H-ISAC TLP White Finished Intelligence Report: HC3 Analyst Note: Malvertising in Healthcare September 26, 2024

Malvertising is a cyberattack method where legitimate advertising networks are infiltrated with malicious advertisements. The term malvertising is a combination of “malicious” and “advertising,” which refers to the use of online advertising to spread malware. It exploits the infrastructure of digital advertising to deliver malicious content to users, often without their knowledge or interaction. These ads can appear on reputable websites and are designed to automatically infect devices with malware upon viewing or interacting with the ad. This form of attack leverages the trust users have in well-known websites, and ultimately exploits the complexity of the online advertising ecosystem. This report provides an in-depth look at malvertising, its methods and impacts, and mitigation strategies to prevent its risks. To prevent serious damage to the Healthcare and Public Health (HPH) sector, HC3 encourages organizations to review the following report to increase awareness of these types of attacks and to employ available mitigations. To view the full report, please visit the attachments section. Release Date: Sep 27, 2024 (UTC

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272