Cybersecurity News

The FBI and Department of Homeland Security are actively monitoring the situation in Israel following the recent Hamas terrorist attacks in that country and any implications they pose to the domestic threat environment, the agencies said in an Oct. 10 notice to the private sector. 

The Food and Drug Administration will accept nominations through Dec. 11 for experts to serve on a committee that will advise the agency on issues related to digital health technologies.

The Department of Health and Human Services Oct. 6 urged health care organizations to patch a critical vulnerability in Cisco’s Emergency Responder communications platform that allows a cyberattacker to completely compromise a vulnerable system and use it for further attacks across an enterprise network.

The National Security Agency and Cybersecurity and Infrastructure Security Agency Oct. 5 recommended organizations take steps to prevent cyber actors from exploiting 10 common network misconfigurations.

Cyber criminals are probing the defenses of health care providers every second of every day.

John Riggi, AHA’s national advisor for cybersecurity and risk, reviews key takeaways and insights from a recent AHA webinar on the importance of cyber preparedness.

The Department of Health and Human Services’ Advanced Research Projects Agency for Health (ARPA-H) recently awarded $50 million in funding for six research projects to advance technologies that could help secure health care data.

What can your hospital or health system do to proactively prepare for a cyberattack with plans to maintain both business and clinical continuity? Gain insights gleaned from a recent AHA webinar with four health care leader panelists and John Riggi, national advisor for cybersecurity and risk for the AHA. Read Riggi’s new AHA Cyber Intel blog article to learn four strategies to effectively prepare for a cyberattack.

The FBI this week advised organizations to protect against certain emerging ransomware trends, including multiple attacks on the same victim and new data destruction tactics.

Cyber actors linked to the People’s Republic of China are targeting router firmware in government and multinational organizations, which should review all subsidiary connections and consider implementing Zero Trust models to limit a potential compromise, U.S. and Japanese agencies advised Sept. 27. 

The Food and Drug Administration Sept. 26 finalized guidance updating the cybersecurity information device makers should submit to its Center for Devices and Radiological Health or Center for Biologics Evaluation and Research for premarket review of devices that have cybersecurity considerations.

The Health Information Sharing and Analysis Center (H-ISAC) Sept. 19 alerted the health sector to an emerging threat that targets senior executives through phishing emails that contain malicious QR codes, also known as quishing.

The Department of Health and Human Services Sept. 18 alerted the health care sector to a critical vulnerability in ManageEngine products that allows an attacker to perform remote code execution and which a North Korean state-sponsored actor is reportedly using to target health care entities in Europe and the United States.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) yesterday alerted the sector to a ransomware group that has claimed over 60 victims since March, demanding payments ranging from $200,000 to $4 million.

The U.S. Treasury Department, in coordination with the United Kingdom, Sept. 7 sanctioned 11 individuals who are part of the Russia-based Trickbot cybercrime group, whose targets have included hospitals and other critical infrastructure organizations.

The Federal Bureau of Investigations, amid one of the largest-ever U.S.-led enforcement actions against a botnet, Aug. 29 announced the successful takedown of QakBot, the botnet infrastructure used by cybercriminals for ransomware, financial fraud and other criminal activity.

A new resource from the Cybersecurity and Infrastructure Security Agency, National Security Agency and the National Institute of Standards and Technology is helping hospitals and other critical infrastructure organizations get up to speed on the impacts of quantum capabilities in cybersecurity and assist their early planning for migration to post-quantum cryptographic standards.

The Joint Commission yesterday released an alert reviewing how health care organizations can prepare to deliver safe patient care in the event of a cyberattack, calling the potential to experience a cyberattack that adversely affects operations not an “if” but a “when” question. John Riggi, AHA’s national director for cybersecurity and risk, provided expert advice to TJC as it developed the resource.

U.S. and other allied nations’ cybersecurity agencies urged software vendors to implement secure design practices and organizations to implement a centralized patch management system and apply timely patches, noting that malicious actors in 2022 most often targeted known vulnerabilities. 

HHS alerts organizations to Rhysida ransomware.