Cybersecurity strategies

The healthcare sector faces a variety of cyberthreats, but experts are constantly working to provide organizations with reliable cybersecurity strategies to address them. Learn about the latest tactics for tackling cyber risk, with efforts led by security practitioners, federal agencies and leading cybersecurity companies.

Top Stories

News 08 Jul 2024
HC3 warns sector of critical MOVEit cybersecurity vulnerabilities

Healthcare organizations should prioritize patching two critical cybersecurity vulnerabilities found in Progress Software’s MOVEit managed file transfer platform. Continue Reading
News 01 Jul 2024
HHS, FBI warn healthcare sector of social engineering scheme

Threat actors have been using phishing schemes to steal login credentials and divert automated clearinghouse payments, HHS and the FBI warned in a joint cybersecurity advisory. Continue Reading

News 24 Feb 2021

Dark Web Analysis: Healthcare Risks Tied to Database Leaks, Credentials

CybelAngel shows just how hackers are successfully cracking into healthcare networks: credential stuffing, vulnerable, connected devices, and databases left wide open to attackers. Continue Reading
News 24 Feb 2021

CISA Warns of Accellion FTA Exploit; Centene Among Breach Victims

Clop ransomware actors exploited vulnerabilities in unpatched Accellion FTA services and stole data from a range of breach victims, including Centene. CISA details indicators of compromise. Continue Reading
News 23 Feb 2021

CIS Offers All US Hospitals Free Ransomware Protection Service

The Center for Internet Security expanded its free offering of a malicious internet domain blocking and reporting service, including ransomware, to private hospitals via the MS-ISAC. Continue Reading
News 22 Feb 2021

Demand, Sale of Backdoor Access to Healthcare Networks Spiked in 2020

The number of hackers obtaining and selling backdoor access to healthcare networks on the dark web drastically increased in 2020 amid COVID-19. Continue Reading
News 19 Feb 2021

Pharma Key Target of New Phishing Campaign Using Malformed URLs

Pharma, lending, and construction companies are being highly targeted with a new phishing campaign technique that leverages malformed URL protocols to evade detection. Continue Reading
News 18 Feb 2021

White House: SolarWinds Hack Impacted 9 Fed Agencies, 100 Entities

A White House press briefing on Wednesday confirmed the SolarWinds Orion hack impacted nine federal agencies and 100 private sector entities; the final tally is expected to increase. Continue Reading
News 17 Feb 2021

DOJ Indicts WannaCry Creators, as Global Feds Impact Egregor Efforts

DOJ indicted three North Korean hackers for a range of nefarious activities, including WannaCry. Meanwhile, a global effort led to the arrest of some Egregor ransomware members. Continue Reading
News 16 Feb 2021

CISA Warns More Critical Flaws Found in Open Source TCP/IP Stacks

Forescout discovered further critical vulnerabilities found in open source TCP/IP stacks. CISA warns a successful exploit could allow an attacker to take control of connections. Continue Reading
News 10 Feb 2021

CISA Alerts to Microsoft Windows Win32K Privilege Escalation Flaw

Entities are being urged to review a Microsoft alert and to patch a privilege escalation flaw found in some Windows Win32K, which could allow an attacker to take control of the system. Continue Reading
Answer 09 Feb 2021

Health CISO Shares Security Strategies for Ransomware, Enterprise Risks

IU Health CISO Mitch Parker recently shed light on the barrage of attacks facing healthcare and the need for developing security strategies to defeat enterprise risks, like ransomware. Continue Reading
News 08 Feb 2021

Hackers Dump More Health Data, as Feds Share Ransomware Factsheet

On the heels of a federal joint ransomware fact sheet, the Conti ransomware hacking group dumped more health-related data onto the dark web. Continue Reading
Answer 08 Feb 2021

How Automation Improved Identity, Access Management at Molina Health

Burdened by a slow onboarding process, Molina Health recently tackled its access management challenges by automating its identity governance program. Continue Reading
Feature 05 Feb 2021

Can Healthcare Mitigate Risks to the COVID-19 Vaccine Supply Chain?

