Organizations urged to protect networks, strengthen supply chains

Apr 05, 2021 - 02:26 PM
Cybersecurity Lock on Gold Wall

The FBI and Cybersecurity and Infrastructure Security Agency Friday advised organizations to protect their computer networks from known vulnerabilities in FortiOS, the operating system for the Fortinet network security system. The agencies in March observed cyber actors scanning for these vulnerabilities, likely to gain access to networks to launch future distributed denial-of-service attacks, ransomware attacks, structured query language injection attacks, spearphishing campaigns, website defacements and disinformation campaigns. The advisory includes mitigation actions for organizations whether they use the operating system or not. 

Also last week, the National Counterintelligence and Security Center launched its fourth annual National Supply Chain Integrity Month with a call for organizations to strengthen their supply chains against foreign adversaries and other potential risks. For more on the initiative and best practices, visit the AHA website

“The targeting of the Fortinet vulnerabilities, which may be indicative of nation-state malicious activity, provides another example of a third-party service provider potentially exposing their clients to cyber risk through vulnerabilities in their services,” said John Riggi, AHA senior advisor for cybersecurity and risk. “Fortunately, the NCSC last week released resources to help organizations mitigate third-party and supply chain risk. It is imperative for hospitals and health systems to have a robust vendor risk management program that risk-prioritizes business associates and includes software supply chain vendors.”

For more on these or other cybersecurity and risk issues, contact Riggi at jriggi@aha.org
 

Related News Articles

Headline
Automatic tank gauge systems targeted by cyber actors, agencies warn
The Cybersecurity and Infrastructure Security Agency and other federal agencies released a fact sheet June 2 on malicious cyber activity targeting U.S.-based…
Headline
Alert warns of cyber campaign by Chinese military intelligence to obtain classified or privileged information
The FBI and international agencies have released an alert on Chinese military intelligence services using professional networking sites and online job…
Headline
White House issues executive order on cybersecurity for AI
The White House issued an executive order June 2 on cybersecurity efforts regarding artificial intelligence. The order instructs federal…
Headline
Guide issued for healthcare organizations on cyber governance frameworks for secure AI implementation 
The Health Sector Coordinating Council’s Cybersecurity Working Group has released a guide to help healthcare organizations establish cyber governance…
Headline
FBI issues alert on cyber actors impersonating IT personnel 
The FBI has released an alert on a cyber threat group called the Silent Ransom Group, which has targeted healthcare and other industries in recent years using…
Headline
CISA issues revised virtual town hall schedule for input on proposed cyber incident reporting
The Cybersecurity and Infrastructure Security Agency May 26 announced a revised schedule for its series of virtual town hall meetings for public input on…