Cybersecurity News

A report by the United Kingdom’s National Health Service is warning of threats leveraging Log4Shell vulnerability in VMware Horizon servers by an unknown cyber actor.

Health and Human Services Secretary Xavier Becerra today in a letter to health care and public health leaders urged vigilance against cyber threats posed by a vulnerability within the Apache Log4j software. Exploitation of the software, which exists in thousands of applications, including control systems for medical devices and hardware, can result in data exfiltration or ransomware that can significantly disrupt the delivery of health care.

John Riggi, AHA’s national advisor for cybersecurity and risk, discusses insights and lessons learned from hospital leaders from Dickinson County Healthcare System in Iron Mountain, Mich, and Sky Lakes Medical Center in Klamath Falls, Ore., after becoming victims of major ransomware attacks in the fall of 2020.

Apache has released a security update to address a second severe vulnerability affecting its Log4j software library, which a remote attacker could exploit to cause a denial-of-service condition, the Cybersecurity and Infrastructure Security Agency announced.

The Cybersecurity and Infrastructure Security Agency has created a webpage to provide the latest public information and vendor-supplied advisories on a critical remote code execution vulnerability affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1.

A ransomware attack has impacted several Ultimate Kronos Group services that hospitals and other organizations use to manage their employees and payrolls, the HR management company has confirmed.

Health care organizations should survey their information infrastructure to ensure they are not running vulnerable versions of the Apache Log4j Java library, upgrade any vulnerable systems and identify possible exploitation, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center advised.

The AHA has developed “What Boards Should Know About Cybersecurity” to assist hospital and health system trustees in asking key questions about their organization’s cybersecurity protocols.

The Department of Health and Human Services launched a central web resource for information on cybersecurity best practices recognized by its 405(d) program.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) last week advised biotechnology companies specifically and the health care and public health sector generally to review a new report on a malware threat aggressively spreading through the biomanufacturing industry and take appropriation action to protect their information infrastructure.

In this podcast John Riggi, AHA’s senior advisor for cybersecurity and risk, talks to David Ring, section chief of the FBI's cyber engagement and intelligence section, and Errol Weiss, chief security officer at H-ISAC, about the latest ransomware attacks on hospitals, as well as the partnership between H-ISAC, AHA and the FBI to exchange cyber threat intel and to broadcast and amplify warnings.

Cybersecurity firm [redacted] today announced that it is the newest vendor to earn accreditation by AHA as part of the a

The FBI, Cybersecurity and Infrastructure Security Agency, Australian Cyber Security Centre, and United Kingdom’s National Cyber Security Centre released an advisory highlighting ongoing malicious cyber activity by Iranian government-sponsored actors targeting U.S. critical infrastructure sectors, including health care.

The AHA urged the Department of Health and Human Services’ Office for Civil Rights to quickly initiate rulemaking for a legislative provision (H.R. 7898) enacted by Congress this year to recognize certain recommended security practices when making determinations related to Health Insurance Portability and Accountability Act audits, fines and resolution agreements.

Ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections, the FBI said in an alert this week to the private sector.

The FBI recently raided the Florida offices of Pax Technology, a Chinese-owned company that makes point-of-sale payment terminals, because the devices may have been involved in cyberattacks on U.S. and European organizations, according to news reports.

Microsoft on Sunday posted an update on the latest activity by Nobelium, a Russian nation-state actor behind cyberattacks on SolarWinds customers in 2020.

Learn how health care leaders such as Matthew Modica, vice president and chief information security officer at BJC HealthCare, are mitigating cyber risks as they take advantage of rapidly advancing technologies and respond to the pandemic.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) issued a monthly bulletin that consolidates a wide range of cyber security alerts from across government on the latest cybersecurity trends and threats, including guidance on hardening remote access virtual private networks. 

Cybercrimes directed against hospitals and health systems have been on a massive upswing worldwide for several years, accelerating even more during the COVID-19 pandemic.