Cybersecurity
Cyber Threat Intelligence, Alerts and Reports
As part of the AHA’s commitment to helping hospitals and health systems prepare for and prevent cyber threats, we have gathered the latest government cyber threat intelligence and alerts and Health Information Sharing and Analysis Center (H-ISAC) reports.
You may be asked to enter your AHA member credentials to view certain reports and intelligence alerts.
Cybersecurity & Risk Advisory
Learn how AHA can help hospitals and health systems prepare for and mitigate cyber threats through the expertise of John Riggi, AHA’s National Advisor for Cybersecurity and Risk.
A ransomware tracker as TLP:GREEN for purposes of increasing ransomware threat awareness.
This week, Hacking Healthcare begins by examining how an interesting development in the ongoing Ukraine crisis that involves Belarusian hacktivists could provide a preview of a new cyber threat to the healthcare sector.
LockBit 2.0 operates as an affiliate-based Ransomware-as-a-Service (RaaS) and employs a wide variety of tactics, techniques, and procedures, creating significant challenges for defense and mitigation.
On February 3, 2022, the Health-ISAC Threat Intelligence Committee (TIC) evaluated the current Cyber Threat Level and collectively decided to maintain the Cyber Threat Level at Yellow (Elevated).
H_ISAC reports distributed February 7, 2022.
H-ISAC Daily Cyber Headlines for February 7, 2022.
A daily ransomware tracker as TLP:GREEN for purposes of increasing ransomware threat awareness.
January News Items of Interest to the Health Sector
FBI: Hackers target US defense firms with malicious USB packages The FBI released a flash alert warning US companies that the cybercriminal group FIN7 targeted the US defense industry with infected USB devices to deploy ransomware.
HHS OCIO HC3 TLP White Threat Brief, Lessons Learned from the HSE Attack February 3, 2022.
Health-ISAC is issuing a vulnerability bulletin regarding multiple security vulnerabilities in the Windows/Linux interoperability suite Samba that if exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations.