Cybersecurity strategies
The healthcare sector faces a variety of cyberthreats, but experts are constantly working to provide organizations with reliable cybersecurity strategies to address them. Learn about the latest tactics for tackling cyber risk, with efforts led by security practitioners, federal agencies and leading cybersecurity companies.
Top Stories
-
News
20 Nov 2024
HHS has not adopted all GAO cybersecurity recommendations
GAO said that it is still waiting on HHS to implement several cybersecurity recommendations laid out for the department in various GAO reports. Continue Reading
-
Feature
18 Nov 2024
Mitigating risk as healthcare supply chain attacks prevail
A focus on cyber resilience is essential for mitigating the risk of healthcare supply chain attacks, which have the potential to cause widespread disruptions. Continue Reading
-
News
25 Mar 2022
HC3, H-ISAC Urge Healthcare Sector to Prepare for Russian Cyberattacks
Echoing the President’s statements, HC3, H-ISAC, and other organizations have encouraged critical infrastructure entities to prepare for Russian cyberattacks. Continue Reading
-
Answer
25 Mar 2022
How Jefferson Health is Tackling the Cybersecurity Workforce Shortage
Jefferson Health is expanding its hiring scope and leaning on technology to manage the ongoing cybersecurity workforce shortage without sacrificing security. Continue Reading
-
News
24 Mar 2022
Scripps Health Faces Lawsuit Over Kronos Data Breach
Employees claimed that Scripps Health failed to keep accurate records of hours worked following the Kronos data breach in December. Continue Reading
-
News
24 Mar 2022
FBI IC3: Healthcare Sector Faced Most Ransomware Attacks Last Year
The healthcare sector fell victim to ransomware far more than any other critical infrastructure sector last year, the FBI’s 2021 Internet Crime Report found. Continue Reading
-
News
23 Mar 2022
CISA, FBI Warn Critical Infrastructure of SATCOM Cyber Threats
CISA and the FBI released a joint advisory warning critical infrastructure organizations of satellite communication (SATCOM) cyber risks. Continue Reading
-
News
22 Mar 2022
Biden Urges Orgs to Harden Cyber Defenses, Prepare For Russian Cyberattacks
President Biden urged all US organizations to harden their cyber defenses to prepare for potential Russian cyberattacks, and AHA echoed the call to action. Continue Reading
-
News
18 Mar 2022
How Will Biden’s $1.5 Trillion Spending Bill Impact Healthcare Cybersecurity?
The $1.5 trillion spending bill contains the Strengthening American Cybersecurity Act, which will impact healthcare cybersecurity. Continue Reading
-
News
18 Mar 2022
OCR Provides Tips for Fending Off Common Healthcare Cyberattacks
OCR’s Q1 newsletter offered tips for defending against common healthcare cyberattacks like phishing and known vulnerability exploits. Continue Reading
-
News
17 Mar 2022
Russian Cyber Actors Exploit MFA Protocols, PrintNightmare Vulnerability
CISA and HHS issued warnings about Russian state-sponsored cyber actors who exploited MFA protocols and PrintNightmare, a known vulnerability. Continue Reading
-
Answer
16 Mar 2022
Medical Device Security Requires Standards, Shared Responsibility
UL's global head of medical device security discusses the need for industry standards and shared responsibility to ensure security across the medical device supply chain. Continue Reading
-
News
16 Mar 2022
DOJ Settles First Case Under Civil Cyber-Fraud Initiative
In the DOJ’s first settlement under the Civil Cyber-Fraud Initiative, Comprehensive Health Services agreed to pay $930,000 to resolve False Claims Act allegations. Continue Reading
-
News
10 Mar 2022
Healthcare Practices Cyber Incident Response Less Than Most Sectors
Research revealed that healthcare and other critical infrastructure sectors conducted cyber incident response exercises far less often than other industries. Continue Reading
-
News
10 Mar 2022
Conti Ransomware Group Continues to Threaten Healthcare
CISA re-released its advisory on Conti ransomware group, which claimed responsibility for at least 16 US healthcare cyberattacks. Continue Reading
-
News
09 Mar 2022
HSCC Focuses On Medical Device Security in New Contract Language Template
