Cybersecurity News

The National Institute of Standards and Technology released a definition of critical software, which the Cybersecurity & Infrastructure Security Agency will use to develop a list of critical software products, as directed by President Biden in a May executive order on improving U.S. cybersecurity.

In a recent Fox Business Network interview, John Riggi, AHA’s senior advisor for cybersecurity and risk offered solutions to help prevent cyberattacks against hospitals and health systems, including investment in new technology and educating the workforce.

The Healthcare and Public Health Sector Coordinating Council, whose members include the AHA, urged President Biden to include support for health care cybersecurity in a future phase of his infrastructure plan.

The White House today released a memo urging business executives to immediately convene their leadership teams to discuss ransomware threats and review corporate security posture and business continuity plans.

The FBI and Cybersecurity and Infrastructure Security Agency May 28 issued a joint cyber advisory in response to a sophisticated spearphishing campaign targeting government organizations, intergovernmental organizations and non-governmental organizations.

The Microsoft Threat Intelligence Center has uncovered a wide-scale malicious email campaign by a group it associates with the 2020 compromise of the SolarWinds Orion platform, the center announced in a blog post.

The threat to public health from the pandemic is thankfully subsiding. Unfortunately, a very different threat is on the rise: Cyber criminals have been ramping up their attacks on the health care sector, jeopardizing systems and putting lives at risk.

Cyber actors continue to exploit vulnerabilities in the operating system for the Fortinet network security system, the FBI warned today, noting that a group “almost certainly” exploited a Fortigate appliance this month to access a webserver hosting the domain for a U.S. municipal government. The agency said actors are actively targeting a broad range of victims across multiple sectors. The alert recommends actions to help organizations guard against the threat. 

The FBI issued an alert on “Conti,” a ransomware variant identified in at least 16 attacks targeting U.S. health care and first responder networks in the past year. 

President Biden directed federal agencies to take certain actions to remove barriers to sharing cyber threat information with the private sector, enhance security in the software supply chain and better detect cyber incidents on federal networks.

The FBI released an alert on the ransomware variant Darkside, which this month infected a critical infrastructure company in the United States. The ransomware-as-a-service variant has affected various sectors since October 2020, including health care.

Are you aware that cyber adversaries target the health care sector the most of all critical infrastructure sectors? Hospitals and health systems in particular have frequently been the target of high-impact ransomware attacks, which disrupt patient care and risk patient safety. 

During the pandemic, there has been a dramatic increase in cyberattacks targeting hospitals and health systems, including disruptive ransomware attacks that have interrupted patient care and risked patient safety.

The FBI and Department of Homeland Security released recommendations to help organizations secure their networks from ongoing cyber threats from the Russian Foreign Intelligence Service, which recently exploited software updates to the widely used SolarWinds information technology performance-monitoring platform.

The Russian Foreign Intelligence Service (SVR) continues to exploit five publicly known cyber vulnerabilities, the National Security Agency, Cybersecurity and Infrastructure Security Agency and FBI said in a joint advisory. 

As health care organizations increasingly use telehealth during the COVID-19 pandemic and beyond, the Healthcare and Public Health Sector Coordinating Council (HSCC) released a report to help health care leaders assess and mitigate associated cybersecurity risks. 

The FBI removed malicious code from vulnerable Microsoft Exchange Servers running on-premises versions of MES software for enterprise-level e-mail service, the agency announced in a notice to private industry.

AHA and the Health Information Sharing and Analysis Center (Health-ISAC), a non-profit member organization for sharing cyber threat intelligence and best practices, released a joint white paper to help senior health care leaders understand and respond to certain cyber risks to their enterprise networks.

The FBI and Cybersecurity and Infrastructure Security Agency advised organizations to protect their computer networks from known vulnerabilities in FortiOS, the operating system for the Fortinet network security system.

The FBI released an alert on Mamba ransomware, which uses an open source encryptions software to encrypt and restrict access to a victim’s entire drive, including the operating system.