HHS bulletin reviews latest cyberthreats to health care 

Jan 20, 2023 - 02:44 PM
cybersecurity-hand-lock-graphic_900x400

The latest quarterly bulletin from the Department of Health and Human Services’ Healthcare Cybersecurity Coordination Center reviews cyberthreats to the health care sector in fourth-quarter 2022.

“Ransomware attacks, data breaches, and often both together, continued to be prevalent attacks against the health sector,” the bulletin notes. “Ransomware operators continued to evolve their techniques and weapons for increasing extortion pressure and maximizing their payday. Vulnerabilities in software and hardware platforms, some ubiquitous and some specific to healthcare, continued to keep the attack surface of healthcare organizations wide open. Managed service provider compromise continued to be a significant threat to the health sector, as did supply chain compromise.”

John Riggi, AHA’s national advisor for cybersecurity and risk, said, “As indicated in this summary bulletin, ransomware attacks against health care continue to be a top cyberthreat we face. Unfortunately, as we warned in December, ransomware attacks against hospitals did not subside over the holidays. Ransomware attacks now routinely combine data encryption, theft and extortion along with encryption that disables critical care technology — disrupting health care delivery. Our cyber adversaries have also mapped our mission-critical service and technology providers and are actively targeting them with debilitating ransomware attacks, which may have the cascading effect of disrupting health care delivery. It is recommended that third-party risk management programs be evaluated to determine if risk assessments have been performed for all mission-critical service and technology providers, and that commensurate downtime procedures are in place should those mission-critical services go down due to a cyberattack.”

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyberthreat information and resources, visit aha.org/cybersecurity

Related News Articles

Headline
Webinar to explore AI use in cybersecurity, health care technology 
John Riggi, AHA national advisor for cybersecurity and risk, will moderate a webinar May 5 at 1 p.m. ET that will explore how bad actors are leveraging…
Headline
AHA, Joint Commission announce cybersecurity readiness effort 
The AHA and Joint Commission May 4 announced the launch of the Cyber Resilience Readiness program, an initiative to help hospitals and health systems assess…
Headline
Agencies issue guidance on adopting agentic AI systems
The Cybersecurity and Infrastructure Security Agency, National Security Agency and international partners have released guidance on adopting agentic artificial…
Headline
Advisory details shifting tactics of Chinese cyber actors using covert networks for malicious activity
A joint advisory released April 23 from U.S. and international cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency, FBI,…
Headline
FBI Co-deputy Director Andrew Bailey discusses current cyber and physical threats, rise of AI
FBI Co-deputy Director Andrew Bailey discussed a rise in cyber and physical threats impacting health care. He discussed health care as the top critical…
Headline
FBI: Health care was top target for ransomware, other cyberthreats in 2025 
Health care and public health was the top sector targeted for cyberthreats in 2025, according to the FBI’s latest annual report on internet crimes. There were…