Cybersecurity News

Nearly 15 years ago, a study published in the New England Journal of Medicine estimated that only 1.5% of acute care general medical and surgical hospitals had a comprehensive electronic health records system.

The Department of Health and Human Services recently released an advisory to help health care organizations protect their systems and networks from 8Base, a ransomware and data extortion gang targeting small- and medium-sized organizations in health care and other sectors.

By taking aim at shifting cyber defense responsibilities, the Biden administration’s National Cybersecurity Strategy will help improve the nation’s cyber resilience, while disrupting cyberthreat operations, writes John Riggi, AHA’s national advisor for cybersecurity and risk.

The Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency Oct. 25 hosted a roundtable discussion with health care cybersecurity leaders, including the AHA, on the state of cybersecurity in the health care and public health sector.

AHA leaders are participating in the International Hospital Federation’s World Hospital Congress in Lisbon, Portugal.    

Hospitals can only do so much on defense when foreign-based adversaries sheltered by hostile nation-states attack them. They also need a robust offense by the U.S. government to go after bad actors. Read this AHA Cyber Intel blog from John Riggi to learn how AHA will continue to work with the hospital field, Congress and the Administration, and other stakeholders to advance and adopt cyber policies that are streamlined, effective and feasible to implement.

The Cybersecurity and Infrastructure Security Agency, FBI and Multi-State Information Sharing and Analysis Center this week alerted organizations to a critical vulnerability affecting certain versions of the Atlassian Confluence Data Center and Server that enables malicious actors to obtain access to victim systems and continue active exploitation post-patch.

Troy Ament, chief information security officer at Fortinet, discusses the need to balance digital innovation in health care with cybercrime defenses.

The FBI and Department of Homeland Security are actively monitoring the situation in Israel following the recent Hamas terrorist attacks in that country and any implications they pose to the domestic threat environment, the agencies said in an Oct. 10 notice to the private sector. 

The Food and Drug Administration will accept nominations through Dec. 11 for experts to serve on a committee that will advise the agency on issues related to digital health technologies.

The Department of Health and Human Services Oct. 6 urged health care organizations to patch a critical vulnerability in Cisco’s Emergency Responder communications platform that allows a cyberattacker to completely compromise a vulnerable system and use it for further attacks across an enterprise network.

The National Security Agency and Cybersecurity and Infrastructure Security Agency Oct. 5 recommended organizations take steps to prevent cyber actors from exploiting 10 common network misconfigurations.

Cyber criminals are probing the defenses of health care providers every second of every day.

John Riggi, AHA’s national advisor for cybersecurity and risk, reviews key takeaways and insights from a recent AHA webinar on the importance of cyber preparedness.

The Department of Health and Human Services’ Advanced Research Projects Agency for Health (ARPA-H) recently awarded $50 million in funding for six research projects to advance technologies that could help secure health care data.

What can your hospital or health system do to proactively prepare for a cyberattack with plans to maintain both business and clinical continuity? Gain insights gleaned from a recent AHA webinar with four health care leader panelists and John Riggi, national advisor for cybersecurity and risk for the AHA. Read Riggi’s new AHA Cyber Intel blog article to learn four strategies to effectively prepare for a cyberattack.

The FBI this week advised organizations to protect against certain emerging ransomware trends, including multiple attacks on the same victim and new data destruction tactics.

Cyber actors linked to the People’s Republic of China are targeting router firmware in government and multinational organizations, which should review all subsidiary connections and consider implementing Zero Trust models to limit a potential compromise, U.S. and Japanese agencies advised Sept. 27. 

The Food and Drug Administration Sept. 26 finalized guidance updating the cybersecurity information device makers should submit to its Center for Devices and Radiological Health or Center for Biologics Evaluation and Research for premarket review of devices that have cybersecurity considerations.

The Health Information Sharing and Analysis Center (H-ISAC) Sept. 19 alerted the health sector to an emerging threat that targets senior executives through phishing emails that contain malicious QR codes, also known as quishing.