Hackers are continuing to target and exploit the COVID-19 vaccine supply chain. Providers must leverage all risk mitigation to secure vulnerable technologies. Continue Reading
News 04 Feb 2021

FDA Names First Acting Director of Medical Device Cybersecurity

Kevin Fu, an associate professor at the University of Michigan, will become the FDA’s first acting director of medical device cybersecurity. Continue Reading
News 04 Feb 2021

NCSC: Chinese Threat Actors Targeting US Healthcare, Genomic Data

A recent NCSC alert details the massive, ongoing campaign led by Chinese threat actors to steal healthcare, genomic, and valuable data from the US and other countries. Continue Reading
News 03 Feb 2021

70% Ransomware Attacks Cause Data Exfiltration; Phishing Top Entry Point

Data exfiltration jumped 20 percent during Q4 2020, now occurring in 70 percent of all ransomware attacks. Email phishing is now the leading entry point. Continue Reading
News 28 Jan 2021

CISA Warns of New Malware Threat to Vulnerable SolarWinds Orion Tech

While not part of the initial supply chain cyberattack, hackers are leveraging a new malware variant known as SUPERNOVA to directly target vulnerable SolarWinds Orion tech. Continue Reading
Answer 28 Jan 2021

Netwalker Ransomware Site, Emotet Botnet Taken Down in Global Effort

Federal agencies took down two significant global cybercrime efforts: the Emotet botnet and the Netwalker ransomware hacking group’s dark web site used for communicating with victims. Continue Reading
News 27 Jan 2021

NIST Shares Risk-Based Guide to Information Exchange Security

Newly proposed NIST guidance tackles the use of information exchange channels, providing insights on risk-based considerations to protect and manage shared information. Continue Reading
News 25 Jan 2021

CISA: HPH Cyber Threat Insights, Ransomware Reduction Campaign

In light of the spate of ransomware attacks and cyber threats to the health and public health sectors, CISA launched a ransomware reduction campaign to tackle the pervasive threat. Continue Reading
News 22 Jan 2021

Key 2021 Insights: Proactive Security Needed for Ransomware, Phishing

Healthcare leaders will need to shift into a proactive security approach into 2021, if they hope to defend against the onslaught of ransomware and phishing threats. Continue Reading
News 21 Jan 2021

Report: Rise in COVID-19 Vaccine Social Engineering, BEC, Phishing

Much as they’ve done throughout the pandemic, hackers are continuing to spread phishing, malware, and BEC through COVID-19 vaccine social engineering lures. Continue Reading
News 21 Jan 2021

FBI: Spike in Vishing Attacks Seeking Escalated Access, Credential Theft

Threat actors are increasingly using “vishing”, or voicemail phishing, to target remote employees for credential theft and prolonged, escalated access, the FBI warns. Continue Reading
News 19 Jan 2021

560 Healthcare Providers Fell Victim to Ransomware Attacks in 2020

In 2020, Emsisoft data shows 560 healthcare provider facilities fell victim to ransomware attacks, of an overall 2,354 US entities hit by the malware variant. Continue Reading
News 12 Jan 2021

COVID-19 Vaccine Distribution Spurs 51% Rise in Health Web App Attacks

Imperva data finds cyberattacks targeting healthcare web applications increased by 51 percent since the rollout of COVID-19 vaccine distribution in December. Continue Reading
News 11 Jan 2021

CISA Insights on APT Compromise of Microsoft 365 Via Password Exploits

The APT actors behind the SolarWinds attack are leveraging compromised Microsoft 365 and Azure applications, as well as password exploits and API access to compromise cloud resources. Continue Reading
News 08 Jan 2021

Threat Actors Targeting Serious Zyxel Networking Tech Vulnerability

Researchers are warning that threat actors are targeting a critical vulnerability found in certain Zyxel networking devices, used by many small entities as firewalls and VPN gateways. Continue Reading
News 07 Jan 2021

