Organizations urged to protect networks, strengthen supply chains

Apr 05, 2021 - 02:26 PM
FDAcybersecurity

The FBI and Cybersecurity and Infrastructure Security Agency Friday advised organizations to protect their computer networks from known vulnerabilities in FortiOS, the operating system for the Fortinet network security system. The agencies in March observed cyber actors scanning for these vulnerabilities, likely to gain access to networks to launch future distributed denial-of-service attacks, ransomware attacks, structured query language injection attacks, spearphishing campaigns, website defacements and disinformation campaigns. The advisory includes mitigation actions for organizations whether they use the operating system or not. 

Also last week, the National Counterintelligence and Security Center launched its fourth annual National Supply Chain Integrity Month with a call for organizations to strengthen their supply chains against foreign adversaries and other potential risks. For more on the initiative and best practices, visit the AHA website

“The targeting of the Fortinet vulnerabilities, which may be indicative of nation-state malicious activity, provides another example of a third-party service provider potentially exposing their clients to cyber risk through vulnerabilities in their services,” said John Riggi, AHA senior advisor for cybersecurity and risk. “Fortunately, the NCSC last week released resources to help organizations mitigate third-party and supply chain risk. It is imperative for hospitals and health systems to have a robust vendor risk management program that risk-prioritizes business associates and includes software supply chain vendors.”

For more on these or other cybersecurity and risk issues, contact Riggi at jriggi@aha.org
 

Related News Articles

Headline
AHA blog: How to prepare for third-party cyber risk 
In his latest AHA Cyber Intel blog, John Riggi, AHA national advisor for cybersecurity and risk, explains why cybercriminals are shifting from directly…
Headline
CISA guidance informs users on software products which should be secure by design and demand 
The Cybersecurity and Infrastructure Security Agency and FBI Aug. 8 released guidance on secure by design software products which includes resources to assess…
Perspective
Keeping Up Our Guard and Fighting Back Against Cybercrime
It seems like barely a week goes by without a new cyberattack that affects health care providers. Often, it’s a ransomware attack conducted by foreign criminal…
Headline
Agencies issue update on BlackSuit ransomware group
The Cybersecurity and Infrastructure Security Agency and FBI today issued an updated advisory on the BlackSuit ransomware group, providing information on…
Headline
AHA podcast: The FBI’s Global Fight Against Cybercrime 
Cybercriminals are ramping up attacks on health care systems throughout the United States, with a majority of these crimes originating from international,…
AHA Cyber Intel
Third-Party Cyber Risk Impacts the Health Care Sector the Most. Here’s How to Prepare.
We all know by now that cyber risk is not just an "IT issue," but rather it is an enterprise risk issue. Cyberattacks represent a potential risk to every…