/ en Tue, 29 Apr 2025 02:26:59 -0500 Fri, 16 Feb 24 14:07:37 -0600 /other-cybersecurity-reports/2024-02-16-tlp-clear-joint-guidance-identifying-and-mitigating-living-land-techniques <div class="container row"><div class="row"><div class="col-md-8"><p>This guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and the following agencies (hereafter referred to as the authoring agencies), provides information on common living off the land (LOTL) techniques and common gaps in cyber defense capabilities. </p><p>View the entire report below.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>Senior Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div><hr><div class="panel module-typeC"><div class="panel-heading"><h3 class="panel-title">Latest Cybersecurity Alerts</h3></div><div class="panel-body"><div class="views-element-container"> <section class="top-level-view js-view-dom-id-ce6d443585375ae2f2d37f82876bbe3e28c1b51e7e1fff4429e9ba14a7955a52 resource-block"> <div class="resource-wrapper"> <div class="resource-view"> <div class="article views-row"> <div class="views-field views-field-field-access-level"> <div class="field-content"> <div class="meta custom-lock-position"> <div class="views-field-access-level access-type-member" data-toggle="tooltip" data-placement="bottom" title="Members only"><a href="/taxonomy/term/279" hreflang="en">Member</a></div> </div></div> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-28T14:42:16-05:00">Apr 28, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/2025-04-28-h-isac-tlp-green-daily-cyber-headlines-april-28-2025" hreflang="en">H-ISAC TLP Green Daily Cyber Headlines - April 28, 2025</a></span> </div></div> <div class="article views-row"> <div class="views-field views-field-field-access-level"> <div class="field-content"> <div class="meta custom-lock-position"> <div class="views-field-access-level access-type-public" data-toggle="tooltip" data-placement="bottom" title="Members only"><a href="/taxonomy/term/278" hreflang="en">Public</a></div> </div></div> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-28T11:46:47-05:00">Apr 28, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2025-04-28-chair-file-leadership-dialogue-cybersecurity-health-care-john-riggi-ahas-national-advisor" hreflang="en">Chair File: Leadership Dialogue — Cybersecurity in Health Care with John Riggi, AHA’s National Advisor for Cybersecurity and Risk</a></span> </div></div> <div class="article views-row"> <div class="views-field views-field-field-access-level"> <div class="field-content"> <div class="meta custom-lock-position"> <div class="views-field-access-level access-type-public" data-toggle="tooltip" data-placement="bottom" title="Members only"><a href="/taxonomy/term/278" hreflang="en">Public</a></div> </div></div> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-28T11:08:26-05:00">Apr 28, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/advancing-health-podcast/2025-04-28-leadership-dialogue-series-cybersecurity-and-fight-safeguard-health-care" hreflang="en">Leadership Dialogue Series: Cybersecurity and the Fight to Safeguard Health Care</a></span> </div></div> <div class="article views-row"> <div class="views-field views-field-field-access-level"> <div class="field-content"> <div class="meta custom-lock-position"> <div class="views-field-access-level access-type-public" data-toggle="tooltip" data-placement="bottom" title="Members only"><a href="/taxonomy/term/278" hreflang="en">Public</a></div> </div></div> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-28T10:30:00-05:00">Apr 28, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/leadership-dialogue" hreflang="en">Leadership Dialogue</a></span> </div></div> <div class="article views-row"> <div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-25T09:40:18-05:00">Apr 25, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/center/cybersecurity-and-risk-advisory-services/preferred-cybersecurity/bringing-value/ep8-the-missing-link" hreflang="en">Episode 8: The Missing Link In Healthcare Cybersecurity Programs</a></span> </div></div> </div> </div> <div class="more-link"><a href="/topics/cybersecurity">See all Cybersecurity Alerts</a></div> </section> </div> </div></div></div></div></div> Fri, 16 Feb 2024 14:07:37 -0600 Other Cybersecurity Reports /cybersecurity-government-intelligence-reports/2024-02-16-fbi-tlp-clear-prc-state-sponsored-actors-compromise-and-maintain <div class="container row"><div class="row"><div class="col-md-8"><p>The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.</p><p>View the entire report below.