����������

The Cybersecurity and Infrastructure Security Agency and FBI Saturday

As Russia attempts to advance its political interests by its invasion of Ukraine through the use of its military, we have also seen stepped up cyberattacks attributed to Russia in recent days on major networks in Ukraine.

The AHA recommended hospitals and health systems take certain immediate steps to protect against increased cyber risks to the U.S. health system stemming from the ongoing military operations in the Russia/Ukraine region.

The Cybersecurity and Infrastructure Security Agency issued a rare “Shields Up” message recommending all U.S. organizations take immediate steps to enhance their ability to detect and protect against a cyber intrusion. The action follows a State Department advisory urging Americans to immediately leave Ukraine due to increased threats of Russian military action. 

Sophisticated, high-impact ransomware incidents against critical infrastructure organizations increased globally in 2021, according to a

The Government Accountability Office today extended to Feb. 11 its survey for HIPAA-covered health care entities and business associates on their experiences complying with the Department of Health and Human Services’ data breach reporting requirements and HHS efforts to improve the data breach reporting process. The AHA assisted GAO in developing the survey, which will inform a future GAO report to Congress on data breach reporting by covered entities, including any challenges reported by covered entities and HHS efforts to address them.

The AHA has released a guide to help health care governing boards work with their organization’s leadership team to set cybersecurity priorities and reduce cyber risks.

The Government Accountability Office is surveying health care entities and business associates covered by the Health Insurance Portability and Accountability Act through 4 p.m. ET Friday to learn more about their experiences complying with the Department of Health and Human Services’ data breach reporting requirements and HHS efforts to improve the data breach reporting process.

The Cybersecurity & Infrastructure Security Agency Sunday advised U.S. critical infrastructure organizations to review a Microsoft blog on malware identified in Ukraine and take action to strengthen their networks against potential cyber threats.

The Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency released recommendations to help health care and other critical infrastructure organizations prevent, detect and respond to common Russian state-sponsored cyber threats. 

A report by the United Kingdom’s National Health Service is warning of threats leveraging Log4Shell vulnerability in VMware Horizon servers by an unknown cyber actor.

Health and Human Services Secretary Xavier Becerra today in a letter to health care and public health leaders urged vigilance against cyber threats posed by a vulnerability within the Apache Log4j software. Exploitation of the software, which exists in thousands of applications, including control systems for medical devices and hardware, can result in data exfiltration or ransomware that can significantly disrupt the delivery of health care.

John Riggi, AHA’s national advisor for cybersecurity and risk, discusses insights and lessons learned from hospital leaders from Dickinson County Healthcare System in Iron Mountain, Mich, and Sky Lakes Medical Center in Klamath Falls, Ore., after becoming victims of major ransomware attacks in the fall of 2020.

Apache has released a security update to address a second severe vulnerability affecting its Log4j software library, which a remote attacker could exploit to cause a denial-of-service condition, the Cybersecurity and Infrastructure Security Agency announced.

The Cybersecurity and Infrastructure Security Agency has created a webpage to provide the latest public information and vendor-supplied advisories on a critical remote code execution vulnerability affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1.

A ransomware attack has impacted several Ultimate Kronos Group services that hospitals and other organizations use to manage their employees and payrolls, the HR management company has confirmed.

Health care organizations should survey their information infrastructure to ensure they are not running vulnerable versions of the Apache Log4j Java library, upgrade any vulnerable systems and identify possible exploitation, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center advised.

The AHA has developed “What Boards Should Know About Cybersecurity” to assist hospital and health system trustees in asking key questions about their organization’s cybersecurity protocols.

The Department of Health and Human Services launched a central web resource for information on cybersecurity best practices recognized by its 405(d) program.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) last week advised biotechnology companies specifically and the health care and public health sector generally to review a new report on a malware threat aggressively spreading through the biomanufacturing industry and take appropriation action to protect their information infrastructure.