Cybersecurity strategies
The healthcare sector faces a variety of cyberthreats, but experts are constantly working to provide organizations with reliable cybersecurity strategies to address them. Learn about the latest tactics for tackling cyber risk, with efforts led by security practitioners, federal agencies and leading cybersecurity companies.
Top Stories
-
News
20 Nov 2024
HHS has not adopted all GAO cybersecurity recommendations
GAO said that it is still waiting on HHS to implement several cybersecurity recommendations laid out for the department in various GAO reports. Continue Reading
-
Feature
18 Nov 2024
Mitigating risk as healthcare supply chain attacks prevail
A focus on cyber resilience is essential for mitigating the risk of healthcare supply chain attacks, which have the potential to cause widespread disruptions. Continue Reading
-
News
03 Aug 2022
Undefined Roles, Responsibilities For Medical Device Security Heighten Risks
Organizations are struggling to define security roles and responsibilities, even as IoT and medical device security concerns continue to grow, Cynerio and the Ponemon Institute found. Continue Reading
-
News
01 Aug 2022
Meta Faces Another Lawsuit Over Health Data Privacy Practices
Meta is facing scrutiny over its health data privacy practices after allegedly scraping health data from hundreds of hospital websites using its Meta Pixel tracker. Continue Reading
-
News
01 Aug 2022
Growing Body of Data Shows High Healthcare Breach Risk
Hackers have their targets aimed at healthcare and organizations must take action to avoid preventable healthcare breaches. Continue Reading
-
News
28 Jul 2022
IoT Malware Attack Volume Up 123% in Healthcare
SonicWall observed a 123% spike in IoT malware attack volume in healthcare, but a decrease in the number of organizations targeted. Continue Reading
-
News
27 Jul 2022
Clearwater Acquires TECH LOCK, Expands Cybersecurity, HIPAA Compliance Services
Clearwater’s acquisition of TECH LOCK will allow it to provide additional cybersecurity and HIPAA compliance services to its customers. Continue Reading
-
News
27 Jul 2022
Average Healthcare Data Breach Costs Surpass $10M, IBM Finds
The average cost of a healthcare data breach climbed to $10.1 million, a new IBM Security report found. Continue Reading
-
News
26 Jul 2022
Tenet Healthcare Cyberattack Leads to $100M in Lost Q2 Revenue
Tenet Healthcare suffered a cyberattack that had an “unfavorable impact” of approximately $100 million, its Q2 earnings report stated. Continue Reading
-
News
25 Jul 2022
Web Application Attacks Threaten Healthcare Cybersecurity, HC3 Says
Web application attacks are becoming an increasingly popular cyberattack method and continue to threaten healthcare cybersecurity. Continue Reading
-
News
22 Jul 2022
NIST Updates Healthcare Cybersecurity, HIPAA Security Rule Guidance
NIST issued a new draft publication on healthcare cybersecurity and implementing HIPAA Security Rule requirements. Continue Reading
-
News
21 Jul 2022
Google Cloud Partners With Health-ISAC to Advance Healthcare Cybersecurity
Google Cloud will bring its subject matter experts and resources to strengthen healthcare cybersecurity as an ambassador partner to Health-ISAC. Continue Reading
-
News
21 Jul 2022
CSA Issues Guidance on Third-Party Risk Management in Healthcare
Proper third-party risk management strategies are crucial to maintaining healthcare cybersecurity as cyber threats continue to grow. Continue Reading
-
News
20 Jul 2022
DOJ Seizes $500K From Maui Ransomware Following Healthcare Cyberattacks
The DOJ announced that it seized $500K stemming from healthcare cyberattacks committed by North Korean-backed Maui ransomware. Continue Reading
-
News
20 Jul 2022
Data Breach Settlement: BJC HealthCare Agrees to Put $2.7M Into Email Security
Under the terms of a data breach settlement, BJC HealthCare agreed to devote $2.7 million to email security efforts and implementing multifactor authentication. Continue Reading
-
News
19 Jul 2022
White House to Host National Cyber Workforce Education Summit
National Cyber Director Chris Inglis will convene a National Cyber Workforce and Education Summit to combat the ongoing cybersecurity workforce shortage. Continue Reading
-
News
19 Jul 2022
Health Sector Suffered 337 Healthcare Data Breaches in First Half of Year
Providers accounted for the highest number of healthcare data breaches so far this year, followed by business associates and health plans. Continue Reading
-
Feature
18 Jul 2022