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>Senior Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div><hr><div class="panel module-typeC"><div class="panel-heading"><h3 class="panel-title">Latest Cybersecurity Alerts</h3></div><div class="panel-body"><div class="views-element-container"> <section class="top-level-view js-view-dom-id-2e3c215189777dfe063c7ab9eeaebff579e333a04ed2d5dbc25b7fa0d49d6260 resource-block"> <div class="resource-wrapper"> <div class="resource-view"> <div class="article views-row"> <div class="views-field views-field-field-access-level"> <div class="field-content"> <div class="meta custom-lock-position"> <div class="views-field-access-level access-type-member" data-toggle="tooltip" data-placement="bottom" title="Members only"><a href="/taxonomy/term/279" hreflang="en">Member</a></div> </div></div> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-28T14:42:16-05:00">Apr 28, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/2025-04-28-h-isac-tlp-green-daily-cyber-headlines-april-28-2025" hreflang="en">H-ISAC TLP Green Daily Cyber Headlines - April 28, 2025</a></span> </div></div> <div class="article views-row"> <div class="views-field views-field-field-access-level"> <div class="field-content"> <div class="meta custom-lock-position"> <div class="views-field-access-level access-type-public" data-toggle="tooltip" data-placement="bottom" title="Members only"><a href="/taxonomy/term/278" hreflang="en">Public</a></div> </div></div> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-28T11:46:47-05:00">Apr 28, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2025-04-28-chair-file-leadership-dialogue-cybersecurity-health-care-john-riggi-ahas-national-advisor" hreflang="en">Chair File: Leadership Dialogue — Cybersecurity in Health Care with John Riggi, AHA’s National Advisor for Cybersecurity and Risk</a></span> </div></div> <div class="article views-row"> <div class="views-field views-field-field-access-level"> <div class="field-content"> <div class="meta custom-lock-position"> <div class="views-field-access-level access-type-public" data-toggle="tooltip" data-placement="bottom" title="Members only"><a href="/taxonomy/term/278" hreflang="en">Public</a></div> </div></div> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-28T11:08:26-05:00">Apr 28, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/advancing-health-podcast/2025-04-28-leadership-dialogue-series-cybersecurity-and-fight-safeguard-health-care" hreflang="en">Leadership Dialogue Series: Cybersecurity and the Fight to Safeguard Health Care</a></span> </div></div> <div class="article views-row"> <div class="views-field views-field-field-access-level"> <div class="field-content"> <div class="meta custom-lock-position"> <div class="views-field-access-level access-type-public" data-toggle="tooltip" data-placement="bottom" title="Members only"><a href="/taxonomy/term/278" hreflang="en">Public</a></div> </div></div> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-28T10:30:00-05:00">Apr 28, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/leadership-dialogue" hreflang="en">Leadership Dialogue</a></span> </div></div> <div class="article views-row"> <div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-25T09:40:18-05:00">Apr 25, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/center/cybersecurity-and-risk-advisory-services/preferred-cybersecurity/bringing-value/ep8-the-missing-link" hreflang="en">Episode 8: The Missing Link In Healthcare Cybersecurity Programs</a></span> </div></div> </div> </div> <div class="more-link"><a href="/topics/cybersecurity">See all Cybersecurity Alerts</a></div> </section> </div> </div></div></div></div></div> Fri, 16 Feb 2024 13:59:27 -0600 Other Cybersecurity Reports /other-cybersecurity-reports/2022-02-28-hhs-tlp-white-destructive-malware-targeting-organizations .content { padding-bottom: 0px; } <div class="container row"> <div class="row"> <div class="col-md-8"> <h2>Executive Summary</h2> <p>Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable. Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data. Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries. Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.</p> <p>View the detailed report below. </p> </div> <div class="col-md-4"> <div> <p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p> <h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3> <h4>National Advisor for Cybersecurity and Risk, AHA</h4> <h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a> </h4> <h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div> </div> </div> </div> </div> Mon, 28 Feb 2022 15:32:24 -0600 Other Cybersecurity Reports /other-cybersecurity-reports/2022-01-29-safeguarding-our-future-protecting-personal-health-data <div class="container row"> <div class="row"> <div class="col-md-8"> <h2>THREAT</h2> <p>Foreign companies and some U.S. businesses with facilities abroad have been partnering or contracting with U.S. organizations to provide diagnostic tests and services that in some cases collect specimens, DNA, fitness / lifestyle information, or other personal health data from patients or consumers in the United States. Some of these companies may be subject to foreign laws that can compel them to share such data with foreign governments, including governments that exploit personal health data for their own ends and without regard to individual privacy.