Cybersecurity News

The Russia-linked ransomware group Clop claims it used a vulnerability in the secure file transfer software GoAnywhere MFT to attack over 130 organizations this month in health care and other sectors, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) alerted the sector yesterday.

HIPAA-covered entities reported 609 breaches of unsecured protected health information in calendar year 2021, 7% fewer than in 2020, the Department of Health and Human Services’ Office for Civil Rights reported in its latest annual report on the issue.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) yesterday released a guide to help health care organizations protect their internet-connected devices and networks from Distributed Denial of Service attacks, which can keep providers and patients from accessing critical resources such as electronic health records and software-based medical equipment.

The United States and Republic of Korea today recommended health care organizations take certain actions to protect against North Korean-sponsored ransomware activity targeting the sector.

The Cybersecurity and Infrastructure Security Agency and FBI released guidance to help organizations prevent and recover from a global ransomware campaign that has compromised over 3,800 VMware ESXi servers.

Hear how Children’s National Hospital in Washington, D.C., developed a system allowing hospital staff members to protect patient safety in the event of a broad-based ransomware or malware attack.

A new white paper from the Healthcare and Public Health Sector Coordinating Council (HSCC), a public-private partnership to mitigate risks to the sector, outlines nine cybersecurity concerns for artificial intelligence use in the clinical and enterprise environment and approaches to address them

Cyberattacks are increasing globally and in the U.S., with health care organizations, especially hospitals and health systems, being prime targets.

A pro-Russian hacktivist group known for distributed denial-of-service (DDoS) attacks against countries supporting Ukraine on Jan. 28 allegedly released attack lists for hospitals and medical organizations in several countries, HHS alerted the sector.

The FBI seized control of servers and websites used by the Hive ransomware network to target hospitals and other critical infrastructure, and infiltrated the network in July to provide decryption keys to victims and prevent $130 million in ransom payments, the Justice Department announced.

The Royal and Blackcat ransomware groups continue to aggressively target the U.S. health sector, according to a recent advisory from the Department of Health and Human Services.

National Coordinator for Health Information Technology Micky Tripathi talks with AHA’s Nancy Foster about what his office is doing to help achieve a health information system that can share data across care providers while protecting confidential health records from cybercriminals.

The latest quarterly bulletin from the Department of Health and Human Services’ Healthcare Cybersecurity Coordination Center reviews cyber threats to the health care sector in fourth-quarter 2022.

The Clop ransomware group has been sending health care facilities ransomware-infected medical files disguised to appear to come from legitimate doctors, then requesting a medical appointment in hopes they’ll open and review the documents, the Department of Health and Human Services alerted the health sector today.

The Healthcare Cyber Communications Center, FBI, Cybersecurity & Infrastructure Security Agency and National Security Agency in December warned of new ransomware strains and other cyber threats targeting health care.  

AHA sent a letter to Sen. Mark Warner, co-chair of the Senate Cybersecurity Caucus, responding to his recent report on policy options to address cybersecurity challenges in the health care field.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center Nov. 21 warned of a human-operated ransomware threat targeting larger organizations, with compromised targets observed in the health care and public sectors.

The FBI, Cybersecurity & Infrastructure Security Agency, and Department of Health and Human Services yesterday recommended actions to reduce the risk of compromise from Hive ransomware, which has victimized over 1,300 health care and other organizations since last June.

The Cybersecurity & Infrastructure Security Agency and FBI advised organizations to protect VMware Horizon servers from a Log4Shell vulnerability recently exploited by Iranian-sponsored actors. 

The Cybersecurity & Infrastructure Security Agency encourages OpenSSL users and administrators to upgrade to version 3.0.7 to patch two high-severity vulnerabilities that threat actors could leverage to crash or take control of a computer system.