ºÚÁÏÕýÄÜÁ¿

Cybercrimes directed against hospitals and health systems have been on a massive upswing worldwide for several years, accelerating even more during the COVID-19 pandemic.

The Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency yesterday issued an

John Riggi, AHA’s senior advisory for cyber security and risk, speaks with Edward You, supervisory special agent in the FBI’s Weapons of Mass Destruction Directorate, about the biggest national threats to the bioeconomy, medical research and innovation. Listen here. 

The National Institute of Standards and Technology will work with technology leaders to develop a framework to improve security in the technology supply chain, the White House announced at a meeting with technology leaders. Microsoft, Google, IBM, Travelers and the cyber insurance provider Coalition will participate in the initiative.

The FBI released an alert on Hive ransomware, which uses mechanisms such as phishing emails with malicious attachments and Remote Desktop Protocol to access and move through victim networks, exfiltrate data and encrypt files.

The FBI alerted U.S. organizations to ransomware attacks by a group using phishing emails to access victim networks and download Cobalt Strike threat emulation software.

BlackBerry announced a set of cyber vulnerabilities in its QNX Real Time Operating System for medical devices and other products, which a remote attacker could exploit to cause a denial-of-service condition or execute arbitrary code on affected devices.

Security platform provider Armis announced a patch and mitigation steps to address nine critical vulnerabilities in the firmware for a pneumatic tube system used by more than 3,000 hospitals, primarily in North America.

The U.S. Cybersecurity and Infrastructure Security Agency and FBI, Australian Cyber Security Centre, and United Kingdom National Cyber Security Centre released an advisory detailing the top 30 cyber vulnerabilities in 2020 and 2021. 

U.S. hospitals and health systems face growing financial pressure from cyberattacks, credit rating agency Fitch Ratings reported.  

A federal grand jury has charged four individuals from a China-based group known as APT40 with targeting computer systems in the United States and abroad between 2011 and 2018 to steal trade secrets and confidential business information for the People’s Republic of China, including proprietary genetic-sequencing technology and data, and infectious-disease research related to Ebola, MERS, HIV/AIDS, Marburg and tularemia, the Department of Justice announced.

The White House announced an interagency task force and other initiatives to protect U.S. organizations from ransomware attacks. The task force has been coordinating federal efforts to improve the nation’s cybersecurity as directed by the president in April.

Microsoft has released out-of-band security updates to address a remote code execution vulnerability — known as PrintNightmare (CVE-2021-34527) — in the Windows Print spooler service. The Computer Emergency Response Team Coordination Center (CERT/CC), part of the Software Engineering Institute at Carnegie Mellon University, last week reported a critical RCE vulnerability impacting the Windows Print Spooler service that allows a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system.

The FBI and Cybersecurity & Infrastructure Security Agency July 4 released guidance to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers and their customers

The Computer Emergency Response Team Coordination Center (CERT/CC), part of the Software Engineering Institute at Carnegie Mellon University, reported a critical remote code execution vulnerability impacting the Windows Print Spooler service that allows a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system.

The National Institute of Standards and Technology released a definition of critical software, which the Cybersecurity & Infrastructure Security Agency will use to develop a list of critical software products, as directed by President Biden in a May executive order on improving U.S. cybersecurity.

In a recent Fox Business Network interview, John Riggi, AHA’s senior advisor for cybersecurity and risk offered solutions to help prevent cyberattacks against hospitals and health systems, including investment in new technology and educating the workforce.

The Healthcare and Public Health Sector Coordinating Council, whose members include the AHA, urged President Biden to include support for health care cybersecurity in a future phase of his infrastructure plan.

The White House today released a memo urging business executives to immediately convene their leadership teams to discuss ransomware threats and review corporate security posture and business continuity plans.

The FBI and Cybersecurity and Infrastructure Security Agency May 28 issued a joint cyber advisory in response to a sophisticated spearphishing campaign targeting government organizations, intergovernmental organizations and non-governmental organizations.