Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Healthcare. Show all posts
Ransomwares
Cyberattack Data Breach Data Leak data security Employee Data Healthcare Interlock gang Interlock ransomware Kettering Health Ransomware attack Ransomware group Ransomwares

Kettering Health Ransomware Attack Linked to Interlock Group

 

Kettering Health, a prominent healthcare network based in Ohio, is still grappling with the aftermath of a disruptive ransomware attack that forced the organization to shut down its computer systems. The cyberattack, which occurred in mid-May 2025, affected operations across its hospitals, clinics, and medical centers. Now, two weeks later, the ransomware gang Interlock has officially taken responsibility for the breach, claiming to have exfiltrated more than 940 gigabytes of data.  

Interlock, an emerging cybercriminal group active since September 2024, has increasingly focused on targeting U.S.-based healthcare providers. When CNN first reported on the incident on May 20, Interlock had not yet confirmed its role, suggesting that ransom negotiations may have been in progress. With the group now openly taking credit and releasing some of the stolen data on its dark web site, it appears those negotiations either failed or stalled. 

Kettering Health has maintained a firm position that they are against paying ransoms. John Weimer, senior vice president of emergency operations, previously stated that no ransom had been paid. Despite this, the data breach appears extensive. Information shared by Interlock indicates that sensitive files were accessed, including private patient records and internal documents. Patient information such as names, identification numbers, medical histories, medications, and mental health notes were among the compromised data. 

The breach also impacted employee data, with files from shared network drives also exposed. One particularly concerning element involves files tied to Kettering Health’s in-house police department. Some documents reportedly include background checks, polygraph results, and personally identifiable details of law enforcement staff—raising serious privacy and safety concerns. In a recent public update, Kettering Health announced a key development in its recovery process. 

The organization confirmed it had restored core functionalities of its electronic health record (EHR) system, which is provided by healthcare technology firm Epic. Officials described this restoration as a significant step toward resuming normal operations, allowing teams to access patient records, coordinate care, and communicate effectively across departments once again. The full scope of the breach and the long-term consequences for affected individuals still remains uncertain. 

Meanwhile, Kettering Health has yet to comment on whether Interlock’s claims are fully accurate. The healthcare system is working closely with cybersecurity professionals and law enforcement agencies to assess the extent of the intrusion and prevent further damage.
Read more »
Unimed
AI Chatbot Cyber Security Dataleak Healthcare IdentityTheft Kafka phishing Privacy Unimed

Unimed AI Chatbot Exposes Millions of Patient Messages in Major Data Leak

 

iA significant data exposure involving Unimed, one of the world’s largest healthcare cooperatives, has come to light after cybersecurity researchers discovered an unsecured database containing millions of sensitive patient-doctor communications.

The discovery was made by cybersecurity experts at Cybernews, who traced the breach to an unprotected Kafka instance. According to their findings, the exposed logs were generated from patient interactions with “Sara,” Unimed’s AI-driven chatbot, as well as conversations with actual healthcare professionals.

Researchers revealed that they intercepted more than 140,000 messages, although logs suggest that over 14 million communications may have been exchanged through the chat system.

“The leak is very sensitive as it exposed confidential medical information. Attackers could exploit the leaked details for discrimination and targeted hate crimes, as well as more standard cybercrime such as identity theft, medical and financial fraud, phishing, and scams,” said Cybernews researchers.

The compromised data included uploaded images and documents, full names, contact details such as phone numbers and email addresses, message content, and Unimed card numbers.

Experts warn that this trove of personal data, when processed using advanced tools like Large Language Models (LLMs), could be weaponized to build in-depth patient profiles. These could then be used to orchestrate highly convincing phishing attacks and fraud schemes.

Fortunately, the exposed system was secured after Cybernews alerted Unimed. The organization issued a statement confirming it had resolved the issue:

“Unimed do Brasil informs that it has investigated an isolated incident, identified in March 2025, and promptly resolved, with no evidence, so far, of any leakage of sensitive data from clients, cooperative physicians, or healthcare professionals,” the notification email stated. “An in-depth investigation remains ongoing.”

Healthcare cooperatives like Unimed are nonprofit entities owned by their members, aimed at delivering accessible healthcare services. This incident raises fresh concerns over data security in an increasingly AI-integrated medical landscape.
Read more »
Technology
AI biosimilars Cybersecurity Data diagnostics drugdiscovery genomics Healthcare Innovation Privacy Research Startups Technology

AI is Accelerating India's Healthtech Revolution, but Data Privacy Concerns Loom Large

 

India’s healthcare, infrastructure, is undergoing a remarkable digital transformation, driven by emerging technologies like artificialintelligence (AI), machinelearning, and bigdata. These advancements are not only enhancing accessibility and efficiency but also setting the foundation for a more equitable health system. According to the WorldEconomicForum (WEF), AI is poised to account for 30% of new drug discoveries by 2025 — a major leap for the pharmaceutical industry.

As outlined in the Global Outlook and Forecast 2025–2030, the market for AI in drugdiscovery is projected to grow from $1.72 billion in 2024 to $8.53 billion by 2030, clocking a CAGR of 30.59%. Major tech players like IBMWatson, NVIDIA, and GoogleDeepMind are partnering with pharmaceutical firms to fast-track AI-led breakthroughs.

Beyond R&D, AI is transforming clinical workflows by digitising patientrecords and decentralising models to improve diagnostic precision while protecting privacy.

During an interview with AnalyticsIndiaMagazine (AIM), Rajan Kashyap, Assistant Professor at the National Institute of Mental Health and Neuro Sciences (NIMHANS), shared insights into the government’s push toward innovation: “Increasing the number of seats in medical and paramedical courses, implementing mandatory rural health services, and developing Indigenous low-cost MRI machines are contributing significantly to hardware development in the AI innovation cycle.”

Tech-Driven Healthcare Innovation

Kashyap pointed to major initiatives like the GenomeIndia project, cVEDA, and the AyushmanBharatDigitalMission as critical steps toward advancing India’s clinical research capabilities. He added that initiatives in genomics, AI, and ML are already improving clinicaloutcomes and streamlining operations.

He also spotlighted BrainSightAI, a Bengaluru-based startup that raised $5 million in a Pre-Series A round to scale its diagnostic tools for neurological conditions. The company aims to expand across Tier 1 and 2 cities and pursue FDA certification to access global healthcaremarkets.

Another innovator, Niramai Health Analytics, offers an AI-based breast cancer screening solution. Their product, Thermalytix, is a portable, radiationfree, and cost-effective screening device that is compatible with all age groups and breast densities.

Meanwhile, biopharma giant Biocon is leveraging AI in biosimilar development. Their work in predictivemodelling is reducing formulation failures and expediting regulatory approvals. One of their standout contributions is Semglee, the world’s first interchangeablebiosimilar insulin, now made accessible through their tie-up with ErisLifesciences.

Rising R&D costs have pushed pharma companies to adopt AI solutions for innovation and costefficiency.

Data Security Still a Grey Zone

While innovation is flourishing, there are pressing concerns around dataprivacy. A report by Netskope Threat Labs highlighted that doctors are increasingly uploading sensitive patient information to unregulated platforms like ChatGPT and Gemini.

