Cybersecurity strategies
The healthcare sector faces a variety of cyberthreats, but experts are constantly working to provide organizations with reliable cybersecurity strategies to address them. Learn about the latest tactics for tackling cyber risk, with efforts led by security practitioners, federal agencies and leading cybersecurity companies.
Top Stories
-
Feature
19 Dec 2024
Top healthcare cybersecurity, privacy predictions for 2025
Healthcare cybersecurity and privacy experts predict a renewed focus on cyber-resilience, advancements in AI and additional privacy legislation going into 2025. Continue Reading
By- Jill McKeon, Associate Editor
-
News
25 Nov 2024
KLAS: Security consulting firms step up as threats rise
Clients of several top security consulting firms reported high satisfaction rates amid an uptick in cyberthreats across the healthcare sector. Continue Reading
By- Jill McKeon, Associate Editor
-
News
17 Mar 2021
Feds Warn of TrickBot Spear-Phishing Attacks Delivering Malware Payload
DHS CISA and the FBI urge entities to be on alert for a sophisticated TrickBot spear-phishing campaign. Meanwhile, Check Point found TrickBot is the most distributed malware. Continue Reading
By- Jessica Davis
-
News
17 Mar 2021
Hackers Successfully Exploiting Older, Unpatched Microsoft Vulnerabilities
Despite the issue of software updates three years ago, hackers are continuing to exploit and gain access to networks through vulnerable, unpatched Microsoft vulnerabilities. Continue Reading
By- Jessica Davis
-
News
16 Mar 2021
Microsoft Shares One-Click Mitigation Tool for Exchange Server Flaws
Designed to support entities operating without an IT or security leader, Microsoft’s one-click, automated mitigation tool will automatically close the zero-day Exchange Server vulnerabilities. Continue Reading
By- Jessica Davis
-
News
16 Mar 2021
Healthcare Hacking Incidents Rose 42% in 2020, 31M Patients Impacted
The Protenus Breach Barometer shows the healthcare sector fought two silent enemies in 2020: COVID-19 and cyber threats; nearly 31 million patients were affected by hacking alone. Continue Reading
By- Jessica Davis
-
News
15 Mar 2021
APT Hackers Targeting Unpatched, On-Prem Microsoft Exchange Servers
Microsoft data found at least 82,000 Exchange servers remain unpatched. But 10 APT hacking groups are targeting the on-prem servers to take control without credentials, according to ESET. Continue Reading
By- Jessica Davis
-
News
10 Mar 2021
DHS CISA Shares Remediation, Risk Guidance for SolarWinds Compromise
Since the initial SolarWinds compromise, hundreds of entities have fallen victim to the supply-chain cyberattacks. New CISA guidance takes aim at remediation and risk decisions. Continue Reading
By- Jessica Davis
-
News
08 Mar 2021
Microsoft Shares IOC Scan Tool, as Attacks on Exchange Servers Expand
ASPR urges healthcare entities to patch critical flaws in some Exchange servers as attacks and exploits increase. Microsoft issues an IOC scanning tool to support mitigation efforts. Continue Reading
By- Jessica Davis
-
News
05 Mar 2021
FBI Probing 2 Hospital Ransomware Attacks; Hackers Remove Health Data
Previously leaked data from New Mexico’s Rehoboth McKinley Christian Health Care has been removed from the dark web, while the FBI is investigating the incident and another in North Carolina. Continue Reading
By- Jessica Davis
-
News
05 Mar 2021
Vaccine Rollout Spurs 372% Rise Bad Bots; Spear-Phishing Up 26%
Hackers are continuing to take advantage of COVID-19 fears, as the vaccine rollout has spurred a massive upswing in bad bot traffic, spear-phishing, and malicious domain registrations. Continue Reading
By- Jessica Davis
-
News
03 Mar 2021
MITRE Unveils Ransomware Resource for Hospitals, Healthcare Providers
