Cybersecurity News

In his latest AHA Cyber Intel blog, John Riggi, AHA national advisor for cybersecurity and risk, explains why cybercriminals are shifting from directly targeting hospitals to hitting the third-party technology and service providers critical to supporting hospitals’ clinical care.

The Cybersecurity and Infrastructure Security Agency and FBI Aug. 8 released guidance on secure by design software products which includes resources to assess product security maturity and whether a manufacturer follows secure by design principles.

It seems like barely a week goes by without a new cyberattack that affects health care providers.

CISAand FBI today issued an updated advisory on the BlackSuit ransomware group, providing information on historically observed tactics, techniques, and procedures and indicators of compromise associated with the group. BlackSuit's cyberattacks have impacted health care and other industries.

Cybercriminals are ramping up attacks on health care systems throughout the United States, with a majority of these crimes originating from international, state-sponsored actors.

John Riggi, AHA national advisor for cybersecurity and risk, explains why cybercriminals are shifting from directly targeting hospitals to hitting the third-party technology and service providers critical to supporting hospitals’ clinical care. He highlights four key strategies to help hospitals and health systems strengthen their third-party risk management program against the debilitating effects of the next, inevitable Change Healthcare-like cyberattack.

OneBlood, a nonprofit organization that provides blood and blood products to health care providers in Florida, Georgia, Alabama, North Carolina and South Carolina, including more than 350 hospitals, July 31 said it is experiencing a ransomware event that is impacting its software system and disrupting some of its operations to deliver blood. 

The Department of Justice July 25 announced the indictment of North Korean national Rim Jong Hyok for allegedly conspiring to hack and extort U.S. hospitals and health care providers.

The cybersecurity firm CrowdStrike July 24 posted online a preliminary post incident report following a non-malicious global technology outage which began July 19 and affected many industries, including health care.

There has been a sharp uptick this year in ruthless tactics by cybercriminals, who are now directly threatening patients with the release of sensitive information, photos and medical records. John Riggi, AHA national advisor for cybersecurity and risk, talks with two experts about the rise in these tactics and what’s needed to fight back and prepare against these threat-to-life crimes.

The AHA July 24 shared information and new offerings from some of its private sector partners that can help hospitals and health systems strengthen their cybersecurity efforts and defend against and deflect cyberattacks.

AHA President and CEO Rick Pollack opened the 2024 AHA Leadership Summit in San Diego discussing the similarities of the U.S. Navy Seals to the hospital field in its commitment to operational flexibility, team cohesion, cultural awareness, use of advanced technology, and physical and mental resilience. 

A non-malicious global technology outage that began in the early morning of July 19 is continuing to affect many industries and is having varying effects on hospitals and health systems across the country. The outage was caused by a faulty software update issued by the cybersecurity firm CrowdStrike, which is widely used by businesses and government agencies that run on Microsoft computers. 

John Riggi, AHA’s national advisor for cybersecurity in risk, participated July 18 as the opening keynote speaker in the Information Security Media Group’s Healthcare Cybersecurity Summit in New York City to discuss emerging threats, defense measures and other cybersecurity issues within the health care sector.

A joint advisory issued the week of July 8 by the Cybersecurity and Infrastructure Security Agency, National Security Agency, FBI and several international agencies warns of the threat of a state-sponsored cyber group in China. The Advanced Persistent Threat (APT) 40, also known as Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk, has previously targeted organizations in the United States and other countries.

The AHA July 2 submitted comments to the Cybersecurity and Infrastructure Security Agency on its proposed rule establishing reporting requirements for cybersecurity incidents under the Cyber Incident Reporting for Critical Infrastructure Act.

The Department of Health and Human Services Health Sector Cybersecurity Coordination Center June 27 issued an alert about a critical vulnerability in MOVEit, a common file transfer platform utilized in the health sector. The vulnerability exposes health care organizations to cyberattacks, especially ransomware and data breaches.

A joint report released June 26 by the Cybersecurity and Infrastructure Security Agency, FBI, the Australian Cyber Security Centre and Canadian Centre for Cybersecurity provides roadmaps for addressing memory safety vulnerabilities in open source software.

The Health Information Sharing and Analysis Center June 27 issued a threat bulletin alerting the health sector to active cyberthreats exploiting TeamViewer.

The FBI and Department of Health and Human Services June 24 released an advisory about cyberthreat actors targeting health care organizations in attempts to steal payments.