The US Food and Drug Administration (FDA) has released a new white paper emphasizing the importance of integrating cybersecurity into the connected technologies that support medical product manufacturing.

Modern manufacturing environments increasingly rely on operational technologies—such as programmable logic controllers and distributed control systems—that are often connected to networks but not originally designed with cybersecurity in mind. As a result, the FDA indicates that it can be difficult to determine what, when, and where network communications are occurring, potentially increasing the risk of cyber incidents.

In the white paper, Securing Technology and Equipment (Operational Technology) Used for Medical Product Manufacturing, the FDA notes that commercially available manufacturing equipment may not natively comply with national or international cybersecurity standards. To address this, the agency urges manufacturers to adopt state-of-the-art cybersecurity practices through careful system design and configuration.

The paper is intended to raise awareness and provide a summary of best practices to help reduce vulnerabilities across the US medical product manufacturing sector and its supply chain.

ID 342886171 © Yuri Arcurs | Dreamstime.com

Related Read:

In 2024, over 259 million Americans—roughly 81% of the population—had their protected health information (PHI) compromised from data breaches, and a new report from Patient Protect reveals that small, independent medical practices are bearing the brunt of the damage, often without recovery.

The report, The Economics of ePHI Exposure: A Long-Term Impact Model of Healthcare Data Breaches, models breach-related losses over a 10-year horizon. It shows how practices without robust HIPAA compliance software or cybersecurity safeguards may face irreversible business consequences.

“We’ve seen providers close their doors after a single breach,” says Alexander Perrin, CEO of Patient Protect, in a release. “This isn’t just a compliance problem—it’s a financial crisis hiding in plain sight.”

Health Data Breaches by the Numbers

Among the report’s key findings:

• The average cost of a healthcare data breach has reached $9.8 million—nearly twice as high as the cross-industry average of $4.45 million, according to industry reports
• 70% of patients say they would consider switching providers after a data breach
• Medical identity theft victims face $13,500 in average costs and 200-plus hours of resolution
• Nearly half of small practices lack sufficient cyber insurance

The study introduces a free breach risk calculator, enabling practices to estimate long-term breach exposure based on size, insurance status, and technical posture.

“The healthcare industry must shift from checkbox compliance to real-time, proactive defense,” says Perrin in a release. “Our HIPAA compliance platform is designed to help practices benchmark, improve, and protect—not just report.”

ID 85409686 © Nataliia Mysik | Dreamstime.com

Related Read:

Kettering Health is responding to a cybersecurity incident that led to a systemwide technology outage across its facilities on the morning of May 20, prompting the cancellation of elective inpatient and outpatient procedures scheduled for the day.

“We are currently experiencing a cybersecurity incident resulting from unauthorized access to our network,” the health system says in a statement. “We have taken steps to contain and mitigate this activity and are actively investigating and monitoring the situation.”

The outage limited access to certain patient care systems across the organization. While emergency departments and clinics remain open and continue to see patients, elective procedures were postponed and will be rescheduled.

Kettering Health emphasized that patient care remains a priority. “We have procedures and plans in place for these types of situations and will continue to provide safe, high-quality care for patients currently in our facilities,” the organization says.

In addition to the system disruption, Kettering Health notes it has received reports of scam phone calls from individuals posing as health system employees and requesting credit card payments for medical expenses. “While it is customary for Kettering Health to contact patients by phone to discuss payment options for medical bills, out of an abundance of caution, we will not be making calls to ask for or receive payment over the phone until further notice,” the health system states.

Kettering Health urges anyone who receives a suspicious call to report it to local law enforcement. At this time, the organization notes that it has not established a connection between the scam calls and the cybersecurity incident.

The organization says its leadership is working with internal teams and external partners to restore services “quickly and securely” and will continue to provide updates as new information becomes available.

Kettering Health’s website continues to display a banner on Wednesday, May 21, alerting users to an ongoing systemwide technology outage.

