Cybersecurity authorities in the United Kingdom, Australia, Canada, New Zealand and the United States today urged companies that deliver, operate or manage information and communications technology services and their customers to implement certain best practices to secure sensitive data, citing a recent increase in malicious cyber activity targeting these Managed Service Providers to gain access to customers’ networks. 

John Riggi, AHA’s national advisor for cybersecurity and risk, said, “Sophisticated cyber actors continue to target strategic nodes within health care and other sectors to gain broad access to individual organizations. Think of this as the ‘hub and spoke’ targeting strategy. If they gain access to the ‘hub’ (MSP) they gain access to all the ‘spokes’ (customers). This is a highly effective strategy, which has been used in the past by state-sponsored actors related to the governments of China and Russia. The Chinese government has been historically focused on using this methodology for cyber espionage campaigns. The Russian government and their military intelligence services have used this methodology in the past to gain access to networks for espionage and to pre-position for potential future disruptive or destructive malware attacks. This threat also highlights the need for robust third-party risk management programs, which fully identify and evaluate the increased cyber risk organizations may incur by outsourcing of services and technology.”

Related News Articles

Headline
In part two of a recent blog, AHA National Advisor for Cybersecurity and Risk John Riggi and AHA Deputy National Advisor for Cybersecurity and Risk Scott Gee…
AHA Cyber Intel
In part one of this blog, we reviewed the number of cyberattacks the health care field endured this year compared to last; provided an overview of the lessons…
Headline
The Cybersecurity and Infrastructure Security Agency Oct. 15 released an emergency directive advising federal agencies to take stock of their F5 BIG-IP…
Headline
In part one of a new blog, John Riggi, AHA national advisor for cybersecurity and risk, and Scott Gee, AHA deputy national advisor for cybersecurity and risk,…
Perspective
Public
This week, the FBI issued an urgent warning to all users — including hospitals — of a critical security soft spot within Oracle’s E-Business Suite, stating “…
Headline
The Health Sector Coordinating Council Oct. 7 released its Sector Mapping and Risk Toolkit, created to help health care providers and other organizations…