A new ransomware resource center from MITRE is designed to help hospitals and other healthcare providers develop and maintain resilient security processes and policies. Continue Reading
By- Jessica Davis
-
News
03 Mar 2021
CISA Urges Patch, as Hackers Exploit Zero-Day Flaws in Microsoft Exchange
Microsoft issued out-of-band security updates for four zero-day vulnerabilities found in its Exchange servers, currently under active exploit. DHS CISA is urging entities to patch. Continue Reading
By- Jessica Davis
-
News
02 Mar 2021
50% Phishing Emails Seek Credential Theft, as Malware Delivery Declines
Cofense’s annual phishing report shows more than half of phishing emails are designed to steal user credentials, while just 12 percent contained a malware payload. Continue Reading
By- Jessica Davis
-
News
02 Mar 2021
Update to Ryuk Ransomware Variant Adds Network Worming Capability
Federal French researchers discovered an update to the Ryuk ransomware variant that includes worming capabilities, which allow it to automatically spread across the network of victims. Continue Reading
By- Jessica Davis
-
News
01 Mar 2021
UHS Ransomware Attack Cost $67M in Lost Revenue, Recovery Efforts
The ransomware attack that struck all 400 UHS care sites and caused three weeks of EHR downtime in September, cost the health system $67 million in recovery costs and lost revenue. Continue Reading
By- Jessica Davis
-
News
01 Mar 2021
NSA Shares Zero Trust Security Model Guide, Recommendations
NSA guidance on the zero trust security model details much-needed cybersecurity elements and recommendations to bolster access controls and workflows across the enterprise network. Continue Reading
By- Jessica Davis
-
News
01 Mar 2021
The Phishing Problem in Healthcare
During the pandemic, cyberattacks against healthcare organizations increased in number and sophistication. It is a trend that is likely to continue. Continue Reading
By- Avanan
-
Answer
26 Feb 2021
How to Mitigate COVID-19's Impact on Device Security and Patient Safety
Healthcare was already overextended in terms of security prior to COVID-19. Rapid device adoption is driving the need to mitigate security risks to patient safety. Continue Reading
By- Jessica Davis
-
News
25 Feb 2021
Healthcare Cyberattacks Doubled in 2020, with 28% Tied to Ransomware
IBM X-Force's report upheld previous findings that COVID-19 was a leading theme of cyberattacks in 2020. Meanwhile, ransomware accounted for 28 percent of targeted attacks on healthcare. Continue Reading
By- Jessica Davis
-
News
24 Feb 2021
Dark Web Analysis: Healthcare Risks Tied to Database Leaks, Credentials
CybelAngel shows just how hackers are successfully cracking into healthcare networks: credential stuffing, vulnerable, connected devices, and databases left wide open to attackers. Continue Reading
By- Jessica Davis
-
News
24 Feb 2021
CISA Warns of Accellion FTA Exploit; Centene Among Breach Victims
Clop ransomware actors exploited vulnerabilities in unpatched Accellion FTA services and stole data from a range of breach victims, including Centene. CISA details indicators of compromise. Continue Reading
By- Jessica Davis
-
News
23 Feb 2021
CIS Offers All US Hospitals Free Ransomware Protection Service
The Center for Internet Security expanded its free offering of a malicious internet domain blocking and reporting service, including ransomware, to private hospitals via the MS-ISAC. Continue Reading
By- Jessica Davis
-
News
22 Feb 2021
Demand, Sale of Backdoor Access to Healthcare Networks Spiked in 2020
The number of hackers obtaining and selling backdoor access to healthcare networks on the dark web drastically increased in 2020 amid COVID-19. Continue Reading
By- Jessica Davis
-
News
19 Feb 2021
Pharma Key Target of New Phishing Campaign Using Malformed URLs
Pharma, lending, and construction companies are being highly targeted with a new phishing campaign technique that leverages malformed URL protocols to evade detection. Continue Reading
