Cybersecurity
Cyber Threat Intelligence, Alerts and Reports
As part of the AHA鈥檚 commitment to helping hospitals and health systems prepare for and prevent cyber threats, we have gathered the latest government cyber threat intelligence and alerts and Health Information Sharing and Analysis Center (H-ISAC) reports.
You may be asked to enter your AHA member credentials to view certain reports and intelligence alerts.
Cybersecurity & Risk Advisory
Learn how AHA can help hospitals and health systems prepare for and mitigate cyber threats through the expertise of John Riggi, AHA鈥檚 National Advisor for Cybersecurity and Risk.
In August, Microsoft released a patch for a vulnerability that is applicable to the healthcare community. CVE-2020-1472.
HC3 Threat Briefing TLP White: Fileless Malware Sept 10, 2020
The NCSC continues to investigate a large number of UK cyber incidents involving the Cobalt Strike framework. The number of such incidents handled by the NCSC has increased significantly in recent years. This includes both cyber criminals conducting financially-motivated attacks and cyber espionage鈥
The HC3 team originally sent an invitation for September 17th for the Monthly webinar. This has been moved to September 24th please reference the invitation below.
In August 2020, security researchers identified a malicious email campaign impersonating a US hospital that was observed delivering a variety of information stealing trojans, including AgentTesla, Formbook, Matiex, and njRatAzorult.
CIS Controls:
鈥 Provide a quick security win for the Healthcare and Public Health (HPH) Sector
鈥 They offer an initial starting point for execution of a cyber security strategy
鈥 They are scalable to meet the needs of the smallest to largest organizations
鈥 Execution of the initial 43 sub-controls鈥
The following webinar invite is a redistribution from partners at HHS-ASPR
=================
This edition of Hacking Healthcare includes an examination of Health and Human Services鈥 (HHS) Office of Civil Rights鈥 (OCR) summer cybersecurity newsletter; a brief on the recent charges levied against ex-Uber Chief Security Officer (CSO) Joe Sullivan for his role in covering up a 2016 data breach鈥
HC3 Threat Briefing - Pulse Secure VPN Servers Leak: Incident Case Study 8 27 2020
A new phishing campaign is using COVID-19 personal protective equipment (PPE)-themed lures to spread Agent Tesla malware. This difficult-to-detect remote access Trojan (RAT) provides attackers with a dashboard to monitor the malware鈥檚 keylogging and information stealing capabilities.