Public
American Hospital Association content that is available to the public and all website users.
In August 2023, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches.
Summary:
On September 18, 2023, the Health Sector Cybersecurity Coordination Center (HC3) released a sector alert regarding the Lazarus group exploiting a ManageEngine vulnerability.
AHA comments on provisions included in the Bipartisan Primary Care and Health Workforce Expansion Act.
Since 2020 the health care workforce has faced a sharp increase in workplace violence.
A recent uptick in threat actors delivering phishing emails laced with malicious QR codes has beenobserved. Quishing, also known as QR code phishing, involves sending a seemingly time sensitive emailcontaining lures to trick the recipient into taking action and scanning an innocuous QR code.
AHA shares the hospital field’s experience with implementation of the No Surprises Act (NSA) before the House Committee on Ways and Means.
Cisco Talos has published an open-source report regarding the North Korean state-sponsored actor, the Lazarus Group, reported to be targeting internet backbone infrastructure and healthcare entities in Europe and the United States.
This document refines and clarifies the CDM Program’s Identity and Access Management (IDAM) scope by providing a reference for how CDM IDAM capabilities may integrate into an agency’s ICAM architecture. A description of the federal ICAM practice area, including how ICAM services and components…
On September 15, 2023, CISA released the Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture to help federal civilian departments and agencies integrate their identity and access management (IDAM) capabilities into their ICAM…