By- Jessica Davis
-
News
18 Feb 2021
White House: SolarWinds Hack Impacted 9 Fed Agencies, 100 Entities
A White House press briefing on Wednesday confirmed the SolarWinds Orion hack impacted nine federal agencies and 100 private sector entities; the final tally is expected to increase. Continue Reading
By- Jessica Davis
-
News
17 Feb 2021
DOJ Indicts WannaCry Creators, as Global Feds Impact Egregor Efforts
DOJ indicted three North Korean hackers for a range of nefarious activities, including WannaCry. Meanwhile, a global effort led to the arrest of some Egregor ransomware members. Continue Reading
By- Jessica Davis
-
News
16 Feb 2021
CISA Warns More Critical Flaws Found in Open Source TCP/IP Stacks
Forescout discovered further critical vulnerabilities found in open source TCP/IP stacks. CISA warns a successful exploit could allow an attacker to take control of connections. Continue Reading
By- Jessica Davis
-
News
10 Feb 2021
CISA Alerts to Microsoft Windows Win32K Privilege Escalation Flaw
Entities are being urged to review a Microsoft alert and to patch a privilege escalation flaw found in some Windows Win32K, which could allow an attacker to take control of the system. Continue Reading
By- Jessica Davis
-
Answer
09 Feb 2021
Health CISO Shares Security Strategies for Ransomware, Enterprise Risks
IU Health CISO Mitch Parker recently shed light on the barrage of attacks facing healthcare and the need for developing security strategies to defeat enterprise risks, like ransomware. Continue Reading
By- Jessica Davis
-
News
08 Feb 2021
Hackers Dump More Health Data, as Feds Share Ransomware Factsheet
On the heels of a federal joint ransomware fact sheet, the Conti ransomware hacking group dumped more health-related data onto the dark web. Continue Reading
By- Jessica Davis
-
Answer
08 Feb 2021
How Automation Improved Identity, Access Management at Molina Health
Burdened by a slow onboarding process, Molina Health recently tackled its access management challenges by automating its identity governance program. Continue Reading
By- Jessica Davis
-
Feature
05 Feb 2021
Can Healthcare Mitigate Risks to the COVID-19 Vaccine Supply Chain?
Hackers are continuing to target and exploit the COVID-19 vaccine supply chain. Providers must leverage all risk mitigation to secure vulnerable technologies. Continue Reading
By- Jessica Davis
-
News
04 Feb 2021
FDA Names First Acting Director of Medical Device Cybersecurity
Kevin Fu, an associate professor at the University of Michigan, will become the FDA’s first acting director of medical device cybersecurity. Continue Reading
By- Jessica Davis
-
News
04 Feb 2021
NCSC: Chinese Threat Actors Targeting US Healthcare, Genomic Data
A recent NCSC alert details the massive, ongoing campaign led by Chinese threat actors to steal healthcare, genomic, and valuable data from the US and other countries. Continue Reading
By- Jessica Davis
-
News
03 Feb 2021
70% Ransomware Attacks Cause Data Exfiltration; Phishing Top Entry Point
Data exfiltration jumped 20 percent during Q4 2020, now occurring in 70 percent of all ransomware attacks. Email phishing is now the leading entry point. Continue Reading
By- Jessica Davis
-
News
28 Jan 2021
CISA Warns of New Malware Threat to Vulnerable SolarWinds Orion Tech
While not part of the initial supply chain cyberattack, hackers are leveraging a new malware variant known as SUPERNOVA to directly target vulnerable SolarWinds Orion tech. Continue Reading
By- Jessica Davis
-
Answer
28 Jan 2021
Netwalker Ransomware Site, Emotet Botnet Taken Down in Global Effort
Federal agencies took down two significant global cybercrime efforts: the Emotet botnet and the Netwalker ransomware hacking group’s dark web site used for communicating with victims. Continue Reading
By- Jessica Davis
-
News
27 Jan 2021
