Cybersecurity strategies
The healthcare sector faces a variety of cyberthreats, but experts are constantly working to provide organizations with reliable cybersecurity strategies to address them. Learn about the latest tactics for tackling cyber risk, with efforts led by security practitioners, federal agencies and leading cybersecurity companies.
Top Stories
-
News
08 Jul 2024
HC3 warns sector of critical MOVEit cybersecurity vulnerabilities
Healthcare organizations should prioritize patching two critical cybersecurity vulnerabilities found in Progress Software’s MOVEit managed file transfer platform. Continue Reading
-
News
01 Jul 2024
HHS, FBI warn healthcare sector of social engineering scheme
Threat actors have been using phishing schemes to steal login credentials and divert automated clearinghouse payments, HHS and the FBI warned in a joint cybersecurity advisory. Continue Reading
-
News
07 Mar 2022
An Investment in Cybersecurity Is an Investment in Patient Care
Cybersecurity must be treated as a top priority for healthcare organizations to ensure their ability to deliver high-quality patient care. Continue Reading
-
News
04 Mar 2022
BD Discloses Viper, Pyxis Medical Device Vulnerabilities
Becton, Dickinson and Company (BD) disclosed medical device vulnerabilities in its Viper and Pyxis products that allow for the use of hard-coded credentials. Continue Reading
-
News
04 Mar 2022
Healthcare IoT, Medical Device Vulnerability Disclosures Skyrocket
Healthcare IoT, IT, and medical device vulnerability disclosures are steadily increasing, demonstrating a need for better ICS security, Claroty found. Continue Reading
-
News
02 Mar 2022
75% of Infusion Pumps Contain Known Security Gaps, Report Finds
In 75% of more than 200,000 analyzed infusion pumps, researchers found known security gaps warranting significant medical device security concerns. Continue Reading
-
News
02 Mar 2022
Conti, Karma Ransomware Groups Target 1 Healthcare Org Simultaneously
Sophos disclosed an unusual case of two separate ransomware gangs targeting one healthcare organization simultaneously. Continue Reading
-
News
01 Mar 2022
Employee Cyber Hygiene Is Critical to Healthcare Cybersecurity
Poor employee cyber hygiene can endanger even the strongest healthcare cybersecurity architectures. Continue Reading
-
News
01 Mar 2022
OCR Director Urges Healthcare to Prioritize Cybersecurity This Year
OCR director Lisa J. Pino urged healthcare organizations to prioritize cybersecurity in 2022 as cyberattacks burden the sector. Continue Reading
-
News
28 Feb 2022
Destructive Malware Used to Target Ukraine Poses Threat to Healthcare
HermeticWiper and WhisperGate, destructive malware variants used to target Ukraine, pose an increased threat to healthcare. Continue Reading
-
News
25 Feb 2022
NIST Requests Public Comments On Improving Cybersecurity Framework
NIST issued a request for information to gather feedback on improving its Cybersecurity Framework, which serves as the gold standard for managing cyber threats. Continue Reading
-
News
24 Feb 2022
AHA: Russia’s Invasion of Ukraine Could Lead to Healthcare Cyberattacks
Hospitals and health systems should remain on high alert for healthcare cyberattacks now that Russia’s invasion of Ukraine has begun, AHA said. Continue Reading
-
News
23 Feb 2022
Log4j Vulnerabilities Put Strain on Overburdened Cybersecurity Workforce
Log4j vulnerabilities have tested organizations worldwide and may continue to have long-term effects on the cybersecurity workforce. Continue Reading
-
News
22 Feb 2022
HHS Warns of EMR, EHR Security Risks
HHS' latest brief emphasized the severity of EMR and EHR security risks and urged organizations to implement technical safeguards. Continue Reading
-
Answer
17 Feb 2022
AI in Healthcare Presents Need for Security, Privacy Standards
Duke, Mayo Clinic, and DLA Piper are teaming up to ensure that security, privacy, and safety are top-of-mind when implementing AI in healthcare. Continue Reading
-
News
16 Feb 2022
CaptureRx to Consider Filing For Bankruptcy if $4.75M Settlement Not Approved
CaptureRx will “strongly consider” filing for bankruptcy if a $4.75 million settlement to resolve data breach mishandling allegations is not approved. Continue Reading