HSCC released a contract language template for healthcare organizations to use to ensure medical device security when working with device manufacturers. Continue Reading
-
News
08 Mar 2022
7 New Vulnerabilities Threaten Supply Chain, Medical Device Security
Forescout's Vedere Labs and CyberMDX discovered seven new vulnerabilities in the PTC Axeda agent that could jeopardize supply chain and medical device security. Continue Reading
-
News
07 Mar 2022
HC3 Outlines History of Healthcare Cybersecurity From 1980s to Now
HC3 issued a comprehensive history of major healthcare cybersecurity events spanning from the 1980s to today in order to inform future defense strategies. Continue Reading
-
News
07 Mar 2022
An Investment in Cybersecurity Is an Investment in Patient Care
Cybersecurity must be treated as a top priority for healthcare organizations to ensure their ability to deliver high-quality patient care. Continue Reading
-
News
04 Mar 2022
BD Discloses Viper, Pyxis Medical Device Vulnerabilities
Becton, Dickinson and Company (BD) disclosed medical device vulnerabilities in its Viper and Pyxis products that allow for the use of hard-coded credentials. Continue Reading
-
News
04 Mar 2022
Healthcare IoT, Medical Device Vulnerability Disclosures Skyrocket
Healthcare IoT, IT, and medical device vulnerability disclosures are steadily increasing, demonstrating a need for better ICS security, Claroty found. Continue Reading
-
News
02 Mar 2022
75% of Infusion Pumps Contain Known Security Gaps, Report Finds
In 75% of more than 200,000 analyzed infusion pumps, researchers found known security gaps warranting significant medical device security concerns. Continue Reading
-
News
02 Mar 2022
Conti, Karma Ransomware Groups Target 1 Healthcare Org Simultaneously
Sophos disclosed an unusual case of two separate ransomware gangs targeting one healthcare organization simultaneously. Continue Reading
-
News
01 Mar 2022
Employee Cyber Hygiene Is Critical to Healthcare Cybersecurity
Poor employee cyber hygiene can endanger even the strongest healthcare cybersecurity architectures. Continue Reading
-
News
01 Mar 2022
OCR Director Urges Healthcare to Prioritize Cybersecurity This Year
OCR director Lisa J. Pino urged healthcare organizations to prioritize cybersecurity in 2022 as cyberattacks burden the sector. Continue Reading
-
News
28 Feb 2022
Destructive Malware Used to Target Ukraine Poses Threat to Healthcare
HermeticWiper and WhisperGate, destructive malware variants used to target Ukraine, pose an increased threat to healthcare. Continue Reading
-
News
25 Feb 2022
NIST Requests Public Comments On Improving Cybersecurity Framework
NIST issued a request for information to gather feedback on improving its Cybersecurity Framework, which serves as the gold standard for managing cyber threats. Continue Reading
-
News
24 Feb 2022
AHA: Russia’s Invasion of Ukraine Could Lead to Healthcare Cyberattacks
Hospitals and health systems should remain on high alert for healthcare cyberattacks now that Russia’s invasion of Ukraine has begun, AHA said. Continue Reading
-
News
23 Feb 2022
Log4j Vulnerabilities Put Strain on Overburdened Cybersecurity Workforce
Log4j vulnerabilities have tested organizations worldwide and may continue to have long-term effects on the cybersecurity workforce. Continue Reading
-
News
22 Feb 2022
HHS Warns of EMR, EHR Security Risks
HHS' latest brief emphasized the severity of EMR and EHR security risks and urged organizations to implement technical safeguards. Continue Reading
-
Answer
17 Feb 2022
AI in Healthcare Presents Need for Security, Privacy Standards
Duke, Mayo Clinic, and DLA Piper are teaming up to ensure that security, privacy, and safety are top-of-mind when implementing AI in healthcare. Continue Reading
-
News
16 Feb 2022
CaptureRx to Consider Filing For Bankruptcy if $4.75M Settlement Not Approved
CaptureRx will “strongly consider” filing for bankruptcy if a $4.75 million settlement to resolve data breach mishandling allegations is not approved. Continue Reading
-
News
15 Feb 2022
KLAS: Evaluating Top Healthcare IoT Security Vendors
KLAS named Medigate, Ordr, and Armis as top healthcare IoT security vendors, all of which can help organizations manage connected device security risks. Continue Reading
-
News
15 Feb 2022
