The Cybersecurity & Infrastructure Security Agency and FBI Jan. 31 urged small office and home office router manufacturers to eliminate exploitable defects in their products and integrate security into their product design and development, citing recent reports that threat actors known as “Volt Typhoon” and associated with the People’s Republic of China are exploiting defects in these products to compromise networks across U.S. critical infrastructure.

“This alert highlights two critical and strategic cyber risk issues we are facing as a health care sector and as a nation,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “First, the ongoing strategic and aggressive cyber threat posed by the Chinese government to infiltrate our critical infrastructure and pre-position potentially destructive malware such as Volt Typhoon. Second, we must rely on technology developers, including router manufacturers, to implement government-specified ‘secure by design’ protocols to ensure that the highest level security testing and features are included in their products at the design phase. Vulnerabilities in third-party technology continue to be a primary attack vector for cyber adversaries targeting health care and all of U.S. critical infrastructure. The primary responsibility for securing third-party technology must shift from the end user to the technology developers so they are secure by design.” 

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
Two Administration officials April 14 discussed how the federal government is working with hospitals and other parts of the health care sector to defend…
Headline
Sen. Ron Wyden, D-Ore., expressed to AHA members frustration with the Change Healthcare cyberattack, which he believes jeopardized patients and their personal…
Headline
The Change Healthcare cyberattack was a significant event that caught many off guard, said the Centers for Medicare & Medicaid Services Administrator…
Headline
“Even before the recent Change Healthcare cyberattack that has left some hospitals fronting millions of dollars in extra costs, a perfect storm of complex…
Headline
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) April 5 released an advisory on the top 10 ransomware groups…
Headline
The AHA has been made aware of a validated IT help desk social engineering scheme that uses the stolen identity of revenue cycle employees or employees in…