FBI Warns Egregor Ransomware Actors Actively Extorting Entities

A Wednesday FBI private industry notification warns entities that the threat actors behind Egregor ransomware are actively targeting and exploiting a range of global businesses. Continue Reading
News 06 Jan 2021

Fed Task Force Says Russian APT Hackers Behind SolarWinds Attack

Acknowledging the serious SolarWinds Orion compromise will take sustained, dedicated remediation, the federal task force believes Russian APT hackers launched the initial attack. Continue Reading
News 06 Jan 2021

NSA Shares Guide to Eliminating Obsolete TLS Protocol Configurations

Zscaler recently reported a 260 percent increase in attacks on SSL/TLS-encrypted channels. New NSA guidance shows how to find and eliminate weak, obsolete TLS protocol configurations. Continue Reading
News 04 Jan 2021

COVID-19, Ransomware, Breaches Led 2020 Health IT Security Trends

The COVID-19 outbreak reshaped HHS HIPAA sanctions and enforcement discretion in 2020, which topped health IT security trends, alongside ransomware and data breaches. Continue Reading
Answer 04 Jan 2021

Can Healthcare Shore Up Insider Threats, Transparency Needs in 2021?

The rise in attacks and healthcare security incidents at the end of 2020 makes it imperative to secure insider threats, particularly as the need for transparency increases in response to COVID-19. Continue Reading
News 31 Dec 2020

Emotet Malware Returns with 100K Daily Emails, New Evasion Tactics

The hackers behind the notorious Emotet trojan malware variant have again reemerged, with a campaign sending over 100,000 daily emails and leveraging new evasion tactics. Continue Reading
News 30 Dec 2020

FBI, HHS Alert to COVID-19 Vaccine Fraud Schemes Aimed at Data Theft

Cybercriminals are again preying on COVID-19 fears, leveraging a range of fraud schemes tied to the vaccine rollout and designed to steal personal data. Continue Reading
News 30 Dec 2020

NIST Shares Best Practice Security Guidance for Vulnerable PACS

Best practice NIST guidance is designed to support healthcare providers in securing PACS. Multiple reports have shown the highly vulnerable tech has exposed millions of medical images. Continue Reading
News 29 Dec 2020

CISA Insights on Ongoing APT Cyber Activity Behind SolarWinds Attack

DHS CISA launched a resource site and shared insights into the ongoing, massive APT cyber activity, brought on by the SolarWinds cyberattack. Continue Reading
News 22 Dec 2020

Limited Security, Privacy Budgets Impede Connected Health Growth

Small security and privacy budgets limit the growth of connected health solutions despite an increased use of these technologies during the COVID-19 pandemic, according to the latest Insights report from Xtelligent Healthcare Media. Continue Reading
News 21 Dec 2020

Fed Cybersecurity Advisory Alerts to Abuse of Authentication Mechanisms

The Russian hackers behind the SolarWinds’ attack have claimed multiple victims in the government sector, with the latest efforts concentrated on the abuse of authentication mechanisms. Continue Reading
Answer 18 Dec 2020

Biggest Healthcare Security Threats, Ransomware Trends into 2021

Much like the previous year, ransomware was one of the healthcare sector’s biggest cybersecurity threats seen in 2020; spotlighting the need for proactive measures. Continue Reading
News 16 Dec 2020

Phishing Campaigns Targeting Office 365 Credentials, Spoofing Exchange

A recent spear-phishing campaign is actively targeting Microsoft Office 365 users in an effort to steal user credentials, while another is spoofing Microsoft Exchange Online Protection. Continue Reading
News 15 Dec 2020

OCR Warns of Global Supply-Chain Cyberattacks Via SolarWinds Orion

Nation-state hackers already claimed successful cyberattacks on several US government agencies and security firm FireEye, after corrupting a SolarWinds Orion update with malware. Continue Reading
News 14 Dec 2020

DHS CISA Alerts to MedTronic MyCareLink Medical Device Flaws

Serious vulnerabilities found in certain MedTronic MyCareLink medical devices would allow an attacker within Bluetooth signal proximity to modify or fabric patient data. Continue Reading
News 11 Dec 2020

