University of Cincinnati Medical Center agreed Nov. 19 to pay a $65,000 fine for failing to timely meet a patient's request to send copies of her electronic medical records to her lawyers.  

LSU Health Care Services Division reported that an unauthorized party accessed an employee's email account and compromised patient information, according to a report in The Daily Advertiser.

An Ohio hospital that went offline on Sept. 21 after identifying a cybersecurity incident is still bringing computers back online two months later, according to a Nov. 18 report in the Star Beacon.

Christopher Krebs, director of the federal agency overseeing cybersecurity and protection for hospitals, was fired on Nov. 17, according to Politico.

A Mercy Iowa City employee email breach this year exposed the information of tens of thousands of patients, according to the Office of the Iowa Attorney General.

The federal government considers the cybersecurity threat to healthcare providers "credible, ongoing and persistent," according to a Nov. 16 update.

Abilene, Texas-based Hendrick Health System brought its computer systems back online one week after identifying a cybersecurity threat, according to the Abilene Reporter News.

2020 has been a busy year with HHS' Office for Civil Rights, from Premera Blue Cross' $6.85 million settlement, the second largest in OCR history, to numerous right of access case resolutions. 

Healthcare providers are required to have several passwords to access their computers, EHR and other sensitive information.

The personal information of thousands of people was breached after a temporary staff member at a Delaware public health agency mistakenly sent two unencrypted emails with COVID-19 test results to an unauthorized person.

Cyberattack threats are increasing against hospitals and health systems as hackers take advantage of healthcare organizations' outdated IT systems, fewer cybersecurity protocols and data-rich patient files, according to Black Book Research.

Cybersecurity positions in health systems on average take up to 70 percent longer to fill than other IT jobs, according to a recent Black Book research report.

A New York physician agreed Nov. 13 to pay HHS' Office for Civil Rights a $15,000 fine for failing to provide a patient timely access to their medical records. 

Cyberattacks are hitting U.S. hospitals as COVID-19 cases surge across the U.S.

UMass Memorial Health Care in Worcester, Mass., took action in early November to prevent cybersecurity incidents after the federal government warned of foreign hackers targeting hospitals.

Conway (Ark.) Regional Medical Center reported an unauthorized person gained access to an employee email account.

UVM Medical Center has reduced its census and postponed services due to a cybersecurity incident that required the health system to go offline, according to a VT Digger report.

Zoom agreed to a settlement with the Federal Trade Commission Nov. 9 over allegations that the videoconferencing company engaged in "deceptive and unfair" security practices. 

Malware and ransomware attacks have hit hospital IT systems, disrupting clinical care and requiring clinicians to revert to paper records.

Sonoma (Calif.) Valley Hospital was hit with a ransomware attack on Oct. 11, and CEO Kelly Mather revealed at a Nov. 5 board meeting the hackers have access to a large amount of data, according to a report in the Sonoma Index-Tribune.