Ransomware Demands, Data Leaks Skyrocketed Last Year
The 2022 CrowdStrike Global Threat Report found an 82% increase in data leaks resulting from ransomware as well as an increase in ransomware demands. Continue Reading
-
News
14 Feb 2022
Inmediata Health Reaches $1.13M Settlement After 2019 Data Breach
Inmediata Health Group reached a $1.13 million settlement to resolve a class-action lawsuit that stemmed from a 2019 Data Breach. Continue Reading
-
News
11 Feb 2022
CISA Observes Increased Critical Infrastructure Ransomware Threats
CISA, the FBI, and the NSA observed ransomware attacks against 14 of the 16 US critical infrastructure sectors last year. Continue Reading
-
Answer
10 Feb 2022
How to Effectively Communicate Healthcare Cyber Risks to C-Suite Execs
To effectively communicate healthcare cyber risks to C-suite executives, cybersecurity professionals must translate technical jargon into business deliverables. Continue Reading
-
Answer
10 Feb 2022
Importance of API Security in Healthcare Grows as Cyberattacks Increase
As more organizations rely on APIs to run critical functions, ensuring API security in healthcare is crucial to preventing cyberattacks. Continue Reading
-
News
09 Feb 2022
Critical SAP Vulnerabilities Could Lead To Cyberattacks If Not Patched
Critical SAP vulnerabilities could lead to cyberattacks, data theft, and mission-critical business disruptions, CISA warned. Continue Reading
-
News
08 Feb 2022
FBI, HHS Warn of LockBit 2.0 Ransomware Indicators of Compromise
Following the FBI’s flash alert about LockBit 2.0 ransomware indicators of compromise, HHS warned of the RaaS group’s threat to the healthcare sector. Continue Reading
-
News
08 Feb 2022
Judge Proposes Dismissal of Practicefirst Data Breach Lawsuit
A judge moved to dismiss a data breach lawsuit against medical management company Practicefirst, citing insufficient evidence of actual harm. Continue Reading
-
News
07 Feb 2022
Ireland HSE Cyberattack is a Cautionary Tale For US Healthcare Orgs
HC3 urged US healthcare organizations to learn from the May 2021 Conti cyberattack attack against the Ireland HSE that led to a nationwide IT outage. Continue Reading
-
Answer
07 Feb 2022
Navigating The Highly Saturated Healthcare Cybersecurity Market
With a highly saturated healthcare cybersecurity market, healthcare organizations may find it difficult to choose vendors and make investment decisions. Continue Reading
-
News
02 Feb 2022
Cyber Insurance Does Not Replace Need For Cybersecurity Program
Cyber insurance can help healthcare organizations manage the fallout from cyberattacks, but it does not eliminate the need for a comprehensive cybersecurity program. Continue Reading
-
News
01 Feb 2022
BlackMatter Ransomware Group No Longer Active, HC3 Says
BlackMatter ransomware group, which orchestrated cyberattacks against healthcare organizations, appears to have shut down operations. Continue Reading
-
News
01 Feb 2022
Healthcare Sector Spearheads SBOM Adoption to Support Cybersecurity
Healthcare is pioneering SBOM adoption due to growing cybersecurity concerns and the FDA’s recent medical device security guidance, the Linux Foundation found. Continue Reading
-
News
31 Jan 2022
Unpatched Vulnerabilities Remain Primary Ransomware Attack Vector
Cybercriminals continually look to unpatched vulnerabilities such as Log4j and others as primary ransomware attack vectors. Continue Reading
-
News
31 Jan 2022
Cyberattacks Against Health Plans, Business Associates Increase
Cyberattacks against health plans and business associates increased significantly last year, a Critical Insight report found. Continue Reading
-
News
28 Jan 2022
Excellus, BCBSA Reach Settlement Following 2015 Data Breach
Excellus and Blue Cross Blue Shield Association reached a settlement in a class-action lawsuit resulting from a 2015 data breach that impacted 10.5 million people. Continue Reading
-
News
28 Jan 2022
DHS Warns of Potential Russian Cyberattacks on Critical Infrastructure
As tensions mount between the US, Russia, and Ukraine, DHS warned of potential Russian cyberattacks against US critical infrastructure. Continue Reading
-
News
26 Jan 2022
Memorial Health Faces Lawsuit After Hive Ransomware Cyberattack