ID 163251654 © Kerly Chonglor | Dreamstime.com

Related Read:

The Centers for Disease Control and Prevention (CDC) is investigating reports of an environmental bacterium linked to the use of non-sterile ultrasound gel in percutaneous procedures across multiple states between 2024 and 2025.

The bacterium, Paraburkholderia fungorum, was identified in patient blood cultures and found to be genetically similar to isolates recovered from non-sterile ultrasound gel products. The CDC has linked the organism to at least two gel brands—MediChoice and ClearImage—manufactured by NEXT Medical Products Company, with specific product lots currently under scrutiny.

Use of non-sterile ultrasound gel in percutaneous procedures—which involve puncturing the skin, such as during central line placement, amniocentesis, or biopsies—can pose a serious risk to patient safety. Even in the absence of known contamination, microorganisms in non-sterile gel can enter sterile body sites, leading to infections or false-positive cultures that may result in unnecessary treatments.

As of May 8, 2025, the CDC is aware of 40 P. fungorum isolates primarily identified in blood cultures from patients in four US states and two other countries. Some of these patients were known to have undergone ultrasound-guided percutaneous procedures before sample collection. In most cases, the patients did not appear to be clinically infected, but the presence of the bacterium still poses concerns for contamination and potential harm.

In response, the CDC recommends healthcare facilities use only single-use ultrasound gel products labeled as “sterile” for percutaneous procedures. It also advises that healthcare personnel be properly trained in distinguishing between sterile and non-sterile products, noting that terms like “bacteriostatic” or “preservative” do not equate to sterility.

ID 133876812 © Edward Olive | Dreamstime.com

Related Read:

Holiday weekends are prime time for cyberattacks, particularly for healthcare organizations, so to counter this growing threat, Celerium announced the launch of its first-ever Data Breach Weekend Watch for Memorial Day weekend. 

This initiative is designed to help hospitals and healthcare organizations detect and respond to cyber threats during long weekends—when breaches are most likely to go unnoticed due to reduced staffing.

Celerium’s Memorial Day Data Breach Weekend Watch provides individual protections and community-wide visibility and defense coordination. The program is part of Celerium’s no-cost 2025 Data Breach Defense Program, currently supporting a network of 40-plus US healthcare organizations that have been accepted into the program. It targets high-risk cyberattack times like Memorial Day, July 4th, and Labor Day when hospitals are most vulnerable to data breach activity.

“The Data Breach Weekend Watch offers extra protection for healthcare organizations during high-risk periods like holiday weekends,” says Vince Crisler, chief strategy officer at Celerium and former White House CISO, in a release. “Our no-cost program is a valuable opportunity for eligible organizations to strengthen their cybersecurity posture—especially ahead of Memorial Day and other upcoming holidays when threats tend to rise.”

Holiday Weekends Pose Heightened Risks for Healthcare Systems

Data breaches can strike at any time—but holidays are especially dangerous, according to a release from Celerium. Cyber attackers know that staff levels drop and response times slow. Celerium’s Data Breach Defender is available year-round to help prevent, detect, and contain data breaches. But during key holiday periods, the Data Breach Weekend Watch initiative adds extra vigilance to protect the community.

According to IBM’s 2024 Cost of a Data Breach report, 24% of data breaches are never discovered by the victims themselves—they’re only alerted by the attackers.

What the Weekend Watch Includes

For Memorial Day, hospitals participating in Celerium’s Data Breach Defense Program are offered both individual protections and community-wide visibility and defense coordination.

Individual hospital protections:

• Optional prevention and early-stage breach alerts for hospitals
• Executive IT data breach impact dashboard

Community-wide threat monitoring:

• Pre-weekend virtual briefing and mid-weekend update hosted by Celerium’s Vince Crisler, former White House CISO, and top healthcare CISO Jeffrey Vinson
• Holiday-specific readiness checklists for IT and risk executives

Future Weekend Watches are already planned for July 4th, Labor Day, and Thanksgiving, expanding Celerium’s vision of a Data Breach Network tailored for the healthcare sector.

Data Breach Defender for Urgency

The Memorial Day Weekend Watch is powered by Celerium’s Data Breach Defender, a cloud-based cybersecurity solution originally developed for the US Department of Defense and now purpose-built for healthcare.