COVID-19-Related Phishing Lingers, as New Attacks Use Vaccine Themes

Armorblox finds hackers continue to prey on the COVID-19 pandemic via phishing campaigns, while KnowBe4 discovered phishing attacks leveraging vaccine themes. Continue Reading
News 08 Dec 2020

Flaws in GE Radiology Medical Device Authentication Pose Patient Data Risk

Discovered by CyberMDX, authentication flaws found in certain GE radiology medical devices put patient protected health data at risk of manipulation and exposure, according to CISA. Continue Reading
News 08 Dec 2020

NSA Warns Nation-State Actors Exploiting Remote Work Endpoints

Nation-state threat actors from Russia are using stolen credentials to actively exploit a recently disclosed vulnerability in certain VMWare Workspace platforms, used for remote work. Continue Reading
News 08 Dec 2020

33 TCP/IP Stack Flaws Pose Hacking Risk to Millions of IT, IoT Devices

Dubbed Amnesia:33, a group of TCP/IP Stack vulnerabilities found in millions of IT and IoT devices put these platforms at risk of hacking, remote code execution, and data loss. Continue Reading
News 03 Dec 2020

FBI: Business Email Compromise Attacks Abuse Email Auto-Forwarding

Medical and manufacturing sectors are being targeted with business email compromise attacks that abuse email auto-forwarding to hide successful phishing attacks from victims. Continue Reading
News 03 Dec 2020

Hackers Targeting COVID-19 Vaccine Supply Chain Via Phishing Campaigns

DHS CISA highlighted a new IBM X-Force report showing cybercriminals are targeting the COVID-19 vaccine supply chain with phishing and spear-phishing attacks. Continue Reading
News 02 Dec 2020

AMA Warns of Telehealth Cyber Risks, Insider Threats Tied to COVID-19

AMA sheds light on strained security resources, cyber risks, and the expanded threat landscape in the healthcare sector brought on by COVID-19, including insider threats and telehealth flaws. Continue Reading
News 01 Dec 2020

DHS CISA: Fortinet VPN Vulnerability Poses Password Exposure Risk

Disclosed in 2019, a vulnerability found in certain Fortinet VPN devices could allow an attacker to steal data, including passwords, if left unpatched. Continue Reading
News 27 Nov 2020

Threat Actors Spoofing Legitimate FBI Site Domains, Poses Cyberattack Risk

A recent FBI warned of an increase in the number of registered internet domains and email addresses spoofing legitimate FBI sites, which poses a potential cyberattack risk. Continue Reading
News 25 Nov 2020

FBI: Ragnar Locker Ransomware Attacks Increase With Data Theft Risk

The FBI warns entities of a rise in Ragnar Locker ransomware, where hackers gain a foothold on the network, perform reconnaissance, and steal data before deploying the final attack. Continue Reading
News 23 Nov 2020

Phishing Attacks Evade Security With Google Services, Social Engineering

Recent reports show two new phishing campaigns are leveraging free Google services and social engineering to bypass security measures to ensure the malicious messages make it to the inbox. Continue Reading
News 23 Nov 2020

Sanford Health, DSU Launch CyberHealth Innovation Hub

Designed to expand the cyber workforce and improve care delivery, Sanford Health and DSU’s CyberHealth innovation hub creates a program for understanding where cyber connects with healthcare. Continue Reading
Answer 19 Nov 2020

Millions of Medical Images Exposed, as US Fails to Secure PACS Flaws

A year out from a shocking report that revealed massive PACS vulnerabilities were exposing millions of medical images and data, and NNT shows the US has failed to secure those flaws. Continue Reading
News 18 Nov 2020

50% of Advanced Phishing Attacks Evade Leading Secure Email Gateways

A new IRONSCALES report finds as threat actors increasingly leverage social engineering scams, nearly half of these advanced phishing attacks bypass the leading secure email gateways. Continue Reading
News 17 Nov 2020

