the original article at: https://www.hipaajournal.com/class-action-data-breach-settlements-agreed-with-three-healthcare-providers/

Follow us on Instagram, Twitter, and Facebook to stay up to date with what's new in healthcare all around the world.

 

Comments

Post a Comment

Popular posts from this blog

Cybersecurity in Healthcare insights: 27th Nov- 3rd Dec 2025

Image
  New US federal security standards prompt healthcare cybersecurity overhaul Proposed updates to federal healthcare cybersecurity standards, introduced in late 2024, represent the first major overhaul of the HIPAA Security Rule in decades. These changes, aimed at addressing modern threats like AI and quantum computing, mandate that HIPAA-covered entities implement rigorous measures such as data encryption, multifactor authentication, and regular security audits. Crucially, they also require written procedures to restore critical systems within 72 hours of an incident. While necessary, compliance comes with a steep price tag, HHS estimates first-year costs at approximately $9 billion. This financial burden poses a significant challenge for smaller hospitals lacking the resources of large health systems. To bridge this gap, experts suggest leveraging staff augmentation through managed service providers (MSPs) and adopting AI-driven threat detection tools to enhance security without e...
Read more

Cybersecurity in Healthcare Insights: 20th Nov- 26th Nov 2025

Image
  Texas Senate Bill 1188 adds data-localisation, AI transparency and access controls Texas has introduced a stringent new healthcare data law, Senate Bill 1188, which significantly expands data protection requirements beyond federal HIPAA standards. The bill mandates that all patient data be stored physically within the United States, effectively banning offshore cloud storage for Texas residents' health records. Additionally, it enforces stricter role-based access controls, ensuring that only employees with a direct need for treatment, payment, or operations can access sensitive files. The legislation also targets the growing use of artificial intelligence in medicine. Providers must now disclose to patients when AI is used in their diagnosis or treatment. The bill imposes severe financial penalties for non-compliance, with fines reaching up to $250,000 for intentional violations involving financial gain. These measures signal a shift toward more aggressive state-level privacy reg...
Read more

Healthcare vendor breach: 1.2 million files alleged stolen—patients exposed

Image
  A significant data security incident involving a healthcare technology firm, Doctor Alliance (a HIPAA business associate) , has allegedly led to the theft of over 1.2 million patient files . The breach, claimed by a hacker demanding a large ransom, reportedly involved the exfiltration of 353 GB of data, including highly sensitive Protected Health Information (PHI) such as names, medical record numbers, diagnoses, treatment plans, and Medicare numbers. The company provides document management and billing services to numerous healthcare organizations, which explains the large volume of compromised records. This incident is a critical reminder of the acute risk posed by third-party vendors in the healthcare supply chain. These business associates often have access to vast datasets while lacking the robust security controls of the hospitals they serve. The exposure of medical records poses severe long-term risks for patients, including medical identity theft and insurance fraud , a...
Read more