Kashyap expressed serious concerns about lax data practices:

“During my professional experience at AI labs abroad, I observed that organisations enforced strict data protection regulations and mandatory training programs…The use of public AI tools like ChatGPT or Gemini was strictly prohibited, with no exceptions or shortcuts allowed.”

He added that anonymised data is still vulnerable to hacking or reidentification. Studies show that even brainscans like MRIs could potentially reveal personal or financial information.

“I strongly advocate for strict adherence to protected data-sharing protocols when handling clinical information. In today’s landscape of data warfare, where numerous companies face legal action for breaching data privacy norms, protecting health data is no less critical than protecting national security,” he warned.

Policy Direction and Regulatory Needs

The Netskope report recommends implementing approved GenAI tools in healthcare to reduce “shadow AI” usage and enhance security. It also urges deploying datalossprevention (DLP) policies to regulate what kind of data can be shared on generative AI platforms.

Although the usage of personal GenAI tools has declined — from 87% to 71% in one year — risks remain.

Kashyap commented on the pace of India’s regulatory approach:

“India is still in the process of formulating a comprehensive data protection framework. While the pace may seem slow, India’s approach has traditionally been organic, carefully evolving with consideration for its unique context.”

He also pushed for developing interdisciplinary medtech programs that integrate AIeducation into medicaltraining.

“Misinformation and fake news pose a significant threat to progress. In a recent R&D project I was involved in, public participation was disrupted due to the spread of misleading information. It’s crucial that legal mechanisms are in place to counteract such disruptions, ensuring that innovation is not undermined by false narratives,” he concluded.
Read more »
Privacy
Ascension Cyber Attacks Cyber Hacking CyberCrime Cybersecurity CyberThreat Healthcare Privacy

Ascension Faces New Security Incident Involving External Vendor

 


There has been an official disclosure from Ascension Healthcare, one of the largest non-profit healthcare systems in the United States, that there has been a data breach involving patient information due to a cybersecurity incident linked to a former business partner. Ascension, which has already faced mounting scrutiny for its data protection practices, is facing another significant cybersecurity challenge with this latest breach, proving the company's commitment to security.

According to the health system, the recently disclosed incident resulted in the compromise of personal identifiable information (PII), including protected health information (PHI) of the patient. A cyberattack took place in December 2024 that was reported to have stolen data from a former business partner, a breach that was not reported publicly until now. This was the second major ransomware attack that Ascension faced since May of 2024, when critical systems were taken offline as a result of a major ransomware attack. 

A breach earlier this year affected approximately six million patients and resulted in widespread disruptions of operations. It caused ambulance diversions in a number of regions, postponements of elective procedures, and temporary halts of access to essential healthcare services in several of these regions. As a result of such incidents recurring repeatedly within the healthcare sector, concerns have been raised about the security posture of third-party vendors and also about the potential risks to patient privacy and continuity of care that can arise. 

According to Ascension's statement, the organisation is taking additional steps to evaluate and strengthen its cybersecurity infrastructure, including the relationship with external software and partner providers. The hospital chain, which operates 105 hospitals in 16 states and Washington, D.C., informed the public that the compromised data was "likely stolen" after being inadvertently disclosed to the third-party vendor, which, subsequently, experienced a breach as a result of an external software vulnerability. 

In a statement issued by Ascension Healthcare System, it was reported that the healthcare system first became aware of a potential security incident on December 5, 2024. In response to the discovery of the breach, the organisation initiated a thorough internal investigation to assess the extent of the breach. An investigation revealed that patient data had been unintentionally shared with an ex-business partner, who then became the victim of a cybersecurity attack as a result of the data being shared. 

In the end, it appeared that the breach was caused by a vulnerability in third-party software used by the vendor. As a result of the analysis concluded in January 2025, it was determined that some of the information disclosed had likely been exfiltrated during this attack. 

In spite of Ascension failing to disclose the specific types of data that were impacted by the attack, the organization did acknowledge that multiple care sites in Alabama, Michigan, Indiana, Tennessee, and Texas have been affected by the attack. In a statement released by Ascension, the company stressed that it continues to collaborate with cybersecurity experts and legal counsel to better understand the impact of the breach and to inform affected individuals as necessary. 

In addition, the company has indicated that in the future it will take additional steps to improve data sharing practices as well as third party risk management protocols. There is additional information released by Ascension that indicates that the threat actors who are suspected of perpetrating the December 2024 incident likely gained access to and exfiltrated sensitive medical and personal information. 

There are several types of compromised information in this file, including demographics, Social Security numbers, clinical records, and details about visits such as names of physicians, names, diagnoses, medical record numbers, and insurance provider details. Although Ascension has not provided a comprehensive estimate of how many people were affected nationwide, the organization did inform Texas state officials that 114,692 people were affected by the breach here in Texas alone, which was the number of individuals affected by the breach. 

The healthcare system has still not confirmed whether this incident is related to the ransomware attack that occurred in May 2024 across a number of states and affected multiple facilities. It has been reported that Ascension Health's operations have been severely disrupted since May, resulting in ambulances being diverted, manual documentation being used instead of electronic records, and non-urgent care being postponed. 

It took several weeks for the organization to recover from the attack, and the cybersecurity vulnerabilities in its digital infrastructure were revealed during the process. In addition to revealing that 5,599,699 individuals' personal and health-related data were stolen in the attack, Ascension later confirmed this information. 

Only seven of the system's 25,000 servers were accessed by the ransomware group responsible, but millions of records were still compromised. The healthcare and insurance industries continue to be plagued by data breaches. It has been reported this week that a data breach involving 4,052,972 individuals, resulting from a cyberattack in February 2024, has affected 4,052,972 individuals, according to a separate incident reported by VeriSource Services, a company that manages employee administration. 

A number of these incidents highlight the growing threat that organisations dealing with sensitive personal and medical data are facing. Apparently, the December 2024 breach involving Ascension's systems and networks was not caused by an internal compromise of its electronic health records, but was caused by an external attack. Neither the health system nor the former business partner with whom the patient information was disclosed has been publicly identified, nor has the health system identified the particular third-party software vulnerability exploited by the attackers.

Ascension has also recently announced two separate third-party security incidents that are separate from this one. A notice was posted by the organisation on April 14, 2025, concerning a breach that took place involving Scharnhorst Ast Kennard Gryphon, a law firm based in Missouri. The organisation reported that SAKG had detected suspicious activity on August 1, 2024, and an investigation later revealed that there had been unauthorised access between the 17th and the 6th of August 2024. 

Several individuals affiliated with the Ascension health system were notified by SAKG on February 14, 2025, about the breach. In that incident, there were compromised records including names, phone numbers, date of birth and death, Social Security numbers, driver's license numbers, racial data, and information related to medical treatment. 

A number of media inquiries have been received regarding the broader scope of the incident, including whether or not other clients were affected by the breach, as well as how many individuals were affected in total. Separately, Ascension announced another data security incident on March 3, 2025 that involved Access Telecare, a third-party provider of telehealth services in the area of Ascension Seton in Texas. 