ASPR Warns Ransomware Threat is Persistent, as Actors Leak More Data

Threat actors leak data from a dental insurer and a healthcare provider this week, in the wake of an update from ASPR warning the sector that ransomware continues to be a persistent threat. Continue Reading
News 17 Nov 2020

Ransomware Groups Team Up, as Hackers Shift into Cloud Operations

A number of hacking groups, including those employing ransomware, are teaming up to expand the threat landscape and take advantage of stolen data troves in cloud-based operations. Continue Reading
News 16 Nov 2020

SSL-Based Cyberattacks Increase By 260%; Healthcare Most Targeted

The number of cyberattacks leveraging SSL encrypted channels to bypass legacy security controls increased by 260 percent since 2019. And healthcare was the most targeted sector. Continue Reading
News 16 Nov 2020

TrickBot Spear-Phishing Campaign Deploys Malware for Remote Access

Area 1 Security observed a widespread spear-phishing campaign tied to the notorious TrickBot actors, used to deploy two stealthy malware variants and gain remote access to the victim’s network. Continue Reading
News 13 Nov 2020

BD Discloses Alaris Medical Device Vulnerability, Poses DoS Attack Risk

A disclosed vulnerability found in the BD Alaris 8015 PC Unit and Systems Manager poses a Denial of Service (DoS) attack risk. DHS CISA is urging organizations to apply compensating controls. Continue Reading
News 13 Nov 2020

Nation-State Hacking Campaigns Targeting COVID-19 Research Firms

Microsoft has observed several hacking campaigns led by nation-state actors with ties to Russia and North Korea, actively targeting COVID-19 research, including firms developing vaccines. Continue Reading
News 10 Nov 2020

Profitable Hacking Campaign Targets VoIP SIP Servers, Sells System Access

Check Point researchers discovered a new, hacking campaign targeting the SIP servers used by multiple VoIP platforms to gain access and even make a profit from victim’s networks. Continue Reading
News 10 Nov 2020

Zoom Reaches Settlement with FTC Over Misleading Security Practices

The use of Zoom videoconferencing skyrocketed amid the COVID-19 crisis, which spotlighted several security risks and concerns. The FTC settlement will resolve the misleading security practices. Continue Reading
Answer 09 Nov 2020

Required Actions to Prevent Common Ransomware Exploits, Access Points

Healthcare is leaving out the proverbial welcome mat for hackers, failing to address key vulnerable endpoints, which later become top access points and exploits for ransomware attacks. Continue Reading
News 05 Nov 2020

Army National Guard Deployed to UVM to Assist Ransomware Recovery

The Vermont Governor deployed the Army National Guard’s Cyber Response team to the University of Vermont (UVM) Health Network a week after ransomware attack hobbled its network. Continue Reading
News 04 Nov 2020

50% of Ransomware Attacks Lead to Data Exfiltration; Payments Hit $234K

Ransom demands rose 31 percent from Q2 to Q3 2020, with an average of $234,000, while hackers threaten victims with extortion using exfiltrated data in nearly 50 percent of ransomware attacks. Continue Reading
News 30 Oct 2020

Microsoft: Threat Actors Exploiting Unpatched Windows Zerologon Flaw

DHS CISA alert highlights a Microsoft report that shows threat actors, including nation-state hackers, are actively exploiting a Windows Netlogon flaw, security researchers dubbed Zerologon. Continue Reading
Answer 29 Oct 2020

FDA Scoring Tool Update Adds Vulnerability Risk to Patient Safety

An update to the FDA Medical Device Development scoring tool takes into account how a medical device vulnerability would impact patient safety, improving transparent device security. Continue Reading
Answer 28 Oct 2020

Medical Device Security Stymied by Legacy Tech, Flawed Segmentation

Forescout’s Connected Medical Device Security report shows improved awareness around healthcare on network segmentation and legacy devices, but other security challenges remain. Continue Reading
News 28 Oct 2020

Phishing Campaigns Mimic Microsoft Teams, HHS COVID-19 Vaccine Tracker

In recent weeks, two phishing campaigns were spotted actively spoofing Microsoft Teams and the other disguised as emails from HHS with information about a COVID-19 vaccine tracker. Continue Reading
News 27 Oct 2020