</p> <p>For example, several Chinese companies have partnered or contracted with U.S. organizations and are accredited, certified, or licensed to perform genetic testing or whole-genome sequencing on patients in the U.S. healthcare system, potentially giving them direct access to the genetic data of patients in the United States.<sup>1</sup> Chinese companies are compelled to share data with the government of the People’s Republic of China,<sup>2</sup> which has used genetic data for state surveillance and repression of its ethnic and religious minorities,<sup>3</sup>,<sup>4</sup> as well as for military research and applications<sup>.5</sup></p> <p>Although research performed through partnerships and data sharing with foreign companies can potentially yield medical breakthroughs,<sup>6 </sup>the collection of U.S. personal health data by foreign companies can also pose potential risks to individual privacy and U.S. economic and national security.</p> <h2>RISKS</h2> <p><u><strong>Privacy</strong></u>: Your personal health data, including genetic data, could end up in the hands of a foreign regime and used for purposes you never intended. Loss of your DNA to unwanted parties is permanent and not only affects you, but also your relatives, and potentially future generations.</p> <p><u><strong>Intelligence</strong></u>: Foreign regimes can combine personal health data, including genetic data, with other personal data sets they have collected to build profiles on individuals for potential surveillance, coercion, or manipulation.</p> <p><u><strong>Economic</strong></u>: Collection of large, diverse genomic data sets from around the world by foreign regimes and companies can boost their global market share and economic advantage in pharmaceutical and health care sectors at the expense of U.S. commercial health and research sectors when there is no reciprocal sharing of health data by the foreign entities.</p> <p><u><strong>Military</strong></u>: Foreign regimes can use large, diverse genomic data sets from around the world for military-related research, including biodefense.</p> <h2>MITIGATION FOR U.S. ORGANIZATIONS</h2> <ul> <li>Before partnering or contracting with a company that offers low-cost diagnostic tests or services in the United States, know who you are doing business with and identify any foreign connections. <ul> <li>Review their privacy and data security policies to determine if they allow for the collection, transfer, processing, or storage of U.S. patient or consumer data abroad.</li> <li>Determine the company’s potential foreign government ownership or ties, as well as contractual and legal obligations. Determine if laws in the home country of the company or its affiliates require data sharing with foreign governments.</li> <li>Consider whether the risks of a foreign government gaining access to U.S. patient or consumer data outweigh the potential cost savings of contracting with the company.</li> <li>Negotiate contracts that require U.S. patient or consumer data to be held in the United States and prohibit that data from being transferred abroad without patient or consumer consent.</li> <li>Set security and privacy standards for the company’s handling of U.S. patient or consumer data and continuously monitor compliance.</li> </ul> </li> <li>If you already have partnered or contracted with the company, ascertain the security and privacy impact of data shared. Consider not only the sensitivity of the data shared, but also the quantity. Large sets of seemingly non-sensitive data can be aggregated for the identification of patterns or relationships and be exploited. <ul> <li>Provide patient or consumer disclosures that enumerate potential security risks and loss of privacy.</li> </ul> </li> <li>Maintain enduring connectivity to the U.S. Government for the latest threat information and security best practices. <ul> <li>General NCSC resources are available at <a href="https://www.dni.gov/index.php/ncsc-home" target="_blank">www.ncsc.gov</a>. NCSC’s February 2021 bulletin on threats to U.S. genomic data can be found <a href="https://www.dni.gov/files/NCSC/documents/SafeguardingOurFuture/NCSC_China_Genomics_Fact_Sheet_2021revision20210203.pdf" target="_blank">here</a>, while NCSC’s supply chain risk management resources can be found <a href="https://www.dni.gov/index.php/ncsc-what-we-do/ncsc-supply-chain-threats" target="_blank">here</a>.