Cybersecurity

Cyber Threat Intelligence, Alerts and Reports

As part of the AHA鈥檚 commitment to helping hospitals and health systems prepare for and prevent cyber threats, we have gathered the latest government cyber threat intelligence and alerts and Health Information Sharing and Analysis Center (H-ISAC) reports.

You may be asked to enter your AHA member credentials to view certain reports and intelligence alerts.

Cybersecurity & Risk Advisory

Learn how AHA can help hospitals and health systems prepare for and mitigate cyber threats through the expertise of John Riggi, AHA鈥檚 National Advisor for Cybersecurity and Risk.

Learn More

Issue Landing Page
Issue Landing Page

Cybersecurity & Risk Advisory Service
AHA can help hospitals and health systems prepare for and mitigate cyber threats with John Riggi, a recognized expert, as a powerful resource.
Cybersecurity Government Intelligence Reports
Cybersecurity Government Intelligence Reports

TLP White: NSA | APT5: Citrix ADC Threat Hunting Guidance - December 2022
APT5 has demonstrated capabilities against Citrix庐 Application Delivery Controller鈩 (ADC鈩) deployments (鈥淐itrix ADCs鈥).
H-ISAC: Green Reports
H-ISAC: Green Reports

H-ISAC TLP Green Ransomware Data Leak Sites Report - July 29, 2025

A daily ransomware tracker at TLP:GREEN to increase awareness of the ransomware threat.
H-ISAC: White Reports
H-ISAC: White Reports

H-ISAC TLP White Threat Bulletin: Russia-Nexus Threat Actors May Retaliate Against Ukraine Weapons Deal

On July 14, 2025, the US announced a new foreign policy stating that it would supply Ukraine with a large amount of advanced weapons through NATO if Russia did not broker a ceasefire deal in the following 50 days.
H-ISAC: Green Reports
H-ISAC: Green Reports

H-ISAC TLP Green Daily Cyber Headlines - July 28, 2025
H-ISAC TLP Green Daily Cyber Headlines for July 28, 2025.
H-ISAC: Green Reports
H-ISAC: Green Reports

H-ISAC TLP Green Ransomware Data Leak Sites Report - July 28, 2025
A daily ransomware tracker at TLP:GREEN to increase awareness of the ransomware threat.
Headline
News

Microsoft says China-based threat actors behind SharePoint attacks聽
Microsoft July 22 released an update on the ongoing cyberattacks to SharePoint servers used within organizations, attributing the incidents to China-based threat actors.
Headline
News

Agencies warn of activity by Interlock ransomware

The FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services and Multi-State Information Sharing and Analysis Center July 23 released a joint advisory detailing malicious activity from Interlock ransomware.
Advisory
Advisory

Ongoing Attack Impacting Microsoft SharePoint Servers Managed on Premises
There is an ongoing attack targeting flaws in Microsoft鈥檚 SharePoint server software. Microsoft has published guidance on protecting vulnerable systems, and these vulnerabilities only impact on-premises installations of SharePoint.
Headline
News

Microsoft issues alert on vulnerabilities in ongoing SharePoint attacks聽
Microsoft July 19 issued an alert about active attacks from vulnerabilities targeting SharePoint servers used within organizations.
Subscribe to Cybersecurity