Topics
Reimbursement
Senators urge action on physician payment cut before end of lame duck session
Senators urge action on physician payment cut
Revenue Cycle Management
Trends 2025: The demand for interim revenue cycle executives
Trends 2025: The demand for interim revenue cycle executives
Strategic Planning
CVS announces layoffs due to loss of Kansas Medicaid contract
CVS announces layoffs due to loss of Kansas Medicaid contract
Capital Finance
Cigna nixes speculation of a Humana merger
Cigna nixes speculation of a Humana merger
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Walgreens posts $265 million net loss in Q1
Walgreens posts $265 million net loss in Q1
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
Senate report slams private equity's ownership of hospitals
Senate report slams private equity's ownership of hospitals
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Denials top reason for eroding provider-payer relationship
Denials top reason for eroding provider-payer relationship
Workforce
Male physicians have more net worth than female counterparts
Male physicians have more net worth than females
Operations
Healthcare execs more optimistic heading into the new year, survey finds
Health execs more optimistic heading into 2025
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
Cincinnati Children's undergoing $365 million expansion
Cincinnati Children's undergoing $365M expansion
Compliance & Legal
Mayo Clinic sues Sanford Health Plan over unpaid medical bill
Mayo Clinic sues Sanford Health Plan over unpaid medical bill
Policy and Legislation
CFPB to remove medical debt from credit reports
CFPB to remove medical debt from credit reports
Community Benefit
AMA pushes for stricter standards for hospital charity care policies
AMA pushes for stricter standards for hospital charity care policies
Accountable Care
NAACOS pushes ACO REACH extension after $1.54B in savings
NAACOS pushes ACO REACH extension
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
IU Health says data compromised in cyberattack
IU Health says data compromised in cyberattack
Business Intelligence
Blue Shield of California appoints first female CEO
Blue Shield of California appoints first female CEO
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Medicare Advantage plans get proposed 4.3% pay hike
MA plans get proposed 4.3% pay hike
Patient Engagement
HHS, Illinois reach agreement on disability rights laws
HHS, Illinois reach agreement on disability rights
Pharmacy
CVS unveils new prescription drug reimbursement model
CVS unveils new drug reimbursement model
Population Health
Weight loss drugs can save patients and healthcare dollars
Weight loss drugs can save patients and healthcare dollars
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Trends 2025: Telehealth's future faces a Friday deadline
Trends 2025: Telehealth's future faces a Friday deadline
Mergers & Acquisitions
Transcarent to acquire Accolade for $621 million
Transcarent to acquire Accolade for $621M
View more
Jan 13 More on Analytics

IU Health says data compromised in cyberattack

Some limited information may have been compromised, including Social Security numbers, IU Health says.

Jeff Lagasse, Editor

Photo: Weiquan Lin/Getty Images

Indiana University Health Affiliated Covered Entity (IU Health) said last week that it detected unusual activity linked to a team member's email account, which resulted in some information being compromised, specifically a limited number of Social Security numbers.

The cyberattack was discovered on November 8, at which point UI Health began investigating the incident, taking steps to protect its systems and protect the user's accounts. 

As part of that effort, an external forensics firm was tapped to conduct an independent review to confirm the security of the account and to help determine what, if any, information may have been impacted.

According to the investigation, an unauthorized recipient had access to the team member's email account between August 27 and October 2, 2024, and may have obtained "certain information," said IU Health.

WHAT'S THE IMPACT?

The information involved varied per individual, but may have included address, age, medical record number, diagnosis and other limited treatment information.

The Social Security numbers of a limited number of people were exposed during the incident, the investigation found. Those whose Social Security numbers were impacted will be offered 12-months of credit monitoring, said IU Health.

The organization began notifying affected individuals on January 2, and is providing dedicated call center support to answer any questions.

"We are committed to protecting personal information, and IU Health continues to implement security measures to prevent these activities from occurring in the future," IU Health wrote.

THE LARGER TREND

A number of cyberattacks have affected healthcare organizations in recent years. The most notable cyberattack of 2024 was the one that targeted Change Healthcare, which. according to the HIPAA Journal, compromised the protected health information of at least 100 million people.

This represents a third of the population in the United States and makes the data breach the largest known breach at a HIPAA-regulated entity. The previous record was set by Anthem in 2015 in an attack affecting 78.8 million individuals, the report said.

Nonprofit health system Ascension was hit by a ransomware attack in May 2024. A report to federal regulators showed that about 5.6 million people were affected. 

A June 2024 KnowBe4 report showed the global healthcare sector experienced 1,613 cyberattacks per week in the first three quarters of 2023, nearly four times the global average, and a significant increase from the same period the previous year. This surge has contributed to a steep rise in cyberattack costs for healthcare organizations, with the average breach cost nearing $11 million – more than three times the global average – making healthcare the costliest sector for cyberattacks.

Ransomware attacks have dominated, accounting for over 70% of successful cyberattacks on healthcare organizations in the past two years.

Jeff Lagasse is editor of Healthcare Finance News.
Email: jlagasse@himss.org
Healthcare Finance News is a HIMSS Media publication.

News
Ending racism in healthcare often begins with medical education - and is the target of a new national project Ending racism in healthcare often begins with medical education - and is the target of a new national project Inequities can be found in every facet of the industry, but targeting medical students and residents can help stem the tide.