NIST Shares Draft PNT Data Service Profile for Cybersecurity Framework

New NIST insights can help organizations mitigate cybersecurity risks facing critical technologies, including GPS tech leveraging PNT, used in the public health sectors and other industries. Continue Reading
Answer 23 Oct 2020

Rapid Threat Evolution Spurs Crucial Healthcare Cybersecurity Needs

Ransomware, phishing, and human weaknesses are serious cyber risks to health IT infrastructure amid COVID-19, which makes it crucial to improve security to combat evolving threats. Continue Reading
News 22 Oct 2020

Ransomware Hacking Groups Steal, Leak Data From 3 More Providers

REvil, Netwalker, and Conti ransomware hackers have once again posted proofs of data stolen in three separate provider hacks. One hack contains 600 GB of stolen data. Continue Reading
News 21 Oct 2020

NSA Warns Chinese Nation-State Actors Exploiting Vulnerabilities

DHS CISA is encouraging organizations to prioritize patching of 25 common vulnerabilities, as an NSA alert shows Chinese nation-state actors are actively exploiting those flaws. Continue Reading
News 20 Oct 2020

DOJ Indicts Russian Hackers Behind 2017 NotPetya Malware Attack

DOJ indicted the Russian hackers behind the 2017 NotPetya malware attack, which began on a Ukrainian company and spread across the globe, crippling several US firms, including Nuance. Continue Reading
News 19 Oct 2020

Proof-of-Concept Prompts Alert on SharePoint Remote Execution Flaw

DHS urges entities to heed an NSCS alert for a remote code execution flaw in Microsoft SharePoint, following the release of a proof-of-concept that would give a hacker control of a system. Continue Reading
News 15 Oct 2020

CISA Urges Patch of Windows Remote Code Execution TCP/IP Flaw, DoS Risk

US Cyber Command took to Twitter to urge organizations to immediately apply a Microsoft-issued patch for a critical remote code execution flaw in Windows TCP/IP, which poses a DoS risk. Continue Reading
News 13 Oct 2020

Top Strategies for Implementing Multi-Factor Authentication

Establishing multi-factor authentication in the healthcare setting is not as challenging as many organizations assume. Continue Reading
News 13 Oct 2020

UHS Health System Ransomware Attack, Security Probed by Senator

Sen. Mark Warner is asking Universal Health Services (UHS) health system to provide insights into its cybersecurity policies, following a massive ransomware attack and subsequent EHR outage. Continue Reading
News 12 Oct 2020

FBI, CISA Warn APT Hackers Chaining Vulnerabilities in Cyberattacks

APT hackers are targeting government networks, critical infrastructure, and election organizations with chained vulnerability cyberattacks, the FBI and CISA warned in a joint alert. Continue Reading
News 09 Oct 2020

Best Practice Cybersecurity to Prevent Business Email Compromise

Business email compromise attacks are three times more effective than traditional phishing methods. By employing best practice cybersecurity, healthcare entities can improve their defense. Continue Reading
News 09 Oct 2020

CHS Settles with 28 States for $5M Over 2014 Data Breach of 6.1M

Just two weeks after settling with OCR for $2.3 million over its 2014 health data breach, Community Health Systems (CHS) reached a settlement of $5 million with 28 states. Continue Reading
News 08 Oct 2020

DHS CISA Shares Best Practice Ransomware Guide, Telework Toolkit

Two recent releases from DHS CISA detail best practice guidance for ransomware and other threats, as well as a toolkit for transitioning into a secure, permanent telework environment. Continue Reading
News 07 Oct 2020

Report: 72% Orgs Faced Increase in IoT, Endpoint Security Incidents

Cybersecurity decision makers name malware, insecure networks, and remote access as the biggest threats to their organization, highlighting an increase in endpoint and IoT security incidents. Continue Reading
News 07 Oct 2020

US Ransomware Attacks Doubled in Q3; Healthcare Sector Most Targeted

New Check Point research examines the ransomware threat landscape for Q3 2020, noting a 50 percent increase in daily attacks. The healthcare sector is the most targeted globally. Continue Reading
News 06 Oct 2020