NIST Shares Risk-Based Guide to Information Exchange Security
Newly proposed NIST guidance tackles the use of information exchange channels, providing insights on risk-based considerations to protect and manage shared information. Continue Reading
By- Jessica Davis
-
News
25 Jan 2021
CISA: HPH Cyber Threat Insights, Ransomware Reduction Campaign
In light of the spate of ransomware attacks and cyber threats to the health and public health sectors, CISA launched a ransomware reduction campaign to tackle the pervasive threat. Continue Reading
By- Jessica Davis
-
News
22 Jan 2021
Key 2021 Insights: Proactive Security Needed for Ransomware, Phishing
Healthcare leaders will need to shift into a proactive security approach into 2021, if they hope to defend against the onslaught of ransomware and phishing threats. Continue Reading
By- Jessica Davis
-
News
21 Jan 2021
Report: Rise in COVID-19 Vaccine Social Engineering, BEC, Phishing
Much as they’ve done throughout the pandemic, hackers are continuing to spread phishing, malware, and BEC through COVID-19 vaccine social engineering lures. Continue Reading
By- Jessica Davis
-
News
21 Jan 2021
FBI: Spike in Vishing Attacks Seeking Escalated Access, Credential Theft
Threat actors are increasingly using “vishing”, or voicemail phishing, to target remote employees for credential theft and prolonged, escalated access, the FBI warns. Continue Reading
By- Jessica Davis
-
News
19 Jan 2021
560 Healthcare Providers Fell Victim to Ransomware Attacks in 2020
In 2020, Emsisoft data shows 560 healthcare provider facilities fell victim to ransomware attacks, of an overall 2,354 US entities hit by the malware variant. Continue Reading
By- Jessica Davis
-
News
12 Jan 2021
COVID-19 Vaccine Distribution Spurs 51% Rise in Health Web App Attacks
Imperva data finds cyberattacks targeting healthcare web applications increased by 51 percent since the rollout of COVID-19 vaccine distribution in December. Continue Reading
By- Jessica Davis
-
News
11 Jan 2021
CISA Insights on APT Compromise of Microsoft 365 Via Password Exploits
The APT actors behind the SolarWinds attack are leveraging compromised Microsoft 365 and Azure applications, as well as password exploits and API access to compromise cloud resources. Continue Reading
By- Jessica Davis
-
News
08 Jan 2021
Threat Actors Targeting Serious Zyxel Networking Tech Vulnerability
Researchers are warning that threat actors are targeting a critical vulnerability found in certain Zyxel networking devices, used by many small entities as firewalls and VPN gateways. Continue Reading
By- Jessica Davis
-
News
07 Jan 2021
FBI Warns Egregor Ransomware Actors Actively Extorting Entities
A Wednesday FBI private industry notification warns entities that the threat actors behind Egregor ransomware are actively targeting and exploiting a range of global businesses. Continue Reading
By- Jessica Davis
-
News
06 Jan 2021
Fed Task Force Says Russian APT Hackers Behind SolarWinds Attack
Acknowledging the serious SolarWinds Orion compromise will take sustained, dedicated remediation, the federal task force believes Russian APT hackers launched the initial attack. Continue Reading
By- Jessica Davis
-
News
06 Jan 2021
NSA Shares Guide to Eliminating Obsolete TLS Protocol Configurations
Zscaler recently reported a 260 percent increase in attacks on SSL/TLS-encrypted channels. New NSA guidance shows how to find and eliminate weak, obsolete TLS protocol configurations. Continue Reading
By- Jessica Davis
-
News
04 Jan 2021
COVID-19, Ransomware, Breaches Led 2020 Health IT Security Trends
The COVID-19 outbreak reshaped HHS HIPAA sanctions and enforcement discretion in 2020, which topped health IT security trends, alongside ransomware and data breaches. Continue Reading
By- Jessica Davis
-
Answer
04 Jan 2021
Can Healthcare Shore Up Insider Threats, Transparency Needs in 2021?
