����������

As we forge ahead in 2021 facing a lot of uncertainty, there’s one thing we recognize: The COVID-19 pandemic will have a lasting effect on the health and well-being of our nation.

The Department of Health and Human Services Office of the Assistant Secretary for Preparedness and Response released a comprehensive and valuable resource to help hospitals and health systems effectively care for patients and maintain business practices and readiness should a cybersecurity incident affect the health care operational environment.

The Health Information Sharing and Analysis Center and AHA will host a Feb. 10 panel discussion on best practices to combat unlawful robocalls to hospitals.

President Trump signed into law a bill (H.R. 7898) containing provisions that require the Secretary of Health and Human Services to consider certain recognized cybersecurity best practices when making determinations against HIPAA-covered entities and business associates victimized by a cyberattack.

In an alert this week, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) reminded health care providers and researchers to patch any vulnerabilities in their Picture Archiving Communication Systems that could expose patient records to unauthorized access.

A Federal Communications Commission advisory panel this week recommended best practices for voice service providers, hospitals, and federal and state governments to prevent unlawful robocalls from disrupting communications in hospitals.

The Cybersecurity and Infrastructure Security Agency and Health Sector Cybersecurity Coordination Center are alerting organizations to a global cyberattack using a hidden back door or “trojanized” legitimate updates to the SolarWinds Orion performance monitoring platform to access public and private networks.

A highly sophisticated threat actor has stolen tools used by cybersecurity company FireEye to evaluate the security posture of enterprise systems, which unauthorized third-party users could abuse to take control of targeted systems, the Cybersecurity and Infrastructure Security Agency announced.

The Cybersecurity and Infrastructure Security Agency alerted organizations to a global phishing and spearphishing campaign targeting the COVID-19 vaccine cold chain, the part of the supply chain used to store and transport a vaccine at safe temperatures.

The Senate Homeland Security and Governmental Affairs Committee held a hearing on defending communities from cyber threats during the COVID-19 pandemic.

The Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and Department of Health and Human Services said they continue to assess the ransomware threat to the health care sector.

The Cybersecurity and Infrastructure Security Agency, FBI and Department of Health and Human Services said they consider the recent ransomware threat to the health care sector to be credible, ongoing and persistent.

As physician practices reopen and hospitals around the country prepare for a second wave of COVID-19 infections coinciding with cold and flu season, the AHA and AMA have released a new resource to help them keep patients’ protected health information private and secure.

The National Security Agency released an advisory detailing 25 common vulnerabilities that Chinese state-sponsored cyber actors are actively exploiting to access computer networks for sensitive intellectual property and other information, and encouraged stakeholders to take appropriate action to protect their networks.

The good — our society clearly recognizes the vital role our hospitals and health systems play in our nation’s critical infrastructure and how important they are to our communities’ health and safety. The bad — we have seen an increase in the frequency, severity and sophistication of cyberattacks targeting hospitals and health systems.

Financial institutions and other organizations that facilitate ransomware payments may face sanctions for assisting a malicious cyber actor that the Department of the Treasury’s Office of Foreign Assets Control has sanctioned, according to a recent OFAC advisory.

The Cybersecurity and Infrastructure Security Agency and Multi-State Information Sharing & Analysis Center (MS-ISAC) released a guide to help organizations prevent and respond to ransomware attacks, including best practices and a ransomware response checklist. For additional ransomware resources, visit CISA’s ransomware webpage. 

The Department of Health and Human Services’ Office of the Assistant Secretary for Preparedness & Response released an update on the Ryuk ransomware threat to the health care and public health sector, and urged the sector to take certain actions to reduce the risk of an attack.

The National Institute of Standards and Technology has updated its Security and Privacy Controls for Information Systems and Organizations, a catalog of tools to help organizations manage and respond to security and privacy risks.

The Cybersecurity and Infrastructure Security Agency is tracking an unknown malicious cyber actor who is spoofing the Small Business Administration COVID-19 loan relief webpage via phishing emails, the agency announced.