Increasing API Adoption While Addressing Healthcare Cybersecurity Concerns
With healthcare cybersecurity best practices in mind, API adoption can help organizations increase interoperability, efficiency, and security. Continue Reading
-
News
15 Jul 2022
Cyber Safety Review Board Declares Log4j An “Endemic Vulnerability”
The Cyber Safety Review Board predicted that Log4j incidents will continue for years to come and labeled it as an “endemic vulnerability.” Continue Reading
-
News
14 Jul 2022
Tenet Healthcare, Baptist Health Face Healthcare Data Breach Lawsuit
Texas-based Tenet Healthcare and its affiliate Baptist Health System are facing a healthcare data breach lawsuit relating to an April security incident. Continue Reading
-
News
14 Jul 2022
Security Awareness and Training Crucial to Preventing Healthcare Phishing Attacks
Security awareness and training greatly decreased the likelihood of an employee falling for a healthcare phishing attack, KnowBe4 researchers found. Continue Reading
-
News
13 Jul 2022
Maintaining Health Data Security, Resilience With Autonomous Governance
Autonomous governance can help healthcare organizations maintain health data security, resilience, and compliance. Continue Reading
-
News
12 Jul 2022
Healthcare Orgs Struggle With IIoT, OT Security Project Implementation
Healthcare organizations are struggling with IIoT and OT security project implementation as the cyber threat landscape continues to fluctuate. Continue Reading
-
News
07 Jul 2022
CISA, FBI, FinCEN Warn of MedusaLocker Ransomware Cyber Risks
CISA, the FBI, the Department of Treasury, and FinCEN brought attention to MedusaLocker ransomware in a recent alert and warned organizations to apply proper mitigations. Continue Reading
-
News
06 Jul 2022
FBI: North Korean Cyber Actors Using Maui Ransomware to Target Healthcare
CISA and the FBI warned the healthcare industry of North Korean state-sponsored cyber actors who have been using Maui ransomware to target the sector. Continue Reading
-
News
01 Jul 2022
Orgs Adopt Healthcare Cybersecurity Tech to Keep Cyber Insurance Premiums Down
Surveyed healthcare cybersecurity leaders said they invested in MFA solutions and identity and access management tools to keep cyber insurance premiums down. Continue Reading
-
News
29 Jun 2022
AHA Expresses Member Support for PATCH Act, Medical Device Security
On behalf of its members, the American Hospital Association (AHA) expressed its support for the PATCH Act, introduced in April to enhance medical device security. Continue Reading
-
News
27 Jun 2022
CISA Alerts Healthcare Sector to OFFIS DCMTK Cybersecurity Vulnerabilities
Healthcare organizations using OFFIS DCMTK software should deploy updates immediately in light of recently discovered cybersecurity vulnerabilities. Continue Reading
-
News
27 Jun 2022
CISA Warns of Continued Log4Shell Exploits in VMware Horizon Systems
CISA and the US Coast Guard Cyber Command released a joint advisory alerting critical infrastructure to continued Log4Shell exploits in VMware horizon systems. Continue Reading
-
News
23 Jun 2022
As API Adoption in Healthcare Skyrockets, Cybersecurity Risks Follow
API adoption is rapidly increasing across the healthcare sector, but the cybersecurity risks that come along with APIs cannot be ignored. Continue Reading
-
News
20 Jun 2022
Select Hillrom Electrocardiograph Products Impacted by Medical Device Vulnerabilities
Successful exploitation of medical device vulnerabilities in certain Hillrom electrocardiograph products may result in improper access. Continue Reading
-
News
17 Jun 2022
HHS Provides Tips For Strengthening Cyber Posture in Healthcare
The cybersecurity arm of HHS issued a brief outlining tips and tactics for strengthening cyber posture in the healthcare sector. Continue Reading
-
Feature
16 Jun 2022
Operational Technology (OT) Security Risks, Best Practices in Healthcare
As healthcare becomes increasingly interconnected, organizations should prioritize operational technology (OT) security efforts alongside IT security. Continue Reading
-
News
14 Jun 2022
CISA, FBI, NSA Provide Tips For Countering China-Backed Cyber Threats
CISA, the FBI, and the NSA encouraged critical infrastructure entities to apply patches and replace end-of-life infrastructure to counter China-backed cyber threats. Continue Reading
-
News
14 Jun 2022
Bill Calls on FDA to Regularly Update Medical Device Security Guidelines
Senators introduced a bill that would require the FDA to update medical device security guidelines every two years. Continue Reading
