Paubox Weekly: 15 million patients impacted by healthcare data breaches in April 2024

Hello world,

Today’s Paubox Weekly is 527 words - a 2 minute read.

Want to get this type of content delivered to your inbox every Friday? Subscribe to Paubox Weekly. 

1. 15 million patients impacted by healthcare data breaches in April 2024

The healthcare industry is reeling from a series of data breaches that affected 15 million patients in April 2024.

Going deeper: The data breaches were primarily driven by two distinct types of incidents: unauthorized access or disclosure and hacking.

Health plans hardest hit

2. Microsoft addresses zero-day vulnerability exploited by Qakbot malware

While investigating a Windows DWM Core Library privilege escalation bug, cybersecurity researchers at Kaspersky stumbled upon information about a previously unknown Windows DWM vulnerability.

Why it matters: The vulnerability, if successfully exploited, would allow attackers to gain SYSTEM-level privileges on the affected system.

QakBot has served as an initial infection vector

3. WebTPA exposes personal information of over 2.4 million

WebTPA Employer Services disclosed a data breach impacting the personal information of 2,429,175 individuals. The company, a third-party administrator specializing in health insurance and benefits plans, discovered the breach in late 2023.

What happened: WebTPA detected suspicious activity on its network on December 28, 2023. An investigation uncovered that a threat actor had stolen personal information between April 18 and April 23, 2023.

At least seven class action lawsuits have been filed

4. ARPA-H announces UPGRADE program to enhance healthcare cybersecurity

The Advanced Research Projects Agency for Health (ARPA-H) announced the launch of the Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE) program to improve healthcare cybersecurity.

What's new: UPGRADE focuses on creating a software suite that can proactively evaluate potential vulnerabilities by probing models of hospital systems for weaknesses.

Will allocate $50 million to create tools for IT teams

5. What are the HIPAA training requirements for new hires?

HIPAA training typically focuses on direct patient interactions and protecting patient privacy.

The bottom line: Specialized training is necessary for new professionals to ensure they understand the unique requirements and responsibilities of their positions.

Elements to implement into staff training

Community links

• Promoting High Blood Pressure Education Month with HIPAA compliant email. Link
• Overcoming resistance when implementing HIPAA compliant emails. Link
• What is a Gootloader malware attack? Link
• The largest HIPAA violation cases. Link
• Improving email security with Authenticated Received Chain (ARC). Link
• Walmart's clinic closures reduce healthcare access for rural patients. Link
• Privacy by Design principles. Link
• Connecticut lawmakers propose bill to combat cybersecurity concerns. Link
• Automated vs. personalized HIPAA compliant text messages. Link
• How Advanced Persistent Threats endanger HIPAA email security. Link
• What is a Use After Free bug? Link
• Email archiving protocols in healthcare. Link

Good reads from around the web

• Revolutionizing healthcare: The transformative power of AI. Link
• Antibiotic overuse linked to poor record-keeping in healthcare settings. Link
• Crooks plant backdoor in software used by courtrooms around the world. Link
• 100+ groups ask OCR for clarification on HIPAA requirements after Change Healthcare hack. Link
• Is $10 the best BetterHelp could do for violating patient privacy? Link

What happened last week