Hive ransomware group claimed responsibility for an August 2021 cyberattack against Memorial Health System, and victims are now demanding answers. Continue Reading
-
News
26 Jan 2022
NY Fines EyeMed $600K in Wake of Healthcare Data Breach Impacting 2.1M
EyeMed allegedly failed to implement multi-factor authentication and proper password management, leading to a 2020 healthcare data breach that impacted 2.1M people. Continue Reading
-
Answer
25 Jan 2022
As Adoption of Edge Computing in Healthcare Grows, So Do Security Needs
Edge computing in healthcare is growing alongside 5G, but organizations should expect to make big investments to ensure edge security. Continue Reading
-
Answer
25 Jan 2022
Threat Actors Shift Tactics, Targets As Ransomware Evolves
As ransomware continues to evolve, threat actors are favoring double extortion, RaaS, and software vulnerability exploits. Continue Reading
-
News
24 Jan 2022
HC3: Healthcare Adversaries Are Actively Leveraging Log4j Vulnerabilities
HC3 issued a detailed brief regarding Log4j vulnerabilities, which are being actively exploited by known healthcare adversaries. Continue Reading
-
News
21 Jan 2022
53% of Connected Medical Devices Contain Critical Vulnerabilities
Cynerio also found that 73 percent of IV pumps have a vulnerability that could jeopardize patient safety and privacy if exploited. Continue Reading
-
News
21 Jan 2022
Cyberattacks Will Be The Top Health Tech Hazard This Year, ECRI Says
After cyberattacks, ECRI predicted that supply chain problems and damaged infusion pumps are likely to cause issues in the health tech space this year. Continue Reading
-
News
20 Jan 2022
CISA: Every Organization in the US is at Risk From Cyber Threats
CISA warned US organizations to remain vigilant and review guidance surrounding Russian state-sponsored cyber threats. Continue Reading
-
News
19 Jan 2022
Accellion Settles Class-Action Lawsuit for $8.1M Following Data Breach
Accellion reached an $8.1 million settlement following a 2020 cyberattack that impacted millions of individuals. Continue Reading
-
News
18 Jan 2022
Russian Intelligence Agency Arrests REvil Ransomware Gang Members
Russia’s FSB intelligence agency detained multiple individuals associated with the REvil ransomware gang, responsible for the Colonial Pipeline cyberattack. Continue Reading
-
News
17 Jan 2022
BioPlus Specialty Pharmacy Faces Lawsuit Over Healthcare Data Breach
Florida-based BioPlus Specialty Pharmacy allegedly failed to safeguard PII and notify patients of a healthcare data breach that impacted 350K, the lawsuit claimed. Continue Reading
-
News
14 Jan 2022
Lasting Effects of Kronos Cyberattack Ripple Through Healthcare
A December cyberattack on HR management solutions provider Kronos is having lasting effects on healthcare workforce management and payroll services. Continue Reading
-
News
13 Jan 2022
Cyberattacks Increase Mortality Rates, But Healthcare Is In Denial
At a WEDI conference, Joshua Corman, chief strategist of CISA’s COVID task force, urged the healthcare sector to get realistic about the dismal consequences of cyberattacks. Continue Reading
-
News
12 Jan 2022
Critical, “Wormable” Microsoft Vulnerability Could Lead to Cyberattacks
The Microsoft HTTP Protocol Stack RCE vulnerability is “wormable,” meaning no human interaction is required for the cyberattack to spread. Continue Reading
-
News
12 Jan 2022
FBI, CISA, NSA Warn of Russian Cyber Threats to Critical Infrastructure
The FBI, CISA, and the NSA released a joint advisory about Russian state-sponsored cyber threats and urged US critical infrastructure to remain vigilant. Continue Reading
-
Feature
11 Jan 2022
Adopting Defense In Depth Strategies to Combat Healthcare Cyberattacks
The AHA’s John Riggi and Attivo Networks' Carolyn Crandall share insights on how organizations can navigate current healthcare cyber threats by using defense in depth strategies. Continue Reading
-
News
11 Jan 2022
Mespinoza, Pysa Ransomware Pose Threat to Healthcare Cybersecurity
HC3 warned the sector of Mespinoza, a cybercriminal group that operates Pysa ransomware and has a history of targeting healthcare entities. Continue Reading
-
News
10 Jan 2022
Microsoft Warns of Continued Log4j Exploitation Attempts