-
News
09 Jun 2022
54% of CISOs Struggle to Convince Board to Prioritize Cybersecurity Investments
A new report shows that while communication with the board is improving at many organizations, CISOs still struggle to obtain cybersecurity investments. Continue Reading
-
News
09 Jun 2022
RSA Conference: H-ISAC, Microsoft, 30+ Others Sign Cyber Risk Management Pledge
At the RSA Conference, H-ISAC, Verizon, Microsoft, and more than 30 other organizations signed a cyber risk management pledge to combat ransomware and other cyber threats. Continue Reading
-
News
07 Jun 2022
RSA Conference: Experts Say Medical Device Security Trending in Right Direction
Experts still point to the prominence of legacy devices as a bottleneck to improving medical device security on a larger scale. Continue Reading
-
News
07 Jun 2022
Emotet Reemerges as Prominent Cyber Threat to Healthcare
Emotet has disappeared and reappeared multiple times throughout the years, but HHS warned of its return as a cyber threat to healthcare in its latest brief. Continue Reading
-
News
06 Jun 2022
Healthcare Organizations Struggle to Obtain Cyber Insurance Policies, Report Shows
As healthcare ransomware attacks increase, Sophos observed healthcare organizations struggling to obtain coveted cyber insurance policies. Continue Reading
-
News
06 Jun 2022
BD, CISA Warn of Medical Device Security Vulnerabilities in BD Synapsys, Pyxis Devices
BD disclosed medical device security vulnerabilities in certain Synapsys and Pyxis devices that have low attack complexity and could result in PHI exposure if exploited. Continue Reading
-
News
06 Jun 2022
Leveraging Immutable Infrastructure to Help Protect an Organization’s Healthcare Data
Immutable infrastructure allows for consistency and helps healthcare organizations maintain data integrity and safeguard sensitive information. Continue Reading
-
News
03 Jun 2022
FDA Urges Healthcare to Patch Severe Illumina Cybersecurity Vulnerabilities
The FDA urged organizations to immediately patch cybersecurity vulnerabilities that impact certain Illumina medical devices. Continue Reading
-
News
02 Jun 2022
FBI Blocked Iranian-Backed Cyberattack on Boston Children’s Hospital Last Year
FBI Director Christopher Wray said the bureau thwarted an Iranian government-backed cyberattack against Boston Children’s Hospital in 2021. Continue Reading
-
News
02 Jun 2022
MDIC, HSCC Team Up to Establish Medical Device Security Benchmarks
Experts from MDIC, HSCC, and BD discuss a new self-assessment tool that aims to establish medical device security benchmarks. Continue Reading
-
News
01 Jun 2022
IT Specialist Charged in Healthcare Cyberattack Highlights Insider Threat Risks
An IT specialist has been indicted on a federal criminal charge after allegedly hacking into a Chicago healthcare organization’s server where he formerly worked. Continue Reading
-
News
31 May 2022
Clearwater Acquires CynergisTek for $17.7M to Tackle Healthcare Cybersecurity
Clearwater and CynergisTek will join forces to address healthcare cybersecurity, privacy, and compliance. Continue Reading
-
Feature
27 May 2022
Common Types of Social Engineering, Phishing Attacks in Healthcare
Phishing remains one of the most effective social engineering attacks used against healthcare organizations. Continue Reading
-
News
26 May 2022
Shadow Code, Third-Party Scripts Pose Healthcare Cybersecurity Risks
Third-party scripts can enable enhanced functionality, but a new report suggests that these scripts may also introduce shadow code and healthcare cybersecurity risks. Continue Reading
-
News
26 May 2022
HC3 Highlights Tactics, Techniques of Four Major Russian Cyber Organizations
HC3 provided notes on the tactics, techniques, and procedures of four major cyber organizations linked to the Russian Intelligence Services. Continue Reading
-
Answer
25 May 2022
Exploring the Value, Limitations of Medical Device Security Legislation
Medical device security legislation such as the PATCH Act may revolutionize security standards in the future, but organizations need to act now to secure legacy systems and devices. Continue Reading
-
News
24 May 2022
Verizon DBIR: Healthcare Cyberattacks Increase, Insider Threats Remain
The Verizon Data Breach Investigations Report (DBIR) showed an uptick in basic web application attacks and system intrusions in healthcare as cyberattacks increase across all industries. Continue Reading
-
News
24 May 2022
APT Actors Seen Chaining Unpatched VMware Vulnerabilities, CISA Warns
