/ en Fri, 25 Apr 2025 17:56:07 -0500 Thu, 03 Apr 25 10:49:37 -0500 /news/aha-cyber-intel/2025-04-03-3-must-know-cyber-and-risk-realities-whats-ahead-health-care-2025 <p>While the rate of cyberattacks on hospitals has risen dramatically, the severity of the impacts has also grown exponentially. Let’s look at the state of cyber and physical threats in 2025 as well as the opportunities for progress across the health care sector. Hospitals and health systems are learning to better prepare for cyberattacks and maintain clinical continuity and business resiliency during prolonged outages.</p><h2>1. The Demand for Health Care Records Will Continue</h2><h3><u>The Cyber Onslaught: Where Do We Stand So Far in 2025?</u></h3><p>In late January of this year, we learned that last year’s ransomware attack against UnitedHealth Group subsidiary Change Healthcare exposed the health data of 190 million people — up from previous reports of 100 million. By the end of 2024, 259 million Americans’ health care records had been stolen in part or full (including those through the Change attack). This, sadly, is a new record, one far exceeding the previous record set just last year of 138 million Americans having their health records stolen through hacks. The most significant hacking threats originate primarily, but not exclusively, from Russia, China, North Korea and Iran — and they often provide safe harbor for the hackers to operate from their territories.</p><p>According to the breach notices filed with the U.S. Department of Health and Human Services Office of Civil Rights<sup>1</sup>, since 2020 over 500 million individuals — more than the U.S population — have had their health care records stolen or compromised at least once. You would think the market for health care data would be saturated and the bad actors would find little value in continuing their attacks. That thinking would be mistaken. As patients’ health records continue to be updated, so does the data that’s of interest to hackers.</p><p>There are two markets for health care records: nation-state and criminal.</p><h3><u>Health Care Data Has Tremendous Intelligence Value for the Nation-State Market</u></h3><p>Often overlooked is the fact that the health care records of Americans contain valuable data points that are of interest and value to hostile foreign intelligence services — including Russia, North Korea, Iran and China. Health care records offer a treasure trove of data on Americans, data that could be exploited by foreign intelligence services. Examples of this data include their personally identifiable information, contact information, occupations and medical conditions. These nations may target the health information of persons of interest in the government, the military and the private sector alike. The information could be leveraged for potential intelligence collection activities or compromise, currently and in the future. Hacked health information will have lasting intelligence value, as in the case of someone who gains a prominent position with a security clearance five years from now.</p><h3><u>Health Care Data Is Still Lucrative for the Criminal Market</u></h3><p>Cybercriminals use hacked health care records to commit financial crimes such as health care fraud, including fraudulent billing of health insurance providers. They also use the stolen personally identifiable information contained in health care records to gain access to individual bank accounts, or apply for fake loans and credit cards. According to analysis by Kroll, a health care record can be worth as much as $1,000 on the black market, making health records far more valuable than stolen credit card numbers or other financial records. The primary reason for this is that health care records have <em>enduring value</em>. Unlike a credit card number, a patient cannot change their health care records. For example, a patient cannot change their diagnosis or an image from a CT scan if they have been compromised. These factors contributed to the health care sector suffering more breaches than the financial sector last year.</p><p>Often hackers steal data not with the intent to sell it or use it for other crimes, but to hold it for ransom. They threaten to publish the data on the dark web or sell it to other criminals unless a ransom is paid by the hacked victim organization. This is called <em>data extortion</em> and we are seeing this trend continue and perhaps increase in 2025.</p><p>Most concerning is the continuation of cross-border ransomware attacks targeting health care providers and health care mission-critical third-party services, technology and supply chain. Ransomware is a type of malware that encrypts data, files and systems, often forcing targeted organizations to shut down their internal computer networks and disconnect from the internet. The ensuing loss of access to on-premises and cloud-based information, medical and operational technologies has caused significant disruption and delay to health care delivery, resulting in a risk to patient and community safety.</p><p>Encryption-type ransomware attacks are often accompanied by data theft and data extortion attacks as well. The foreign ransomware groups, primarily Russian-speaking, pressure the victims to pay a ransom for a decryption key to unlock the victim organization’s systems, and then again to pay a second ransom to keep the patient data from being publicly exposed.</p><h2>2. The Use of AI Will Accelerate, Driven by Geopolitical Tensions</h2><p>We’re in the early stages of an artificial intelligence-fueled arms race, with the bad guys using AI to launch cyberattacks and the good guys using it to defend against those cyberattacks. The level of threat from the cyberattacks will be significantly influenced by the geopolitical situation and the approaches the current administration takes in dealing with hostile nation-states and, by proxy, the criminal groups that are provided safe harbor by those nations.</p><p>The main geopolitical tensions contributing to this AI cyber war include:</p><ul><li>The war in Ukraine.</li><li>The situation in the Mideast — the Gaza Strip and, by extension Iran, which has a significant cyber offensive capability.</li><li>North Korea’s use of funding from cybercrime (such as the ransoms hospitals paid to the Maui ransomware group) to build its illegal nuclear weapons program and advance its national security objectives.</li><li>Malware from China, which has been found deeply embedded in our critical infrastructure, including water, internet service and telecommunications networks. According to the federal government, if China chooses to invade Taiwan, China is poised to detonate that malware — causing massive infrastructure disruption and societal chaos intended to blunt our response to defend Taiwan. The Chinese government remains our No. 1 strategic cyberthreat.</li></ul><h2>3. Here’s the Good News: Now That We’re Aware, We Can Prepare to Maintain Continuity of Care</h2><p>Having witnessed and battled the impact of cyberattacks on clinical processes, building management systems and business operations, the health care field has learned ways to better prepare for future attacks.</p><ul><li>Never before has there been such a robust exchange of cyberthreat intelligence between the government and the private sector, including the health care field. We’re taking a “whole of nation” approach — cooperating across the field, with other sectors, with other nations and the government to defend against a common threat — just as we did after 9/11.</li><li>The field of cybersecurity has seen some positive technological developments. Experts are using AI to understand how adversaries are penetrating our networks, and they’re developing more effective tools, more quickly, to counter adversaries’ tactics, techniques and procedures.</li><li>Hospitals are now focusing on emergency preparedness — meaning they’re not just focusing on technical defenses to prevent an attack, but also considering how to prepare a response, step-by-step, to maintain clinical continuity. How will they continue to deliver safe and quality care, department by department, function by function, for 30 days or longer? As they have said for years, “It’s not a matter of if, but when” we experience a cyberattack. In 2025, the question needs to be more to the point: "When we are attacked, will we be ready?" <br><br>Clinical continuity planning also entails ensuring their third-party providers are prepared. We know that when business associates, medical device providers and supply chain vendors get hit through insecure technology or an insecure supply chain, hospitals and patients get hit, too. After a 2024 blood supply ransomware attack that disrupted network-connected machines that print critical labels for blood units, my colleague Scott Gee and I helped the blood community and affected hospitals understand the nature of the threat and identify downtime procedures to help mitigate the impact. <br><br><em>Consider requesting the </em><a href="https://sponsors.aha.org/HFC-Gen-18953-Cyber-Clinical-Continuity-Assessment_2025-03-AHA-Cybersecurity-Clinical-Continuity-Assessment-Program.html" target="_blank" title="AHA’s Clinical Continuity of Care Assessment "><em>Clinical Continuity Assessment</em></a><em> to evaluate your hospital’s readiness to maintain critical clinical and operational functions during a cyberattack and gain practical recommendations.</em><br> </li><li><p>Beyond medical and information technology, there is operational technology, which may directly or indirectly impact patient care. Hospitals must account for the resulting physical effects of a foreign-based cyberattack on their buildings and building management systems, which are now highly automated and network-dependent. With everything internet-connected, what happens if operational technology goes down? Security and safety of patients and staff quickly become a concern.</p><p>Below are just some of the impact points:</p><ul><li>Lighting and climate control. Think of the repercussions for your operating rooms.</li><li>Access control. Doors default to either a locked or unlocked setting, potentially creating physical security concerns for patients and staff.</li><li>Video surveillance, fire alarms and intrusion alarms. Losing access compromises safety.</li><li>Voice over Internet Protocol phones may stop functioning. Staff may not be able to effectively respond to the attack, coordinate care and communicate with patients; fire and security systems may not be able to communicate with central monitoring stations and police and fire departments.</li><li>Computer-controlled elevators. Their default setting may be that the elevator goes to the first floor and the doors open, rendering them unusable.</li></ul><p><br>Physical threats also entail the domestic threat of U.S. residents directing misinformed anger at the health care sector. With the high-profile murder of the UnitedHealth Group’s CEO Brian Thompson in New York City and the ongoing legal process, there has been a tremendous increase in online vitriol directed at health care and insurance leaders. Hospitals now know that detecting these threats before they escalate into physical action requires increased physical security, staff training and thorough online and open-source monitoring. <br><br><em>To help in protecting your patients and operations from physical threats and cyberattacks, we have assembled a network of trusted providers — with vetted services — participating in the </em><a href="/center/cybersecurity-and-risk-advisory-services/preferred-cybersecurity " title="AHA Preferred Cybersecurity & Risk Provider Program"><em>AHA Preferred Cybersecurity & Risk Provider Program</em></a>.<br> </p></li></ul><h2>Additional Support for Your Security Efforts from the AHA’s Cybersecurity and Risk Experts</h2><p>Our team offers a wide variety of strategic cybersecurity and risk advisory services to assist AHA members, many of which are included with your AHA membership.</p><p>We are also available anytime, including after hours, at no cost should your AHA-member organization need urgent assistance, guidance or introduction to trusted government contacts as the result of a cyber or risk incident.</p><ul><li><a href="/bios/2020-06-12-john-riggi" target="_blank" title="John Riggi, National Cybersecurity and Risk Advisor"><em>John Riggi, National Cybersecurity and Risk Advisor</em></a><em>: </em><a href="mailto: jriggi@aha.org" target="_blank" title="jriggi@aha.org"><em><strong>jriggi@aha.org</strong></em></a></li><li><a href="/press-releases/2024-08-23-former-microsoft-and-us-secret-service-cybersecurity-leader-scott-gee-named-aha-deputy-national" target="_blank" title="Scott Gee, Deputy National Cybersecurity and Risk Advisor"><em>Scott Gee, Deputy National Cybersecurity and Risk Advisor</em></a><em>: </em><a href="mailto: sgee@aha.org " target="_blank" title="sgee@aha.org"><em><strong>sgee@aha.org</strong></em></a></li></ul><hr><p><em><small class="sm"><sup>1 </sup></small></em><a href="https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf" target="_blank" title="https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf "><em><small class="sm">https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf </small></em></a></p> Thu, 03 Apr 2025 10:49:37 -0500 AHA Cyber Intel /news/aha-cyber-intel/2025-02-18-resources-protect-americas-rural-hospitals-cyberthreats <p>Cyberthreats such as ransomware attacks are not just data-theft or financial crimes, but they also are <strong>threat-to-life crimes</strong>. And they are not just an IT issue — they pose a risk to every function of your enterprise. They are designed to shut down vital systems and cause maximum delay and disruption to patient care. They not only threaten the safety of patients in the hospital, but also their effects cascade throughout the entire community, posing a safety risk to everyone who depends on the availability of the nearest hospital in the event of a medical emergency.</p><p>These attacks also pose a risk to every hospital, clinic and emergency department in the surrounding region that may have patients diverted to them or depend upon the impacted hospital for clinical services such radiology or oncology. The combined regional impact and disruption to care delivery is what I call the <strong>“ransomware blast radius.”</strong> The impact of the blast radius is especially significant for rural hospitals.</p><h2>Why It’s Vital to Protect Rural Hospitals</h2><p>Approximately 60 million people living in rural areas depend on their hospital as an important and often the primary source of care in their communities, as well as a critical component of their region’s economic and social fabric. Yet rural hospitals’ limited access to technology, staff and financial resources constrains their ability to defend against the malicious actors behind today’s ever-escalating cyberattacks. They cannot do it alone.</p><p>That’s why the AHA is collaborating with multiple parties across the public and private sectors to support our rural members with cybersecurity risk mitigation. The AHA has long been committed to helping hospitals and health systems defend against and deflect cyberattacks.</p><h2>Cybersecurity Resources for Rural Hospitals</h2><h3><u>Support for Cybersecurity Programs</u></h3><p>The U.S. Department of Health and Human Services has outlined key cybersecurity performance goals (CPGs), yet rural hospitals often have limited resources and staff to achieve these benchmarks. Designed to defend against the most common tactics used by cyber adversaries to attack health care, the CPGs encourage the implementation of high-impact cybersecurity practices to help organizations better prepare for and mitigate cyberthreats.</p><p>Visit the AHA’s new <a href="/cybersecurity/support-cybersecurity-program">Cybersecurity Support webpage</a> to learn more about how the AHA’s cybersecurity provider partners, including AON; Censinet; Critical Insight, a Lumifi Company; and Microsoft, are providing dedicated resources and special offerings to help your organization meet the HHS CPGs.</p><h3><u>Microsoft Cybersecurity Program for Rural Hospitals</u></h3><p>In late spring 2024, the AHA and Microsoft partnered to launch the Microsoft Cybersecurity Program for Rural Hospitals, which includes free cybersecurity training for front-line workers and health care IT professionals. The AHA appreciates Microsoft’s commitment to supporting the unique cybersecurity needs of critical access hospitals, rural emergency hospitals and rural hospitals within a health system. Depending on the hospital’s rural status, it may be eligible for all or some of these powerful program elements:</p><ul><li>Free curated learning pathways and resources.