Organizations urged to protect networks, strengthen supply chains

Apr 05, 2021 - 02:26 PM
FDAcybersecurity

The FBI and Cybersecurity and Infrastructure Security Agency Friday advised organizations to protect their computer networks from known vulnerabilities in FortiOS, the operating system for the Fortinet network security system. The agencies in March observed cyber actors scanning for these vulnerabilities, likely to gain access to networks to launch future distributed denial-of-service attacks, ransomware attacks, structured query language injection attacks, spearphishing campaigns, website defacements and disinformation campaigns. The advisory includes mitigation actions for organizations whether they use the operating system or not. 

Also last week, the National Counterintelligence and Security Center launched its fourth annual National Supply Chain Integrity Month with a call for organizations to strengthen their supply chains against foreign adversaries and other potential risks. For more on the initiative and best practices, visit the AHA website

“The targeting of the Fortinet vulnerabilities, which may be indicative of nation-state malicious activity, provides another example of a third-party service provider potentially exposing their clients to cyber risk through vulnerabilities in their services,” said John Riggi, AHA senior advisor for cybersecurity and risk. “Fortunately, the NCSC last week released resources to help organizations mitigate third-party and supply chain risk. It is imperative for hospitals and health systems to have a robust vendor risk management program that risk-prioritizes business associates and includes software supply chain vendors.”

For more on these or other cybersecurity and risk issues, contact Riggi at jriggi@aha.org
 

Related News Articles

Headline
CrowdStrike technology outage causing global disruption across industries, including impacts on hospitals and health systems 
A non-malicious global technology outage that began in the early morning of July 19 is continuing to affect many industries and is having varying effects on…
Headline
AHA participates in health care cybersecurity summit 
John Riggi, AHA’s national advisor for cybersecurity and risk, participated July 18 as the opening keynote speaker in the Information Security Media Group’s…
Headline
Agencies issue advisory on threat of China-based cyber group 
A joint advisory issued the week of July 8 by the Cybersecurity and Infrastructure Security Agency, National Security Agency, FBI and several international…
Headline
AHA comments on CIRCIA’s cyber incident reporting requirements 
The AHA July 2 submitted comments to the Cybersecurity and Infrastructure Security Agency on its proposed rule establishing reporting requirements for…
Headline
HHS issues cyber alert on critical vulnerability in ‘MOVEit,’ file transfer platform
The Department of Health and Human Services Health Sector Cybersecurity Coordination Center June 27 issued an alert about a critical vulnerability in MOVEit, a…
Headline
Agencies issue joint report on memory safety vulnerabilities in open source projects
A joint report released June 26 by the Cybersecurity and Infrastructure Security Agency, FBI, the Australian Cyber Security Centre and Canadian Centre for…