Cybersecurity
Cyber Threat Intelligence, Alerts and Reports
As part of the AHA’s commitment to helping hospitals and health systems prepare for and prevent cyber threats, we have gathered the latest government cyber threat intelligence and alerts and Health Information Sharing and Analysis Center (H-ISAC) reports.
You may be asked to enter your AHA member credentials to view certain reports and intelligence alerts.
Cybersecurity & Risk Advisory
Learn how AHA can help hospitals and health systems prepare for and mitigate cyber threats through the expertise of John Riggi, AHA’s National Advisor for Cybersecurity and Risk.
Today’s Headlines:
Leading Story
Emulated Mobile Devices Used to Steal Millions from US, EU Banks
Data Breaches & Data Leaks
Spotify Notifies Customers of Breach, Files Under CCPA
Cyber Crimes & Incidents
Seasonal Worker Sentenced to 42 Months Imprisonment for Stealing Data…
UPDATE: Active Exploitation of SolarWinds Breach
This updated alert provides details of an active exploitation highlighting nation state threat actor activity detected in the recent compromise of the technology solutions company SolarWinds. In addition to the update, you may access the original…
SolarWinds Breach Attributed to Latest US Agency Attacks
On December 13, 2020, information technology solutions company SolarWinds reported they were breached by Nation State threat actors from Russia. The breach was used to leverage further attacks against several US federal agencies. SolarWinds…
Headlines
US Vaccine
Headlines
Threat Level raised to Yellow (Elevated)
On December 15, 2020, the Health-ISAC Threat Intelligence Committee (TIC) evaluated the current Cyber Threat Level and has raised the Threat Level to Yellow (Elevated) due to ongoing threats and the recent SolarWinds breach impacting fewer than 18,000…
Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware® Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication. VMware released a patch for the Command Injection Vulnerability captured in CVE-…
In an alert this week, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) reminded health care providers and researchers to patch any vulnerabilities in their Picture Archiving Communication Systems that could expose patient records to unauthorized…
Picture Archiving Communication Systems (PACS) are widely used by hospitals, research institutions, clinics and small healthcare practices for sharing patient data and medical images. In 2019, researchers disclosed a vulnerability in these systems that if exploited could potentially expose patient…
The Hospital Robocall Protection Group (HRPG), a federal advisory committee, met today to present a report to the Federal Communications Commission recommending best practices that voice service providers, hospitals, and federal and state governments can follow to prevent unlawful robocalls from…