The rise in attacks and healthcare security incidents at the end of 2020 makes it imperative to secure insider threats, particularly as the need for transparency increases in response to COVID-19. Continue Reading
By- Jessica Davis
-
News
31 Dec 2020
Emotet Malware Returns with 100K Daily Emails, New Evasion Tactics
The hackers behind the notorious Emotet trojan malware variant have again reemerged, with a campaign sending over 100,000 daily emails and leveraging new evasion tactics. Continue Reading
By- Jessica Davis
-
News
30 Dec 2020
FBI, HHS Alert to COVID-19 Vaccine Fraud Schemes Aimed at Data Theft
Cybercriminals are again preying on COVID-19 fears, leveraging a range of fraud schemes tied to the vaccine rollout and designed to steal personal data. Continue Reading
By- Jessica Davis
-
News
30 Dec 2020
NIST Shares Best Practice Security Guidance for Vulnerable PACS
Best practice NIST guidance is designed to support healthcare providers in securing PACS. Multiple reports have shown the highly vulnerable tech has exposed millions of medical images. Continue Reading
By- Jessica Davis
-
News
29 Dec 2020
CISA Insights on Ongoing APT Cyber Activity Behind SolarWinds Attack
DHS CISA launched a resource site and shared insights into the ongoing, massive APT cyber activity, brought on by the SolarWinds cyberattack. Continue Reading
By- Jessica Davis
-
News
22 Dec 2020
Limited Security, Privacy Budgets Impede Connected Health Growth
Small security and privacy budgets limit the growth of connected health solutions despite an increased use of these technologies during the COVID-19 pandemic, according to the latest Insights report from Xtelligent Healthcare Media. Continue Reading
By- Emily Sokol, MPH
-
News
21 Dec 2020
Fed Cybersecurity Advisory Alerts to Abuse of Authentication Mechanisms
The Russian hackers behind the SolarWinds’ attack have claimed multiple victims in the government sector, with the latest efforts concentrated on the abuse of authentication mechanisms. Continue Reading
By- Jessica Davis
-
Answer
18 Dec 2020
Biggest Healthcare Security Threats, Ransomware Trends into 2021
Much like the previous year, ransomware was one of the healthcare sector’s biggest cybersecurity threats seen in 2020; spotlighting the need for proactive measures. Continue Reading
By- Jessica Davis
-
News
16 Dec 2020
Phishing Campaigns Targeting Office 365 Credentials, Spoofing Exchange
A recent spear-phishing campaign is actively targeting Microsoft Office 365 users in an effort to steal user credentials, while another is spoofing Microsoft Exchange Online Protection. Continue Reading
By- Jessica Davis
-
News
15 Dec 2020
OCR Warns of Global Supply-Chain Cyberattacks Via SolarWinds Orion
Nation-state hackers already claimed successful cyberattacks on several US government agencies and security firm FireEye, after corrupting a SolarWinds Orion update with malware. Continue Reading
By- Jessica Davis
-
News
14 Dec 2020
DHS CISA Alerts to MedTronic MyCareLink Medical Device Flaws
Serious vulnerabilities found in certain MedTronic MyCareLink medical devices would allow an attacker within Bluetooth signal proximity to modify or fabric patient data. Continue Reading
By- Jessica Davis
-
News
11 Dec 2020
COVID-19-Related Phishing Lingers, as New Attacks Use Vaccine Themes
Armorblox finds hackers continue to prey on the COVID-19 pandemic via phishing campaigns, while KnowBe4 discovered phishing attacks leveraging vaccine themes. Continue Reading
By- Jessica Davis
-
News
08 Dec 2020
Flaws in GE Radiology Medical Device Authentication Pose Patient Data Risk
Discovered by CyberMDX, authentication flaws found in certain GE radiology medical devices put patient protected health data at risk of manipulation and exposure, according to CISA. Continue Reading
By- Jessica Davis
-
News
08 Dec 2020