-
News
15 Feb 2022
KLAS: Evaluating Top Healthcare IoT Security Vendors
KLAS named Medigate, Ordr, and Armis as top healthcare IoT security vendors, all of which can help organizations manage connected device security risks. Continue Reading
-
News
15 Feb 2022
Ransomware Demands, Data Leaks Skyrocketed Last Year
The 2022 CrowdStrike Global Threat Report found an 82% increase in data leaks resulting from ransomware as well as an increase in ransomware demands. Continue Reading
-
News
14 Feb 2022
Inmediata Health Reaches $1.13M Settlement After 2019 Data Breach
Inmediata Health Group reached a $1.13 million settlement to resolve a class-action lawsuit that stemmed from a 2019 Data Breach. Continue Reading
-
News
11 Feb 2022
CISA Observes Increased Critical Infrastructure Ransomware Threats
CISA, the FBI, and the NSA observed ransomware attacks against 14 of the 16 US critical infrastructure sectors last year. Continue Reading
-
Answer
10 Feb 2022
How to Effectively Communicate Healthcare Cyber Risks to C-Suite Execs
To effectively communicate healthcare cyber risks to C-suite executives, cybersecurity professionals must translate technical jargon into business deliverables. Continue Reading
-
Answer
10 Feb 2022
Importance of API Security in Healthcare Grows as Cyberattacks Increase
As more organizations rely on APIs to run critical functions, ensuring API security in healthcare is crucial to preventing cyberattacks. Continue Reading
-
News
09 Feb 2022
Critical SAP Vulnerabilities Could Lead To Cyberattacks If Not Patched
Critical SAP vulnerabilities could lead to cyberattacks, data theft, and mission-critical business disruptions, CISA warned. Continue Reading
-
News
08 Feb 2022
FBI, HHS Warn of LockBit 2.0 Ransomware Indicators of Compromise
Following the FBI’s flash alert about LockBit 2.0 ransomware indicators of compromise, HHS warned of the RaaS group’s threat to the healthcare sector. Continue Reading
-
News
08 Feb 2022
Judge Proposes Dismissal of Practicefirst Data Breach Lawsuit
A judge moved to dismiss a data breach lawsuit against medical management company Practicefirst, citing insufficient evidence of actual harm. Continue Reading
-
News
07 Feb 2022
Ireland HSE Cyberattack is a Cautionary Tale For US Healthcare Orgs
HC3 urged US healthcare organizations to learn from the May 2021 Conti cyberattack attack against the Ireland HSE that led to a nationwide IT outage. Continue Reading
-
Answer
07 Feb 2022
Navigating The Highly Saturated Healthcare Cybersecurity Market
With a highly saturated healthcare cybersecurity market, healthcare organizations may find it difficult to choose vendors and make investment decisions. Continue Reading
-
News
02 Feb 2022
Cyber Insurance Does Not Replace Need For Cybersecurity Program
Cyber insurance can help healthcare organizations manage the fallout from cyberattacks, but it does not eliminate the need for a comprehensive cybersecurity program. Continue Reading
-
News
01 Feb 2022
BlackMatter Ransomware Group No Longer Active, HC3 Says
BlackMatter ransomware group, which orchestrated cyberattacks against healthcare organizations, appears to have shut down operations. Continue Reading
-
News
01 Feb 2022
Healthcare Sector Spearheads SBOM Adoption to Support Cybersecurity
Healthcare is pioneering SBOM adoption due to growing cybersecurity concerns and the FDA’s recent medical device security guidance, the Linux Foundation found. Continue Reading
-
News
31 Jan 2022
Unpatched Vulnerabilities Remain Primary Ransomware Attack Vector
Cybercriminals continually look to unpatched vulnerabilities such as Log4j and others as primary ransomware attack vectors. Continue Reading
-
News
31 Jan 2022
Cyberattacks Against Health Plans, Business Associates Increase
Cyberattacks against health plans and business associates increased significantly last year, a Critical Insight report found. Continue Reading
-
News
28 Jan 2022
Excellus, BCBSA Reach Settlement Following 2015 Data Breach
Excellus and Blue Cross Blue Shield Association reached a settlement in a class-action lawsuit resulting from a 2015 data breach that impacted 10.5 million people. Continue Reading
-
News
28 Jan 2022
DHS Warns of Potential Russian Cyberattacks on Critical Infrastructure