As with previous breaches, the Ascension Corporation clarified that the breach did not compromise its internal systems or electronic health records, a report filed with the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) confirmed on March 8, 2025, that Access Telecare had experienced a breach of its email system, which was reported on March 8, 2025. It is estimated that approximately 62,700 individuals may have been affected by the breach. 

In light of these successive disclosures, it is becoming increasingly apparent that the healthcare ecosystem is at risk of third-party relationships, as organisations continue to face the threat of cybercriminals attempting to steal sensitive medical and personal information from the internet. As a response to the recent security breach involving a former business partner, Ascension has offered two years of complimentary identity protection services to those who have been affected. This company offers credit monitoring services, fraud consultations, identity theft restoration services, aimed at mitigating potential harm resulting from unauthorized access to personal and health information, including credit monitoring, fraud consultation, and identity theft restoration services. 

Even though Ascension has not provided any further technical details about the breach, the timeline and nature of the incident suggest that it may be related to the Clop ransomware group's widespread campaign against data theft. There was a campaign in late 2024 that exploited a zero-day security vulnerability in the Cleo secure file transfer software and targeted multiple organisations. The company has not officially confirmed any connection between the breach and the Clop group, and a spokesperson has not responded to BleepingComputer's request for comment. 

Ascension has not encountered any major cybersecurity incidents in the past, so it is not surprising that this is not the first time they have experienced one. According to Ascension Healthcare's official report from May 2024, approximately 5.6 million patients and employees were affected by a separate ransomware infection attributed to the Black Basta group of hackers. Several hospitals were adversely affected by a security breach that occurred due to the inadvertent download of a malicious file on a company device by an employee. 

A number of data sets were exposed as a result of that incident, including both personal and health-related information, illustrating how the healthcare industry faces ongoing risks due to both internal vulnerabilities and external cyber threats. Despite the ongoing threat of cybersecurity in the healthcare industry, the string of data breaches involving Ascension illustrates the need to be more vigilant and accountable when managing third-party relationships. 

Even in the case of uncompromised internal systems, vulnerabilities in external networks can still result in exposing sensitive patient information to significant risks, even in cases of uncompromised internal systems. To ensure that healthcare organisations are adequately able to manage vendor risk, implement strong data governance protocols, and implement proactive threat detection and response strategies, organisations need to prioritise robust vendor risk management. 

A growing number of regulatory bodies and industry leaders are beginning to realize that they may need to revisit standards that govern network sharing, third-party oversight, and breach disclosure in an effort to ensure the privacy of patients in the increasingly interconnected world of digital health.
Read more »
Ransomware
Cyberattack Data Breach DaVita Healthcare Interlock Ransomware

Interlock Ransomware Gang Claims DaVita Cyberattack, Leaks Alleged Data Online

 

jThe Interlock ransomware group has taken credit for a recent cyberattack on DaVita, a leading U.S. kidney care provider. The group claims to have exfiltrated a significant amount of data, which it has now leaked on the dark web.

DaVita, a Fortune 500 company, operates over 2,600 dialysis centers across the U.S., employs around 76,000 people in 12 countries, and generates more than $12.8 billion in annual revenue. On April 12, the healthcare giant informed the U.S. Securities and Exchange Commission (SEC) that it had been hit by a ransomware incident that disrupted some operations. At the time, the company said it was assessing the impact.

Earlier today, the Interlock group publicly listed DaVita as a victim on its data leak site (DLS) hosted on the dark web. The cybercriminals claim to have stolen approximately 1.5 terabytes of data, including around 700,000 files containing sensitive information—ranging from patient records and user account data to insurance documents and financial details.

The leaked files were released following what appears to be a failed negotiation between Interlock and DaVita. The authenticity of the exposed files has not been independently verified by BleepingComputer.

In response to the data leak, a DaVita spokesperson told BleepingComputer: "We are aware of the post on the dark web and are in the process of conducting a thorough review of the data involved."

"A full investigation regarding this incident is still underway. We are working as quickly as possible and will notify any affected parties and individuals, as appropriate."

"We are disappointed in these actions against the healthcare community and will continue to share helpful information with our vendors and partners to raise awareness on how to defend against these attacks in the future."

Patients who have received care at DaVita facilities are advised to remain alert for phishing attempts and report any suspicious activity to authorities.

Interlock emerged in the ransomware scene in September last year, primarily targeting Windows and FreeBSD systems. Unlike many groups, Interlock does not collaborate with affiliates but has demonstrated increasing activity and sophistication.

A recent report by cybersecurity firm Sekoia highlighted a shift in Interlock’s approach. The group is now using “ClickFix” techniques to deceive victims into deploying info-stealers and remote access trojans (RATs)—a method that paves the way for ransomware deployment.
Read more »
Ransomwares
Backdoor Backdoor Attacks Critical Infrastructure Cyber Attacks Healthcare Malware Attack RansomHub Ransomware attack Ransomwares

Symantec Links Betruger Backdoor Malware to RansomHub Ransomware Attacks

 

A sophisticated custom backdoor malware called Betruger has been discovered in recent ransomware campaigns, with Symantec researchers linking its use to affiliates of the RansomHub ransomware-as-a-service (RaaS) group. The new malware is considered a rare and powerful tool designed to streamline ransomware deployment by minimizing the use of multiple hacking tools during attacks. 

Identified by Symantec’s Threat Hunter Team, Betruger is described as a “multi-function backdoor” built specifically to aid ransomware operations. Its functions go far beyond traditional malware. It is capable of keylogging, network scanning, privilege escalation, credential theft, taking screenshots, and uploading data to a command-and-control (C2) server—all typical actions carried out before a ransomware payload is executed. Symantec notes that while ransomware actors often rely on open-source or legitimate software like Mimikatz or Cobalt Strike to navigate compromised systems, Betruger marks a departure from this norm. 

The tool’s development suggests an effort to reduce detection risks by limiting the number of separate malicious components introduced during an attack. “The use of custom malware other than encrypting payloads is relatively unusual in ransomware attacks,” Symantec stated. “Betruger may have been developed to reduce the number of tools dropped on a network during the pre-encryption phase.” Threat actors are disguising the malware under file names like ‘mailer.exe’ and ‘turbomailer.exe’ to pose as legitimate mailing applications and evade suspicion. While custom malware isn’t new in ransomware operations, most existing tools focus on data exfiltration. 

Notable examples include BlackMatter’s Exmatter and BlackByte’s Exbyte, both created to steal data and upload it to cloud platforms like Mega.co.nz. However, Betruger represents a more all-in-one solution tailored for streamlined attack execution. The RansomHub RaaS operation, previously known as Cyclops and Knight, surfaced in early 2024 and has quickly become a major threat actor in the cybercrime world. Unlike traditional ransomware gangs, RansomHub has focused more on data theft and extortion rather than just data encryption. Since its emergence, RansomHub has claimed several high-profile victims including Halliburton, Christie’s auction house, Frontier Communications, Rite Aid, Kawasaki’s EU division, Planned Parenthood, and Bologna Football Club. 