NSA Warns Nation-State Actors Exploiting Remote Work Endpoints
Nation-state threat actors from Russia are using stolen credentials to actively exploit a recently disclosed vulnerability in certain VMWare Workspace platforms, used for remote work. Continue Reading
By- Jessica Davis
-
News
08 Dec 2020
33 TCP/IP Stack Flaws Pose Hacking Risk to Millions of IT, IoT Devices
Dubbed Amnesia:33, a group of TCP/IP Stack vulnerabilities found in millions of IT and IoT devices put these platforms at risk of hacking, remote code execution, and data loss. Continue Reading
By- Jessica Davis
-
News
03 Dec 2020
FBI: Business Email Compromise Attacks Abuse Email Auto-Forwarding
Medical and manufacturing sectors are being targeted with business email compromise attacks that abuse email auto-forwarding to hide successful phishing attacks from victims. Continue Reading
By- Jessica Davis
-
News
03 Dec 2020
Hackers Targeting COVID-19 Vaccine Supply Chain Via Phishing Campaigns
DHS CISA highlighted a new IBM X-Force report showing cybercriminals are targeting the COVID-19 vaccine supply chain with phishing and spear-phishing attacks. Continue Reading
By- Jessica Davis
-
News
02 Dec 2020
AMA Warns of Telehealth Cyber Risks, Insider Threats Tied to COVID-19
AMA sheds light on strained security resources, cyber risks, and the expanded threat landscape in the healthcare sector brought on by COVID-19, including insider threats and telehealth flaws. Continue Reading
By- Jessica Davis
-
News
01 Dec 2020
DHS CISA: Fortinet VPN Vulnerability Poses Password Exposure Risk
Disclosed in 2019, a vulnerability found in certain Fortinet VPN devices could allow an attacker to steal data, including passwords, if left unpatched. Continue Reading
By- Jessica Davis
-
News
27 Nov 2020
Threat Actors Spoofing Legitimate FBI Site Domains, Poses Cyberattack Risk
A recent FBI warned of an increase in the number of registered internet domains and email addresses spoofing legitimate FBI sites, which poses a potential cyberattack risk. Continue Reading
By- Jessica Davis
-
News
25 Nov 2020
FBI: Ragnar Locker Ransomware Attacks Increase With Data Theft Risk
The FBI warns entities of a rise in Ragnar Locker ransomware, where hackers gain a foothold on the network, perform reconnaissance, and steal data before deploying the final attack. Continue Reading
By- Jessica Davis
-
News
23 Nov 2020
Phishing Attacks Evade Security With Google Services, Social Engineering
Recent reports show two new phishing campaigns are leveraging free Google services and social engineering to bypass security measures to ensure the malicious messages make it to the inbox. Continue Reading
By- Jessica Davis
-
News
23 Nov 2020
Sanford Health, DSU Launch CyberHealth Innovation Hub
Designed to expand the cyber workforce and improve care delivery, Sanford Health and DSU’s CyberHealth innovation hub creates a program for understanding where cyber connects with healthcare. Continue Reading
By- Jessica Davis
-
Answer
19 Nov 2020
Millions of Medical Images Exposed, as US Fails to Secure PACS Flaws
A year out from a shocking report that revealed massive PACS vulnerabilities were exposing millions of medical images and data, and NNT shows the US has failed to secure those flaws. Continue Reading
By- Jessica Davis
-
News
18 Nov 2020
50% of Advanced Phishing Attacks Evade Leading Secure Email Gateways
A new IRONSCALES report finds as threat actors increasingly leverage social engineering scams, nearly half of these advanced phishing attacks bypass the leading secure email gateways. Continue Reading
By- Jessica Davis
-
News
17 Nov 2020
ASPR Warns Ransomware Threat is Persistent, as Actors Leak More Data
Threat actors leak data from a dental insurer and a healthcare provider this week, in the wake of an update from ASPR warning the sector that ransomware continues to be a persistent threat. Continue Reading