</li> </ul> </li> </ul> <h2>MITIGATION FOR U.S. PATIENTS OR CONSUMERS</h2> <ul> <li>Understand you have a significant role in safeguarding your data, as there is not a comprehensive, national U.S. data privacy and security law that governs the relocation, transfer, and storage of U.S. genetic or other personal health data overseas.</li> <li>Know your rights. Ask questions and take time to read the fine print before providing consent to turn over your personal health data, including genetic, medical, fitness, and lifestyle data.</li> <li>Review the privacy and data security policies of the diagnostic testing or services company to determine if they allow for the collection, transfer, processing, or storage of U.S. patient or consumer data abroad and whether that data may be subject to the laws of foreign nations.</li> </ul> <p>____________</p> <p><small><sup>1</sup> “China’s Biotechnology Development: The Role of US and Other Foreign Engagement,” A report prepared by Gryphon Scientific,<br /> LLC, and the Rhodium Group, LLC for the U.S.-China Economic and Security Review Commission, February 14, 2019, pp. 122, 124.<br /> <sup>2</sup> Annual Threat Assessment of the U.S. Intelligence Community, Office of the Director of National Intelligence, April 9, 2021, pg. 20.<br /> <sup>3</sup> “Commerce Department Adds Eleven Chinese Entities Implicated in Human Rights Abuses in Xinjiang to the Entity List,” U.S.<br /> Department of Commerce press release, July 20, 2020.<br /> <sup>4 </sup>Xinjiang Supply Chain Business Advisory, “Risks and Considerations for Businesses and Individuals with Exposure to Entities<br /> Engaged in Forced Labor and other Human Rights Abuses linked to Xinjiang, China,” U.S. Department of State, U.S. Department of<br /> Treasury, U.S. Department of Homeland Security, Office of the U.S. Trade Representative, U.S. Department of Labor, Updated July 13,<br /> 2021, pg. 4.<br /> <sup>5 </sup>“Commerce Acts to Deter Misuse of Biotechnology, Other U.S. Technologies by the People’s Republic of China to Support Surveillance<br /> and Military Modernization that Threaten National Security,” U.S. Department of Commerce press release, December 16, 2021.<br /> <sup>6</sup> “China’s Biotechnology Development: The Role of US and Other Foreign Engagement,” A report prepared by Gryphon Scientific,<br /> LLC, and the Rhodium Group, LLC for the U.S.-China Economic and Security Review Commission, February 14, 2019, pg. 122.</small></p> </div> <div class="col-md-4"> <div> <p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p> <h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3> <h4>National Advisor for Cybersecurity and Risk, AHA</h4> <h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4> <h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div> </div> </div> </div> </div> Sat, 29 Jan 2022 14:19:08 -0600 Other Cybersecurity Reports <div class="container"> <div class="row"> <div class="col-md-8"> <h2>Summary</h2> <p>This joint Cybersecurity Advisory (CSA)—authored by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA)—provides an overview of Russian state-sponsored cyber operations; commonly observed tactics, techniques, and procedures (TTPs); detection actions; incident response guidance; and mitigations. This overview is intended to help the cybersecurity community reduce the risk presented by these threats.</p> <p>CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness and to conduct proactive threat hunting, as outlined in the Detection section. Additionally, CISA, the FBI, and NSA strongly urge network defenders to implement the recommendations listed below and detailed in the Mitigations section. These mitigations will help organizations improve their functional resilience by reducing the risk of compromise or severe business degradation.</p> <ol> <li><strong>Be prepared.</strong> Confirm reporting processes and minimize personnel gaps in IT/IO security coverage. Create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations plan so that critical functions and operations can be kept running if technology systems are disrupted or need to be taken offline.</li> <li><strong>Enhance your organization’s cyber posture.</strong> Follow best practices for identity and access management, protective controls and architecture, and vulnerability and configuration management.</li> <li><strong>Increase organizational vigilance.