Organizations urged to protect networks, strengthen supply chains

Apr 05, 2021 - 02:26 PM
Cybersecurity Lock on Gold Wall

The FBI and Cybersecurity and Infrastructure Security Agency Friday advised organizations to protect their computer networks from known vulnerabilities in FortiOS, the operating system for the Fortinet network security system. The agencies in March observed cyber actors scanning for these vulnerabilities, likely to gain access to networks to launch future distributed denial-of-service attacks, ransomware attacks, structured query language injection attacks, spearphishing campaigns, website defacements and disinformation campaigns. The advisory includes mitigation actions for organizations whether they use the operating system or not. 

Also last week, the National Counterintelligence and Security Center launched its fourth annual National Supply Chain Integrity Month with a call for organizations to strengthen their supply chains against foreign adversaries and other potential risks. For more on the initiative and best practices, visit the AHA website

“The targeting of the Fortinet vulnerabilities, which may be indicative of nation-state malicious activity, provides another example of a third-party service provider potentially exposing their clients to cyber risk through vulnerabilities in their services,” said John Riggi, AHA senior advisor for cybersecurity and risk. “Fortunately, the NCSC last week released resources to help organizations mitigate third-party and supply chain risk. It is imperative for hospitals and health systems to have a robust vendor risk management program that risk-prioritizes business associates and includes software supply chain vendors.”

For more on these or other cybersecurity and risk issues, contact Riggi at jriggi@aha.org
 

Related News Articles

Headline
Agencies issue guidance on secure connectivity for operational technology
U.S. and international agencies Jan. 14 released guidance on secure connectivity for operational technology environments. Examples of OT environments in health…
Headline
AHA expresses support for bill improving cybersecurity workforce in rural hospitals
The AHA Jan. 14 expressed support for the Rural Hospital Cybersecurity Enhancement Act (S. 2169), legislation that would direct the Department of Health and…
Headline
FBI warns of attacks by North Korean cyber threat group using malicious QR codes
The FBI Jan. 8 released an alert on evolving threat tactics by Kimsuky, a North Korean state-sponsored cyber threat group. As of last year, the group…
Headline
CISA issues update on voluntary cybersecurity performance goals 
The Cybersecurity and Infrastructure Security Agency Dec. 11 released an update to its voluntary Cybersecurity Performance Goals, which includes measurable…
Headline
Agencies warn of state-sponsored cyberattacks from Russia, China
U.S. and international agencies are warning of potential cyberattacks on health care and other critical infrastructure from state-sponsored cyber actors in…
Headline
CISA alerts of critical vulnerability impacting free program used for building user interfaces 
A critical, unauthenticated remote code execution vulnerability known as React2Shell has been added to the Cybersecurity and Infrastructure Security Agency’s…