The group also leaked Change Healthcare’s stolen data after the BlackCat/ALPHV ransomware group’s infamous $22 million exit scam. More recently, the gang claimed responsibility for breaching BayMark Health Services, North America’s largest addiction treatment provider. BayMark serves over 75,000 patients daily across more than 400 locations in the US and Canada. According to the FBI, as of August 2024, RansomHub affiliates have compromised over 200 organizations, many of which are part of critical infrastructure sectors such as government, healthcare, and energy. 

As ransomware groups evolve and adopt more custom-built malware like Betruger, cybersecurity experts warn that defenses must adapt to meet increasingly sophisticated threats.
Read more »
US
Cyber Attacks endue software Healthcare Illinois MedEx Sensitive Information US

Cyberattacks Hit U.S. Healthcare Firms, Exposing Data of Over 236,000 People

 


Two separate data breaches in the U.S. have exposed sensitive information of more than 236,000 people. These incidents involve two organizations: Endue Software in New York and Medical Express Ambulance (MedEx) in Illinois.

Endue Software creates software used by infusion centers, which help treat patients with medication delivered directly into their bloodstream. In February this year, the company found that hackers had broken into its system. This breach led to the exposure of personal details of around 118,000 individuals. The leaked information included full names, birth dates, Social Security numbers, and unique medical record identifiers. While there is currently no proof that the stolen data has been used illegally, the company isn’t taking any chances. It has added more safety tools and measures to its systems. It is also offering one year of free credit monitoring and identity protection to help affected people stay safe from fraud.

In a different case, MedEx, a private ambulance service provider based in Illinois, reported that it was also hit by a cyberattack. This breach happened last year, but the details have recently come to light. Information belonging to more than 118,000 people was accessed by attackers. The data included health records, insurance information, and even passport numbers in some cases.

These events are part of a larger pattern of cyberattacks targeting the healthcare industry in the U.S. In recent months, major organizations like UnitedHealth Group and Ascension Health have also suffered large-scale data breaches. Cybercriminals often go after hospitals and medical companies because the data they store is very valuable and can be used for scams or identity theft.

Both Endue and MedEx are working with cybersecurity experts to investigate the breaches and improve their systems. People affected by these incidents are being advised to be extra cautious. They should use the free protection services, monitor their bank and credit accounts, and immediately report anything unusual.



Read more »
Tracking
Cyber Security Healthcare legislation Location Privacy surveillance Tracking

Why Location Data Privacy Laws Are Urgently Needed

 

Your location data is more than a simple point on a map—it’s a revealing digital fingerprint. It can show where you live, where you work, where you worship, and even where you access healthcare. In today’s hyper-connected environment, these movements are silently collected, packaged, and sold to the highest bidder. For those seeking reproductive or gender-affirming care, attending protests, or visiting immigration clinics, this data can become a dangerous weapon.

Last year, privacy advocates raised urgent concerns, calling on lawmakers to address the risks posed by unchecked location tracking technologies. These tools are now increasingly used to surveil and criminalize individuals for accessing fundamental services like reproductive healthcare.

There is hope. States such as California, Massachusetts, and Illinois are now moving forward with legislation designed to limit the misuse of this data and protect individuals from digital surveillance. These bills aim to preserve the right to privacy and ensure safe access to healthcare and other essential rights.

Imagine a woman in Alabama—where abortion is entirely banned—dropping her children at daycare and driving to Florida for a clinic visit. She uses a GPS app to navigate and a free radio app along the way. Without her knowledge, the apps track her entire route, which is then sold by a data broker. Privacy researchers demonstrated how this could happen using Locate X, a tool developed by Babel Street, which mapped a user’s journey from Alabama to Florida.

Despite its marketing as a law enforcement tool, Locate X was accessed by private investigators who falsely claimed affiliation with authorities. This loophole highlights the deeply flawed nature of current data protections and how they can be exploited by anyone posing as law enforcement.

The data broker ecosystem remains largely unregulated, enabling a range of actors—from law enforcement to ideological groups—to access and weaponize this information. Near Intelligence, a broker, reportedly sold location data from visitors to Planned Parenthood to an anti-abortion organization. Meanwhile, in Idaho, cell phone location data was used to charge a mother and her son with aiding an abortion, proving how this data can be misused not only against patients but also those supporting them.

The Massachusetts bill proposes a protected zone of 1,850 feet around sensitive locations, while California takes a broader stance with a five-mile radius. These efforts are gaining support from privacy advocates, including the Electronic Frontier Foundation.

“A ‘permissible purpose’ (which is key to the minimization rule) should be narrowly defined to include only: (1) delivering a product or service that the data subject asked for, (2) fulfilling an order, (3) complying with federal or state law, or (4) responding to an imminent threat to life.”

Time and again, we’ve seen location data weaponized to monitor immigrants, LGBTQ+ individuals, and those seeking reproductive care. In response, state legislatures are advancing bills focused on curbing this misuse. These proposals are grounded in long-standing privacy principles such as informed consent and data minimization—ensuring that only necessary data is collected and stored securely.

These laws don’t just protect residents. They also give peace of mind to travelers from other states, allowing them to exercise their rights without fear of being tracked, surveilled, or retaliated against.

To help guide new legislation, this post outlines essential recommendations for protecting communities through smart policy design. These include:
  • Strong definitions,
  • Clear rules,
  • Affirmation that all location data is sensitive,
  • Empowerment of consumers through a strong private right of action,
  • Prohibition of “pay-for-privacy” schemes, and
  • Transparency through clear privacy policies.
These protections are not just legal reforms—they’re necessary steps toward reclaiming control over our digital movements and ensuring no one is punished for seeking care, support, or safety.
Read more »
Ransomware
Breach Compliance Cybersecurity Data Breach DaVita dialysis Healthcare Hospital incident ITsecurity patientcare Ransomware

DaVita Faces Ransomware Attack, Disrupting Some Operations but Patient Care Continues

 

Denver-headquartered DaVita Inc., a leading provider of kidney care and dialysis services with more than 3,100 facilities across the U.S. and 13 countries, has reported a ransomware attack that is currently affecting parts of its network. The incident, disclosed to the U.S. Securities and Exchange Commission (SEC), occurred over the weekend and encrypted select portions of its systems.

"Upon discovery, we activated our response protocols and implemented containment measures, including proactively isolating impacted systems," DaVita stated in its SEC filing.

The company is working with third-party cybersecurity specialists to assess and resolve the situation, and has also involved law enforcement authorities. Despite the breach, DaVita emphasized that patient care remains ongoing.

"We have implemented our contingency plans, and we continue to provide patient care," the company noted. "However, the incident is impacting some of our operations, and while we have implemented interim measures to allow for the restoration of certain functions, we cannot estimate the duration or extent of the disruption at this time," the company said.

With the investigation still underway, DaVita acknowledged that "the full scope, nature and potential ultimate impact on the company are not yet known."

Founded 25 years ago, DaVita reported $12.82 billion in revenue in 2024. The healthcare giant served over 281,000 patients last year across 3,166 outpatient centers, including 750+ hospital partnerships. Of these, 2,657 centers are in the U.S., with the remaining 509 located in countries such as Brazil, Germany, Saudi Arabia, Singapore, and the United Kingdom, among others. DaVita also offers home dialysis services.

Security experts warn that the scale of the incident could have serious implications.

