Cybersecurity
Cyber Threat Intelligence, Alerts and Reports
As part of the AHA’s commitment to helping hospitals and health systems prepare for and prevent cyber threats, we have gathered the latest government cyber threat intelligence and alerts and Health Information Sharing and Analysis Center (H-ISAC) reports.
You may be asked to enter your AHA member credentials to view certain reports and intelligence alerts.
Cybersecurity & Risk Advisory
Learn how AHA can help hospitals and health systems prepare for and mitigate cyber threats through the expertise of John Riggi, AHA’s National Advisor for Cybersecurity and Risk.
A malicious website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for unwitting internet users to visit the website. Visiting the website infects the user with the AZORult trojan, an information stealing…
This document describes a particular problem that is relevant across the healthcare sector. NCCoE cybersecurity experts will address this challenge through collaboration with members of the healthcare sector and vendors of cybersecurity solutions. The resulting reference design will detail an…
Since August 2019, unidentified cyber actors have used a Pulse Secure VPN Vulnerability CVE-2019-11510, which was disclosed this past summer, to exploit notable US entities. In August 2019, cyber actors gained unauthorized access to a US financial entity’s research network using CVE-2019-11510. In…
Since June 2019, unidentified cyber actors have used a SharePoint vulnerability, CVE-2019-0604, to exploit notable US entities. Following a widespread scanning for CVE-2019-0604 in May, June, and October 2019, respectively, cyber actors compromised the network of two…
Multiple Nation State Advanced Persistent Threat (APT) actors have weaponized CVE-2019-11510, CVE-2019-11539, and CVE-2018-13379 to gain access to vulnerable VPN devices.
In August, 2019, the Canadian Centre for Cyber Security released guidance for mitigating vulnerabilities in 3 major VPN…
Researchers disclosed the existence of 12 potentially sever security vulnerabilities with wearable technology, collectively named SweynTooth.
The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the
following information with the cybersecurity community as a primer for assisting
in the protection of our Nation’s critical infrastructure in light of the current
tensions between the Islamic Republic of Iran and the United…
This edition of Hacking Healthcare, explores the German Patient Data Protection
Act that is under criticism for its approach to cybersecurity and privacy; briefly examines the interesting effect the United States’ naming and shaming of Chinese state hackers is having; and breaks down why DNS over…
This edition of Hacking Healthcare, breaksdown new guidance from the Department of Justice (DOJ) on the legal considerations of engaging in cyber threat intelligence activities; examines the European Union Agency for Cybersecurity’s (ENISA) 51-page report on procurement cybersecurity for…
This checklist is designed as a quick reference for healthcare enterprise management to consider important factors in a teleworking strategy that minimizes downtime and latency while supporting patient care, operational and I.T. security, and supply chain resilience.