Cybersecurity vulnerabilities and intrusions pose risks for every hospital, and its reputation.
While there are significant benefits for care delivery and organizational efficiency from the expanded use of networked technology, Internet-enabled medical devices and electronic databases for clinical, financial and administrative operations, networked technology and greater connectivity also increase exposure to possible cybersecurity threats that require hospitals to evaluate and manage new risks in the context of federal privacy rules and related polices.
New Sophisticated Email-based Attack from NOBELIUM
CISA encourages users and administrators to review MSTIC’s blog post "New sophisticated email-based attack from NOBELIUM" and apply the necessary mitigations.
Hospitals can prepare and manage such risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital’s existing governance, risk management and business continuity framework.
Hospitals also will want to ensure that the approach they adopted remains flexible and resilient to address threats that are likely to be constantly evolving and multi-pronged.
Additional Key Cybersecurity Resources
- COVID-19: Physicians Home and Office Cybersecurity Guide
- DHS Protecting Critical Networks from COVID-19 Cyberthreats
- A Conversation with the DHS About COVID-19 Cyberthreats [Part 2]
- A Conversation with the FBI on Mitigating COVID-19 Cyber Threats
- Cybersecurity and Risk Advisory Services
- What’s Your Cyber Risk Profile?
- HC3 Sector Notice TLP White: Exploitation of SolarWinds Software Affecting HPH Sector
- HC3 Sector Alert TLP White: Active Exploitation of SolarWinds Software Potentially Affecting HPH Sector
- Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials
- Hospital Robocall Protection Group Adopts Best Practices Report on Preventing Unlawful Calls
- Hospital Robocall Protection Group (HRPG) Report December 14, 2020
- Hospital Robocall Protection Group Virtual Meeting Agenda, December 14, 2020
- Joint Cybersecurity Advisory TLP White: North Korean Advanced Persistent Threat Focus: Kimsuky, October 27, 2020
- HC3 Threat Brief TLP White: COVID-19 Cyber Threats (Update), (August 13, 2020)
- FBI Cybersecurity Advisory TLP White: Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware, August 2020
- Current Malware Threats Targeting the Healthcare And Public Health (HPH) Sector, June 16, 2020
- FBI & CISA PSA: People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations, May 13, 2020
- Joint Activity Alert: Top 10 Routinely Exploited Vulnerabilities, May 13, 2020
- CISA Insights COVID-19 Disinformation Activity, May 8, 2020
- HC3 Cyber Alert TLP White: Quantitative Risk Management for Healthcare Cybersecurity, May 7, 2020
- CISA: Guidance for Securing Video Conferencing, May 1, 2020
- CISA: Telework Guidance and Resources, May 1, 2020
- Health Industry Cybersecurity Information Sharing Best Practices - March 2020
- Draft: Data Integrity Identifying and Protecting Assets Against Ransomware and Other Destructive Events - January 2020
- The 405(d) Post Vol 3 - January, 2020
- The 405(d) Post Vol 2- November, 2019
- Members-Only: Theft of Intellectual Property: Threats to Medical Research and Innovation
- Members-Only Cybersecurity Alerts and Resources