"There is potential for a very large impact, given DaVita’s scale of operations," said Scott Weinberg, CEO of cybersecurity firm Neovera. "If patient records were encrypted, sensitive data like medical histories and personal identifiers might be at risk. DaVita has not reported data exfiltration, so it’s not clear if data was stolen or not."

Weinberg added, "For dialysis patients needing regular treatments to survive, this attack is extremely serious. Because of disrupted scheduling or inaccessible records, this could lead to health complications. Ransomware disruptions in healthcare may lead to an increase in mortality rates, especially for time-sensitive treatments such as dialysis."

The breach may also bring regulatory challenges due to DaVita’s international footprint.

"Regulations can differ with respect to penalties and reporting requirements after a breach based on the country and even the state in which the patients live or were treated," said Erich Kron, security awareness advocate at KnowBe4.

"A serious cybersecurity incident that affects individuals in multiple countries can be a legal nightmare for some organizations," Kron said. "However, this is something that organizations should plan for and be prepared for prior to an event ever happening. They should already know what will be required to meet regulatory standards for the regions in which they operate."

In a separate statement to Information Security Media Group, DaVita added, "We have activated backup systems and manual processes to ensure there's no disruption to patient care. Our teams, along with external cybersecurity experts, are actively investigating this matter and working to restore systems as quickly as possible."

This cyberattack mirrors similar recent disruptions within the healthcare industry, which continues to be a frequent target.

"The healthcare sector is always considered a lucrative target because of the serious sense of urgency whenever IT operations are disrupted, not to mention potentially disabled," said Jeff Wichman, director of incident response at Semperis. "In case of ransomware attacks, this serves as another means to pressure the victim into paying a ransom."

He added, "At this time, if any systems administering dialysis have been disrupted, the clinics and hospitals within DaVita’s network are most certainly operating machines manually as a last resort and staff are working extremely hard to ensure patient care doesn’t suffer. If any electronic machines in their network are down, the diligence of staff will fill the gaps until electronic equipment is restored."

DaVita joins a growing list of specialized healthcare providers facing cybersecurity breaches in 2025. Notably, Community Care Alliance in Rhode Island recently reported a hack that impacted 115,000 individuals.

In addition, DaVita has previously disclosed multiple health data breaches. The largest, in July 2024, affected over 67,000 individuals due to unauthorized server access linked to the use of tracking pixels in its patient-facing platforms.
Read more »
Privacy
creditmonitoring Cybersecurity Databreach Dataleak Healthcare IdentityTheft labtesting medicalrecords PlannedParenthood Privacy

Over 1.6 Million Affected in Planned Parenthood Lab Partner Data Breach

 

A cybersecurity breach has exposed the confidential health data of more than 1.6 million individuals—including minors—who received care at Planned Parenthood centers across over 30 U.S. states. The breach stems from Laboratory Services Cooperative (LSC), a company providing lab testing for reproductive health clinics nationwide.

In a notice filed with the Maine Attorney General’s office, LSC confirmed that its systems were infiltrated on October 27, 2024, and the breach was detected the same day. Hackers reportedly gained unauthorized access to sensitive personal, medical, insurance, and financial records.

"The information compromised varies from patient to patient but may include the following:
  • Personal information: Name, address, email, phone number
  • Medical information: Date(s) of service, diagnoses, treatment, medical record and patient numbers, lab results, provider name, treatment location
  • Insurance information: Plan name and type, insurance company, member/group ID numbers
  • Billing information: Claim numbers, bank account details, billing codes, payment card details, balance details
  • Identifiers: Social Security number, driver's license or ID number, passport number, date of birth, demographic data, student ID number"

In addition to patient data, employee information—including details about dependents and beneficiaries—may also have been compromised.

Patients concerned about whether their data is affected can check if their Planned Parenthood location partners with LSC via the FAQ section on LSC’s website or by calling their support line at 855-549-2662.

While it's impossible to reverse the damage of a breach, experts recommend immediate protective actions:

Monitor your credit reports (available weekly for free from all three major credit bureaus)

Place fraud alerts, freeze credit, and secure your Social Security number

Stay vigilant for unusual account activity and report potential identity theft promptly

LSC is offering 12–24 months of credit monitoring through CyEx Medical Shield Complete to impacted individuals. Those affected must call the customer service line between 9 a.m. and 9 p.m. ET, Monday to Friday, to get an activation code for enrollment.

For minors or individuals without an SSN or credit history, a tailored service named Minor Defense is available with a similar registration process. The enrollment deadline is July 14, 2025.
Read more »
Ransomware
Credential Theft Cyber Attacks Healthcare Ransomware

Healthcare Sector Faces Highest Risk in Third-Party Cyber Attacks

 



Cybersecurity experts have identified the healthcare industry as the most frequently targeted sector for third-party breaches in 2024, with 41.2% of such incidents affecting medical institutions. This highlights a critical need for improved security measures across healthcare networks.


The Growing Threat of Unnoticed Cyber Breaches  

A recent cybersecurity study warns of the increasing risk posed by “silent breaches.” These attacks remain undetected for extended periods, allowing hackers to infiltrate systems through trusted third-party vendors. Such breaches have had severe consequences in multiple industries, demonstrating the dangers of an interconnected digital infrastructure.

Research from Black Kite’s intelligence team examined cybersecurity incidents from regulatory disclosures and public reports, revealing an alarming rise in sophisticated cyber threats. The findings emphasize the importance of strong third-party risk management to prevent security lapses.


Why Healthcare is at Greater Risk  

Several factors contribute to the vulnerability of healthcare institutions. Medical records contain highly valuable personal and financial data, making them prime targets for cybercriminals. Additionally, the healthcare sector relies heavily on external vendors for essential operations, increasing its exposure to supply chain weaknesses. Many institutions also struggle with outdated security infrastructures, further amplifying risks.

Encouragingly, the study found that 62.5% of healthcare vendors improved their security standards following a cyber incident. Regulatory requirements, such as HIPAA compliance, have played a role in compelling organizations to enhance their cybersecurity frameworks.


Major Findings from the Report

The study highlights key security challenges that organizations faced in 2024:

1. Unauthorized Access to Systems: More than half of third-party breaches involved unauthorized access, underscoring the need for stronger access control measures.

2. Ransomware Attacks on the Rise: Ransomware remained a leading method used by cybercriminals, responsible for 66.7% of reported incidents. Attackers frequently exploit vendor-related weaknesses to maximize impact.

3. Software Vulnerabilities as Entry Points: Cybercriminals took advantage of unpatched or misconfigured software, including newly discovered weaknesses, to infiltrate networks.

4. Credential Theft Increasing: About 8% of attacks involved stolen or misused credentials, highlighting the necessity of robust authentication methods, such as multi-factor authentication.

5. Targeting of Software Vendors: A major 25% of breaches were linked to software providers, reflecting an increased focus on exploiting weaknesses in the software supply chain.


With organizations becoming increasingly reliant on digital tools and cloud-based systems, cyber risks continue to escalate. A single vulnerability in a widely used platform can trigger large-scale security incidents. 

To mitigate risks, businesses must adopt proactive strategies, such as continuous monitoring, prompt software updates, and stricter access controls. Strengthening third-party security practices is essential to minimizing the likelihood of breaches and ensuring the safety of sensitive data.

