New guidance released yesterday by the Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI informs health care and other critical infrastructure industries on how to fortify their network devices against malicious cyber actors. The guidance was released in response to China-affiliated hackers who recently compromised networks of organizations globally as part of a broad cyber espionage campaign, CISA said. The agency said the threat actors have not been using any novel methods in their attacks and that patching vulnerable devices and services would reduce chances of intrusion. 

 
“The AHA has previously flagged alerts from the government on the threat posed by Chinese threat actors, specifically ‘Volt Typhoon,’” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “This guidance is meant for those defending telecommunication networks, but it does mention the basic cybersecurity things that all organizations need to do to defend themselves. These include patch management and securing your environments. The field is reminded that these best practices are the basis for the voluntary Cybersecurity Performance Goals. For hospitals, the biggest takeaway from this guidance is the understanding of potential threats to the telecommunications sector and the need to have plans in place to maintain business and clinical continuity, for at least 30 days, if faced with an extended loss of communication and internet technology.” 
 

For more information on this or other cyber and risk issues, contact Gee at sgee@aha.org. For the latest threat information and other cyber and risk resources, visit aha.org/cybersecurity.

Related News Articles

Headline
A guide published Jan. 13 by the Cybersecurity and Infrastructure Security Agency, National Security Agency, FBI, Environmental Protection Agency,…
Headline
In the last of this four-part conversation, four leaders from Scripps Health — Chris Van Gorder, president and CEO, Todd Walbridge, senior director of…
Headline
The Department of Health and Human Services Health Sector Cybersecurity Coordination Center Jan. 8 released guidance on cybersecurity for telehealth…
Headline
In the third of this four-part conversation, three experts from Scripps Health talk through the day their organization experienced a cyberattack, the…
Headline
The FBI Dec. 16 released an alert warning of malicious activity by cyber actors using Hiatus Remote Access Trojan malware to attack Chinese-branded web cameras…
Headline
The Cybersecurity and Infrastructure Security Agency is seeking comments on its draft National Cyber Incident Response Plan Update. The plan describes how the…