</li><li>Free cybersecurity risk assessments.</li><li>One year of free Windows 10 extended security updates.</li><li>Microsoft product discounts and offers, including nonprofit pricing for independent critical access hospitals and rural emergency hospitals.</li></ul><p><a href="https://nonprofits.tsi.microsoft.com/EN-US/security-program-for-rural-hospitals/" target="_blank" title="Learn more about Microsoft Cybersecurity Program for Rural Hospitals">Learn more and register for the program</a>.</p><h3><u>AHA Preferred Cybersecurity & Risk Provider Program</u></h3><p>Microsoft is one of the exclusive, highly reputable, qualified and accomplished service providers in our AHA Preferred Cybersecurity & Risk Provider Program. The program’s goal is to identify trusted providers with vetted services to help AHA member hospitals and health systems protect their patients and operations from cybersecurity attacks, physical threats and other enterprise risks. <a href="/center/cybersecurity-and-risk-advisory-services/preferred-cybersecurity/providers" title="AHA Preferred Cybersecurity & Risk Provider Program">Learn more.</a></p><h3><u>AHA Cybersecurity and Risk Advisory Services</u></h3><p>Learn how <a href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">my team and I can advise and assist</a> in mitigating the many cyber and physical risks your organization faces.</p><h3><u>Attending the 2025 AHA Rural Health Care Leadership Conference? Join me for these sessions:</u></h3><p><strong>Critical Response: Cybersecurity Tabletop Exercise for Rural Hospital Leaders</strong> <br>Preconference session: Sunday, Feb. 23, 1:30-3:30 p.m. CT <a href="https://web.cvent.com/event/aafd2f0d-7c22-4056-a9b1-edf662686845/websitePage:667458eb-1bd3-4a8b-a6a0-cf20803167f4?session=a14b8673-aef3-46c7-b733-97de3b9f98ce&shareLink=true" target="_blank" title="Learn more"><em>Learn more</em>.</a></p><p><strong>Defending the Frontlines: Protecting Patient Care from Ransomware Attacks</strong> <br>Tuesday, Feb. 25, 10:45-11:45 a.m. CT <a href="https://web.cvent.com/event/aafd2f0d-7c22-4056-a9b1-edf662686845/websitePage:667458eb-1bd3-4a8b-a6a0-cf20803167f4?session=0dca26f4-d419-411f-ae25-165c0e916490&shareLink=true" target="_blank" title="Learn more"><em>Learn more.</em></a></p><p> </p> Tue, 18 Feb 2025 14:11:47 -0600 AHA Cyber Intel /news/aha-cyber-intel/2024-10-07-look-2024s-health-care-cybersecurity-challenges <p>With 386 health care cyber-attacks reported thus far in 2024, data-theft crimes and ransomware attacks against health care and our mission-critical third-party providers appear to be unfolding at the same elevated rate as in 2023, which was the worst year ever for breaches in health care.<small class="sm"><sup>1</sup></small> The scope and impact of this year’s breaches, however, have been much more profound.</p><p>Ransomware attacks are not just data-theft or financial crimes, they are <strong>threat-to-life crimes</strong>. And they are not just an IT issue, but a risk to every function of your enterprise. They are designed to shut down vital systems and cause maximum delay and disruption to patient care. They not only threaten the safety of patients in the hospital, but their effects cascade throughout the entire community and every hospital, clinic and emergency department in the surrounding region — what I call the <strong>blast radius</strong>.</p><p>A perfect example of the blast radius effect is the far-reaching and lingering impact of the February attack on Change Healthcare, a third-party provider.</p><h2>Attacks on Third-Party Health Care Service Providers and Suppliers Are Rising</h2><p>The ransomware attack on United HealthGroup’s subsidiary Change Healthcare impacted every hospital in the country in one way or another and was the most significant and consequential cyberattack in U.S. health care history. Change Healthcare is the predominant source of more than 100 critical functions that keep the health care system operating, including management of clinical criteria used to authorize patient care and coverage, claims processing, and prescription drug processing. As a result of the shutdown to Change Healthcare’s operations, patients struggled to get timely access to care, and billions of dollars stopped flowing to providers. This attack has shone a spotlight on third-party attacks and the need for health care organizations to prepare their business and clinical continuity procedures now for an extended loss of services caused by future cyberattacks.</p><p>Attacks like these indicate that we will see a continued rise in the number of individuals affected by attacks on health care third-party business associates, a number that jumped by 287% from 2022 to 2023.<small class="sm"><sup>2</sup></small> Learn more about the rise of ransomware attacks on third parties in my <a href="/news/aha-cyber-intel/2024-08-05-third-party-cyber-risk-impacts-health-care-sector-most-heres-how-prepare" target="_blank" title="Third Party Cyber Risk Blog">previous blog</a>.</p><h2>Collaboration Emerging Between Hostile Nation-States and Ransomware Attackers</h2><p>New threats are on the horizon. We are beginning to see more instances of international cooperation between nation-state-sponsored hackers and ransomware groups from other countries. In late August, for example, Iranian-based cyber actors leveraged unauthorized network access to U.S. organizations for espionage reasons, including to health care organizations, to facilitate and profit from ransomware attacks by Russian-affiliated ransomware gangs.</p><h2>Geopolitical Risks Continue</h2><p>Geopolitical risks threaten the health care sector’s cybersecurity, with ransomware attacks typically originating in countries like Russia, China, North Korea and Iran, often with tacit permission from their host governments. Defense alone will not deter our cyber adversaries. Nor can hospitals tackle this complex problem on their own.</p><p>Working with our allies, the federal government must go on the offensive, making it a priority to disrupt cybercriminals <em>before</em> the attack. And it must do more to assist when an attack does occur, by disseminating threat intelligence, and by providing a whole-of-government response that leans on law enforcement, legislative, military and intelligence capabilities.</p><h2>New Regulations Aimed at Strengthening Cybersecurity</h2><p>The Department of Health and Human Services (HHS) has created a set of voluntary <a href="https://hhscyber.hhs.gov/" target="_blank" title="Cybersecurity Performance Goals">Cybersecurity Performance Goals</a> (CPG) in cooperation with the Healthcare and Public Health (HPH) sector to encourage the implementation of high-impact cybersecurity practices to help organizations better prepare for and mitigate cyberthreats. The CPGs are designed to defend against the most common tactics used by cyber adversaries to attack health care and related third parties, such as exploitation of known technical vulnerabilities, phishing emails and stolen credentials. The AHA helped draft these CPGs and we have strongly advocated that they must apply to third-party technology providers and business associates as well. HHS also has recently indicated that it is working on specific oversight policies for third-party vendors.</p><p>Visit the AHA’s new <a href="/cybersecurity/support-cybersecurity-program" target="_blank" title="Cybersecurity Support webpage">Cybersecurity Support webpage</a> to learn more about how the AHA’s cybersecurity provider partners, including Microsoft, Google, AON, Censinet, Critical Insight and Cylera, are providing dedicated resources and special offerings to help your organization meet the HHS Cybersecurity Performance Goals.</p><h2>The AHA Is Here to Support Your Health Care Cybersecurity Efforts</h2><p>Learn how I and my team can <a href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" title="advise and assist">advise and assist</a> in mitigating the many cyber and physical risks your organization faces.</p><p>Plus, learn how the exclusive, highly vetted panel of service providers in our <a href="/center/cybersecurity-and-risk-advisory-services/preferred-cybersecurity/providers" title="AHA Preferred Cybersecurity Provider (APCP) ">AHA Preferred Cybersecurity Provider (APCP)</a> Program can help your organization prepare for, prevent and respond to today’s pressing cyberthreats.