ºÚÁÏÕýÄÜÁ¿

The Royal and Blackcat ransomware groups continue to aggressively target the U.S. health sector, according to a recent advisory from the Department of Health and Human Services.

National Coordinator for Health Information Technology Micky Tripathi talks with AHA’s Nancy Foster about what his office is doing to help achieve a health information system that can share data across care providers while protecting confidential health records from cybercriminals.

The latest quarterly bulletin from the Department of Health and Human Services’ Healthcare Cybersecurity Coordination Center reviews cyber threats to the health care sector in fourth-quarter 2022.

The Clop ransomware group has been sending health care facilities ransomware-infected medical files disguised to appear to come from legitimate doctors, then requesting a medical appointment in hopes they’ll open and review the documents, the Department of Health and Human Services alerted the health sector today.

The Healthcare Cyber Communications Center, FBI, Cybersecurity & Infrastructure Security Agency and National Security Agency in December warned of new ransomware strains and other cyber threats targeting health care.  

AHA sent a letter to Sen. Mark Warner, co-chair of the Senate Cybersecurity Caucus, responding to his recent report on policy options to address cybersecurity challenges in the health care field.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center Nov. 21 warned of a human-operated ransomware threat targeting larger organizations, with compromised targets observed in the health care and public sectors.

The FBI, Cybersecurity & Infrastructure Security Agency, and Department of Health and Human Services yesterday recommended actions to reduce the risk of compromise from Hive ransomware, which has victimized over 1,300 health care and other organizations since last June.

The Cybersecurity & Infrastructure Security Agency and FBI advised organizations to protect VMware Horizon servers from a Log4Shell vulnerability recently exploited by Iranian-sponsored actors. 

The Cybersecurity & Infrastructure Security Agency encourages OpenSSL users and administrators to upgrade to version 3.0.7 to patch two high-severity vulnerabilities that threat actors could leverage to crash or take control of a computer system.

The Department of Health and Human Services’ Office for Civil Rights yesterday released a video on recognized security practices under the HIPAA security rule and how covered entities may demonstrate implementation.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center highly recommends all health sector organizations immediately test and deploy a critical OpenSSL patch when it becomes available Nov. 1, because many of the most common operating systems and applications use the OpenSSL software library for secure communications.

The FBI, Cybersecurity and Infrastructure Security Agency and Department of Health and Human Services today alerted U.S. organizations to a cybercrime group targeting the health care sector with ransomware and data extortion operations. The group has attacked multiple organizations since June, deploying ransomware to encrypt servers responsible for health care services, exfiltrating personal identifiable information and patient health information, and threatening to release the information if a ransom is not paid.

The FBI yesterday recommended U.S. organizations take certain actions to protect their networks against the Iranian cybergroup Emennet Pasargad, which has recently used hack-and-leak techniques and false personas to target organizations, including one in the United States.

It’s a sad fact that hospitals and health care systems continue to be a prime target for cyber criminals.

The health care field continues to be a top target for cybercriminals.

The National Security Agency, Cybersecurity and Infrastructure Security Agency and FBI yesterday urged U.S. critical infrastructure and other organizations to take certain actions to protect their systems from known vulnerabilities that China state-sponsored actors continue to exploit to target intellectual property and sensitive networks. In a separate presentation, the Department of Health and Human Services yesterday warned health care organizations that threat actors are increasingly using legitimate network security tools for malicious purposes.

AHA yesterday thanked Reps. Jason Crow, D-Colo., and Brian Fitzpatrick, R-Pa., for introducing a House companion to the Healthcare Cybersecurity Act, AHA-supported legislation that would improve collaboration and coordination between the Cybersecurity and Infrastructure Security Agency and Department of Health and Human Services.

A survey released in early September from Proofpoint, Inc., and the Ponemon Institute, on cybersecurity in health care raises important issues but appears to have a number of significant limitations.

The communications protocol for the Medtronic MiniMed 600 Series Insulin Pump System could allow an unauthorized person to access the pump to deliver too much or too little insulin, the Food and Drug Administration alerted users today.