Cybersecurity News

Latest

CISA seeks comments on updated National Cyber Incident Response Plan 
The Cybersecurity and Infrastructure Security Agency is seeking comments on its draft National Cyber Incident Response Plan Update. The plan describes how the federal government, private sector, and state, local, tribal and territorial government entities will coordinate to manage, respond to and mitigate the consequences of high-profile cyberattacks.
Agencies release guidance on hardening network devices in response to cyber espionage campaign by hackers linked to Chinese government
New guidance released yesterday
Advisory warns of activity by BianLian ransomware group 
A joint advisory released Nov. 20 by the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and international partners warns of cybercriminal activity by the BianLian ransomware group.
DOJ: Russian national charged with cybercrimes for ransomware attacks on hospitals, other entities 
The Department of Justice Nov. 18 announced criminal charges against Evgenii Ptitsyn, a Russian national, for allegedly administering the sale, distribution and operation of Phobos ransomware.
UN Security Council meeting discusses impact of ransomware attacks on hospitals 
A United Nations Security Council meeting the week of Nov. 4 discussed ransomware and the severe impacts that cyberattacks can have on hospitals and health systems.
AHA's Pollack breaks down role of hospitals in the future of health care on Pinkston podcast 
AHA President and CEO Rick Pollack was recently a guest on Pinkston's "To the Point" podcast to discuss the future of U.S. health care, touching on a range of topics including unique challenges facing urban and rural hospitals, artificial intelligence and cybersecurity, and more.
Agencies provide cyberthreat updates and resources leading up to election 
The Cybersecurity and Infrastructure Security Agency, FBI and other federal agencies have created a webpage with the latest cyberthreat updates and information ahead of next week's general election.
CISA warns of foreign actor conducting large-scale spear-phishing campaign with malicious files 
The Cybersecurity and Infrastructure Security Agency Oct. 31 issued an alert on a large-scale spear-phishing campaign targeting organizations in several sectors.
HC3 issues alert on vulnerabilities in certain Oracle products; Microsoft warns of Russian spear-phishing campaign 
The Health Sector Cybersecurity Coordination Center on Oct. 28 released a report on the "Miracle Exploit," a set of critical vulnerabilities affecting Oracle applications.
AHA blog: A Look at 2024’s Health Care Cybersecurity Challenges 
A new AHA Cyber Intel blog by John Riggi, AHA’s national advisor on cybersecurity and risk, examines current trends and challenges in health care regarding ransomware and other cybersecurity attacks as incidents targeting hospitals, third-party providers and suppliers increase.
Chair File: Preventing and Mitigating Cyberattacks to Protect Patients
by Joanne M. Conroy, M.D., Chair, American Hospital Association
Cyberattacks are increasing and expected to reach record numbers in the U.S. by the end of 2024.
Advisory warns of Iranian cyber actors compromising health care, other infrastructure 
A joint advisory issued Oct. 16 by the FBI, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and international agencies warn of a threat of Iranian cyber actors using brute force and other techniques to compromise organizations in health care and other critical infrastructure sectors.
FBI, other agencies issue joint cybersecurity advisory on Russian cyber actors targeting U.S., global organizations
The FBI, along with the National Security Agency, Cyber National Mission Force and United Kingdom’s National Cyber Security Centre, today released a joint agency advisory on cyber operations by the Russian Federation’s Foreign Intelligence Service (SVR), also known as APT29, Midnight Blizzard, Cozy Bear, and the Dukes, targeting U.S. and global entities.
DOJ announces new strategy to combat cybercrime 
The Department of Justice last week announced a new strategic approach to combating cybercrime which involves "using all tools” to disrupt cybercriminals and hold them accountable, as well as promoting cybersecurity through public education efforts.
A Look at 2024’s Health Care Cybersecurity Challenges
by John Riggi, National Advisor for Cybersecurity and Risk, AHA
John Riggi, AHA’s national advisor for cybersecurity and risk, provides insight into 2024’s health care cybersecurity challenges to help hospitals prepare for the next big cyberattack.
Strengthening Cybersecurity to Protect Patients and Access to Care
by Rick Pollack, President and CEO, AHA
The never-ending barrage of ransomware and cyberattacks against the health care sector has only strengthened the resolve of hospitals and health systems to reinforce their defenses and protect safe access to care for patients and communities.
Agencies issue advisory on China-linked cyber actors using botnet for attacks on U.S. networks 
The FBI, National Security Agency and Cyber National Mission Force last week issued a joint advisory about recent actions of China-linked cyber actors compromising thousands of small or home office routers, firewalls, network-attached storage and other internet devices to create a botnet for malicious activity.
Veeam Software issues patches for exploitable security flaws
The Health Information Sharing and Analysis Center last week announced that Veeam, a software company that provides data protection, backup and disaster recovery solutions, issued a
CISA releases guidance on best practices for event logging and cyberthreat detection 
The Cybersecurity and Infrastructure Security Agency Aug. 21 published guidance providing best practices for event logging to mitigate cyberthreats.
New AHA resources for managing public health emergencies
The AHA has released five new tip sheets designed to fortify crisis leadership competencies during emergency events such as cyberattacks, natural disasters and mass violence incidents.