</strong> Stay current on reporting on this threat. <a href="https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new" target="_blank">Subscribe</a> to CISA’s <a href="https://www.cisa.gov/uscert/mailing-lists-and-feeds" target="_blank">mailing list and feeds</a> to receive notifications when CISA releases information about a security topic or threat.</li> </ol> <p>CISA, the FBI, and NSA encourage critical infrastructure organization leaders to review CISA Insights: <a href="https://www.cisa.gov/sites/default/files/publications/CISA_INSIGHTS-Preparing_For_and_Mitigating_Potential_Cyber_Threats-508C.pdf" target="_blank">Preparing for and Mitigating Cyber Threats</a> for information on reducing cyber threats to their organization.</p> <p><em>Click on the PDF link below to view to complete Advisory.</em></p> </div> <div class="col-md-4"> <div> <p>Actions critical infrastructure organizations should implement to immediately strengthen their cyber posture.</p> <ul> <li>Patch all systems. Prioritize patching <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" target="_blank">known exploited vulnerabilities</a>.</li> <li>Implement multi-factor authentication.</li> <li>Use antivirus software.</li> <li>Develop internal contact lists and surge support.</li> </ul> </div> </div> </div> </div> Fri, 17 Dec 2021 13:25:47 -0600 Other Cybersecurity Reports /other-cybersecurity-reports/2021-11-19-hc3-threat-briefing-tlp-white-zero-day-attacks <div class="container row"> <div class="row"> <div class="col-md-8"> <p>Please see the attached weekly threat brief from the HHS Health Sector Cybersecurity Coordination Center (HC3). This week's briefing is on Zero-Day Attacks and covers the following topics:</p> <ul> <li>What are Zero-Day Attacks?</li> <li>Famous Attacks Leveraging Zero-Days</li> <li>Zero-Day Trends</li> <li>Bug Bounty Programs</li> <li>Impact on the HPH sector</li> <li>Mitigations</li> </ul> </div> <div class="col-md-4"> <div> <p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p> <h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3> <h4>Senior Advisor for Cybersecurity and Risk, AHA</h4> <h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4> <h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div> </div> </div> </div> </div> Fri, 19 Nov 2021 17:20:53 -0600 Other Cybersecurity Reports <div class="container row"> <div class="row"> <div class="col-md-8"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <p><span><span><span><b><span><span><span>Eclypsium Researchers Release Technical Details on Malicious Bootkits </span></span></span></b></span></span></span></p> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <p><span><span><span><span><span><span><span>Alert ID: </span></span></span></span></span><span><span><span><a href="https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhealth-isac.cyware.com%2Fwebapp%2Fuser%2Fmyfeeds%2F933c1857&data=04%7C01%7Cdsamuels%40AHA.ORG%7C69b0e0104f314e2a65ef08d9964c1cf2%7Cb9119340beb74e5e84b23cc18f7b36a6%7C0%7C0%7C637706075943523191%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=soREF4gDux5WRuUqDLBGdfiEsde78Z%2BKtXKITYvt5Wc%3D&reserved=0" originalsrc="https://health-isac.cyware.com/webapp/user/myfeeds/933c1857" shash="Zv5ADV0KdM7UQb0KFU39IZztpaI+4QOVMLtch7fmFPNefuqRwLyAS5kaKIW0Fj8Ai+uT0FmWjhOjhQ+oQ2KKvZ4H1WFYYh/4fSdkX8VZcQLs8sN9nIU2ypjAeeCdBfY5XmBAbF2wfo1LdAds6Tz0DxTgMnc1d9AfWk7SpPbbhiQ=" target="_blank"><span>933c1857</span></a></span></span></span><span><span><span>|</span></span></span> <span><span><span><span><span>Category: </span></span></span></span></span><span><span><span>Threat Bulletins</span></span></span><span><span><span>|</span></span></span>   <span><span><span>TLP: </span></span></span><span><span><span>WHITE</span></span></span></span></span></p> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </div> <div class="col-md-4"> <div> <p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p> <h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3> <h4>Senior Advisor for Cybersecurity and Risk, AHA</h4> <h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4> <h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div> </div> </div> </div> </div> Sat, 23 Oct 2021 10:30:14 -0500 Other Cybersecurity Reports /other-cybersecurity-reports/2021-10-22-daily-alert-report-october-22-2021 <table align="center" class="Table" width="0"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <p><span><span><span>  </span></span></span></p> </td> </tr> </tbody> </table> <p><span><span><span><span><img id="_x0000_i1025" src="https://cdn.cyware.com/email-templates/csap/cyware.png" /></span></span></span></span></p> </td> <td> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <p><span><span><span><b><span><span><span>Alerts </span></span></span></b><span><span><span>Published On </span></span></span><span><span><span>October 22, 