</p><p> </p><hr><p><small class="sm"><sup>1 </sup></small><a href="https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf" target="_blank" title="https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf"><em><small class="sm">https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf</small></em></a></p><p><small class="sm"><sup>2 </sup></small><em><small class="sm">Broderick, Tim. "Healthcare data breaches hit new highs in 2023," Modern Healthcare, January 25, 2024. </small></em><a href="https://www.modernhealthcare.com/cybersecurity/healthcare-data-breaches-2023-anthem-lbm" target="_blank" title="https://www.modernhealthcare.com/cybersecurity/healthcare-data-breaches-2023-anthem-lbm"><em><small class="sm">https://www.modernhealthcare.com/cybersecurity/healthcare-data-breaches-2023-anthem-lbm</small></em></a></p> Mon, 07 Oct 2024 14:07:08 -0500 AHA Cyber Intel /news/aha-cyber-intel/2024-08-05-third-party-cyber-risk-impacts-health-care-sector-most-heres-how-prepare <p>We all know by now that cyber risk is not just an "IT issue," but rather it is an enterprise risk issue. Cyberattacks represent a potential risk to every function in health care organizations, making them a serious threat to patient care and safety. Cyberattacks, such as high-impact ransomware attacks, disrupt or delay patient care. They not only present a risk to patients who are in the hospital, but also to the entire community. Community members depend on the availability of their local hospital and emergency department for urgent care, such as in heart attack, stroke and trauma cases. The bottom line is that when hospitals are attacked, lives are threatened.</p><p>Ransomware attacks also have disruptive cascading and wide-ranging effects throughout a region. The resulting "ransomware blast radius" may be felt by every hospital, clinic and emergency department in the entire region as ambulances and patients are diverted to other surrounding hospitals, sometimes for weeks on end. Emergency departments, clinics and cancer treatment centers may reach or exceed capacity — further disrupting or delaying care delivery on a regional basis and increasing the risk of patient harm.</p><h2>Attacks on Third-Party Providers Can Be the Most Disruptive</h2><p>The disruption to care delivery occurs not only when hospitals are attacked directly, but also when mission-critical and life-critical third-party providers to health care are attacked by ransomware. The loss of critical dependent third-party technology and services may be even more wide-ranging and disruptive to patient care than when hospitals are attacked directly. When UnitedHealth Group’s Change Healthcare was attacked by the Russian ransomware group ALPHV BlackCat this year, every hospital in the country was impacted in one way or another. It was the most significant and consequential cyberattack in the history of U.S. health care.</p><p>Hospitals depend on third-party providers such as business associates, medical device providers and supply chain vendors to deliver critical, life-saving functions and business functions that support clinical care — so when third parties get hit, so do hospitals and their patients, even though the hospital was not the direct target. Fifty-eight percent of the 77.3 million individuals affected by data breaches in 2023 were due to an attack on a health care business associate — a 287% increase compared to 2022.<sup>1</sup></p><p>In 2023, third-party data breaches pounded health care more than any other sector.<sup>2</sup> Why is that? Simply put, the "bad guys" — foreign ransomware groups, primarily Russian speaking — have mapped the health care sector and identified key strategic nodes to attack that would provide the most disruptive impact and access across the health care sector. These "strategic nodes" translate to ubiquitous third-party technology and service providers. The more widespread and critical the impact, the higher the ransom payment demand and the higher the likelihood that the victim will succumb to making the payment. Of course, the AHA strongly discourages the payment of ransom, but hospitals and health systems must make their own decisions based on their individual circumstances.</p><p>Another factor contributing to the shift to third-party ransomware attacks is that hospitals and health systems have become a harder target. As ransomware attacks against them spiked over the last several years, hospitals and health systems invested heavily in strengthening their defenses and enhanced their capabilities to respond and recover from these devastating attacks.</p><h2>Bad Actors on a Roll With Hub and Spoke Strategy</h2><p>Hospitals becoming collateral damage from an attack on a third party is part of cybercriminals' highly effective "hub and spoke" strategy. By gaining access to the hub (a third-party’s technology), they gain access to all the spokes — the health care organizations that are the customers of the third party. This provides malicious actors with a digital pathway to infecting multiple covered entities with malware or ransomware, or to extract data.</p><p>In other words, the bad guys have it figured out: Why hack or attack 1,000 hospitals when they can target the one common business associate and get all the data or disrupt all the hospitals that depend on that single mission-critical third-party provider?</p><p>Sound familiar? If we’ve learned anything from the widespread, long-lasting, debilitating impact of this spring’s cyberattack on Change Healthcare — UnitedHealth Group’s subsidiary — it’s that <strong>to sidestep the effects of the inevitable next health care cyberattack, hospitals need to prepare their business and clinical continuity procedures now for an extended loss of services.</strong></p><p>And that begins with hospital executives and boards better understanding how to strengthen their third-party risk management program.</p><h2>Four Strategies to Bolster Your Third-Party Risk Management (TPRM) Program</h2><p><strong>1. Take a hard and objective look at your existing TPRM program framework.</strong></p><p>Review your program’s governance structure and determine whether it needs revamping. Confirm you have a complete, multi-disciplinary approach to create a dynamic inventory of all third-party vendors that have access to your systems. Then make sure that your TPRM program identifies, classifies and prioritizes the risks posed by these vendors as well as their subcontractors — drilling down to the level of fourth-party risk.  </p><p><strong>2. Implement third-party, risk-based controls and cyber insurance requirements based on identified risk levels.</strong></p><p>Assess and formalize your policies and processes for incorporating cybersecurity into third-party risk management. These should include conducting periodic in-depth technical, legal, policy and procedural reviews of the TPRM program and business associate agreement (BAA). The BAA should include cybersecurity and cyber insurance requirements for the vendor and subcontractors, which scale with the level of risk presented by each business associate. In addition, implement annual policy and procedure cyber risk assessments for vendors, as well as annual vulnerability and penetration testing assessments. </p><p><strong>3. Consistently and clearly communicate third-party risk management policies, procedures and requirements internally.</strong></p><p>Every individual, department and business unit within your organization that purchases technology, services and supplies should be educated about your organizational cybersecurity requirements for third parties and the potential cybersecurity risks to the organization that is involved in work using third-party vendors. </p><p><strong>4. Prepare intensively for incident response and recovery.</strong></p><ul><li>First and foremost, it is necessary on an ongoing basis to implement a process to identify all internal, as well as external, third-party and supply chain providers of life- and mission-critical functions, services and technology. It also is important to identify which organizations or other providers depend on your organization for essential services. Which health care providers depend upon the availability of your technology, services, networks and data? What is the contingency plan for these dependent organizations, should you be disconnected from the internet and go "digitally dark"? What impact will there be on your services if you are victim to a ransomware attack?