By- Jessica Davis
-
News
17 Nov 2020
Ransomware Groups Team Up, as Hackers Shift into Cloud Operations
A number of hacking groups, including those employing ransomware, are teaming up to expand the threat landscape and take advantage of stolen data troves in cloud-based operations. Continue Reading
By- Jessica Davis
-
News
16 Nov 2020
SSL-Based Cyberattacks Increase By 260%; Healthcare Most Targeted
The number of cyberattacks leveraging SSL encrypted channels to bypass legacy security controls increased by 260 percent since 2019. And healthcare was the most targeted sector. Continue Reading
By- Jessica Davis
-
News
16 Nov 2020
TrickBot Spear-Phishing Campaign Deploys Malware for Remote Access
Area 1 Security observed a widespread spear-phishing campaign tied to the notorious TrickBot actors, used to deploy two stealthy malware variants and gain remote access to the victim’s network. Continue Reading
By- Jessica Davis
-
News
13 Nov 2020
BD Discloses Alaris Medical Device Vulnerability, Poses DoS Attack Risk
A disclosed vulnerability found in the BD Alaris 8015 PC Unit and Systems Manager poses a Denial of Service (DoS) attack risk. DHS CISA is urging organizations to apply compensating controls. Continue Reading
By- Jessica Davis
-
News
13 Nov 2020
Nation-State Hacking Campaigns Targeting COVID-19 Research Firms
Microsoft has observed several hacking campaigns led by nation-state actors with ties to Russia and North Korea, actively targeting COVID-19 research, including firms developing vaccines. Continue Reading
By- Jessica Davis
-
News
10 Nov 2020
Profitable Hacking Campaign Targets VoIP SIP Servers, Sells System Access
Check Point researchers discovered a new, hacking campaign targeting the SIP servers used by multiple VoIP platforms to gain access and even make a profit from victim’s networks. Continue Reading
By- Jessica Davis
-
News
10 Nov 2020
Zoom Reaches Settlement with FTC Over Misleading Security Practices
The use of Zoom videoconferencing skyrocketed amid the COVID-19 crisis, which spotlighted several security risks and concerns. The FTC settlement will resolve the misleading security practices. Continue Reading
By- Jessica Davis
-
Answer
09 Nov 2020
Required Actions to Prevent Common Ransomware Exploits, Access Points
Healthcare is leaving out the proverbial welcome mat for hackers, failing to address key vulnerable endpoints, which later become top access points and exploits for ransomware attacks. Continue Reading
By- Jessica Davis
-
News
05 Nov 2020
Army National Guard Deployed to UVM to Assist Ransomware Recovery
The Vermont Governor deployed the Army National Guard’s Cyber Response team to the University of Vermont (UVM) Health Network a week after ransomware attack hobbled its network. Continue Reading
By- Jessica Davis
-
News
04 Nov 2020
50% of Ransomware Attacks Lead to Data Exfiltration; Payments Hit $234K
Ransom demands rose 31 percent from Q2 to Q3 2020, with an average of $234,000, while hackers threaten victims with extortion using exfiltrated data in nearly 50 percent of ransomware attacks. Continue Reading
By- Jessica Davis
-
News
30 Oct 2020
Microsoft: Threat Actors Exploiting Unpatched Windows Zerologon Flaw
DHS CISA alert highlights a Microsoft report that shows threat actors, including nation-state hackers, are actively exploiting a Windows Netlogon flaw, security researchers dubbed Zerologon. Continue Reading
By- Jessica Davis
-
Answer
29 Oct 2020
FDA Scoring Tool Update Adds Vulnerability Risk to Patient Safety
An update to the FDA Medical Device Development scoring tool takes into account how a medical device vulnerability would impact patient safety, improving transparent device security. Continue Reading
By- Jessica Davis
-
Answer
28 Oct 2020
Medical Device Security Stymied by Legacy Tech, Flawed Segmentation