The healthcare sector, given its heightened exposure, must prioritize comprehensive security measures to reduce the impact of future breaches.



Read more »
NHS
AI Advancements AI technology AI-Healthcare system Cyber Security Healthcare NHS

North Yorkshire Hospital Adopts AI for Faster Lung Cancer Detection

 

A hospital in North Yorkshire has introduced artificial intelligence (AI) technology to improve the detection of lung cancer and other serious illnesses. Harrogate and District NHS Foundation Trust announced that the AI-powered system would enhance the efficiency and accuracy of chest X-ray analysis, allowing for faster diagnoses and improved patient care. The newly implemented software can analyze chest X-rays in less than 30 seconds, quickly identifying abnormalities and prioritizing urgent cases. Acting as an additional safeguard, the AI supports clinicians by detecting early signs of diseases, increasing the chances of timely intervention. 

The trust stated that the system is capable of recognizing up to 124 potential issues in under a minute, streamlining the diagnostic process and reducing pressure on radiologists. Dr. Daniel Fascia, a consultant radiologist at the trust, emphasized the significance of this technology in addressing hospital backlogs. He noted that AI-assisted reporting would help medical professionals diagnose conditions more quickly and accurately, which is crucial in reducing delays that built up during the COVID-19 pandemic. 

The Harrogate trust has already been using AI to detect trauma-related injuries, such as fractures and dislocations, since July 2023. The latest deployment represents a further step in integrating AI into routine medical diagnostics. Harrogate is the latest of six Yorkshire radiology departments to implement this advanced AI system. The initiative has been supported by NHS England’s AI Diagnostics Fund (AIDF), which has allocated £21 million to aid early lung cancer detection across 64 NHS trusts in England. 

The investment aims to improve imaging networks and expand the use of AI in medical diagnostics nationwide. UK Secretary of State for Science, Innovation, and Technology, Peter Kyle MP, praised the rollout of this AI tool, highlighting its potential to save lives across the country. He emphasized the importance of medical innovation in preventing diseases like cancer from devastating families and underscored the value of collaboration in advancing healthcare technology. As AI continues to revolutionize the medical field, its role in diagnostics is becoming increasingly essential. 

The expansion of AI-driven imaging solutions is expected to transform hospital workflows, enabling faster detection of critical conditions and ensuring patients receive timely and effective treatment. With continued investment and innovation, AI is set to become an integral part of modern healthcare, improving both efficiency and patient outcomes.
Read more »
Network Security
Backdoor China Contec Data Breach Healthcare Network Security

Experts Find Hidden Backdoors Inside Chinese Software Stealing Patient Data

Experts Find Hidden Backdoors Inside Chinese Software Stealing Patient Data

Cybersecurity & Infrastructure Security Agency (CISA) in the US rolled out an investigation report concerning three firmware variants used in Contec CMS800, a patient monitoring system used in healthcare facilities and hospitals. 

CIS finds hidden backdoor in Chinese software

Experts found that the devices had a hidden backdoor with a hard-coded IP address, enabling transmission of patient data. This is doable as the devices will start a link to a central monitoring system through a wireless or wired network, as per the product description. 

The agency disclosed the codes that send data to a select IP address. The decoded data includes detailed information- patients, hospital department, doctor’s name, date of birth, admission date, and other details about the device users. 

Details about three flaws

The flaw is filed under “CVE-2025-0626 with a CVSS v4 score of 7.7 out of 10” says Tom’s Hardware, while also talking about two other vulnerabilities “filed under CVE-2024- 12248, which indicates that it could allow an attacker to write data remotely to execute a code” and “CVE-2025-0683, which relates to privacy vulnerability.”

Impact of vulnerabilities

The three cybersecurity flaws can allow threat actors to dodge cybersecurity checks, get access, and also manipulate the device, the FDA says, not being “aware of any cybersecurity incidents, injuries, or deaths related to these cybersecurity vulnerabilities at this time."

FDA said that Contec Medical Systems is a device manufacturer in China, its products are used in the healthcare industry- clinics, hospitals, etc., in the US and European Union. However, experts found that these can also be bought from eBay for $599. 

About Contec

These devices are also rebranded as Epsimed MN-120, the FDA believes. Contec products are FDA-approved and sold in more than 130 countries. As part of its vulnerability disclosure process, the CISA research team discovered uncovered this flaw. 

The agency has also mentioned that the IP address is not linked with any medical device manufacturer, “Still, it is a third-party university, though it doesn't mention the university, the IP address, or the country it is sending data to,” reports Tom Hardware. 

The CISA has also assessed that the coding was meant to be a substitute update system because it doesn’t include standard update techniques like doing integrity checks or tracking updated versions. Instead, it offers a remote file sent to the IP address. To solve this, the FDA suggests removing the monitoring device from its network and tracking the patient’s physical condition and vital stats.

Read more »
Ransomware
BEC Data Breach Healthcare Manufacturing Ransomware

Cyber Breaches: Why Organizations Need to Work On the Clock

 




Cyberattacks are fast becoming a reality check for businesses worldwide, inflicting massive financial and operational losses. Besides the immediate loss of funds, cyber attacks also have an impact on an organization's reputation, hence losing out in competition. The most common threats range from theft of sensitive data to holding a system hostage using ransomware. To address such challenges, firms need to focus on preventing the most common and expensive attacks, particularly in industries that are sensitive to downtime and data loss. 


 Why Some Attacks Are More Costly

Not every attack hits businesses in the same way. Some methods, like ransomware and pretexting, stand out because of their high costs.

Ransomware Attacks: It locks organizations out of their systems until they pay the ransom. Today, reported cases of ransomware infection claim the average business lost $45,000. In some cases, the damage is higher than one million dollars. For organizations with operations dependent on continuous performance, like manufacturing or logistics, just an hour or two of lost time can mean millions in losses.

Pretexting and Business Email Compromise (BEC): Pretexting refers to the practice of deceiving employees into providing sensitive information under false pretenses. It is the primary source of BEC attacks, where cybercriminals target executives who have access to confidential information. The average case of these attacks costs organizations approximately $50,000.  


Which Industries Are at Risk?

Some industries are at higher risk because of the critical nature of their operations. 

Manufacturing: A ransomware attack on a manufacturing plant can bring the production to a standstill, delay supply chains, and disrupt relationships with suppliers. The financial and reputational costs can mount rapidly, causing companies to pay ransoms to resume operations.

Healthcare: Hospitals face a dual challenge—protecting patient data and ensuring medical equipment remains functional. Cyberattacks can leak sensitive health records or disrupt life-saving devices, putting patient lives at risk and forcing hospitals to make difficult choices.  

Interestingly, most breaches (68%) are not due to their nature of hacking but simple human mistakes. Employees often click on phishing links or send sensitive data to the wrong person by accident. These errors highlight the need for better training and stronger internal processes to reduce vulnerabilities.  