As tensions mount between the US, Russia, and Ukraine, DHS warned of potential Russian cyberattacks against US critical infrastructure. Continue Reading
-
News
26 Jan 2022
Memorial Health Faces Lawsuit After Hive Ransomware Cyberattack
Hive ransomware group claimed responsibility for an August 2021 cyberattack against Memorial Health System, and victims are now demanding answers. Continue Reading
-
News
26 Jan 2022
NY Fines EyeMed $600K in Wake of Healthcare Data Breach Impacting 2.1M
EyeMed allegedly failed to implement multi-factor authentication and proper password management, leading to a 2020 healthcare data breach that impacted 2.1M people. Continue Reading
-
Answer
25 Jan 2022
As Adoption of Edge Computing in Healthcare Grows, So Do Security Needs
Edge computing in healthcare is growing alongside 5G, but organizations should expect to make big investments to ensure edge security. Continue Reading
-
Answer
25 Jan 2022
Threat Actors Shift Tactics, Targets As Ransomware Evolves
As ransomware continues to evolve, threat actors are favoring double extortion, RaaS, and software vulnerability exploits. Continue Reading
-
News
24 Jan 2022
HC3: Healthcare Adversaries Are Actively Leveraging Log4j Vulnerabilities
HC3 issued a detailed brief regarding Log4j vulnerabilities, which are being actively exploited by known healthcare adversaries. Continue Reading
-
News
21 Jan 2022
53% of Connected Medical Devices Contain Critical Vulnerabilities
Cynerio also found that 73 percent of IV pumps have a vulnerability that could jeopardize patient safety and privacy if exploited. Continue Reading
-
News
21 Jan 2022
Cyberattacks Will Be The Top Health Tech Hazard This Year, ECRI Says
After cyberattacks, ECRI predicted that supply chain problems and damaged infusion pumps are likely to cause issues in the health tech space this year. Continue Reading
-
News
20 Jan 2022
CISA: Every Organization in the US is at Risk From Cyber Threats
CISA warned US organizations to remain vigilant and review guidance surrounding Russian state-sponsored cyber threats. Continue Reading
-
News
19 Jan 2022
Accellion Settles Class-Action Lawsuit for $8.1M Following Data Breach
Accellion reached an $8.1 million settlement following a 2020 cyberattack that impacted millions of individuals. Continue Reading
-
News
18 Jan 2022
Russian Intelligence Agency Arrests REvil Ransomware Gang Members
Russia’s FSB intelligence agency detained multiple individuals associated with the REvil ransomware gang, responsible for the Colonial Pipeline cyberattack. Continue Reading
-
News
17 Jan 2022
BioPlus Specialty Pharmacy Faces Lawsuit Over Healthcare Data Breach
Florida-based BioPlus Specialty Pharmacy allegedly failed to safeguard PII and notify patients of a healthcare data breach that impacted 350K, the lawsuit claimed. Continue Reading
-
News
14 Jan 2022
Lasting Effects of Kronos Cyberattack Ripple Through Healthcare
A December cyberattack on HR management solutions provider Kronos is having lasting effects on healthcare workforce management and payroll services. Continue Reading
-
News
13 Jan 2022
Cyberattacks Increase Mortality Rates, But Healthcare Is In Denial
At a WEDI conference, Joshua Corman, chief strategist of CISA’s COVID task force, urged the healthcare sector to get realistic about the dismal consequences of cyberattacks. Continue Reading
-
News
12 Jan 2022
Critical, “Wormable” Microsoft Vulnerability Could Lead to Cyberattacks
The Microsoft HTTP Protocol Stack RCE vulnerability is “wormable,” meaning no human interaction is required for the cyberattack to spread. Continue Reading
-
News
12 Jan 2022
FBI, CISA, NSA Warn of Russian Cyber Threats to Critical Infrastructure
The FBI, CISA, and the NSA released a joint advisory about Russian state-sponsored cyber threats and urged US critical infrastructure to remain vigilant. Continue Reading
-
Feature
11 Jan 2022
Adopting Defense In Depth Strategies to Combat Healthcare Cyberattacks
The AHA’s John Riggi and Attivo Networks' Carolyn Crandall share insights on how organizations can navigate current healthcare cyber threats by using defense in depth strategies. Continue Reading
-
News
11 Jan 2022
Mespinoza, Pysa Ransomware Pose Threat to Healthcare Cybersecurity