2021</span></span></span> </span></span></span></p> </td> <td> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <p><span><span><span><b><span><span><span>Health-ISAC Daily Cyber Headlines </span></span></span></b></span></span></span></p> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <p><span><span><span><span><span>Alert ID: </span></span></span><span><span><span><a href="https://health-isac.cyware.com/webapp/user/myfeeds/31f8ab75" target="_blank"><span>31f8ab75</span></a></span></span></span><span><span><span>|</span></span></span> <span><span><span>Category: </span></span></span><span><span><span>Daily Cyber Headlines</span></span></span><span><span><span>|</span></span></span>   <span><span><span>TLP: </span></span></span><span><span><span>GREEN</span></span></span></span></span></p> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <div align="center"> <hr align="center" size="1" width="100%" /></div> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <p><span><span><span><b><span><span><span>Ransomware Data Leak Sites Report </span></span></span></b></span></span></span></p> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <p><span><span><span><span><span>Alert ID: </span></span></span><span><span><span><a href="https://health-isac.cyware.com/webapp/user/myfeeds/6ec697b1" target="_blank"><span>6ec697b1</span></a></span></span></span><span><span><span>|</span></span></span> <span><span><span>Category: </span></span></span><span><span><span>Informational</span></span></span><span><span><span>|</span></span></span>   <span><span><span>TLP: </span></span></span><span><span><span>GREEN</span></span></span></span></span></p> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <div align="center"> <hr align="center" size="1" width="100%" /></div> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <p><span><span><span><b><span><span><span>Coronavirus Daily Update </span></span></span></b></span></span></span></p> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <p><span><span><span><span><span>Alert ID: </span></span></span><span><span><span><a href="https://health-isac.cyware.com/webapp/user/myfeeds/8b580219" target="_blank"><span>8b580219</span></a></span></span></span><span><span><span>|</span></span></span> <span><span><span>Category: </span></span></span><span><span><span>Informational</span></span></span><span><span><span>|</span></span></span>   <span><span><span>TLP: </span></span></span><span><span><span>GREEN</span></span></span></span></span></p> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <div align="center"> <hr align="center" size="1" width="100%" /></div> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <p><span><span><span><b><span><span><span>HC3 Threat Briefing – Hive Ransomware </span></span></span></b></span></span></span></p> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <p><span><span><span><span><span>Alert ID: </span></span></span><span><span><span><a href="https://health-isac.cyware.com/webapp/user/myfeeds/61652944" target="_blank"><span>61652944</span></a></span></span></span><span><span><span>|</span></span></span> <span><span><span>Category: </span></span></span><span><span><span>Finished Intelligence Reports</span></span></span><span><span><span>|</span></span></span>   <span><span><span>TLP: </span></span></span><span><span><span>WHITE</span></span></span></span></span></p> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <table class="Table" width="100%"> <tbody> <tr> <td valign="top"> <div align="center"> <hr align="center" size="1" width="100%" /></div> </td> <td valign="top"> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> Fri, 22 Oct 2021 13:57:25 -0500 Other Cybersecurity Reports /other-cybersecurity-reports/2021-10-01-hc3-tlp-white-alert-hardening-remote-access-vpn-amplify <h2>Executive Summary</h2> <p>The NSA and CISA issued a joint information sheet providing guidance on hardening Virtual Private Networks (VPNs) services. VPNs are known to allow users to remotely connect to a corporate network and access internal materials via a secure tunnel. Because remote access VPN servers are entry points into protected networks, they are targets for adversaries. The NSA and CISA advises selecting standards-based VPNs from reputable vendors with a proven track record of quickly remediating vulnerabilities and following best practices in regard to using strong authentication credentials.