Steps to Reduce Risks  

Organizations can take several steps to minimize the financial and operational impact of cyberattacks:

1. Focus on Critical Threats: Prevent ransomware or BEC scams that are the most destructive attacks.

2. Improved Training: Train employees to recognize phishing emails and how to handle sensitive information carefully. 

3. Invest in Security: Invest in tools like threat detection systems and access controls to reduce potential damage.

4. Have a Recovery Plan: Develop clear protocols for responding to breaches, including backup and recovery systems to minimize downtime.  

 

Cybersecurity requires proactive efforts and investments. While these may seem costly initially, they spare organizations from far greater expense recoveries from breaches. By focusing on prevention, businesses can protect their resources and maintain trust in an increasingly digital world.



Read more »
Technology
Artificial Intelligence Blockchain Developers Healthcare Marketing Technology

AI and Blockchain: Shaping the Future of Personalization and Security

 

The integration of Artificial Intelligence (AI) and blockchain technology is revolutionizing digital experiences, especially for developers aiming to enhance user interaction and improve security. By combining these cutting-edge technologies, digital platforms are becoming more personalized while ensuring that user data remains secure. 

Why Personalization and Security Are Essential 

A global survey conducted in the third quarter of 2024 revealed that 64% of consumers prefer to engage with companies that offer personalized experiences. Simultaneously, 53% of respondents expressed significant concerns about data privacy. These findings highlight a critical balance: users desire tailored interactions but are equally cautious about how their data is managed. The integration of AI and blockchain offers innovative solutions to address both personalization and privacy concerns. 

AI has seamlessly integrated into daily life, with tools like ChatGPT becoming indispensable across industries. A notable advancement in AI is the adoption of Common Crawl's customized blockchain. This system securely stores vast datasets used by AI models, enhancing data transparency and security. Blockchain’s immutable nature ensures data integrity, making it ideal for managing the extensive data required to train AI systems in applications like ChatGPT. 

The combined power of AI and blockchain is already transforming sectors like marketing and healthcare, where personalization and data privacy are paramount.

  • Marketing: Tools such as AURA by AdEx allow businesses to analyze user activity on blockchain platforms like Ethereum. By studying transaction data, AURA helps companies implement personalized marketing strategies. For instance, users frequently interacting with decentralized exchanges (DEXs) or moving assets across blockchains can receive tailored marketing content aligned with their behavior.
  • Healthcare: Blockchain technology is being used to store medical records securely, enabling AI systems to develop personalized treatment plans. This approach allows healthcare professionals to offer customized recommendations for nutrition, medication, and therapies while safeguarding sensitive patient data from unauthorized access.
Enhancing Data Security 

Despite AI's transformative capabilities, data privacy has been a longstanding concern. Earlier AI tools, such as previous versions of ChatGPT, stored user data to refine models without clear consent, raising privacy issues. However, the industry is evolving with the introduction of privacy-centric tools like Sentinel and Scribe. These platforms employ advanced encryption to protect user data, ensuring that information remains secure—even from large technology companies like Google and Microsoft. 
 
The future holds immense potential for developers leveraging AI and blockchain technologies. These innovations not only enhance user experiences through personalized interactions but also address critical privacy challenges that have persisted within the tech industry. As AI and blockchain continue to evolve, industries such as marketing, healthcare, and beyond can expect more powerful tools that prioritize customization and data security. By embracing these technologies, businesses can create engaging, secure digital environments that meet users' growing demands for personalization and privacy.
Read more »
Healthcare
Ascension Cyber Attacks Financial Data Healthcare

New Finds from The June Ascension Hack




Healthcare industry giant Ascension has broken the silence and revealed more sensitive information concerning the recent hack in June. Through a worker opening a suspicious file without even knowing the malware was actually very harmful to download, it gave room for hackers into their network exposing patient information, among others.


During the past months, the healthcare system has worked with experts in cybersecurity to analyze how the breach affected them and the amount of patient and employee data that was taken. Since the investigation has been concluded, Ascension has informed the public regarding the data stolen and measures undertaken to safeguard the victims.

The investigation established that several kinds of personal information were accessed during the breach. Though the specifics vary for each individual, the leaked information may include:  

  • Medical Records: Medical record numbers, service dates, types of lab tests, and procedure codes.  
  • Financial Data: Credit card numbers, bank account information, and insurance details such as Medicaid and Medicare IDs.
  • Government Identifications: Social Security numbers and other governmental IDs. 

Ascension has come out to clarify that their main Electronic Health Records, which hold extensive patient's medical histories, were unaffected. This means that those operations that are considered most core in healthcare, such as viewing patient records and prescribing drug therapies, remain safe and unimpeded.


How Ascension is Reacting

To make amends for the breach, Ascension is offering free credit monitoring and identity protection services to anyone affected. Those affected will be sent formal notification letters within the next two to three weeks, which will detail step-by-step instructions to enroll in protection services so those affected may protect themselves from potential misuse of their data.

The credit monitoring service will be offered for two years and can be used to track suspicious activity regarding an individual's personal information. Ascension also informed those who had already enrolled in protection services after the initial breach that they could continue coverage without any interruption.


If you receive a notification, enrolling in the complimentary identity protection services is crucial. For assistance, you can visit Ascension’s website or contact their support line at (866) 724-3233 during business hours.  

Additionally, Ascension advises practicing general security measures, such as monitoring bank statements and staying alert for unusual activity. These steps can help minimize potential risks.

Ascension acknowledged the hurdle caused by the cyberattack and gave thanks to its patients, employees, and clinicians for their continued support. The organization highlighted its ability to persevere with such a team, and it assured the community that utmost care will be taken in protecting the information of its patients in the future.




Read more »
Ransomware
Cyber Attacks Health Healthcare Hospital Patient Ransomware

Rise in Cyberattacks, Healthcare Industry Top Victim

Rise in Cyberattacks, Healthcare Industry Top Victim


Hospitals in Merseyside, including Arrowe Park Hospital in the Wirral, are facing significant disruptions following a cyber attack on the Wirral University Teaching Hospital Trust. Outpatient appointments have been canceled, and patients have been advised to avoid visiting the A&E department unless in a medical emergency. 

A spokesperson for the Trust confirmed, “A major incident was declared yesterday for cyber security reasons and remains ongoing. Our business continuity processes are in place, and our priority remains ensuring patient safety. We apologize for any inconvenience and will contact patients to reschedule canceled appointments.” 

Rising Cyber Threats to Healthcare   


The breach has also affected staff, who are struggling to access electronic records, highlighting the increasing frequency of cyber attacks on healthcare systems in the UK and globally. Research by KnowBe4 shows that the global healthcare sector faced an average of 1,613 attacks per week during the first three quarters of 2023 — four times higher than the global average.   

Earlier in 2024, a cyber attack on Kings College Hospital Foundation forced the shutdown of critical operations due to a breach at blood test supplier Synnovis.   

In recent years, similar incidents have plagued the UK healthcare system:   

- A ransomware attack on Barts NHS Trust by the Russian BlackCat gang resulted in the theft of 7TB of sensitive data.   
- In February 2023, NHS Dumfries and Galloway faced a breach compromising patient and staff information.   