HC3 warned the sector of Mespinoza, a cybercriminal group that operates Pysa ransomware and has a history of targeting healthcare entities. Continue Reading
-
News
10 Jan 2022
Microsoft Warns of Continued Log4j Exploitation Attempts
Microsoft observed high rates of Log4j exploitation attempts in the final week of December and warned organizations to remain vigilant. Continue Reading
-
News
07 Jan 2022
CSA Guidance Addresses Security, Privacy Risks of AI in Healthcare
Although experts forecast a promising future for AI in healthcare, security and privacy risks must be considered alongside benefits. Continue Reading
-
News
07 Jan 2022
EHR Vendor QRS Faces Lawsuit After Healthcare Cyberattack
The plaintiff argued that the August ransomware attack on EHR vendor QRS, which impacted 320,000 individuals, was the result of inadequate PHI security measures. Continue Reading
-
News
30 Dec 2021
HSCA Releases Cybersecurity Guidelines for Medical Device Manufacturers
The Healthcare Supply Chain Association released guidelines for medical device manufacturers and providers regarding cybersecurity and patient privacy. Continue Reading
-
News
29 Dec 2021
Security Professionals View Ransomware and Terrorism as Equal Threats
More than half of surveyed security professionals reported viewing ransomware and terrorism as equal threats, echoing the DOJ’s sentiments. Continue Reading
-
News
28 Dec 2021
Industry Experts Team Up to Advance Cybersecurity With AI
The C3.ai Digital Transformation Institute invited industry experts to submit proposals for advancing cybersecurity with AI in order to secure critical infrastructure. Continue Reading
-
News
28 Dec 2021
AMA Encourages Health App Developers to Implement “Privacy by Design”
AMA released guidance for health app developers to help them navigate health data governance and equitable digital health data collection. Continue Reading
-
News
27 Dec 2021
CISA Warns of 13 Vulnerabilities in Fresenius Kabi Infusion Systems
Successful exploitation of the vulnerabilities in Fresenius Kabi Agilia Connect Infusion Systems could allow for malicious activity and the exposure of sensitive information. Continue Reading
-
News
23 Dec 2021
CISA Urges Critical Infrastructure to Prepare For Holiday Cyber Threats
CISA urged critical infrastructure leaders to prepare for the impending holiday cyber threats by increasing organizational vigilance and implementing best practices. Continue Reading
-
News
22 Dec 2021
HHS 405(d) Urges Healthcare Sector to Prioritize Log4j Vulnerability
The Log4j vulnerability poses a serious threat to the healthcare sector, and most legacy systems cannot be patched. Continue Reading
-
News
22 Dec 2021
To Combat Ransomware Attacks, Communication With C-Suite is Essential
A study from (ISC)² shows that C-suite executives are looking for clearer communication and guidance from cybersecurity leaders when it comes to combatting ransomware attacks. Continue Reading
-
News
20 Dec 2021
Diagnostic Artificial Intelligence Models Can Be Tricked By Cyberattacks
Researchers discovered that diagnostic artificial intelligence models used to detect cancer were fooled by cyberattacks that falsify medical images. Continue Reading
-
News
17 Dec 2021
NJ Provider Settles Two Healthcare Data Breach Investigations For $425K
Regional Cancer Care Associates will pay $425,000 and adopt new security measures to settle two healthcare data breach investigations. Continue Reading
-
News
17 Dec 2021
39 Ransomware Groups Targeted Healthcare in the Past 18 Months
A dozen ransomware groups targeted healthcare despite making promises to not go after the sector, CyberPeace Institute data revealed. Continue Reading
-
News
15 Dec 2021
CISA Warns of Authentication Vulnerabilities in Cardiology Products
Successful exploitation of authentication vulnerabilities in certain Hillrom Welch Allyn cardiology products may allow cybercriminals to access privileged accounts, CISA warned. Continue Reading
-
News
14 Dec 2021
Majority of Patients Don’t Trust Healthcare Providers to Handle PII
Less than half of surveyed patients reported trusting their healthcare providers to safeguard their payment and personally identifiable information (PII). Continue Reading
-
News
14 Dec 2021