</p> <h2>Report</h2> <p>Selecting and Hardening Remote Access VPN Solutions<br /> <a href="https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF" target="_blank">https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF</a></p> <h2>Impact to HPH Sector</h2> <p>The health sector is known to frequently use VPN technologies for telehealth, telemedicine, patient access to records and appointments as well as a variety of other applications. Compromise can lead to disruption of healthcare operations and leaking of sensitive health information, including research-related intellectual property as well as protected employee and patient information, leading to a leak of personal health information (PHI) and a potential HIPAA violation. HC3 recommends that healthcare organizations review the NSA/CISA join information sheet and take appropriate actions in accordance with their risk management strategy.</p> <h2>References</h2> <p>Guide to IPsec VPNs<br /> <a href="https://csrc.nist.gov/publications/detail/sp/800-77/rev-1/final" target="_blank">https://csrc.nist.gov/publications/detail/sp/800-77/rev-1/final</a></p> <p>Selecting and Hardening Remote Access VPN Solutions<br /> <a href="https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF" target="_blank">https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF</a></p> <p>National Cyber Security Center, Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and National Security Agency (2021), Advisory: Further TTPs associated with SVR cyber actors<br /> <a href="https://www.ncsc.gov.uk/files/Advisory%20Further%20TTPs%20associated%20with%20SVR%20cyber%20actors.pdf" target="_blank">https://www.ncsc.gov.uk/files/Advisory Further TTPs associated with SVR cyber actors.pdf<br /> Contact Information</a></p> <p>If you have any additional questions, please contact us at <a href="mailto:mailto:HC3@hhs.gov">HC3@hhs.go</a>v.</p> <p><br />  </p> Fri, 01 Oct 2021 15:38:41 -0500 Other Cybersecurity Reports /other-cybersecurity-reports/2021-10-01-hc3-tlp-white-conti-ransomware-amplify-alert-september-30 <div class="container row"> <div class="row"> <div class="col-md-8"> <h2>Executive Summary</h2> <p>Conti is a ransomware group that has aggressively targeted healthcare organizations since it was first observed in 2019. Conti ransomware attacks have targeted healthcare industry, major corporations and government agencies, particularly those in North America. During this type of cyber-attack, the threat actor steals sensitive data from compromised networks, encrypts the targeted organizations’ servers and workstations, and threatens to publish the stolen data unless the target pays a ransom.</p> <h2>Report</h2> <p>Joint Cybersecurity Advisory (CISA, FBI, NSA): Conti Ransomware<br /> <a href="https://us-cert.cisa.gov/sites/default/files/publications/AA21-265A-Conti_Ransomware_TLP_WHITE.pdf" target="_blank">https://us-cert.cisa.gov/sites/default/files/publications/AA21-265A-Conti_Ransomware_TLP_WHITE.pdf</a></p> <h2>Impact to HPH Sector</h2> <p>According to their Joint Cybersecurity Advisory, CISA and the FBI have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. This impacts the HPH sector because at least 16 Conti ransomware attacks have been identified targeting US healthcare industry, first responder networks, emergency medical services, 9-1-1 dispatch centers, law enforcement agencies, and municipalities.</p> <p>HC3 is aware of the Conti operators aggressively targeting healthcare and public health targets and fully expects this trend to continue. To secure systems against Conti ransomware, CISA/NSA/FBI recommends implementing mitigations from their Joint Cybersecurity Advisory.</p> <h2>References</h2> <p>CISA: Alert (AA21-265A) Conti Ransomware<br /> <a href="https://us-cert.cisa.gov/ncas/alerts/aa21-265a" target="_blank">https://us-cert.cisa.gov/ncas/alerts/aa21-265a</a></p> <p>FBI FLASH: Conti Ransomware Attacks Impact Healthcare and First Responder Networks<br /> <a href="https://www.cisa.gov/sites/default/files/Conti%20Ransomware%20Heathcare%20networks.pdf" target="_blank">https://www.cisa.gov/sites/default/files/Conti%20Ransomware%20Heathcare%20networks.pdf</a></p> <p>Joint Cybersecurity Advisory(CISA, FBI, NSA): Conti Ransomware<br /> <a href="https://us-cert.cisa.gov/sites/default/files/publications/AA21-265A-Conti_Ransomware_TLP_WHITE.pdf" target="_blank">https://us-cert.cisa.gov/sites/default/files/publications/AA21-265A-Conti_Ransomware_TLP_WHITE.pdf</a></p> <h2>Contact Information</h2> <p>If you have any additional questions, please contact us at <a href="mailto:mailto:HC3@hhs.gov">HC3@hhs.gov</a>.</p> <p>View the entire report below.</p> </div> <div class="col-md-4"> <div> <p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p> <h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3> <h4>Senior Advisor for Cybersecurity and Risk, AHA</h4> <h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4> <h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div> </div> </div> </div> </div> Fri, 01 Oct 2021 14:59:49 -0500 Other Cybersecurity Reports