</li><li>Second, in case a cyberattack disables your functions, services and technology, or those of a third-party, ensure they are sufficiently backed up and prioritized for restoration on an enterprise level. Develop operational, business, and most importantly, clinical continuity plans and downtime procedures for each of the internal and external critical technology and services dependencies. Ideally, these procedures should be able to sustain a loss of that life- and mission-critical function without significant impact or degradation of quality, <em>for up to four weeks or longer</em>.</li><li>Third, train staff to execute these plans proficiently. Conduct regular downtime drills and cyberattack exercises for a variety of scenarios at the individual, departmental and enterprise level, and invite your third-party vendors to participate.</li><li>Last, but not least, incorporate your cyber incident response plan into the overall incident response plan, and integrate the business continuity plans and downtime procedures into the overall incident command and emergency preparedness functions.</li></ul><p>For more details on TPRM best practices, see my earlier blog, <a href="/news/blog/2022-10-21-third-party-cyber-risk-your-cyber-risk-how-understand-mitigate-and-prepare-third-party-cyber-risk-exposure" title="Third Party Cyber Risk is Your Cyber Risk. How to Understand, Mitigate and Prepare for Third Party Cyber Risk Exposure">"Third Party Cyber Risk is Your Cyber Risk. How to Understand, Mitigate and Prepare for Third Party Cyber Risk Exposure."</a></p><p>The FBI issued an <a href="/cybersecurity-government-intelligence-reports/2023-11-07-fbi-tlp-clear-pin-ransomware-actors-continue-gain-access-through-third">advisory</a> in November 2023 recommending organizations take certain steps to prevent ransomware actors from exploiting vulnerabilities in third-party and system management tools. Although health care is not specifically mentioned in this advisory, it serves as a good reminder that third-party tools, technology and services continue to be a major contributing factor in some of the largest data breaches and ransomware attacks impacting hospitals and health systems.</p><h2>But Should Health Care Organizations Shoulder All the Cybersecurity Responsibility?</h2><p>Currently, third-party suppliers’ technologies can be filled with technical vulnerabilities. Health care organizations must continually apply "patches" to secure those cyber vulnerabilities.</p><p>A large part of the solution to reducing cyber risk in health care, therefore, is to ensure that third-party providers produce more secure technology and software. The Cybersecurity & Infrastructure Security Agency’s <a href="https://www.cisa.gov/securebydesign" title="Secure by Design">Secure by Design</a> initiative supports this principle, calling for “shifting the balance of cybersecurity risk” from end-users to the technology providers and software developers.</p><h2>The AHA Is Here to Support Your Health Care Cybersecurity Efforts</h2><p>There’s sure to be another sector-wide cyberattack, and as a hospital or health system leader or board trustee, you need to know how to prepare for the next one. Count on the AHA for help.</p><ul><li>Visit the <a href="/cybersecurity/support-cybersecurity-program" title="AHA's new Cybersecurity Support webpage">AHA's new Cybersecurity Support webpage</a> to learn more about how the AHA’s cybersecurity provider partners, including Microsoft, Google, AON, Censinet, Critical Insight and Cylera, are providing dedicated resources and special offerings to help your organization meet the voluntary HHS Cybersecurity Performance Goals.</li><li>As the AHA’s national advisor for cybersecurity and risk and a former FBI cyber executive, I provide a variety of <a href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" title="cybersecurity offerings to advise and assist health care organizations">cybersecurity offerings to advise and assist health care organizations</a> like yours in mitigating the many cyber and physical risks you face.</li><li>Plus, learn how the exclusive, highly vetted panel of service providers in our<a href="/center/cybersecurity-and-risk-advisory-services/preferred-cybersecurity/providers" title=" AHA Preferred Cybersecurity Provider (APCP)"> AHA Preferred Cybersecurity Provider (APCP)</a> Program can help your organization prepare for, prevent and respond to today’s pressing cyberthreats.</li></ul><h2>Other AHA Third-Party Risk Management Resources:</h2><ul><li><a href="/advancing-health-podcast/2024-03-27-cyberthreats-and-assessing-third-party-risk-providence-part-one " title="Podcast: Part One: Cyberthreats and Assessing Third-Party Risk with Providence">Podcast: Part One: Cyberthreats and Assessing Third-Party Risk with Providence</a></li><li><a href="/advancing-health-podcast/2024-03-29-part-two-cyberthreats-and-assessing-third-party-risk-providence">Podcast: Part Two: Cyberthreats and Assessing Third-Party Risk with Providence</a></li><li><a href="https://trustees.aha.org/cybersecurity-awareness-board-responsibility" title="Interview with John Riggi: Cybersecurity Awareness is a Board Responsibility">Interview with John Riggi: Cybersecurity Awareness is a Board Responsibility</a></li><li><a href="/advancing-health-podcast/2022-08-24-preparing-cyberattacks-northwell-health" title="Podcast: Preparing for Cyberattacks with Northwell Health">Podcast: Preparing for Cyberattacks with Northwell Health</a></li></ul><hr><p><small class="sm"><sup>1 </sup>Broderick, Tim. “Healthcare data breaches hit new highs in 2023,” Modern Healthcare, January 25, 2024. </small><a href="https://www.modernhealthcare.com/cybersecurity/healthcare-data-breaches-2023-anthem-lbm"><small class="sm">https://www.modernhealthcare.com/cybersecurity/healthcare-data-breaches-2023-anthem-lbm</small></a><small class="sm"> </small></p><p><small class="sm"><sup>2</sup> Alder, Steve. “Healthcare Experiences More Third-Party Data Breaches Than Any Other Sector,” HIPAA Journal, March 4, 2024. </small><a href="https://www.hipaajournal.com/healthcare-highest-third-party-breaches"><small class="sm">https://www.hipaajournal.com/healthcare-highest-third-party-breaches</small></a></p> Mon, 05 Aug 2024 14:01:36 -0500 AHA Cyber Intel /cybersecurity/blog/why-biden-harris-administrations-new-national-cybersecurity-strategy-important-step-forward <p>Over recent months, increasing ransomware attacks and other cybersecurity threats in the health care field have underscored the critical need for hospitals and health systems to defend against malicious actors. Health care possesses a unique combination of highly targeted data sets that makes it a prime target by cyber adversaries.</p> <h2>Ransomware Impacts and Cyber Defense Challenges</h2> <p>During my <a href="/testimony/2020-12-03-aha-testimony-senate-hearing-cyber-threats-amid-pandemic">testimony to the U.S. Senate</a> in December 2020, I pointed out that a ransomware attack could interrupt patient care, or worse, shut down operations at the facility, thereby putting patient lives, and the community, at risk. Cybersecurity vulnerabilities and intrusions can also negatively affect a health care organization’s reputation.</p> <p>Many hospitals and health systems recognize that they must view cybersecurity not as a novel or IT-only issue but rather as an enterprise risk — so they are striving to make cybersecurity part of their existing governance, risk management and business continuity framework as part of their efforts to elevate their vigilance against growing and more sophisticated cyberthreats. Yet, as they face dire workforce shortages and financial challenges exacerbated by the pandemic, enhancing their cyber defenses can be quite a struggle.</p> <h2>Call for Help</h2> <p>That is why in 2020 I called upon the Senate to expand public-private partnerships and cross-industry efforts to share threat information, and to step up to defend the nation’s hospitals and health systems from cyberattacks. After all, hospitals can only do so much on defense when foreign-based adversaries sheltered by hostile nation-states attack them. We also need a robust offense by the U.S. government to go after bad actors.