CISA has observed APT actors chaining multiple VMware vulnerabilities in order to gain full system control. Continue Reading
-
News
23 May 2022
Experts Testify on Healthcare Cybersecurity Issues at Senate Hearing
At the Senate HELP hearing, industry leaders testified on the current state of healthcare cybersecurity, advocating for immediate improvements to federal cybersecurity protocols. Continue Reading
-
News
19 May 2022
Healthcare Security Culture Trending in the Right Direction, But Needs Improvement
Survey results show a moderately strong security culture in the healthcare sector, but there is still work to be done. Continue Reading
-
News
18 May 2022
Ransomware Groups Continue to Leverage Old Vulnerabilities
Ransomware groups are continually going after old vulnerabilities and tried-and-true attack methods to exploit victims. Continue Reading
-
News
17 May 2022
Cybersecurity Authorities Issue Advisory on Common Initial Access Tactics
Cybersecurity authorities from the US, the UK, Canada, the Netherlands, and New Zealand outlined common practices that threat actors use to gain initial access to victim networks. Continue Reading
-
News
17 May 2022
CA Health Plan Faces Lawsuit After Cybersecurity Incident Linked to Hive Ransomware
Partnership HealthPlan of California is facing a lawsuit related to a March 2022 cybersecurity incident claimed by Hive ransomware group. Continue Reading
-
News
16 May 2022
CSA Provides Best Practices For Healthcare Supply Chain Cybersecurity
The Cloud Security Alliance recommended that organizations inventory all suppliers and regularly assess risk to ensure healthcare supply chain security. Continue Reading
-
News
12 May 2022
Nations Warn of Cyber Threats to Managed Service Providers
Five nations came together to warn critical infrastructure of increased cyber threats toward managed service providers (MSPs), and AHA echoed the warning for healthcare. Continue Reading
-
News
11 May 2022
FDA Bill Includes Medical Device Security Requirements For Manufacturers
New FDA user fee legislation would require manufacturers to meet certain medical device security requirements as part of their premarket submission. Continue Reading
-
News
10 May 2022
US Offers $15M Reward For Information About Conti Ransomware
The US is offering up to $15 million for information about Conti ransomware, a group that claimed responsibility for at least 16 cyberattacks against US healthcare entities. Continue Reading
-
News
09 May 2022
HC3: Ransomware Groups Leveraged Remote Access, Encryption Tools in Q1
HC3 observed ransomware groups increasingly leveraging legitimate tools such as file transfer and remote access to target organizations in Q1. Continue Reading
-
Feature
06 May 2022
Responding To a Healthcare Ransomware Attack: A Step-By-Step Guide
With a comprehensive incident response plan, organizations can respond to healthcare ransomware attacks efficiently and effectively. Continue Reading
-
News
05 May 2022
Best Practices For Password Security, Cyber Hygiene
Healthcare organizations should encourage cyber hygiene among employees and require proper password security measures, such as multifactor authentication. Continue Reading
-
Answer
05 May 2022
Exploring Challenges, Benefits of Cyber Insurance in Healthcare
Cyber insurance coverage can help healthcare organizations minimize losses in the wake of a data breach, but it does not replace the need for a comprehensive security strategy. Continue Reading
-
News
04 May 2022
Maintaining Business Continuity In An Age of Increased Threats
A focus on enterprise resilience can facilitate business continuity and enable organizations to tackle any crisis, from ransomware to natural disasters. Continue Reading
-
News
03 May 2022
OIG: Evaluation of FISMA Shows HHS Security Program “Not Effective”
Consistent with government audits from recent years, OIG’s FISMA compliance audit of 2021 once again found HHS’ security program ineffective. Continue Reading
-
News
02 May 2022
HSCC Creates Operational Continuity Checklist For Navigating Cyberattacks
HSCC’s latest guide provides tips for maintaining operational continuity amid a serious cyberattack. Continue Reading
-
News
02 May 2022
FBI Identifies BlackCat/ALPHV Ransomware Indicators of Compromise
The FBI issued a flash alert warning organizations of BlackCat/ALPHV ransomware, a group linked to the notorious Darkside/BlackMatter ransomware groups. Continue Reading
-
Feature
29 Apr 2022
Is the Proliferation of Cybersecurity Vendors Helping or Hurting Healthcare?