It is designed to help hospitals and healthcare organizations:

• Prevent, detect, and contain early-stage data breaches
• Deploy in under 30 minutes, with no new hardware or software installation required
• Support understaffed IT teams

A new study led by researchers from Michigan State University, Yale University, and Johns Hopkins University reveals that ransomware attacks—which involve a hacker putting encryption controls into a file and then demanding a ransom to unlock the files—have become the primary driver of health care data breaches in the United States, compromising 285 million patient records over 15 years.

Published May 14 in JAMA Network Open, the study provides a comprehensive analysis of ransomware’s role in health care breaches across all entities covered by privacy laws—hospitals, physician practices, health plans, and data clearinghouses—from 2010 to 2024.

“Ransomware has become the most disruptive force in health care cybersecurity,” says John (Xuefeng) Jiang, PhD, Eli Broad Endowed Professor of accounting and information systems in the MSU Broad College of Business and lead author of the study, in a release. “Hospitals have been forced to delay care, shut down systems, and divert patients—all while sensitive patient data is held hostage.”

The study found that although ransomware accounted for just 11% of breaches in 2024 by number, those attacks alone were responsible for 69% of all patient records compromised that year. Since 2010, ransomware incidents have contributed to the exposure of 285 million patient records—many of which likely involve multiple breaches of the same individuals.

In addition to Jiang, the research team includes Joseph Ross, MD, MHS, professor at the Yale School of Medicine, and Ge Bai, PhD, CPA, former doctoral student in the MSU Broad College of Business and now professor of accounting and health policy at Johns Hopkins University.

Ransomware Breaches Surge from Zero in 2010

Key findings of the study include:

• Ransomware breaches increased from 0 in 2010 to 222 in 2021, accounting for nearly a third of all major health care breaches that year.
• The overall share of breaches caused by hacking or information technology incidents surged from 4% in 2010 to 81% in 2024.
• Of the 732 million total patient records exposed between 2010 and 2024, 88% (643 million records) were linked to hacking-related incidents, including 39% (285 million) specifically from ransomware.

These numbers likely underestimate the true extent of the problem due to underreporting, reluctance to disclose ransom payments, and the exclusion of smaller breaches affecting fewer than 500 individuals, note the researchers.

“Ransomware attacks expose just how fragile our digital health infrastructure has become. Healthcare organizations operate under immense pressure, and ransomware attacks don’t just breach patient privacy—they disrupt service delivery, erode trust, and lead to personnel spending time, effort, and expense on activities that do not improve patient care,” says Ross in a release.

This new research builds on the team’s prior work documenting the scope and causes of data breaches in the health sector. Earlier studies showed that internal errors by health care providers—not hackers—were responsible for more than half of all breaches, including misdirected emails, lost devices, and unauthorized employee access. In a 2020 study, the team classified the specific types of information leaked in health care breaches, finding that over 70% of breaches compromised sensitive demographic or financial data—such as Social Security numbers, birthdates, and bank accounts—that could lead to identity theft or financial fraud. In contrast, breaches involving sensitive medical information, such as mental health or cancer diagnoses, were far less frequent.

“Whether it’s insiders making mistakes or criminal groups deploying ransomware, the effect on patients is the same: their most personal data is at risk,” says Bai in a release. “By understanding what’s being targeted, we can help health care organizations strengthen their defenses.”

Regulatory Actions to Mitigate Ransomware Risks

The researchers suggest several steps federal regulators can take to reduce future risks:

• Require hospitals and insurers to report whether ransomware was involved in a breach.
• Update breach severity assessments to reflect not just how many records were compromised, but how much care was disrupted.
• Monitor cryptocurrency flows to make ransom payments harder for attackers to collect.

“Health care providers have limited cybersecurity resources, so it’s essential to focus protection on the most sensitive types of information,” says Jiang in a release. “The solutions are within reach—what we need now is coordination, transparency, and urgency.

