Several hospitals and health systems across the U.S. are facing lawsuits regarding data breach incidents that involved patients' protected health information.

After Louisville, Ky.-based Norton Healthcare discovered "suspicious communication" on May 9, the health system temporarily shut down email and internet access as a precaution.

The White House is considering a rule that would ban companies from paying hackers' ransoms, but for hospitals and health systems, this rule could result in delays in care, Politico reported May 11. 

NextGen Healthcare, a provider of EHR software, said it experienced a data breach that compromised the information of 1 million patients. 

Buffalo, N.Y.-based Catholic Health notified long-term care patients that some of their protected health information may have been compromised due to a data breach at its consulting services vendor, Minimum Data Set Consultants.

Hospital and health system IT security chiefs told Becker's the industry is dealing with increased pressure from ransomware attacks, budget constraints and personal liability concerns.

Hospital ransomware attacks can also constrain resources at nearby facilities and should be considered a "regional disaster," a May 8 study in JAMA Network Open found. 

Ransomware attacks on hospitals and health systems doubled between 2016 and 2021, The Washington Post reported May 8. 

After Franklin, Ind.-based Johnson Memorial Health was hit by a Hive ransomware attack in October 2021, the hospital reverted to nondigital methods — including the use of pen and paper — to keep delivering care, NPR reported May 8.

McPherson (Kan.) Hospital suffered a data breach caused by hacking that compromised the information of 19,020 patients.

Murfreesboro (Tenn.) Medical Clinic & SurgiCenter said all surgeries remain canceled due an ongoing cyberattack, but that it has been accepting patients at some of its walk-in clinics.

Franklin, Tenn.-based Community Health Systems is facing a lawsuit for a January data breach that compromised the protected health information of 1 million patients, Bloomberg Law reported May 4.  

The Texas Hospital Association named ActZero as its cybersecurity partner.

Russian ransomware gang Clop is suspected in a cyberattack targeting Santa Clara Family Health Plan, resulting in the breach of 276,993 members' personal health information, Government Technology reported May 2.

The former chief information security officer of New York City-based Mount Sinai Health System has been hired to lead cybersecurity for a Long Island county reeling from a ransomware attack, Huntington (N.Y.) Now reported May 2.

A cyberattack has forced Murfreesboro (Tenn.) Medical Clinic & SurgiCenter to shut down.

A woman suing Allentown, Pa.-based Lehigh Valley Health Network has dropped her request to compel the health system to pay $5 million in ransom to a cybercriminal gang to have her nude breast cancer treatment photos removed from the internet, The Wall Street Journal reported May 2.

A report from Fortified Health found that 78 percent of healthcare data breaches in 2022 were from hackers, up from 45 percent in 2018, SecurityIntelligence reported May 1.

Two ransomware groups known for targeting the healthcare sector, Clop and LockBit, have been using vulnerabilities to conduct new attacks, the Health Sector Cybersecurity and Coordination Center warned in an April 28 threat brief. 

New York City-based One Brooklyn Health is facing a patient-led lawsuit for a November cyberattack that compromised patients' financial information.