����������

The Cybersecurity and Infrastructure Security Agency is tracking an unknown malicious cyber actor who is spoofing the Small Business Administration COVID-19 loan relief webpage via phishing emails, the agency announced.

The FBI today alerted the private sector to a sophisticated and aggressive nation-state campaign targeting known critical and common vulnerabilities in virtual private networks, initially reported by the government last year.

Ransomware attacks on hospitals are “threat-to-life crimes” because they directly threaten a hospital’s ability to provide patient care, writes John Riggi, AHA senior advisor for cybersecurity and risk.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency yesterday alerted organizations to a critical vulnerability affecting the SAP NetWeaver Application Server, which an attacker could exploit through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications.

The departments of Homeland Security and Health and Human Services and the National Security Agency alerted the field to a significant vulnerability affecting the Palo Alto Networks’ PAN-OS firewall software that cyber attackers could easily exploit remotely via the internet.

The Federal Communications Commission is investigating a T-Mobile network outage that impacted customers across the United States, FCC Chairman Ajit Pai said.

NATO issued a statement condemning “destabilising and malicious cyber activities directed against those whose work is critical to the response against the pandemic,” including hospitals, health care services and research institutes.

The Health and Public Health Sector Coordinating Council, a public-private partnership, released a crisis response guide to help health care providers respond to a critical incident.

The Healthcare and Public Health Sector Coordinating Council, a public-private partnership developed to mitigate threats to the nation’s health care sector, released guidance and recommendations to help health care organizations protect trade secrets, medical research and other innovation capital from theft. 

China and its proxies have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments and testing from networks and personnel affiliated with COVID-19-related research, which could jeopardize the delivery of secure, effective and efficient treatment options, the FBI and CISA warned.

The Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency have updated their telework guidance to include new guidance on telework best practices, videoconferencing tips, guidance for securing videoconferencing, and specific cybersecurity recommendations for critical infrastructure and federal agencies using video conferencing.

Cyber actors have launched phishing campaigns against first responders, initiated denial-of-service assaults against government agencies and threatened medical facilities with ransomware attacks.

The FBI warned today of specific COVID-19-themed email phishing campaigns targeting U.S.-based medical providers.

Cyber criminals are mimicking popular cloud-based email services to compromise business accounts and exploiting the COVID-19 pandemic to perpetrate fraud in telework environments, the FBI reports.

The heroic, nonstop work of our nation’s hospitals and health systems, physicians, caregivers and staff continues across the country, as care teams race to treat patients affected by the novel coronavirus (COVID-19) and make every effort to contain its spread.

The Cybersecurity and Infrastructure Security Agency issued guidance for identifying which infrastructure sectors and essential workers needed to maintain services and functions during the COVID-19 pandemic response, including in the health care and public health sector.

The AHA has released a compendium of resources for hospitals and health systems related to cybersecurity threats during the COVID-19 pandemic.

As COVID-19 progresses, cyber criminals seek to exploit health care infrastructure.

The Food and Drug Administration said cybersecurity vulnerabilities known as “SweynTooth” could pose a risk to some medical devices, such as pacemakers, glucose monitors and ultrasound equipment, that use Bluetooth Low Energy.

The AHA co-hosted a regional cyber workshop with Nebraska Hospital Association for technical and non-technical hospital and health system leaders to learn about cybersecurity as a strategic enterprise risk issue with implications to care delivery and patient safety.