Microsoft observed high rates of Log4j exploitation attempts in the final week of December and warned organizations to remain vigilant. Continue Reading
-
News
07 Jan 2022
CSA Guidance Addresses Security, Privacy Risks of AI in Healthcare
Although experts forecast a promising future for AI in healthcare, security and privacy risks must be considered alongside benefits. Continue Reading
-
News
07 Jan 2022
EHR Vendor QRS Faces Lawsuit After Healthcare Cyberattack
The plaintiff argued that the August ransomware attack on EHR vendor QRS, which impacted 320,000 individuals, was the result of inadequate PHI security measures. Continue Reading
-
News
30 Dec 2021
HSCA Releases Cybersecurity Guidelines for Medical Device Manufacturers
The Healthcare Supply Chain Association released guidelines for medical device manufacturers and providers regarding cybersecurity and patient privacy. Continue Reading
-
News
29 Dec 2021
Security Professionals View Ransomware and Terrorism as Equal Threats
More than half of surveyed security professionals reported viewing ransomware and terrorism as equal threats, echoing the DOJ’s sentiments. Continue Reading
-
News
28 Dec 2021
Industry Experts Team Up to Advance Cybersecurity With AI
The C3.ai Digital Transformation Institute invited industry experts to submit proposals for advancing cybersecurity with AI in order to secure critical infrastructure. Continue Reading
-
News
28 Dec 2021
AMA Encourages Health App Developers to Implement “Privacy by Design”
AMA released guidance for health app developers to help them navigate health data governance and equitable digital health data collection. Continue Reading
-
News
27 Dec 2021
CISA Warns of 13 Vulnerabilities in Fresenius Kabi Infusion Systems
Successful exploitation of the vulnerabilities in Fresenius Kabi Agilia Connect Infusion Systems could allow for malicious activity and the exposure of sensitive information. Continue Reading
-
News
23 Dec 2021
CISA Urges Critical Infrastructure to Prepare For Holiday Cyber Threats
CISA urged critical infrastructure leaders to prepare for the impending holiday cyber threats by increasing organizational vigilance and implementing best practices. Continue Reading
-
News
22 Dec 2021
HHS 405(d) Urges Healthcare Sector to Prioritize Log4j Vulnerability
The Log4j vulnerability poses a serious threat to the healthcare sector, and most legacy systems cannot be patched. Continue Reading
-
News
22 Dec 2021
To Combat Ransomware Attacks, Communication With C-Suite is Essential
A study from (ISC)² shows that C-suite executives are looking for clearer communication and guidance from cybersecurity leaders when it comes to combatting ransomware attacks. Continue Reading
-
News
20 Dec 2021
Diagnostic Artificial Intelligence Models Can Be Tricked By Cyberattacks
Researchers discovered that diagnostic artificial intelligence models used to detect cancer were fooled by cyberattacks that falsify medical images. Continue Reading
-
News
17 Dec 2021
NJ Provider Settles Two Healthcare Data Breach Investigations For $425K
Regional Cancer Care Associates will pay $425,000 and adopt new security measures to settle two healthcare data breach investigations. Continue Reading
-
News
17 Dec 2021
39 Ransomware Groups Targeted Healthcare in the Past 18 Months
A dozen ransomware groups targeted healthcare despite making promises to not go after the sector, CyberPeace Institute data revealed. Continue Reading
-
News
15 Dec 2021
CISA Warns of Authentication Vulnerabilities in Cardiology Products
Successful exploitation of authentication vulnerabilities in certain Hillrom Welch Allyn cardiology products may allow cybercriminals to access privileged accounts, CISA warned. Continue Reading
-
News
14 Dec 2021
Majority of Patients Don’t Trust Healthcare Providers to Handle PII
Less than half of surveyed patients reported trusting their healthcare providers to safeguard their payment and personally identifiable information (PII). Continue Reading
-
News
14 Dec 2021
Severe Apache Log4j Vulnerabilities Could Result in Healthcare Cyberattacks
HC3 issued a sector alert regarding severe Apache Log4j vulnerabilities that could result in healthcare cyberattacks if exploited. Continue Reading
-
News
13 Dec 2021
Weak Passwords, Poor Cyber Hygiene Invite Healthcare Data Breaches