The proliferation of cybersecurity vendors calls for wiser investment decisions rather than inflated budgets, Michael Carr explained at the HealthITSecurity Virtual Summit. Continue Reading
-
News
28 Apr 2022
Log4j, ProxyShell Among Top Exploited Vulnerabilities Last Year
CISA’s list of the top 15 routinely exploited vulnerabilities included 3 that were also routinely exploited in 2020, showing a need to prioritize patching. Continue Reading
-
News
28 Apr 2022
HSCC Publishes Medical Device Vulnerability Communications Toolkit
HSCC advised medical device manufacturers to use clear and concise language in medical device vulnerability communications. Continue Reading
-
Feature
27 Apr 2022
What Is Holding Healthcare Back From Digital Transformation?
Barriers to digital transformation in healthcare include the ongoing cybersecurity workforce shortage and the sector's reliance on legacy systems. Continue Reading
-
News
26 Apr 2022
Solara Medical Supplies Faces $5M Proposed Settlement After Data Breach
The proposed settlement would require Solara Medical Supplies to pay $5 million in light of a months-long 2019 data breach that impacted 114,000 individuals. Continue Reading
-
News
26 Apr 2022
WEDI Responds to NIST’S RFI, Urges Increased Focus on Ransomware
In response to NIST’S request for information, WEDI urged the institute to increase its focus on ransomware and address third-party app security challenges. Continue Reading
-
News
25 Apr 2022
Zero-Day Exploits Reached All-Time High Last Year Report Finds
Threat actors committed a record number of zero-day exploits in 2021 according to Mandiant’s research. Continue Reading
-
News
25 Apr 2022
CISA Expands Joint Cyber Defense Collaborative to Include ICS Experts
Private sector ICS security experts will join CISA's Joint Cyber Defense Collaborative (JCDC). Continue Reading
-
News
22 Apr 2022
CISA, AHA Sound Alarm on Russian State-Sponsored Cyber Threats
CISA and AHA underscored the risk of Russian state-sponsored cyber threats to critical infrastructure. Continue Reading
-
News
22 Apr 2022
Managing Risk of Insider Threats in Healthcare Cybersecurity
Careless workers, disgruntled employees, and third parties are insider threats that can pose cybersecurity risks to healthcare organizations. Continue Reading
-
News
21 Apr 2022
Healthcare Sector Faced Brunt of DDoS Attacks Last Year, Report Finds
The pandemic spurred an increase in DDoS attacks against the healthcare, education, and government sectors. Continue Reading
-
News
20 Apr 2022
HHS Underscores Risk of Hive Ransomware
HHS identified Hive ransomware group as an “exceptionally aggressive” group known to target the healthcare sector with financially motivated cyberattacks. Continue Reading
-
News
20 Apr 2022
60% of Healthcare Orgs Say Third-Party Risk Management Needs Improvement
Most surveyed healthcare organizations admitted that third-party risk management and compliance efforts could use some improvement, Kiteworks found. Continue Reading
-
News
18 Apr 2022
SuperCare Health Faces Lawsuit After Data Breach Impacts 318K
The plaintiff is seeking class-action status in a lawsuit against SuperCare Health, alleging that the organization’s “incompetent security measures” led to the data breach. Continue Reading
-
News
18 Apr 2022
Healthcare Orgs Struggle With Software Supply Chain Risk Management Policies
The majority of surveyed healthcare organizations said that they had not fully implemented software supply chain risk management policies. Continue Reading
-
News
15 Apr 2022
CISA, FBI Warn of APT Cyber Tools Affecting ICS/SCADA Devices
Advanced persistent threat (APT) actors developed custom tools to target ICS/SCADA devices and compromise OT networks. Continue Reading
-
News
14 Apr 2022
