Cybersecurity News

The FBI and Department of Homeland Security released recommendations to help organizations secure their networks from ongoing cyber threats from the Russian Foreign Intelligence Service, which recently exploited software updates to the widely used SolarWinds information technology performance-monitoring platform.

The Russian Foreign Intelligence Service (SVR) continues to exploit five publicly known cyber vulnerabilities, the National Security Agency, Cybersecurity and Infrastructure Security Agency and FBI said in a joint advisory. 

As health care organizations increasingly use telehealth during the COVID-19 pandemic and beyond, the Healthcare and Public Health Sector Coordinating Council (HSCC) released a report to help health care leaders assess and mitigate associated cybersecurity risks. 

The FBI removed malicious code from vulnerable Microsoft Exchange Servers running on-premises versions of MES software for enterprise-level e-mail service, the agency announced in a notice to private industry.

AHA and the Health Information Sharing and Analysis Center (Health-ISAC), a non-profit member organization for sharing cyber threat intelligence and best practices, released a joint white paper to help senior health care leaders understand and respond to certain cyber risks to their enterprise networks.

The FBI and Cybersecurity and Infrastructure Security Agency advised organizations to protect their computer networks from known vulnerabilities in FortiOS, the operating system for the Fortinet network security system.

The FBI released an alert on Mamba ransomware, which uses an open source encryptions software to encrypt and restrict access to a victim’s entire drive, including the operating system.

Cyber criminals and nation-state actors believed to be affiliated with the Chinese government continue to exploit recently announced vulnerabilities in Microsoft Exchange on-premises products, posing a serious risk to federal agencies and private organizations, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency said in a joint advisory.

The Department of Health and Human Services’ Office of the Assistant Secretary for Preparedness and Response urged the health care and public health sector to patch on-premises Microsoft Exchange Server vulnerabilities announced last week, noting that additional criminal and state actors have been observed trying to compromise the critical infrastructure by exploiting these vulnerabilities.

Cyber attackers are using Microsoft Exchange Server vulnerabilities to access Exchange server email accounts on an organization’s premises and install malware to facilitate long-term access to victim environments, the Microsoft Threat Intelligence Center announced.

The Center for Internet Security began offering its Malicious Domain Blocking and Reporting ransomware protection service free to private hospitals.

The FBI has issued recommendations to help prevent and respond to Telephony Denial of Service (TDoS) attacks, which can make 911 call centers unavailable to users and undermine public trust in emergency services.

As we forge ahead in 2021 facing a lot of uncertainty, there’s one thing we recognize: The COVID-19 pandemic will have a lasting effect on the health and well-being of our nation.

The Department of Health and Human Services Office of the Assistant Secretary for Preparedness and Response released a comprehensive and valuable resource to help hospitals and health systems effectively care for patients and maintain business practices and readiness should a cybersecurity incident affect the health care operational environment.

The Health Information Sharing and Analysis Center and AHA will host a Feb. 10 panel discussion on best practices to combat unlawful robocalls to hospitals.

President Trump signed into law a bill (H.R. 7898) containing provisions that require the Secretary of Health and Human Services to consider certain recognized cybersecurity best practices when making determinations against HIPAA-covered entities and business associates victimized by a cyberattack.

In an alert this week, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) reminded health care providers and researchers to patch any vulnerabilities in their Picture Archiving Communication Systems that could expose patient records to unauthorized access.

A Federal Communications Commission advisory panel this week recommended best practices for voice service providers, hospitals, and federal and state governments to prevent unlawful robocalls from disrupting communications in hospitals.

The Cybersecurity and Infrastructure Security Agency and Health Sector Cybersecurity Coordination Center are alerting organizations to a global cyberattack using a hidden back door or “trojanized” legitimate updates to the SolarWinds Orion performance monitoring platform to access public and private networks.

A highly sophisticated threat actor has stolen tools used by cybersecurity company FireEye to evaluate the security posture of enterprise systems, which unauthorized third-party users could abuse to take control of targeted systems, the Cybersecurity and Infrastructure Security Agency announced.