����������

The White House announced an interagency task force and other initiatives to protect U.S. organizations from ransomware attacks. The task force has been coordinating federal efforts to improve the nation’s cybersecurity as directed by the president in April.

Microsoft has released out-of-band security updates to address a remote code execution vulnerability — known as PrintNightmare (CVE-2021-34527) — in the Windows Print spooler service. The Computer Emergency Response Team Coordination Center (CERT/CC), part of the Software Engineering Institute at Carnegie Mellon University, last week reported a critical RCE vulnerability impacting the Windows Print Spooler service that allows a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system.

The FBI and Cybersecurity & Infrastructure Security Agency July 4 released guidance to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers and their customers

The Computer Emergency Response Team Coordination Center (CERT/CC), part of the Software Engineering Institute at Carnegie Mellon University, reported a critical remote code execution vulnerability impacting the Windows Print Spooler service that allows a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system.

The National Institute of Standards and Technology released a definition of critical software, which the Cybersecurity & Infrastructure Security Agency will use to develop a list of critical software products, as directed by President Biden in a May executive order on improving U.S. cybersecurity.

In a recent Fox Business Network interview, John Riggi, AHA’s senior advisor for cybersecurity and risk offered solutions to help prevent cyberattacks against hospitals and health systems, including investment in new technology and educating the workforce.

The Healthcare and Public Health Sector Coordinating Council, whose members include the AHA, urged President Biden to include support for health care cybersecurity in a future phase of his infrastructure plan.

The White House today released a memo urging business executives to immediately convene their leadership teams to discuss ransomware threats and review corporate security posture and business continuity plans.

The FBI and Cybersecurity and Infrastructure Security Agency May 28 issued a joint cyber advisory in response to a sophisticated spearphishing campaign targeting government organizations, intergovernmental organizations and non-governmental organizations.

The Microsoft Threat Intelligence Center has uncovered a wide-scale malicious email campaign by a group it associates with the 2020 compromise of the SolarWinds Orion platform, the center announced in a blog post.

The threat to public health from the pandemic is thankfully subsiding. Unfortunately, a very different threat is on the rise: Cyber criminals have been ramping up their attacks on the health care sector, jeopardizing systems and putting lives at risk.

Cyber actors continue to exploit vulnerabilities in the operating system for the Fortinet network security system, the FBI warned today, noting that a group “almost certainly” exploited a Fortigate appliance this month to access a webserver hosting the domain for a U.S. municipal government. The agency said actors are actively targeting a broad range of victims across multiple sectors. The alert recommends actions to help organizations guard against the threat. 

The FBI issued an alert on “Conti,” a ransomware variant identified in at least 16 attacks targeting U.S. health care and first responder networks in the past year. 

President Biden directed federal agencies to take certain actions to remove barriers to sharing cyber threat information with the private sector, enhance security in the software supply chain and better detect cyber incidents on federal networks.

The FBI released an alert on the ransomware variant Darkside, which this month infected a critical infrastructure company in the United States. The ransomware-as-a-service variant has affected various sectors since October 2020, including health care.

Are you aware that cyber adversaries target the health care sector the most of all critical infrastructure sectors? Hospitals and health systems in particular have frequently been the target of high-impact ransomware attacks, which disrupt patient care and risk patient safety. 

During the pandemic, there has been a dramatic increase in cyberattacks targeting hospitals and health systems, including disruptive ransomware attacks that have interrupted patient care and risked patient safety.

The FBI and Department of Homeland Security released recommendations to help organizations secure their networks from ongoing cyber threats from the Russian Foreign Intelligence Service, which recently exploited software updates to the widely used SolarWinds information technology performance-monitoring platform.

The Russian Foreign Intelligence Service (SVR) continues to exploit five publicly known cyber vulnerabilities, the National Security Agency, Cybersecurity and Infrastructure Security Agency and FBI said in a joint advisory. 

As health care organizations increasingly use telehealth during the COVID-19 pandemic and beyond, the Healthcare and Public Health Sector Coordinating Council (HSCC) released a report to help health care leaders assess and mitigate associated cybersecurity risks.