Forescout’s Connected Medical Device Security report shows improved awareness around healthcare on network segmentation and legacy devices, but other security challenges remain. Continue Reading
By- Jessica Davis
-
News
28 Oct 2020
Phishing Campaigns Mimic Microsoft Teams, HHS COVID-19 Vaccine Tracker
In recent weeks, two phishing campaigns were spotted actively spoofing Microsoft Teams and the other disguised as emails from HHS with information about a COVID-19 vaccine tracker. Continue Reading
By- Jessica Davis
-
News
27 Oct 2020
NIST Shares Draft PNT Data Service Profile for Cybersecurity Framework
New NIST insights can help organizations mitigate cybersecurity risks facing critical technologies, including GPS tech leveraging PNT, used in the public health sectors and other industries. Continue Reading
By- Jessica Davis
-
Answer
23 Oct 2020
Rapid Threat Evolution Spurs Crucial Healthcare Cybersecurity Needs
Ransomware, phishing, and human weaknesses are serious cyber risks to health IT infrastructure amid COVID-19, which makes it crucial to improve security to combat evolving threats. Continue Reading
By- Jessica Davis
-
News
22 Oct 2020
Ransomware Hacking Groups Steal, Leak Data From 3 More Providers
REvil, Netwalker, and Conti ransomware hackers have once again posted proofs of data stolen in three separate provider hacks. One hack contains 600 GB of stolen data. Continue Reading
By- Jessica Davis
-
News
21 Oct 2020
NSA Warns Chinese Nation-State Actors Exploiting Vulnerabilities
DHS CISA is encouraging organizations to prioritize patching of 25 common vulnerabilities, as an NSA alert shows Chinese nation-state actors are actively exploiting those flaws. Continue Reading
By- Jessica Davis
-
News
20 Oct 2020
DOJ Indicts Russian Hackers Behind 2017 NotPetya Malware Attack
DOJ indicted the Russian hackers behind the 2017 NotPetya malware attack, which began on a Ukrainian company and spread across the globe, crippling several US firms, including Nuance. Continue Reading
By- Jessica Davis
-
News
19 Oct 2020
Proof-of-Concept Prompts Alert on SharePoint Remote Execution Flaw
DHS urges entities to heed an NSCS alert for a remote code execution flaw in Microsoft SharePoint, following the release of a proof-of-concept that would give a hacker control of a system. Continue Reading
By- Jessica Davis
-
News
15 Oct 2020
CISA Urges Patch of Windows Remote Code Execution TCP/IP Flaw, DoS Risk
US Cyber Command took to Twitter to urge organizations to immediately apply a Microsoft-issued patch for a critical remote code execution flaw in Windows TCP/IP, which poses a DoS risk. Continue Reading
By- Jessica Davis
-
News
13 Oct 2020
Top Strategies for Implementing Multi-Factor Authentication
Establishing multi-factor authentication in the healthcare setting is not as challenging as many organizations assume. Continue Reading
By- Kelsey Waddill, Managing Editor and Multimedia Manager
-
News
13 Oct 2020
UHS Health System Ransomware Attack, Security Probed by Senator
Sen. Mark Warner is asking Universal Health Services (UHS) health system to provide insights into its cybersecurity policies, following a massive ransomware attack and subsequent EHR outage. Continue Reading
By- Jessica Davis
-
News
12 Oct 2020
FBI, CISA Warn APT Hackers Chaining Vulnerabilities in Cyberattacks
APT hackers are targeting government networks, critical infrastructure, and election organizations with chained vulnerability cyberattacks, the FBI and CISA warned in a joint alert. Continue Reading
By- Jessica Davis
-
News
09 Oct 2020
Best Practice Cybersecurity to Prevent Business Email Compromise
Business email compromise attacks are three times more effective than traditional phishing methods. By employing best practice cybersecurity, healthcare entities can improve their defense. Continue Reading
By- Jessica Davis