Preventing healthcare data breaches requires all end-users to practice better password management and cyber hygiene. Continue Reading
-
News
13 Dec 2021
Trust in Legacy IT Vendors Drops as Supply Chain Security Issues Increase
As trust in legacy IT vendors declines, supply chain security issues are increasing and organizations are reporting higher ransomware payout demands and extortion fees. Continue Reading
-
Feature
10 Dec 2021
Why Endpoint Security is Critical For Healthcare Cybersecurity
Endpoint security should be the cornerstone of any healthcare organization’s cybersecurity architecture. Continue Reading
-
News
09 Dec 2021
Workforce Burnout Presents Cybersecurity Risks, Report Finds
People suffering from workforce burnout are more apathetic and lenient about cybersecurity risks and policies, researchers found. Continue Reading
-
News
09 Dec 2021
FBI Warns Healthcare of Cuba Ransomware in Latest Flash Alert
Cuba ransomware actors have compromised 49 entities in five critical infrastructure sectors including healthcare, a new FBI flash alert warned. Continue Reading
-
News
08 Dec 2021
Sabbath Ransomware Targeting Healthcare, Mandiant Warns
Sabbath ransomware, previously operating as Arcane and Eruption, has been targeting healthcare and critical infrastructure, Mandiant warned. Continue Reading
-
Feature
07 Dec 2021
Is Killware Really the Next Evolution of Healthcare Ransomware Attacks?
"Killware" may sound more threatening, but traditional, financially motivated cyberattacks are still the biggest risk to healthcare cybersecurity. Continue Reading
-
News
06 Dec 2021
HHS Launches New Website to Align Healthcare Cybersecurity
HHS launched a website for the 405(d) Program, which is comprised of a task force focused on aligning healthcare cybersecurity approaches across the sector. Continue Reading
-
News
03 Dec 2021
FDA, MITRE, MDIC Create Medical Device Threat Modeling Playbook
MITRE and the Medical Device Innovation Consortium (MDIC) partnered with the FDA to release a playbook for medical device threat modeling. Continue Reading
-
News
03 Dec 2021
Tardigrade Malware Poses Unprecedented Threat to Biomanufacturers
Bad actors used Tardigrade malware to target a vaccine biomanufacturing facility, and experts are advising the healthcare sector to stay vigilant. Continue Reading
-
Feature
01 Dec 2021
Security, Privacy Risks of Artificial Intelligence in Healthcare
As regulatory agencies work to catch up to technological advances, the security and privacy risks of artificial intelligence in healthcare remain. Continue Reading
-
News
29 Nov 2021
Patients File Lawsuits in Wake of Healthcare Data Breaches
Some hospitals are successfully putting a stop to lawsuits filed in the wake of healthcare data breaches, claiming a lack of real injury to patients. Continue Reading
-
News
29 Nov 2021
H-ISAC Releases CISO Guide for Identity-Centric Data Sharing
H-ISAC released a guide to help CISOs navigate the 21st Century Cures Act by adopting an identity-centric data sharing approach. Continue Reading
-
News
24 Nov 2021
Philips Discloses Additional Medical Device Security Vulnerabilities
Philips issued disclosed two new medical device security vulnerabilities impacting patient monitoring and medical device interfacing devices. Continue Reading
-
News
23 Nov 2021
CISA Warns Critical Infrastructure of Holiday Ransomware Risks
CISA warned US critical infrastructure entities to stay vigilant against ransomware and other cyber threats during the upcoming holiday. Continue Reading
-
Feature
23 Nov 2021
Top Healthcare Cybersecurity Challenges, How to Overcome Them
With a multitude of critical data and patient safety hanging in the balance, there is a unique set of healthcare cybersecurity challenges that must be carefully considered. Continue Reading
-
News
22 Nov 2021
Zero-Day Attacks Threaten Healthcare Cybersecurity
Zero-day attacks pose a serious threat to the healthcare sector and can be difficult to mitigate, HC3 warned in its latest threat brief. Continue Reading
-
News
22 Nov 2021
32% of Healthcare Organizations Have a Comprehensive Security Program
Core components of a comprehensive security program include regular reporting of security deficiencies and having a designated CISO. Continue Reading