The Cybersecurity and Infrastructure Security Agency and Department of Energy this week recommended organizations take steps to prevent cyber actors from accessing Uninterruptible Power Supply devices through the internet. The agencies said they are aware of threat actors gaining access to a variety of internet-connected UPS devices, often through unchanged default usernames and passwords. 

The FBI also alerted the private sector this week to ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety and financial losses. 

John Riggi, AHA’s national advisor for cybersecurity and risk, said, “It is noted that one of the most effective methods to mitigate the cyber risk to UPS devices and systems is quite simple — disconnect them from the internet. This alert should also be shared with all facilities’ engineers and those involved in the planning, design and construction phases of hospitals. In regard to the FBI alert, attacks on local government agencies have also resulted in disruptions to public health services.  This alert also contains a comprehensive list of strategic and technical ransomware risk mitigation steps, which are applicable to hospitals and health systems.”

Related News Articles

Headline
The federal government shut down Oct. 1 following a failed Senate vote on the House-passed continuing resolution to fund the government by midnight Sept. 30.…
Headline
Microsoft Sept. 16 announced it had disrupted a growing phishing service that had targeted at least 20 U.S. health care organizations. The company said it used…
Headline
The FBI Sept. 12 released an alert warning of malicious activities by cybercriminal groups UNC6040 and UNC6395, which the agency said are responsible for an…
Headline
The Cybersecurity and Infrastructure Security Agency, National Security Agency and international agencies Sept. 3 released joint guidance outlining a “software…
Headline
Chinese state-sponsored cyber actors are maliciously targeting networks globally, including telecommunications, government and others, according to a joint…
Headline
The FBI Aug. 20 released an advisory warning of malicious activity by Russian cyber actors targeting end-of-life devices running an unpatched vulnerability in…