ID 124742804 © Andrey Popov | Dreamstime.com

Related Read:

Weiser Memorial Hospital (WMS) is notifying patients and former patients of a data breach involving personal and health information after discovering unauthorized access to its network in September 2024.

On Sept 4, 2024, WMS became aware of unusual network activity and took steps to secure its systems. WMS engaged cybersecurity experts to assist with the process. The investigation determined that certain WMS data may have been acquired without authorization on or about Sept 4, 2024. 

As a result, WMS undertook a review of all potentially affected files to identify individuals whose information may have been involved and gather contact information needed to provide notice. These efforts concluded on April 21, 2025, at which time WMS arranged to provide notice to potentially affected individuals with an available mailing address.

Based on WMS’ review of the potentially affected data, the following information for current and former patients may have been involved in the incident: name; date of birth; Social Security numbers or other government ID numbers; medical diagnosis, treatment, or procedure information; and/or Medicare/Medicaid or health insurance information.

WMS notes in a release that it has implemented measures to further enhance the security of its network environment and minimize the risk of a similar incident occurring in the future. WMS has established a toll-free call center to answer questions about the incident and address related concerns. Call center representatives are available Monday through Friday from 6:00 am to 6:00 pm Mountain Time and can be reached at 1-833-799-3704.

“The privacy and protection of personal and protected health information is a top priority for WMH. WMH deeply regrets any inconvenience or concern this incident may cause,” reads a release from WMS.

ID 330739711 © AminaDesign | Dreamstime.com

Related Read:

America’s resource-constrained healthcare providers face significant challenges in managing cybersecurity due to limited workforce and expertise, outdated systems, and insufficient funding, according to a report issued by the Healthcare and Public Health Sector Coordinating Council Cybersecurity Working Group. 

The report, sent to the US Department of Health and Human Services, the White House, and the House and Senate Rural Health Caucuses, calls on government and the broader healthcare community to support workforce augmentation, financial resources, and partnerships to enhance cybersecurity and protect patient safety. 

The report examines how resource-constrained health care systems—small, rural, critical access, family clinics, skilled nursing facilities, federally qualified health centers, and more across the country—are only marginally prepared for ongoing cyber threats to clinical care and operational liquidity, and recommends forms of support they would need against stiffer cybersecurity regulatory requirements. 

Rising Healthcare Cyber Threats

The healthcare industry is now targeted by more cyber adversaries seeking monetary gain than any other industry sector in the United States, and our nation’s resource-constrained providers skate on the razor’s edge between maintaining clinical care or going out of business from a cyber attack. 

“This report accurately captures the challenges our rural hospitals face,” says Tianna Fallgatter of The Rural Collaborative, which represents 28 rural hospitals in Washington State, in a release. “Already stretched too thin, experiencing increasingly sophisticated cyber-attacks, our hospitals will not be successful at protecting the nation’s people without government support. We need to find a way to provide the funding urgently needed despite our nation’s budget shortfalls to make rural hospitals and their patients a priority.”

The report summarizes Health Sector Coordinating Council interviews with 40 executives of small, rural, critical access, federally qualified health centers, skilled nursing facilities, and more in 30 states across the country, exploring how they approach their cybersecurity responsibilities and what kind of government and community support would be meaningful to strengthening their cyber health. 

“This report sheds a critical light on the cybersecurity challenges threatening resource-constrained healthcare providers like ours. It accurately reflects the fears we face daily in knowing that a single ransomware attack could not only jeopardize our hospital’s future but also put our patients and community at risk,” says Jim Roeder of Minnesota-based Lakewood Health and a co-lead of the Health Sector Coordinating Council task group that prepared the report. “Cybersecurity is not just an IT issue; it is a patient safety issue. Protecting the health and well-being of our communities means ensuring we have the resources and support to defend against evolving cyber threats.” 

Working Toward Mitigating Cybersecurity Issues

The Health Sector Coordinating Council Cybersecurity Working Group is a government-recognized critical-infrastructure industry advisory council of more than 460 healthcare providers, pharmaceutical and medical technology companies, payers, health IT entities, and government agencies partnering to identify and mitigate cyber threats to health data and research, systems, manufacturing, and patient care. 