Severe Apache Log4j Vulnerabilities Could Result in Healthcare Cyberattacks
HC3 issued a sector alert regarding severe Apache Log4j vulnerabilities that could result in healthcare cyberattacks if exploited. Continue Reading
-
News
13 Dec 2021
Weak Passwords, Poor Cyber Hygiene Invite Healthcare Data Breaches
Preventing healthcare data breaches requires all end-users to practice better password management and cyber hygiene. Continue Reading
-
News
13 Dec 2021
Trust in Legacy IT Vendors Drops as Supply Chain Security Issues Increase
As trust in legacy IT vendors declines, supply chain security issues are increasing and organizations are reporting higher ransomware payout demands and extortion fees. Continue Reading
-
Feature
10 Dec 2021
Why Endpoint Security is Critical For Healthcare Cybersecurity
Endpoint security should be the cornerstone of any healthcare organization’s cybersecurity architecture. Continue Reading
-
News
09 Dec 2021
Workforce Burnout Presents Cybersecurity Risks, Report Finds
People suffering from workforce burnout are more apathetic and lenient about cybersecurity risks and policies, researchers found. Continue Reading
-
News
09 Dec 2021
FBI Warns Healthcare of Cuba Ransomware in Latest Flash Alert
Cuba ransomware actors have compromised 49 entities in five critical infrastructure sectors including healthcare, a new FBI flash alert warned. Continue Reading
-
News
08 Dec 2021
Sabbath Ransomware Targeting Healthcare, Mandiant Warns
Sabbath ransomware, previously operating as Arcane and Eruption, has been targeting healthcare and critical infrastructure, Mandiant warned. Continue Reading
-
Feature
07 Dec 2021
Is Killware Really the Next Evolution of Healthcare Ransomware Attacks?
"Killware" may sound more threatening, but traditional, financially motivated cyberattacks are still the biggest risk to healthcare cybersecurity. Continue Reading
-
News
06 Dec 2021
HHS Launches New Website to Align Healthcare Cybersecurity
HHS launched a website for the 405(d) Program, which is comprised of a task force focused on aligning healthcare cybersecurity approaches across the sector. Continue Reading
-
News
03 Dec 2021
FDA, MITRE, MDIC Create Medical Device Threat Modeling Playbook
MITRE and the Medical Device Innovation Consortium (MDIC) partnered with the FDA to release a playbook for medical device threat modeling. Continue Reading
-
News
03 Dec 2021
Tardigrade Malware Poses Unprecedented Threat to Biomanufacturers
Bad actors used Tardigrade malware to target a vaccine biomanufacturing facility, and experts are advising the healthcare sector to stay vigilant. Continue Reading
-
Feature
01 Dec 2021
Security, Privacy Risks of Artificial Intelligence in Healthcare
As regulatory agencies work to catch up to technological advances, the security and privacy risks of artificial intelligence in healthcare remain. Continue Reading
-
News
29 Nov 2021
Patients File Lawsuits in Wake of Healthcare Data Breaches
Some hospitals are successfully putting a stop to lawsuits filed in the wake of healthcare data breaches, claiming a lack of real injury to patients. Continue Reading
-
News
29 Nov 2021
H-ISAC Releases CISO Guide for Identity-Centric Data Sharing
H-ISAC released a guide to help CISOs navigate the 21st Century Cures Act by adopting an identity-centric data sharing approach. Continue Reading
-
News
24 Nov 2021
Philips Discloses Additional Medical Device Security Vulnerabilities
Philips issued disclosed two new medical device security vulnerabilities impacting patient monitoring and medical device interfacing devices. Continue Reading
-
News
23 Nov 2021
CISA Warns Critical Infrastructure of Holiday Ransomware Risks
CISA warned US critical infrastructure entities to stay vigilant against ransomware and other cyber threats during the upcoming holiday. Continue Reading
-
Feature
23 Nov 2021
Top Healthcare Cybersecurity Challenges, How to Overcome Them
With a multitude of critical data and patient safety hanging in the balance, there is a unique set of healthcare cybersecurity challenges that must be carefully considered. Continue Reading
-
News
22 Nov 2021
Zero-Day Attacks Threaten Healthcare Cybersecurity
Zero-day attacks pose a serious threat to the healthcare sector and can be difficult to mitigate, HC3 warned in its latest threat brief. Continue Reading