</p> <h2>Administration Takes Action</h2> <p>For this reason, I commend the Biden Administration on its <a href="https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy" target="_blank">National Cybersecurity Strategy</a>, announced March 2, 2023, which is aimed at shifting cyber defense responsibilities, improving cyber resilience and disrupting cyberthreat operations. <strong>The Strategy acknowledges that private sector efforts alone are insufficient to counter the significant cyberthreats we face as a nation.</strong></p> <p>We at the ���������� Association (AHA) are pleased that the Strategy includes several important ideas we fully support, including:</p> <ul> <li>Declaring ransomware attacks as a national security threat.</li> <li>Conducting more offensive operations against cyberthreat actors.</li> <li>Implementing software security requirements for software developers.</li> </ul> <p>I am also proud of the FBI’s actions in defending hospitals and health systems from cyberattacks. Recently, for example, the FBI took down the Hive ransomware gang, whose criminal enterprise threatened patient safety. To hear the dramatic story, <a href="/2023-03-21-hacking-hackers-fbis-takedown-hive-ransomware-gang">listen to my podcast interview with the FBI supervisor</a> in charge of the Hive investigation.</p> <h2>The AHA Continues to Support Health Care Cybersecurity Efforts</h2> <p>The AHA will continue to work with the hospital field, Congress and the Administration, and other stakeholders to advance and adopt cyber policies that are streamlined, effective and feasible to implement.</p> <p>And, as the AHA’s national advisor for cybersecurity and risk and a former FBI cyber executive, I want you to know that I provide <a href="http://www.aha.org/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services">a variety of cybersecurity offerings</a> to advise and assist health care organizations like yours in mitigating the many cyber and physical risks you face. View the <a href="/sites/default/files/2023-10/2023_cybersecurity_john_map.jpg" target="_blank">many places I’ve traveled</a> over the past two years as part of my work with AHA members, hospital associations and government officials.</p> <p>Plus, learn how the exclusive, highly vetted panel of service providers in our <a href="/center/cybersecurity-and-risk-advisory-services/preferred-cybersecurity/providers">AHA Preferred Cybersecurity Provider (APCP)</a> Program can help your organization prepare for, prevent and respond to today’s pressing cyberthreats.</p> Mon, 23 Oct 2023 08:00:00 -0500 AHA Cyber Intel /cybersecurity/blog/4-key-ways-prepare-prevent-and-respond-high-impact-cyberattacks <p>I (<a href="/bios/2020-06-12-john-riggi" title="John Riggi">John Riggi</a>) recently moderated a webinar discussion as session three of the ���������� Association’s Convening Leaders for Emergency and Response (<a href="/aha-clear" title="Convening Leaders for Emergency and Response (Clear)">CLEAR</a>) Crisis Leadership Series. CLEAR’s purpose is to strengthen health care organizations’ ability to prepare for, respond to and recover from future emergencies and disasters — in the case of this webinar, cyberattacks on hospitals and health systems, and in particular, ransomware attacks.</p> <h2>Potential Impacts of Ransomware and Other Cyberattacks</h2> <p>Ransomware attacks have increased in recent years due to health care’s reliance on network and internet-connected technology. They often result in the disruption and delay of health care delivery, resulting in a risk to patient safety and outcomes. For instance, ambulances must often divert stroke or trauma patients to distant emergency departments, negatively affecting patient outcomes and creating a regional stress on care delivery.</p> <p>As a real-life example, Stephen Leffler, MD, President and COO at University of Vermont Medical Center, described the clinical impact of a cyberattack on his hospital, after an employee downloaded their home email on their work computer:</p> <ul> <li>The medical center’s electronic health record system went down for 28 days.</li> <li>Its regional lab could not get lab results back to other hospitals in its network or across the state.</li> <li>Its radiology system went down for six weeks.</li> </ul> <p>Such a cyberattack can also result in compromised medical records, data theft, identity theft, fraud and financial repercussions.</p> <p>Three other health care leaders joined the conversation with Dr. Leffler and me:</p> <ul> <li>Brian Gragnolati, <em>President & CEO</em>, <strong>Atlantic Health System</strong></li> <li>Mark Sullivan, <em>President & CEO</em>, <strong>Catholic Health</strong></li> <li>Christian Dameff, M.D., <em>Asst. Professor of Emergency Medicine, Biomedical Informatics & Computer Science and Medical Director of Cybersecurity</em>, <strong>University of California San Diego Health</strong></li> </ul> <p>What can your hospital or health system do to proactively prepare for a cyberattack with plans to maintain both business continuity and, more importantly, clinical continuity?</p> <h2>4 Keys to Effectively Preparing for a Cyberattack</h2> <ol> <li><strong>Collaborate.</strong> Collaboration is key to creating emergency response plans for cyber incidents. <ul> <li>Within your organization, take a multidisciplinary approach — involve not just IT teams, but all leadership across your organization as well as clinical staff, emergency managers and other stakeholders.</li> <li>To mitigate the effects of a cyberattack across your region, engage with your local community and coordinate with other health care organizations and relevant stakeholders. That includes establishing prearranged channels of communication for sharing information.</li> </ul> </li> <li><strong>Expect cyberattacks</strong> to occur and plan for longer recovery periods, as attacks can last for several weeks. <ul> <li>Prioritize cybersecurity investments and consider the long-term effectiveness and reliability of technology solutions.</li> <li>Educate and train staff; conduct phishing exercises; and have robust incident response, disaster recovery and business continuity plans in place.</li> <li>Integrate cyber incident response planning with emergency response planning.</li> <li>Also develop department-specific cyber disaster plans to help identify high-risk patients and ensure continuity of care during an attack.</li> <li>Work closely with staff throughout all efforts to refine processes and gather feedback.</li> </ul> </li> <li><strong>Build an evidence base</strong> of best cybersecurity practices. <ul> <li>Invest in research to evaluate the effectiveness of cybersecurity interventions.</li> <li>Share findings to elevate cybersecurity in the entire health care sector.</li> </ul> </li> <li><strong>Evaluate</strong> new technologies and vendors carefully. <ul> <li>Conduct due diligence when evaluating third-party resources to reduce attack surfaces.</li> <li>Foster accountability, evidence-based practices and stronger security measures from technology vendors.</li> </ul> </li> </ol> <p>By following these steps, your organization will be better prepared to protect patient safety, ensure continuity of care and mitigate the impacts of cyberattacks. To learn more, <a href="/aha-clear#Cyber" title="Cyber Preparedness Leadership Discussion">listen to the Webinar</a>.</p> <hr /> <p>Learn how the exclusive, highly vetted panel of service providers in our <a href="/center/cybersecurity-and-risk-advisory-services/preferred-cybersecurity/providers" title="AHA Preferred Cybersecurity Provider (APCP) Program">AHA Preferred Cybersecurity Provider (APCP) Program</a> can help your organization prepare for, prevent and respond to today’s pressing cyberthreats.