In response to these escalating threats, the National Data Guardian (NDG) and NHS England introduced a new cyber resilience framework in September 2023. Dr. Nicola Byrne, National Data Guardian, stated that the framework provides organizations with a "current and evolving approach to enhance data protection and cyber resilience."
Read more »
Synthetic Data
CyberCrime Cyberhackers Cybersecurity CyberThreat Healthcare Privacy Synthetic Data

Reimagining Healthcare with Synthetic Data

 


It has been espoused in the generative AI phenomenon that the technology's key uses would include providing personalized shopping experiences for customers and creating content. Nonetheless, generative AI can also be seen to be having a very real impact on fields such as healthcare, for example. There is a tectonic shift in healthcare and life sciences, as technology is being implemented and data-driven systems are being integrated. 

A must-follow trend in this revolution is the burgeoning use of synthetic data, a breakthrough advancement poised to reshape how medical research is conducted, AI is developed, and patient privacy will be protected in the coming years. Data available in synthetic format is comparable to data available in real-world format (such as real fibers such as hemp). In the course of human evolution, humans have created synthetic products to achieve our goals and to develop new products that improve our lives in many different ways. 

It's widely known that synthetic fiber is used in clothing, rope, industrial equipment, automobiles, and many other places. It is because of the ability to create synthetic fiber that a wide range of products can be created that are needed in modern life. Healthcare is another area where synthetic data can have an impact similar to that of traditional data. Synthetic data is created based on real-world data using a data synthesizer. 

These synthesizers may leverage different methods to create synthetic data that have the same statistical and correlative properties as the original data; however, they are completely independent from the real-world data (1, 2). Notably, synthetic data do not contain any personal identifying information which ensures personal privacy and full compliance with privacy regulations such as the EU’s General Data Protection Regulation (GDPR). 

The use of high-fidelity synthetic data for data augmentation is an area of growing interest in data science, generating virtual patient cohorts, such as digital twins, to estimate counterfactuals in silico trials, allowing for better prediction of treatment outcomes and personalised medicine. Synthetic data allows clinicians to use prompts to generate a conversation between a patient with depression and a therapist where they are discussing the onset of symptoms. 

Healthcare providers can also use partially synthetic data, which takes a real-life transcript and has AI adjust it to remove personally identifiable information or private health information, while still telling a cohesive story. This data can then be used to train AI models to develop transcripts, training materials and so on. Regardless of whether the data is fully or partially synthetic, the data can (and often is) adjusted as needed with additional prompts until it reaches the desired result. Healthcare is subjected to a variety of privacy rules through HIPAA. 

Eliminating these privacy concerns is a primary reason Read feels synthetic data is valuable in training models. With synthetic data, healthcare providers don’t need to use real people’s data to train models. Instead, they can generate a conversation that is representative of a specific therapeutic intervention without involving anyone’s protected health information. As Read explains, “Synthetic data also makes it easy to calibrate what we’re looking for — like to generate different examples of how a healthcare provider could say something explicitly or implicitly. This makes it easier to provide different examples and tighten up the information we provide to AI models to learn from, ensuring that we can teach it the right data for providing training or feedback to real-world clinicians.” 

Synthetic data also democratizes the ability of different healthcare organizations to train and fine-tune their own machine learning models. Whereas previously, an organization might need to provide hundreds (or even thousands) of hours of transcribed sessions between patients and clinicians as well as other data points, synthetic data erases this barrier to entry. Synthetic data allows for models to learn and build out responses at a much faster rate — which also makes it easier for new players in healthcare to enter the field. 

As Read’s insights reveal, the use of AI and synthetic data isn’t going to replace clinicians’ value or decision-making authority. But with the help of synthetic data, AI can help push clinicians in the right direction to ensure that there is greater standardization and adherence to best practices. As more providers begin to utilize synthetic data to ensure they are following best practices in all patient interactions and to get feedback on their sessions, they can elevate the quality of care for all. A similar impact could also be felt in the healthcare sector by the use of synthetic data similar to how traditional data would. 

With the help of a data synthesizer, it is possible to create synthetic data based on real-world data. It has been shown that these synthesizers can leverage different methods to produce synthetic data which are capable of being compared to the original data, even if those properties cannot be extracted from the original data, but they are completely independent of real-world data (1, 2). A distinctive feature of synthetic data is the absence of any personal identifying information, which ensures that the data is completely private to the individual and complies with all needed privacy regulations, such as the General Data Protection Regulation (GDPR) of the European Union. 

As a result of increasing interest in data science, the use of high-fidelity synthetic data for data augmentation is becoming increasingly popular. To better predict treatment outcomes and tailor medical treatments for individual patients, digital twins, and virtual cohorts are used to estimate counterfactuals in silico trials, allowing better predictions of treatment outcomes. As a result of synthetic data, clinicians can generate a conversation between patients with depression and therapists to demonstrate how their symptoms began, and these prompts can be used to guide the conversation. 

Providers of healthcare can also use partially synthetic data, which is a combination of a real-life transcript and AI processing that removes any personally identifiable information or private health information, while still telling a coherent story. By using this data, it can then be developed into the types of transcripts, materials for training, etc, that are needed for creating transcripts. Whether the data being used is synthetic data or not, it can (and often is) manipulated or adjusted, as necessary, with additional prompts, until it reaches the result that is desired regardless of whether the data is synthetic or not. 

HIPAA is a sort of Federal law that imposes a variety of privacy rules on the healthcare industry. The fact that Synthetic Data is useful in training models is because it can eliminate these privacy concerns, according to Read. To train models based upon synthetic data, healthcare providers do not need to rely on real person-to-person information. This would allow them to generate a conversation in which they would represent a specific therapeutic intervention, without involving any protected health information of anybody involved in such a conversation. 

Moreover, Read explains, "Synthetic data also allows us to calibrate our search in a much easier way - like for example, generating examples of how a healthcare provider would be able to send an implicit or explicit message to an individual." Moreover, synthetic data democratizes the possibility of various healthcare organizations to train and refine their own artificial intelligence models by enabling them to use synthetic data. 


An organization might have previously been required to provide hundreds (or even thousands) of hours of transcribed sessions between patients and clinicians, along with other information points about these sessions, in order to offer this service, but with synthetic data, businesses are no longer required to do so. Using synthetic data, it is possible for models to learn and develop responses at much faster rates as well, making it easier for new players in healthcare to enter the field to learn and build on existing responses. 

In light of Read's insights, it's important to emphasize that AI and synthetic data are not going to replace clinicians' capabilities or their decision-making authority as Read identifies. By using synthetic data, however, AI has the potential to help clinicians in the right direction to ensure that better standards of care are observed and that best practices are followed. As healthcare providers increasingly adopt synthetic data, they gain a valuable tool for adhering to best practices in patient interactions and enhancing the overall quality of care.

By leveraging synthetic data, practitioners can simulate various clinical scenarios, ensuring their approaches align with industry standards and ethical guidelines. This technology also enables providers to receive constructive feedback on their patient sessions, helping to identify areas for improvement and fostering continuous professional development. The integration of synthetic data into healthcare workflows not only supports more consistent and informed decision-making but also elevates the standard of care delivered to patients across diverse settings. By embracing synthetic data, providers can drive innovation, improve outcomes, and contribute to a more efficient and patient-centered healthcare ecosystem.
Read more »
Subscribe to: Posts (Atom)