Microsoft Takes Legal Action to Disrupt ZLoader Botnet
Microsoft’s Digital Crimes Unit took control of hundreds of domains that the ZLoader cyber crime gang used to control its botnet. Continue Reading
-
News
14 Apr 2022
NIST Highlights Enterprise Patch Management in Latest Guidance
NIST’s National Cybersecurity Center of Excellence (NCCoE) released final guidance for enterprise patch management. Continue Reading
-
News
13 Apr 2022
CISA Issues Guidance on Cybersecurity Information Sharing
CISA emphasized the importance of cybersecurity information sharing for critical infrastructure entities in its latest guide. Continue Reading
-
News
12 Apr 2022
JekyllBot:5 Vulnerabilities Impact Mobile Robot Used in Healthcare
Cynerio discovered a new set of critical vulnerabilities, dubbed JekyllBot:5, that impact Aethon TUG smart autonomous mobile robots used globally in hospitals. Continue Reading
-
News
11 Apr 2022
Healthcare Data Breach Lawsuits On the Rise, Report Shows
BakerHostetler saw an uptick in data breach lawsuits in the weeks following incident notification, especially against healthcare organizations. Continue Reading
-
News
08 Apr 2022
HC3 Warns of Lapsus$ Cyber Threat Group
Lapsus$ is a new cyber threat group that focuses on bribery and non-ransomware extortion and may pose a threat to the healthcare sector. Continue Reading
-
News
08 Apr 2022
FDA Seeks Feedback on Medical Device Security Guidance
The FDA is seeking stakeholder feedback on its updated medical device security guidance regarding premarket submissions. Continue Reading
-
News
06 Apr 2022
Software Vulnerabilities Point to Need for ICS Security in Healthcare
Industrial control system (ICS) security requires defense in depth measures and regular vulnerability patching. Continue Reading
-
News
05 Apr 2022
CT Health Insurance Exchange Failed to Report 44 Breaches, Audit Finds
The Connecticut Health Insurance Exchange failed to report 44 data breaches to state agencies, an audit found. Continue Reading
-
News
04 Apr 2022
Senators Introduce PATCH Act to Ensure Medical Device Security
The Protecting and Transforming Cyber Health Care (PATCH) Act aims to ensure medical device security by implementing premarket cybersecurity requirements. Continue Reading
-
News
01 Apr 2022
EHI Provides Guidance for Protecting non-HIPAA-Covered Health Data
Executives for Health Innovation (EHI) released guidance for protecting non-HIPAA-covered health data held by health tech companies. Continue Reading
-
News
01 Apr 2022
CISA Warns of Uninterruptible Power Supply (UPS) Device Cyberattacks
Threat actors deployed cyberattacks via uninterruptible power supply (UPS) devices, popular internet-connected devices used across a variety of sectors. Continue Reading
-
News
31 Mar 2022
Small Healthcare Practices More Vulnerable to Data Breaches, Cyberattacks
Just Under 50 percent of small healthcare organizations and 15 percent of large practices reported not having a plan of action in the event of a data breach, a survey found. Continue Reading
-
News
30 Mar 2022
FDA, OIG Request Cybersecurity Investments in FY 2023 Budget
The FDA is seeking $5 million for medical device security, and OIG plans to invest $20 billion in cybersecurity improvements and information blocking enforcement. Continue Reading
-
News
30 Mar 2022
H-ISAC Report Identifies Top Cyber Threats Concerning Healthcare Execs
H-ISAC and Booz Allen Hamilton’s latest report identified ransomware, phishing, and third-party breaches as the top cyber threats concerning healthcare executives. Continue Reading
-
News
28 Mar 2022
Senators Introduce Healthcare Cybersecurity Act
The Healthcare Cybersecurity Act aims to promote collaboration between CISA and HHS to enhance cybersecurity efforts across the sector. Continue Reading