ºÚÁÏÕýÄÜÁ¿

The latest threat brief from the Department of Health and Human Services’ Office of Information Security and Health Sector Cybersecurity Coordination Center (HC3) reviews the top cyber threats to electronic medical records and best practices to help health care organizations prevent, detect and respond to this growing threat.

Effective today under the Consolidated Appropriations Act of 2023, medical devices seeking approval from the Food and Drug Administration must meet certain cybersecurity requirements if they connect to the internet and contain software and technological characteristics vulnerable to cybersecurity threats.

The Department of Health and Human Services yesterday released a mobile device security checklist for the health care sector, and an update on the Black Basta ransomware group targeting the sector since last year.

In this AHA podcast, hear the inside story on the FBI’s successful infiltration and shutdown of a cybercriminal gang that specialized in hospital and health system extortion.

The FBI, Cybersecurity and Infrastructure Security Agency, and Multi-State Information Sharing & Analysis Center today provided actionable intelligence and encouraged organizations to implement recommendations to protect their networks from LockBit 3.0 ransomware, which is more evasive than previous versions.

The Senate Homeland Security and Governmental Affairs Committee today held a hearing examining cybersecurity risks to the health care sector. Witnesses included Scott Dresen, chief information security officer for Corewell Health, a large integrated health system in Michigan.

The Health Sector Coordinating Council public-private partnership and Department of Health and Human Services today released a guide to help health care organizations align their cybersecurity practices with the National Institute for Standards and Technology’s Cybersecurity Framework to better protect the health care sector.

The Cybersecurity & Infrastructure Security Agency this week released recommendations to help health care and other critical infrastructure organizations protect their networks from malicious cyber actions, based on a simulated attack the agency conducted against an organization at its request. The advisory highlights the importance of collecting and monitoring logs for unusual activity, and regular testing to ensure security processes and procedures are up to date and effective. 

The Biden Administration today released a National Cybersecurity Strategy that seeks to strengthen collaboration with stakeholders to defend critical infrastructure; disrupt and dismantle threat actors; shape market forces to drive security and resilience; invest in a resilient future; and forge international partnerships to pursue shared goals.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) Friday alerted the sector to the latest tactics used to launch MedusaLocker ransomware attacks.

The Russia-linked ransomware group Clop claims it used a vulnerability in the secure file transfer software GoAnywhere MFT to attack over 130 organizations this month in health care and other sectors, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) alerted the sector yesterday.

HIPAA-covered entities reported 609 breaches of unsecured protected health information in calendar year 2021, 7% fewer than in 2020, the Department of Health and Human Services’ Office for Civil Rights reported in its latest annual report on the issue.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) yesterday released a guide to help health care organizations protect their internet-connected devices and networks from Distributed Denial of Service attacks, which can keep providers and patients from accessing critical resources such as electronic health records and software-based medical equipment.

The United States and Republic of Korea today recommended health care organizations take certain actions to protect against North Korean-sponsored ransomware activity targeting the sector.

The Cybersecurity and Infrastructure Security Agency and FBI released guidance to help organizations prevent and recover from a global ransomware campaign that has compromised over 3,800 VMware ESXi servers.

Hear how Children’s National Hospital in Washington, D.C., developed a system allowing hospital staff members to protect patient safety in the event of a broad-based ransomware or malware attack.

A new white paper from the Healthcare and Public Health Sector Coordinating Council (HSCC), a public-private partnership to mitigate risks to the sector, outlines nine cybersecurity concerns for artificial intelligence use in the clinical and enterprise environment and approaches to address them

Cyberattacks are increasing globally and in the U.S., with health care organizations, especially hospitals and health systems, being prime targets.

A pro-Russian hacktivist group known for distributed denial-of-service (DDoS) attacks against countries supporting Ukraine on Jan. 28 allegedly released attack lists for hospitals and medical organizations in several countries, HHS alerted the sector.

The FBI seized control of servers and websites used by the Hive ransomware network to target hospitals and other critical infrastructure, and infiltrated the network in July to provide decryption keys to victims and prevent $130 million in ransom payments, the Justice Department announced.