-
News
22 Nov 2021
32% of Healthcare Organizations Have a Comprehensive Security Program
Core components of a comprehensive security program include regular reporting of security deficiencies and having a designated CISO. Continue Reading
-
Feature
19 Nov 2021
Using Software Bill of Materials (SBOMs) For Medical Device Security
Software bill of materials (SBOMs) enable healthcare organizations to manage medical device security risks while promoting transparency between manufacturers and providers. Continue Reading
-
News
17 Nov 2021
IoT Security Incidents Increase as Healthcare Leans into Connected Health
IoT security incidents are increasingly common as more healthcare organizations rely on innovative connected health solutions. Continue Reading
-
News
17 Nov 2021
CISA: Iranian Government-Sponsored Threat Actors Targeting Healthcare
The US and its allies are warning healthcare entities about Iranian government-sponsored threat actors targeting Microsoft Exchange and Fortinet vulnerabilities. Continue Reading
-
News
15 Nov 2021
Insufficient Access Controls Cause Philips MRI Vulnerabilities
Inadequate access controls that fail to restrict access by unauthorized individuals resulted in 3 medium severity Philips MRI vulnerabilities. Continue Reading
-
News
12 Nov 2021
HC3 Warns of Cobalt Strike Threat to Healthcare Sector
HC3 issued a threat brief warning the healthcare sector of Cobalt Strike, a remote access tool that can be abused to orchestrate a cyberattack. Continue Reading
-
News
12 Nov 2021
Researchers Discover 13 Medical Device Security Vulnerabilities
Researchers discovered 13 new medical device Security vulnerabilities stemming from the Siemens Nucleus TCP/IP stack that could enable DoS attacks and exploitation. Continue Reading
-
News
11 Nov 2021
Best Practices for Responding to Medical Device Security Incidents
A new playbook from the Cloud Security Alliance aims to help organizations balance clinical considerations and patient safety risks with medical device security incidents. Continue Reading
-
News
11 Nov 2021
DOJ Charges 2 People Connected to REvil/Sodinokibi Ransomware
The Justice Department charged two individuals and seized $6.1 million in connection with Revil/Sodinokibi ransomware. Continue Reading
-
News
10 Nov 2021
Most Patients Unaware of the Magnitude Healthcare Ransomware Attacks
Half of potential patients said they would change hospitals if their provider was hit by a healthcare ransomware attack, but most are unaware of recent attacks. Continue Reading
-
Feature
09 Nov 2021
3 Keys to Third-Party Risk Management at WellSpan Health
WellSpan Health’s third-party risk management strategy focuses on assessing vendors, managing employee and non-employee access, and collaborating to mitigate risk. Continue Reading
-
Feature
08 Nov 2021
3 Barriers to Achieving Medical Device Security
Medical device security challenges include a lack of visibility, out-of-date devices, and an ever-changing threat landscape. Continue Reading
-
News
08 Nov 2021
Security Investments Are Increasing, But So Are Cyberattacks
New research from Accenture highlights the growing challenges that executives face in balancing security investments with risk to achieve cyber resilience. Continue Reading
-
News
05 Nov 2021
Philips TASY EMR Vulnerabilities May Expose Patient Data
Philips issued an advisory regarding two security vulnerabilities in its TASY EMR system that may result in patient data exposure if exploited. Continue Reading
-
Feature
04 Nov 2021
The Threat of Distributed Denial-Of-Service Attacks in Healthcare
Rapid7’s chief data scientist explores the threat of distributed denial-of-service (DDoS) attacks in healthcare and how to prevent the emerging threat. Continue Reading
-
Feature
02 Nov 2021
FIN12 Ransomware: Why It’s a Healthcare Threat, How to Prevent an Attack
FIN12 is efficient, unpredictable, and unafraid of targeting the healthcare sector, Mandiant experts warn. Continue Reading
-
News
01 Nov 2021
Cybersecurity Workforce Must Grow 65% to Protect Critical Assets
The current cybersecurity workforce shortage may leave organizations open to more vulnerabilities and cyberattacks, (ISC)² suggests. Continue Reading