</p> Mon, 02 Oct 2023 07:00:00 -0500 AHA Cyber Intel /cybersecurity/blog <div></div> /* Banner_Title_Overlay_Bar */ .Banner_Title_Overlay_Bar { position: relative; display: block; overflow: hidden; max-width: 1170px; margin: 0px auto 25px auto; } .Banner_Title_Overlay_Bar h1 { position: absolute; bottom: 40px; color: #003087; background-color: rgba(255, 255, 255, .8); width: 100%; padding: 20px 40px; font-size: 3em; box-shadow: 0 3px 8px -5px rgba(0, 0, 0, .6); } @media (max-width:991px) { .Banner_Title_Overlay_Bar h1 { bottom: 0px; margin: 0px; font-size: 2.5em; } } @media (max-width:767px) { .Banner_Title_Overlay_Bar h1 { font-size: 2em; text-align: center; text-indent: 0px; padding: 10px 20px; } } @media (max-width:530px) { .Banner_Title_Overlay_Bar h1 { position: relative; background-color: #63666A22; } } /* Banner_Title_Overlay_Bar // */ <div><header class="Banner_Title_Overlay_Bar"><img src="/sites/default/files/2018-08/Cybersecurity_1170x250.jpg" alt="Banner Image" width="1170" height="250"><div><h1>AHA Cyber & Risk Intel Blogs</h1></div></header></div> /* CntMenuSub */ .CntMenuSub{ margin:20px 0px; padding-bottom: 5px; color: #afb1b1; letter-spacing: 1.5px; font-weight: 400; font-size: .7em; } .CntMenuSub .CntMenuBar{ border-bottom: 1px solid lightblue; } .CntMenuSub .CntMenuBar a:after{ content: "|"; padding: 0 3px 0 6px; color: #555; } .CntMenuSub .CntMenuBar a:last-child:after{ content: ""; } .CntMenuSub .CntMenuSubHome, .CntMenuSub .CntMenuSubParent{ text-transform: uppercase; color: #555; opacity: .9; } .CntMenuSub .CntMenuSubParent{ } .CntMenuSub .CntMenuSubChild{ } .CntMenuSub .CntMenuSubCurrent{ opacity: .7; } .CntMenuSub .CntMenuSubHome:hover, .CntMenuSub .CntMenuSubParent:hover{ text-transform: uppercase; color: #d50032; } /* CntMenuSub // */ <div class="row CntMenuSub"><div class="CntMenuBar"><a class="CntMenuSubHome" href="/cybersecurity">Cybersecurity</a> <span class="CntMenuSubChild">AHA Cyber Intel</span></div></div> /* center_body */ .center_body { /*margin-top:50px;*/ margin-bottom: 15px; } .center_body h3 {} .center_body p { font-size: 16px } p.center_Intro { color: #002855; line-height: 1.2em; font-size: 30px; margin: 10px 0 25px 0; font-weight: 700; font-size: 2em; } @media (max-width:768px) { p.center_Intro { line-height: 1.2em; font-size: 23px; font-size: 1.45em; } } .center_body .center_Lead { color: #63666A; font-weight: 300; line-height: 1.4; font-size: 21px; } /* center_body // */ <div class="row center_body accThemes"><div class="col-md-9 col-sm-8"><p class="center_Intro">Cyberattacks represent a real enterprise risk to hospitals and health systems that not only has operational ramifications but also poses a major risk to patient care.</p><p class="center_Lead">Organizations can prepare for and manage such risks by viewing cybersecurity not as a novel or IT issue but elevating it to an enterprise-wide initiative by incorporating it in existing governance, risk management and business continuity frameworks and strategies.</p><p class="center_Lead">Read the <a href="#Latest" title="Jump down to the view the latest blog">latest <em>AHA Cyber & Risk Intel</em> blog</a> for cybersecurity insights and guidance from John Riggi, National Advisor for Cybersecurity and Risk for hospitals and health systems looking to incorporate cybersecurity strategies into all functions of their organizations.</p></div><div class="col-md-3 col-sm-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3>John Riggi</h3><h5><em>National Advisor for Cybersecurity and Risk, AHA</em></h5><p>(E) <a href="mailto:jriggi@aha.org?subject=Cybersecurity%20and%20Risk%20Advisory%20Services%20Query">jriggi@aha.org</a><br>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></p><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/bios/2020-06-12-john-riggi">Biography</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services">Cyber Services</a></div></div></div></div> .views-element-container{ } .views-element-container .views-field-title a{ font-size:20px } .views-element-container .views-field-body div{ font-size:16px } .views-element-container .field_media_image{ float: left; margin-right:15px; max-width: 250px } @media (max-width:550px){ .views-element-container .field_media_image{ max-width: 100% } .views-field.views-field-created{ display: inline-block; margin-top:10px } } .views-element-container .views-field-field-media-featured-image{ float: left; margin-right: 15px; max-width: 250px; } <div class="row rowEqual_768"><div class="col-md-9 col-sm-8" id="Latest"><h2>Blogs</h2><p><div class="views-element-container"> <section class="top-level-view js-view-dom-id-aece8215af266e7f8c7904c589ac503203bcd2ac42544a49d1466d0bf282edad resource-block"> <div class="resource-wrapper"> <div class="resource-view"> <div class="article views-row"> <div class="views-field views-field-field-media-featured-image"> <div class="field-content"><a href="/89710"> <a href="/news/aha-cyber-intel/2025-04-03-3-must-know-cyber-and-risk-realities-whats-ahead-health-care-2025" hreflang="en"><img loading="lazy" src="/sites/default/files/styles/small_200x200/public/2025-02/2025-cyber-blog-feb-900x400.jpg?itok=MGXGwvL7" width="200" height="89" alt="2025-cyber-blog-feb-900x400.jpg" /> </a> </a></div> </div><div class="views-field views-field-title"> <span class="field-content"> <header> <div class="meta"> <div class="views-field-type type-" data-toggle="tooltip" data-placement="bottom" title=""> </div> </div> <h3 class="views-field-title"><a href="/news/aha-cyber-intel/2025-04-03-3-must-know-cyber-and-risk-realities-whats-ahead-health-care-2025" hreflang="en">[Updated] 3 Must-know Cyber and Risk Realities: What’s Ahead for Health Care in 2025</a></h3> </header></span> </div><div class="views-field views-field-body"> <div class="field-content">Examine the top cyber and risk threats and opportunities facing health care in 2025 in this blog by John Riggi, AHA’s national advisor for cybersecurity and risk.</div> </div></div> <div class="article views-row"> <div class="views-field views-field-field-media-featured-image"> <div class="field-content"><a href="/89710"> <a href="/news/aha-cyber-intel/2025-02-18-resources-protect-americas-rural-hospitals-cyberthreats" hreflang="en"><img loading="lazy" src="/sites/default/files/styles/small_200x200/public/2025-02/2025-cyber-blog-feb-900x400.jpg?itok=MGXGwvL7" width="200" height="89" alt="2025-cyber-blog-feb-900x400.jpg" /> </a> </a></div> </div><div class="views-field views-field-title"> <span class="field-content"> <header> <div class="meta"> <div class="views-field-type type-" data-toggle="tooltip" data-placement="bottom" title=""> </div> </div> <h3 class="views-field-title"><a href="/news/aha-cyber-intel/2025-02-18-resources-protect-americas-rural-hospitals-cyberthreats" hreflang="en">Resources to Protect America’s Rural Hospitals from Cyberthreats</a></h3> </header></span> </div><div class="views-field views-field-body"> <div class="field-content">John Riggi, AHA’s national advisor for cybersecurity and risk, outlines available cybersecurity resources vital to protecting rural hospitals from cyberthreats.</div> </div></div> <div class="article views-row"> <div class="views-field views-field-field-media-featured-image"> <div class="field-content"><a href="/87347"> <a href="/news/aha-cyber-intel/2024-10-07-look-2024s-health-care-cybersecurity-challenges" hreflang="en"><img loading="lazy" src="/sites/default/files/styles/small_200x200/public/2024-10/Cyber-Intel-Blog-2024-Challenges-900x400.jpg?itok=N-xgqXJN" width="200" height="89" alt="Cyber-Intel-Blog-2024-Challenges" /> </a> </a></div> </div><div class="views-field views-field-title"> <span class="field-content"> <header> <div class="meta"> <div class="views-field-type type-" data-toggle="tooltip" data-placement="bottom" title=""> </div> </div> <h3 class="views-field-title"><a href="/news/aha-cyber-intel/2024-10-07-look-2024s-health-care-cybersecurity-challenges" hreflang="en">A Look at 2024’s Health Care Cybersecurity Challenges</a></h3> </header></span> </div><div class="views-field views-field-body"> <div class="field-content">John Riggi, AHA’s national advisor for cybersecurity and risk, provides insight into 2024’s health care cybersecurity challenges to help hospitals prepare for the next big cyberattack.