Cybersecurity News

AHA sent a letter to Sen. Mark Warner, co-chair of the Senate Cybersecurity Caucus, responding to his recent report on policy options to address cybersecurity challenges in the health care field.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center Nov. 21 warned of a human-operated ransomware threat targeting larger organizations, with compromised targets observed in the health care and public sectors.

The FBI, Cybersecurity & Infrastructure Security Agency, and Department of Health and Human Services yesterday recommended actions to reduce the risk of compromise from Hive ransomware, which has victimized over 1,300 health care and other organizations since last June.

The Cybersecurity & Infrastructure Security Agency and FBI advised organizations to protect VMware Horizon servers from a Log4Shell vulnerability recently exploited by Iranian-sponsored actors. 

The Cybersecurity & Infrastructure Security Agency encourages OpenSSL users and administrators to upgrade to version 3.0.7 to patch two high-severity vulnerabilities that threat actors could leverage to crash or take control of a computer system.

The Department of Health and Human Services’ Office for Civil Rights yesterday released a video on recognized security practices under the HIPAA security rule and how covered entities may demonstrate implementation.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center highly recommends all health sector organizations immediately test and deploy a critical OpenSSL patch when it becomes available Nov. 1, because many of the most common operating systems and applications use the OpenSSL software library for secure communications.

The FBI, Cybersecurity and Infrastructure Security Agency and Department of Health and Human Services today alerted U.S. organizations to a cybercrime group targeting the health care sector with ransomware and data extortion operations. The group has attacked multiple organizations since June, deploying ransomware to encrypt servers responsible for health care services, exfiltrating personal identifiable information and patient health information, and threatening to release the information if a ransom is not paid.

The FBI yesterday recommended U.S. organizations take certain actions to protect their networks against the Iranian cybergroup Emennet Pasargad, which has recently used hack-and-leak techniques and false personas to target organizations, including one in the United States.

It’s a sad fact that hospitals and health care systems continue to be a prime target for cyber criminals.

The health care field continues to be a top target for cybercriminals.

The National Security Agency, Cybersecurity and Infrastructure Security Agency and FBI yesterday urged U.S. critical infrastructure and other organizations to take certain actions to protect their systems from known vulnerabilities that China state-sponsored actors continue to exploit to target intellectual property and sensitive networks. In a separate presentation, the Department of Health and Human Services yesterday warned health care organizations that threat actors are increasingly using legitimate network security tools for malicious purposes.

AHA yesterday thanked Reps. Jason Crow, D-Colo., and Brian Fitzpatrick, R-Pa., for introducing a House companion to the Healthcare Cybersecurity Act, AHA-supported legislation that would improve collaboration and coordination between the Cybersecurity and Infrastructure Security Agency and Department of Health and Human Services.

A survey released in early September from Proofpoint, Inc., and the Ponemon Institute, on cybersecurity in health care raises important issues but appears to have a number of significant limitations.

The communications protocol for the Medtronic MiniMed 600 Series Insulin Pump System could allow an unauthorized person to access the pump to deliver too much or too little insulin, the Food and Drug Administration alerted users today.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) yesterday alerted the sector to a monkeypox-themed phishing campaign targeting health care providers.

Cyber criminals are increasingly targeting health care payment processors to redirect payments intended for health care providers to accounts they control, costing victims millions of dollars, the FBI reported this week.

The FBI yesterday charged three Iranian nationals with allegedly orchestrating a scheme to hack into the computer networks of multiple U.S. victims, including an attempted but thwarted attack last year against Boston Children’s Hospital.

The FBI today released recommendations to help protect medical devices from cyberattacks that can threaten health care operations, patient safety, and data privacy and integrity, citing a growing number of unpatched medical device vulnerabilities.

Former co-chairs of the Cyberspace Solarium Commission request briefing on HHS efforts to protect health care sector through public-private collaboration.