Cybersecurity News

The Cybersecurity and Infrastructure Security Agency has created a webpage to provide the latest public information and vendor-supplied advisories on a critical remote code execution vulnerability affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1.

A ransomware attack has impacted several Ultimate Kronos Group services that hospitals and other organizations use to manage their employees and payrolls, the HR management company has confirmed.

Health care organizations should survey their information infrastructure to ensure they are not running vulnerable versions of the Apache Log4j Java library, upgrade any vulnerable systems and identify possible exploitation, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center advised.

The AHA has developed “What Boards Should Know About Cybersecurity” to assist hospital and health system trustees in asking key questions about their organization’s cybersecurity protocols.

The Department of Health and Human Services launched a central web resource for information on cybersecurity best practices recognized by its 405(d) program.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) last week advised biotechnology companies specifically and the health care and public health sector generally to review a new report on a malware threat aggressively spreading through the biomanufacturing industry and take appropriation action to protect their information infrastructure.

In this podcast John Riggi, AHA’s senior advisor for cybersecurity and risk, talks to David Ring, section chief of the FBI's cyber engagement and intelligence section, and Errol Weiss, chief security officer at H-ISAC, about the latest ransomware attacks on hospitals, as well as the partnership between H-ISAC, AHA and the FBI to exchange cyber threat intel and to broadcast and amplify warnings.

Cybersecurity firm [redacted] today announced that it is the newest vendor to earn accreditation by AHA as part of the a

The FBI, Cybersecurity and Infrastructure Security Agency, Australian Cyber Security Centre, and United Kingdom’s National Cyber Security Centre released an advisory highlighting ongoing malicious cyber activity by Iranian government-sponsored actors targeting U.S. critical infrastructure sectors, including health care.

The AHA urged the Department of Health and Human Services’ Office for Civil Rights to quickly initiate rulemaking for a legislative provision (H.R. 7898) enacted by Congress this year to recognize certain recommended security practices when making determinations related to Health Insurance Portability and Accountability Act audits, fines and resolution agreements.

Ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections, the FBI said in an alert this week to the private sector.

The FBI recently raided the Florida offices of Pax Technology, a Chinese-owned company that makes point-of-sale payment terminals, because the devices may have been involved in cyberattacks on U.S. and European organizations, according to news reports.

Microsoft on Sunday posted an update on the latest activity by Nobelium, a Russian nation-state actor behind cyberattacks on SolarWinds customers in 2020.

Learn how health care leaders such as Matthew Modica, vice president and chief information security officer at BJC HealthCare, are mitigating cyber risks as they take advantage of rapidly advancing technologies and respond to the pandemic.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) issued a monthly bulletin that consolidates a wide range of cyber security alerts from across government on the latest cybersecurity trends and threats, including guidance on hardening remote access virtual private networks. 

Cybercrimes directed against hospitals and health systems have been on a massive upswing worldwide for several years, accelerating even more during the COVID-19 pandemic.

The Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency yesterday issued an

John Riggi, AHA’s senior advisory for cyber security and risk, speaks with Edward You, supervisory special agent in the FBI’s Weapons of Mass Destruction Directorate, about the biggest national threats to the bioeconomy, medical research and innovation. Listen here. 

The National Institute of Standards and Technology will work with technology leaders to develop a framework to improve security in the technology supply chain, the White House announced at a meeting with technology leaders. Microsoft, Google, IBM, Travelers and the cyber insurance provider Coalition will participate in the initiative.

The FBI released an alert on Hive ransomware, which uses mechanisms such as phishing emails with malicious attachments and Remote Desktop Protocol to access and move through victim networks, exfiltrate data and encrypt files.