</div> </div></div> <div class="article views-row"> <div class="views-field views-field-field-media-featured-image"> <div class="field-content"><a href="/65521"> <a href="/news/aha-cyber-intel/2024-08-05-third-party-cyber-risk-impacts-health-care-sector-most-heres-how-prepare" hreflang="en"><img loading="lazy" src="/sites/default/files/styles/small_200x200/public/2023-09/Cyber_Blog_900x400_4KeyWays_1023.jpg?itok=Rqm-0Ul-" width="200" height="89" alt="Cyber-Intel-Blog-2024-Challenges" /> </a> </a></div> </div><div class="views-field views-field-title"> <span class="field-content"> <header> <div class="meta"> <div class="views-field-type type-" data-toggle="tooltip" data-placement="bottom" title=""> </div> </div> <h3 class="views-field-title"><a href="/news/aha-cyber-intel/2024-08-05-third-party-cyber-risk-impacts-health-care-sector-most-heres-how-prepare" hreflang="en">Third-Party Cyber Risk Impacts the Health Care Sector the Most. Here’s How to Prepare. </a></h3> </header></span> </div><div class="views-field views-field-body"> <div class="field-content">John Riggi, AHA national advisor for cybersecurity and risk, explains why cybercriminals are shifting from directly targeting hospitals to hitting the third-party technology and service providers critical to supporting hospitals’ clinical care. He highlights four key strategies to help hospitals and health systems strengthen their third-party risk management program against the debilitating effects of the next, inevitable Change Healthcare-like cyberattack.</div> </div></div> <div class="article views-row"> <div class="views-field views-field-field-media-featured-image"> <div class="field-content"><a href="/65892"> <a href="/cybersecurity/blog/why-biden-harris-administrations-new-national-cybersecurity-strategy-important-step-forward" hreflang="en"><img loading="lazy" src="/sites/default/files/styles/small_200x200/public/2023-10/Cyber_Blog_900x400_Ransomware_1023_1.jpg?itok=Z0wobwXV" width="200" height="89" alt="Cyber_Blog_900x400_Ransomware_1023" /> </a> </a></div> </div><div class="views-field views-field-title"> <span class="field-content"> <header> <div class="meta"> <div class="views-field-type type-" data-toggle="tooltip" data-placement="bottom" title=""> </div> </div> <h3 class="views-field-title"><a href="/cybersecurity/blog/why-biden-harris-administrations-new-national-cybersecurity-strategy-important-step-forward" hreflang="en">Why the Biden-Harris Administration’s New National Cybersecurity Strategy Is an Important Step Forward for Health Care</a></h3> </header></span> </div><div class="views-field views-field-body"> <div class="field-content">Understand the impact of the Biden-Harris Administration's National Cybersecurity Strategy on health care and its relevance for hospitals and health systems. #BidenCybersecurity</div> </div></div> <div class="article views-row"> <div class="views-field views-field-field-media-featured-image"> <div class="field-content"><a href="/65521"> <a href="/cybersecurity/blog/4-key-ways-prepare-prevent-and-respond-high-impact-cyberattacks" hreflang="en"><img loading="lazy" src="/sites/default/files/styles/small_200x200/public/2023-09/Cyber_Blog_900x400_4KeyWays_1023.jpg?itok=Rqm-0Ul-" width="200" height="89" alt="Cyber-Intel-Blog-2024-Challenges" /> </a> </a></div> </div><div class="views-field views-field-title"> <span class="field-content"> <header> <div class="meta"> <div class="views-field-type type-" data-toggle="tooltip" data-placement="bottom" title=""> </div> </div> <h3 class="views-field-title"><a href="/cybersecurity/blog/4-key-ways-prepare-prevent-and-respond-high-impact-cyberattacks" hreflang="en">4 Key Ways to Prepare for, Prevent and Respond to High-impact Cyberattacks </a></h3> </header></span> </div><div class="views-field views-field-body"> <div class="field-content">What can your hospital or health system do to proactively prepare for a cyberattack with plans to maintain both business and clinical continuity? Gain insights gleaned from a recent AHA webinar with four health care leader panelists and John Riggi, national advisor for cybersecurity and risk for the AHA. Read Riggi’s new AHA Cyber Intel blog article to learn four strategies to effectively prepare for a cyberattack.</div> </div></div> </div> </div> <div class="more-link"><a href="/type/aha-cyber-intel">Read More AHA Cyber Intel Blogs</a></div> </section> </div> </p></div><div class="col-md-3 col-sm-4"><a href="/center/cybersecurity-and-risk-advisory-services/preferred-cybersecurity"><img src="/sites/default/files/2021-04/APCP_418x211.png" alt="APCP: ���������� Association Preferred Cybersecurity Service" width="480" height="211"></a><div class="row"><div class="panel module-typeC"><div class="panel-heading"><h3 class="panel-title">Daily H-ISAC Report</h3><p><div class="views-element-container"> <section class="top-level-view js-view-dom-id-b3a7a3e66807128d346bbed6a2ca0c304ca127011354964b8c84e35337d7bf7c resource-block"> <div class="resource-wrapper"> <div class="resource-view"> <div class="article views-row"> <div class="views-field views-field-field-access-level"> <div class="field-content"> <div class="meta custom-lock-position"> <div class="views-field-access-level access-type-member" data-toggle="tooltip" data-placement="bottom" title="Members only"><a href="/taxonomy/term/279" hreflang="en">Member</a></div> </div></div> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-25T10:35:29-05:00">Apr 25, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/h-isac-green-reports/2025-04-25-h-isac-tlp-gree-daily-cyber-headlines-april-25-2025" hreflang="en">H-ISAC TLP Gree Daily Cyber Headlines - April 25, 2025</a></span> </div></div> </div> </div> <div class="more-link"><a href="/topics/cybersecurity">See All H-ISAC Reports</a></div> </section> </div>  </p><hr><h3 class="panel-title">Latest Cybersecurity Alerts</h3><p><div class="views-element-container"> <section class="top-level-view js-view-dom-id-b5a0915613f6351cdf99453c02908f0617fc8707c1aeac0a3b7e8faaadf1858b resource-block"> <div class="resource-wrapper"> <div class="resource-view"> <div class="article views-row"> <div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-25T09:40:18-05:00">Apr 25, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/center/cybersecurity-and-risk-advisory-services/preferred-cybersecurity/bringing-value/ep8-the-missing-link" hreflang="en">Episode 8: The Missing Link In Healthcare Cybersecurity Programs</a></span> </div></div> <div class="article views-row"> <div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-17T14:53:41-05:00">Apr 17, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/news/headline/2025-04-17-cisa-releases-guidance-following-reported-legacy-oracle-cloud-breach" hreflang="en">CISA releases guidance following reported legacy Oracle cloud breach </a></span> </div></div> <div class="article views-row"> <div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-10T15:22:15-05:00">Apr 10, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/news/headline/2025-04-10-agencies-issue-guidance-navigating-deceptive-online-recruitment-current-and-former-federal-employees" hreflang="en">Agencies issue guidance on navigating deceptive online recruitment of current and former federal employees </a></span> </div></div> <div class="article views-row"> <div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-03T10:49:37-05:00">Apr 3, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/news/aha-cyber-intel/2025-04-03-3-must-know-cyber-and-risk-realities-whats-ahead-health-care-2025" hreflang="en">[Updated] 3 Must-know Cyber and Risk Realities: What’s Ahead for Health Care in 2025</a></span> </div></div> <div class="article views-row"> <div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-04-01T15:44:23-05:00">Apr 1, 2025</time> </span> </div><div class="views-field views-field-title"> <span class="field-content"><a href="/news/headline/2025-04-01-house-subcommittee-holds-hearing-cybersecurity-vulnerabilities-legacy-medical-devices" hreflang="en">House subcommittee holds hearing on cybersecurity vulnerabilities in legacy medical devices</a></span> </div></div> </div> </div> <div class="more-link"><a href="/topics/cybersecurity">See all Cybersecurity Alerts</a></div> </section> </div> </p></div></div> .meta.custom-lock-position { position: relative; top: 0px; right: inherit; display: block; float: right; } </div></div></div> .views-element-container{ } .views-element-container h2{ margin-top:0px } .views-element-container .article.views-row { display: inline-block; } .views-element-container .market-scan-thumb{ float: left; margin-right:15px; max-width: 250px } .views-element-container .more-link{ font-size: 1.3em; text-align: right; } @media (max-width:550px){ .views-element-container .market-scan-thumb{ max-width: 100% } .views-field.views-field-created{ display: inline-block; margin-top:10px } } Tue, 12 Sep 2023 15:27:19 -0500 AHA Cyber Intel