Cybersecurity News

The AHA urged the Department of Health and Human Services’ Office for Civil Rights to quickly initiate rulemaking for a legislative provision (H.R. 7898) enacted by Congress this year to recognize certain recommended security practices when making determinations related to Health Insurance Portability and Accountability Act audits, fines and resolution agreements.

Ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections, the FBI said in an alert this week to the private sector.

The FBI recently raided the Florida offices of Pax Technology, a Chinese-owned company that makes point-of-sale payment terminals, because the devices may have been involved in cyberattacks on U.S. and European organizations, according to news reports.

Microsoft on Sunday posted an update on the latest activity by Nobelium, a Russian nation-state actor behind cyberattacks on SolarWinds customers in 2020.

Learn how health care leaders such as Matthew Modica, vice president and chief information security officer at BJC HealthCare, are mitigating cyber risks as they take advantage of rapidly advancing technologies and respond to the pandemic.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) issued a monthly bulletin that consolidates a wide range of cyber security alerts from across government on the latest cybersecurity trends and threats, including guidance on hardening remote access virtual private networks. 

Cybercrimes directed against hospitals and health systems have been on a massive upswing worldwide for several years, accelerating even more during the COVID-19 pandemic.

The Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency yesterday issued an

John Riggi, AHA’s senior advisory for cyber security and risk, speaks with Edward You, supervisory special agent in the FBI’s Weapons of Mass Destruction Directorate, about the biggest national threats to the bioeconomy, medical research and innovation. Listen here. 

The National Institute of Standards and Technology will work with technology leaders to develop a framework to improve security in the technology supply chain, the White House announced at a meeting with technology leaders. Microsoft, Google, IBM, Travelers and the cyber insurance provider Coalition will participate in the initiative.

The FBI released an alert on Hive ransomware, which uses mechanisms such as phishing emails with malicious attachments and Remote Desktop Protocol to access and move through victim networks, exfiltrate data and encrypt files.

The FBI alerted U.S. organizations to ransomware attacks by a group using phishing emails to access victim networks and download Cobalt Strike threat emulation software.

BlackBerry announced a set of cyber vulnerabilities in its QNX Real Time Operating System for medical devices and other products, which a remote attacker could exploit to cause a denial-of-service condition or execute arbitrary code on affected devices.

Security platform provider Armis announced a patch and mitigation steps to address nine critical vulnerabilities in the firmware for a pneumatic tube system used by more than 3,000 hospitals, primarily in North America.

The U.S. Cybersecurity and Infrastructure Security Agency and FBI, Australian Cyber Security Centre, and United Kingdom National Cyber Security Centre released an advisory detailing the top 30 cyber vulnerabilities in 2020 and 2021. 

U.S. hospitals and health systems face growing financial pressure from cyberattacks, credit rating agency Fitch Ratings reported.  

A federal grand jury has charged four individuals from a China-based group known as APT40 with targeting computer systems in the United States and abroad between 2011 and 2018 to steal trade secrets and confidential business information for the People’s Republic of China, including proprietary genetic-sequencing technology and data, and infectious-disease research related to Ebola, MERS, HIV/AIDS, Marburg and tularemia, the Department of Justice announced.

The White House announced an interagency task force and other initiatives to protect U.S. organizations from ransomware attacks. The task force has been coordinating federal efforts to improve the nation’s cybersecurity as directed by the president in April.

Microsoft has released out-of-band security updates to address a remote code execution vulnerability — known as PrintNightmare (CVE-2021-34527) — in the Windows Print spooler service. The Computer Emergency Response Team Coordination Center (CERT/CC), part of the Software Engineering Institute at Carnegie Mellon University, last week reported a critical RCE vulnerability impacting the Windows Print Spooler service that allows a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system.

The FBI and Cybersecurity & Infrastructure Security Agency July 4 released guidance to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers and their customers