DHS CISA Warns of Resurgence of Emotet Trojan Malware Cyberattacks

Calling it one of the most prevalent ongoing threats, DHS CISA released another alert on the notorious Emotet trojan malware variants, following a surge in sophisticated cyberattacks. Continue Reading
News 06 Oct 2020

61% Microsoft Exchange Servers Are Unpatched, Vulnerable to Attack

Months after Microsoft released a software update for a memory corruption vulnerability found in its Exchange Servers, Rapid7 reports the majority remain unpatched and vulnerable to attack. Continue Reading
News 02 Oct 2020

4 Sophisticated Phishing Campaigns Impacting the Healthcare Sector

Phishing emails have grown in sophistication, with healthcare as the biggest target for credential theft. Understanding notable campaigns can help providers defend against these attacks. Continue Reading
News 30 Sep 2020

Ransomware Reigns, as Cyberattacks Increase in Sophistication, Frequency

Microsoft’s Digital Defense Report shows hackers are rapidly increasing both the sophistication and frequency of cyberattacks, with ransomware as the most common cause for incidents. Continue Reading
News 29 Sep 2020

CISA: Hackers Exploiting Unpatched Microsoft NetLogon Vulnerability

Microsoft and DHS CISA released multiple alerts and mitigation methods, including a partial patch, for a vulnerability found in Microsoft NetLogon, which hackers are actively exploiting. Continue Reading
News 25 Sep 2020

Top Healthcare Cybersecurity Resources from NIST, HHS, OCR, HSCC

Staffing challenges and budget constraints make it difficult for some healthcare entities bolster enterprise security. Resources from NIST, HHS, OCR, HSCC, and others can support the development of cybersecurity plans. Continue Reading
News 24 Sep 2020

HSCC Shares Toolkit for Supply Chain Cybersecurity Risk Management

The second release of the HSCC Supply Chain Cybersecurity Risk Management guidance for small- to mid-sized healthcare organizations provides a toolkit completing the five NIST CF requirements. Continue Reading
News 23 Sep 2020

DHS CISA Alerts to Rise in Credential Theft-Focused LokiBot Malware

Starting in July, the cybercriminals behind LokiBot malware, aimed at credential theft and information stealing, have increasingly targeted enterprise networks. Continue Reading
News 23 Sep 2020

Just 44% of Healthcare Providers Meet NIST Cybersecurity Standards

CynergisTek data shows that despite a dramatic increase in healthcare data breaches, cybersecurity progress in the sector is regressing as just 44 percent meet NIST standards. Continue Reading
News 22 Sep 2020

Senators Probe VA After Data Breach Affecting 46K Veterans, Providers

The VA recently reported that a hacker diverted payments to community health providers and funds meant for veterans’ medical treatments. A group of senators demands answers. Continue Reading
News 18 Sep 2020

3 Key Entry Points for Leading Ransomware Hacking Groups

Ransomware attacks rapidly increased in sophistication and impact this year, with healthcare as a prime target. Providers need to understand the entry points used by these hacking groups. Continue Reading
News 17 Sep 2020

Exploit Code Prompts CISA Alert to Microsoft Netlogon Vulnerability

A publicly available exploit code for a vulnerability that allows for elevation of privilege in Microsoft’s Netlogon will be an attractive target for cybercriminals, DHS CISA warns. Continue Reading
News 16 Sep 2020

Iranian Hackers Targeting, Exploiting VPN Flaws of US Healthcare, IT Orgs

FBI and CISA warn Iran-backed hackers are targeting US federal agencies and businesses, including those in healthcare and IT, exploiting known vulnerabilities in VPN connections. Continue Reading
Answer 14 Sep 2020

Cyber Resilient Vendor Relationships for Healthcare’s Threat Landscape

A healthcare third-party vendor breach can have a devastating impact on multiple entities, which means it’s crucial to have cyber resilient vendor relationships to keep pace with these threats. Continue Reading