Cybersecurity
Cyber Threat Intelligence, Alerts and Reports
As part of the AHA’s commitment to helping hospitals and health systems prepare for and prevent cyber threats, we have gathered the latest government cyber threat intelligence and alerts and Health Information Sharing and Analysis Center (H-ISAC) reports.
You may be asked to enter your AHA member credentials to view certain reports and intelligence alerts.
Cybersecurity & Risk Advisory
Learn how AHA can help hospitals and health systems prepare for and mitigate cyber threats through the expertise of John Riggi, AHA’s National Advisor for Cybersecurity and Risk.
H-ISAC TLP Green Daily Physical Security Report for September 21, 2023.
H-ISAC TLP Green Daily Cyber Headlines for September 21, 2023.
A daily ransomware tracker at TLP:GREEN for the purpose of increasing ransomware threat awareness.
In August 2023, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches.
Summary:
H-ISAC TLP Green Daily Physical Security Report for September 20, 2023
On September 18, 2023, the Health Sector Cybersecurity Coordination Center (HC3) released a sector alert regarding the Lazarus group exploiting a ManageEngine vulnerability.
The Health Information Sharing and Analysis Center (H-ISAC) Sept. 19 alerted the health sector to an emerging threat that targets senior executives through phishing emails that contain malicious QR codes, also known as quishing.
The Department of Health and Human Services Sept. 18 alerted the health care sector to a critical vulnerability in ManageEngine products that allows an attacker to perform remote code execution and which a North Korean state-sponsored actor is reportedly using to target health care entities in…
A recent uptick in threat actors delivering phishing emails laced with malicious QR codes has beenobserved. Quishing, also known as QR code phishing, involves sending a seemingly time sensitive emailcontaining lures to trick the recipient into taking action and scanning an innocuous QR code.