����������

The Cybersecurity and Infrastructure Security Agency, FBI and Department of Health and Human Services said they consider the recent ransomware threat to the health care sector to be credible, ongoing and persistent.

As physician practices reopen and hospitals around the country prepare for a second wave of COVID-19 infections coinciding with cold and flu season, the AHA and AMA have released a new resource to help them keep patients’ protected health information private and secure.

The National Security Agency released an advisory detailing 25 common vulnerabilities that Chinese state-sponsored cyber actors are actively exploiting to access computer networks for sensitive intellectual property and other information, and encouraged stakeholders to take appropriate action to protect their networks.

The good — our society clearly recognizes the vital role our hospitals and health systems play in our nation’s critical infrastructure and how important they are to our communities’ health and safety. The bad — we have seen an increase in the frequency, severity and sophistication of cyberattacks targeting hospitals and health systems.

Financial institutions and other organizations that facilitate ransomware payments may face sanctions for assisting a malicious cyber actor that the Department of the Treasury’s Office of Foreign Assets Control has sanctioned, according to a recent OFAC advisory.

The Cybersecurity and Infrastructure Security Agency and Multi-State Information Sharing & Analysis Center (MS-ISAC) released a guide to help organizations prevent and respond to ransomware attacks, including best practices and a ransomware response checklist. For additional ransomware resources, visit CISA’s ransomware webpage. 

The Department of Health and Human Services’ Office of the Assistant Secretary for Preparedness & Response released an update on the Ryuk ransomware threat to the health care and public health sector, and urged the sector to take certain actions to reduce the risk of an attack.

The National Institute of Standards and Technology has updated its Security and Privacy Controls for Information Systems and Organizations, a catalog of tools to help organizations manage and respond to security and privacy risks.

The Cybersecurity and Infrastructure Security Agency is tracking an unknown malicious cyber actor who is spoofing the Small Business Administration COVID-19 loan relief webpage via phishing emails, the agency announced.

The FBI today alerted the private sector to a sophisticated and aggressive nation-state campaign targeting known critical and common vulnerabilities in virtual private networks, initially reported by the government last year.

Ransomware attacks on hospitals are “threat-to-life crimes” because they directly threaten a hospital’s ability to provide patient care, writes John Riggi, AHA senior advisor for cybersecurity and risk.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency yesterday alerted organizations to a critical vulnerability affecting the SAP NetWeaver Application Server, which an attacker could exploit through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications.

The departments of Homeland Security and Health and Human Services and the National Security Agency alerted the field to a significant vulnerability affecting the Palo Alto Networks’ PAN-OS firewall software that cyber attackers could easily exploit remotely via the internet.

The Federal Communications Commission is investigating a T-Mobile network outage that impacted customers across the United States, FCC Chairman Ajit Pai said.

NATO issued a statement condemning “destabilising and malicious cyber activities directed against those whose work is critical to the response against the pandemic,” including hospitals, health care services and research institutes.

The Health and Public Health Sector Coordinating Council, a public-private partnership, released a crisis response guide to help health care providers respond to a critical incident.

The Healthcare and Public Health Sector Coordinating Council, a public-private partnership developed to mitigate threats to the nation’s health care sector, released guidance and recommendations to help health care organizations protect trade secrets, medical research and other innovation capital from theft. 

China and its proxies have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments and testing from networks and personnel affiliated with COVID-19-related research, which could jeopardize the delivery of secure, effective and efficient treatment options, the FBI and CISA warned.

The Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency have updated their telework guidance to include new guidance on telework best practices, videoconferencing tips, guidance for securing videoconferencing, and specific cybersecurity recommendations for critical infrastructure and federal agencies using video conferencing.

Cyber actors have launched phishing campaigns against first responders, initiated denial-of-service assaults against government agencies and threatened medical facilities with ransomware attacks.