Cybersecurity
Cyber Threat Intelligence, Alerts and Reports
As part of the AHA’s commitment to helping hospitals and health systems prepare for and prevent cyber threats, we have gathered the latest government cyber threat intelligence and alerts and Health Information Sharing and Analysis Center (H-ISAC) reports.
You may be asked to enter your AHA member credentials to view certain reports and intelligence alerts.
Cybersecurity & Risk Advisory
Learn how AHA can help hospitals and health systems prepare for and mitigate cyber threats through the expertise of John Riggi, AHA’s National Advisor for Cybersecurity and Risk.
Since June 2019, unidentified cyber actors have used a SharePoint vulnerability, CVE-2019-0604, to exploit notable US entities. Following a widespread scanning for CVE-2019-0604 in May, June, and October 2019, respectively, cyber actors compromised the network of two…
Multiple Nation State Advanced Persistent Threat (APT) actors have weaponized CVE-2019-11510, CVE-2019-11539, and CVE-2018-13379 to gain access to vulnerable VPN devices.
In August, 2019, the Canadian Centre for Cyber Security released guidance for mitigating vulnerabilities in 3 major VPN…
Researchers disclosed the existence of 12 potentially sever security vulnerabilities with wearable technology, collectively named SweynTooth.
The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the
following information with the cybersecurity community as a primer for assisting
in the protection of our Nation’s critical infrastructure in light of the current
tensions between the Islamic Republic of Iran and the United…
This edition of Hacking Healthcare, explores the German Patient Data Protection
Act that is under criticism for its approach to cybersecurity and privacy; briefly examines the interesting effect the United States’ naming and shaming of Chinese state hackers is having; and breaks down why DNS over…
This edition of Hacking Healthcare, breaksdown new guidance from the Department of Justice (DOJ) on the legal considerations of engaging in cyber threat intelligence activities; examines the European Union Agency for Cybersecurity’s (ENISA) 51-page report on procurement cybersecurity for…
This checklist is designed as a quick reference for healthcare enterprise management to consider important factors in a teleworking strategy that minimizes downtime and latency while supporting patient care, operational and I.T. security, and supply chain resilience.
Information sharing programs, when done properly, produce significant benefit at low risk for the organizations that participate. This document provides Healthcare and Public Health Sector (HPH) organizations with a set of guidelines and best practices for efficient and effective information…
The Food and Drug Administration said cybersecurity vulnerabilities known as “SweynTooth” could pose a risk to some medical devices, such as pacemakers, glucose monitors and ultrasound equipment, that use Bluetooth Low Energy.
The AHA co-hosted a regional cyber workshop with Nebraska Hospital Association for technical and non-technical hospital and health system leaders to learn about cybersecurity as a strategic enterprise risk issue with implications to care delivery and patient safety.