Cybersecurity News

The Cybersecurity and Infrastructure Security Agency Oct. 15 released an emergency directive advising federal agencies to take stock of their F5 BIG-IP application products, as a nation-state-affiliated cyberthreat actor has compromised F5’s systems and has stolen files, including a portion of the company’s BIG-IP source code and vulnerability information.

Over 33 million Americans have had their health care records stolen in 2025, continuing an alarming trend of massive cyberattacks largely targeting third-party vendors and unencrypted data.

This week, the FBI issued an urgent warning to all users — including hospitals — of a critical security soft spot within Oracle’s E-Business Suite, stating “This is ‘stop-what-you’re-doing and patch immediately vulnerability.’”

The Health Sector Coordinating Council Oct. 7 released its Sector Mapping and Risk Toolkit, created to help health care providers and other organizations visualize key services that support essential health care workflows and determine which of them present critical risk of cyberattack disruption capable of impacting care delivery, operations and liquidity.

The AHA’s cybersecurity and risk experts provide insight into 2025’s health care cybersecurity challenges to help hospitals prepare for the next big cyberattack.

The AHA Oct. 6 released a Cybersecurity Advisory (https://www.aha.org/advisory/2025-10-06-hospitals-are-oracle-customers-urged-take-immediate-action-address-security-vulnerability) urging immediate action against a critical Oracle E-Business Suite vulnerability that is remotely exploitable without authentication.

The AHA has launched an enhanced Cybersecurity and Risk webpage designed to help health care organizations strengthen their defenses against emerging cyber and physical security threats.

A Health-ISAC (Information Sharing and Analysis Center) bulletin released Oct. 1 warns of a recently released LockBit 5.0 ransomware variant that poses a threat to health care and other sectors.

Fernando Martinez, Ph.D., chief digital officer at the Texas Hospital Association, shares how Texas and the THA are building regional resilience through cyber command structures, statewide coordination and tabletop exercises.

The federal government shut down Oct. 1 following a failed Senate vote on the House-passed continuing resolution to fund the government by midnight Sept. 30.

Microsoft Sept. 16 announced it had disrupted a growing phishing service that had targeted at least 20 U.S. health care organizations and seized 338 websites associated with cyber threat group RaccoonO365.

The FBI Sept. 12 released an alert warning of malicious activities by cybercriminal groups UNC6040 and UNC6395, which the agency said are responsible for an increasing number of data theft and extortion intrusions.

The Cybersecurity and Infrastructure Security Agency, National Security Agency and international agencies Sept. 3 released joint guidance outlining a “software bill of materials” for organizations to strengthen cybersecurity, reduce risk and decrease costs.

Chinese state-sponsored cyber actors are maliciously targeting networks globally, including telecommunications, government and others, according to a joint advisory released Aug. 27 by the National Security Agency, Cybersecurity and Infrastructure Security Agency, FBI, Department of Defense Cyber Crime Center and international agencies.

The FBI Aug. 20 released an advisory warning of malicious activity by Russian cyber actors targeting end-of-life devices running an unpatched vulnerability in Cisco Smart Install software.

The Cybersecurity and Infrastructure Security Agency, Environmental Protection Agency, National Security Agency, FBI and international agencies Aug. 13 released guidance for operational technology owners and operators to create and manage an OT asset inventory.

The Department of Justice Aug. 11 announced a series of actions taken against the BlackSuit ransomware group, also known as “Royal,” including the disruption of four servers and nine domains July 24.

The FBI, Cybersecurity and Infrastructure Security Agency and international agencies July 29 released a joint advisory on recent tactics by the Scattered Spider cybercriminal group. Scattered Spider threat actors typically engage in data theft for extortion and also use ransomware variants once in a system to steal information, along with other tactics. 

Microsoft July 22 released an update on the ongoing cyberattacks to SharePoint servers used within organizations, attributing the incidents to China-based threat actors.

The FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services and Multi-State Information Sharing and Analysis Center July 23 released a joint advisory detailing malicious activity from Interlock ransomware.