The Cybersecurity Working Group membership collaboratively develops and publishes free healthcare cybersecurity leading practices and policy recommendations, and produces outreach and communications programs emphasizing the imperative that cyber safety is patient safety. 

ID 41906563 © Gajus | Dreamstime.com

Related Read:

Retarus’ US-based fax API and cloud fax gateways have achieved HITRUST e1 certification, confirming that the company meets essential regulatory compliance standards and cybersecurity requirements for the healthcare sector.

Retarus’ certified cloud fax infrastructure is designed to ensure high-performance processing and availability. The company operates all services within independently audited autonomous US data centers that meet industry and compliance standards.

“We are proud to demonstrate our commitment to the highest levels of data security and compliance for our American customers,” says Martin Hager, founder and CEO of Retarus, in a release. “Healthcare organizations need communication partners who not only understand the complex regulatory landscape but actively help them meet those requirements with confidence and clarity. That’s exactly what we deliver.”

Retarus Cloud Fax is available through the company’s network of agents, systems integrators, and managed service providers across the US.

“The HITRUST e1 validated assessment is a great tool for cyber-aware organizations like Retarus that want to build assurances and progressively demonstrate due diligence around information security and privacy,” says Robert Booker, chief strategy officer at HITRUST, in a release. “We applaud Retarus for their commitment to cybersecurity and successful completion of their HITRUST e1 certification.”

ID 251924238 © Arnon Thaneepoon | Dreamstime.com

Researchers have developed an AI-driven system called CLAP that significantly improves automated penetration testing for large-scale computer networks, enhancing the accuracy and speed of identifying cybersecurity vulnerabilities.

Automated penetration testing is crucial for safeguarding digital infrastructure. Traditionally, such testing relies heavily on human experts, making it costly, inconsistent, and slow. CLAP’s innovative reinforcement learning approach solves these issues by automating and optimizing the testing process.

The system was developed by researchers from Zhongguancun Laboratory, Zhejiang Lab, the National Research Centre of Parallel Computer Engineering and Technology, Beijing Normal University, and Tsinghua University.

Uncovering Hidden Vulnerabilities

Imagine the cybersecurity assessment process as exploring a vast, complex city to locate hidden vulnerabilities. Traditional automated methods are like drivers repeatedly using the same main roads, missing problems hidden in side streets or new neighborhoods. In contrast, CLAP behaves like an experienced city guide, continuously mapping unvisited streets and neighborhoods, effectively identifying risks in areas previously overlooked.

The key outcomes of this research demonstrate CLAP’s significant advantages over existing methods, including a nearly 35% reduction in the steps required to identify network vulnerabilities compared to current systems like HDSPI-DQN, HA-DQN, and DUSC-DQN. 

Moreover, CLAP effectively assesses much larger networks—up to 500 hosts—far beyond the scale manageable by existing technologies, typically limited to around 100 hosts. Additionally, the diverse testing strategies produced by CLAP enable broader, more thorough security assessments, ensuring comprehensive protection of critical networks.

“CLAP not only underscores the transformative potential of deep reinforcement learning in cybersecurity but also sets a new standard for automated defense systems. We are confident that CLAP will improve how organizations protect their digital assets, driving a paradigm shift in the battle against emerging cyber threats,” says Zuoning Chen, lead researcher, in a release.

The Coverage Mechanism and ‘Chebyshev Critic’ Elevate Testing Strategies

The researchers utilized AI technology, featuring a unique “coverage mechanism” that mimics expert cybersecurity testers by prioritizing unexplored network areas. Additionally, they introduced the “Chebyshev critic,” enabling diverse and effective testing strategies without manually set parameters.

This joint research effort was published in Frontiers of Computer Science. It represents an advancement in cybersecurity, offering practical solutions to secure increasingly vast and intricate global digital infrastructures, according to the researchers..  

Photo caption: Penetration testing as a sequential decision-making process

Photo credit: Yizhou Yang