Cybersecurity News

As health care organizations increasingly use telehealth during the COVID-19 pandemic and beyond, the Healthcare and Public Health Sector Coordinating Council (HSCC) released a report to help health care leaders assess and mitigate associated cybersecurity risks. 

The FBI removed malicious code from vulnerable Microsoft Exchange Servers running on-premises versions of MES software for enterprise-level e-mail service, the agency announced in a notice to private industry.

AHA and the Health Information Sharing and Analysis Center (Health-ISAC), a non-profit member organization for sharing cyber threat intelligence and best practices, released a joint white paper to help senior health care leaders understand and respond to certain cyber risks to their enterprise networks.

The FBI and Cybersecurity and Infrastructure Security Agency advised organizations to protect their computer networks from known vulnerabilities in FortiOS, the operating system for the Fortinet network security system.

The FBI released an alert on Mamba ransomware, which uses an open source encryptions software to encrypt and restrict access to a victim’s entire drive, including the operating system.

Cyber criminals and nation-state actors believed to be affiliated with the Chinese government continue to exploit recently announced vulnerabilities in Microsoft Exchange on-premises products, posing a serious risk to federal agencies and private organizations, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency said in a joint advisory.

The Department of Health and Human Services’ Office of the Assistant Secretary for Preparedness and Response urged the health care and public health sector to patch on-premises Microsoft Exchange Server vulnerabilities announced last week, noting that additional criminal and state actors have been observed trying to compromise the critical infrastructure by exploiting these vulnerabilities.

Cyber attackers are using Microsoft Exchange Server vulnerabilities to access Exchange server email accounts on an organization’s premises and install malware to facilitate long-term access to victim environments, the Microsoft Threat Intelligence Center announced.

The Center for Internet Security began offering its Malicious Domain Blocking and Reporting ransomware protection service free to private hospitals.

The FBI has issued recommendations to help prevent and respond to Telephony Denial of Service (TDoS) attacks, which can make 911 call centers unavailable to users and undermine public trust in emergency services.

As we forge ahead in 2021 facing a lot of uncertainty, there’s one thing we recognize: The COVID-19 pandemic will have a lasting effect on the health and well-being of our nation.

The Department of Health and Human Services Office of the Assistant Secretary for Preparedness and Response released a comprehensive and valuable resource to help hospitals and health systems effectively care for patients and maintain business practices and readiness should a cybersecurity incident affect the health care operational environment.

The Health Information Sharing and Analysis Center and AHA will host a Feb. 10 panel discussion on best practices to combat unlawful robocalls to hospitals.

President Trump signed into law a bill (H.R. 7898) containing provisions that require the Secretary of Health and Human Services to consider certain recognized cybersecurity best practices when making determinations against HIPAA-covered entities and business associates victimized by a cyberattack.

In an alert this week, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) reminded health care providers and researchers to patch any vulnerabilities in their Picture Archiving Communication Systems that could expose patient records to unauthorized access.

A Federal Communications Commission advisory panel this week recommended best practices for voice service providers, hospitals, and federal and state governments to prevent unlawful robocalls from disrupting communications in hospitals.

The Cybersecurity and Infrastructure Security Agency and Health Sector Cybersecurity Coordination Center are alerting organizations to a global cyberattack using a hidden back door or “trojanized” legitimate updates to the SolarWinds Orion performance monitoring platform to access public and private networks.

A highly sophisticated threat actor has stolen tools used by cybersecurity company FireEye to evaluate the security posture of enterprise systems, which unauthorized third-party users could abuse to take control of targeted systems, the Cybersecurity and Infrastructure Security Agency announced.

The Cybersecurity and Infrastructure Security Agency alerted organizations to a global phishing and spearphishing campaign targeting the COVID-19 vaccine cold chain, the part of the supply chain used to store and transport a vaccine at safe temperatures.

The Senate Homeland Security and Governmental Affairs Committee held a hearing on defending communities from cyber threats during the COVID-19 pandemic.