HHS bulletin reviews latest cyberthreats to health care 

Jan 20, 2023 - 02:44 PM
cybersecurity-hand-lock-graphic_900x400

The latest quarterly bulletin from the Department of Health and Human Services’ Healthcare Cybersecurity Coordination Center reviews cyberthreats to the health care sector in fourth-quarter 2022.

“Ransomware attacks, data breaches, and often both together, continued to be prevalent attacks against the health sector,” the bulletin notes. “Ransomware operators continued to evolve their techniques and weapons for increasing extortion pressure and maximizing their payday. Vulnerabilities in software and hardware platforms, some ubiquitous and some specific to healthcare, continued to keep the attack surface of healthcare organizations wide open. Managed service provider compromise continued to be a significant threat to the health sector, as did supply chain compromise.”

John Riggi, AHA’s national advisor for cybersecurity and risk, said, “As indicated in this summary bulletin, ransomware attacks against health care continue to be a top cyberthreat we face. Unfortunately, as we warned in December, ransomware attacks against hospitals did not subside over the holidays. Ransomware attacks now routinely combine data encryption, theft and extortion along with encryption that disables critical care technology — disrupting health care delivery. Our cyber adversaries have also mapped our mission-critical service and technology providers and are actively targeting them with debilitating ransomware attacks, which may have the cascading effect of disrupting health care delivery. It is recommended that third-party risk management programs be evaluated to determine if risk assessments have been performed for all mission-critical service and technology providers, and that commensurate downtime procedures are in place should those mission-critical services go down due to a cyberattack.”

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyberthreat information and resources, visit aha.org/cybersecurity

Related News Articles

Headline
CISA warns of vulnerability in F5 BIG-IP products
The Cybersecurity and Infrastructure Security Agency Oct. 15 released an emergency directive advising federal agencies to take stock of their F5 BIG-IP…
Headline
AHA blog: 2025 Cybersecurity Year in Review, Part One — Breaches and Defensive Measures
In part one of a new blog, John Riggi, AHA national advisor for cybersecurity and risk, and Scott Gee, AHA deputy national advisor for cybersecurity and risk,…
Perspective
Protecting Patients and Hospitals from Cyberattacks
Public
This week, the FBI issued an urgent warning to all users — including hospitals — of a critical security soft spot within Oracle’s E-Business Suite, stating “…
Headline
HSCC launches toolkit to strengthen essential health care services and prevent cyberattacks
The Health Sector Coordinating Council Oct. 7 released its Sector Mapping and Risk Toolkit, created to help health care providers and other organizations…
AHA Cyber Intel
2025 Cybersecurity Year in Review, Part One: Breaches and Defensive Measures
As of Oct. 3, 2025, 364 hacking incidents had been reported to the U.S. Department of Health and Human Services Office for Civil Rights, affecting over 33…
Headline
Urgent action recommended on critical Oracle vulnerability
The AHA Oct. 6 released a Cybersecurity Advisory urging immediate action against a critical Oracle E-Business Suite vulnerability that is remotely exploitable…