Cybercriminals, hacktivists, nation state actors, cyberterrorists, script kiddies, and insider threats are the main types of bad actors that threaten healthcare, according to a new briefing from the Health Sector Cybersecurity Coordination Center (HC3). Top attacks utilized by the above entities include: Social Engineering: The practice of obtaining sensitive information by manipulating legitimate users, often […]
Third Party Web Analytics Causing Big Problems
Third party web analytics software providers are causing a widespread trend in healthcare breaches, according to a bulletin from The Centers for Medicare & Medicaid Services (CMS) Cybersecurity Integration Center (CCIC) Cyber Threat Intelligence (CTI) team. Many healthcare websites, including health-related mobile applications, use web analytics software from third party providers in order to monitor user […]
Study: Majority of CISOs Have Lost Sensitive Data in Past Year
Sixty-three percent of security leaders had to deal with the loss of sensitive information in the past 12 months, according to the annual Voice of the CISO report from Proofpoint. Sixty-eight percent of surveyed CISOs feel at risk of a material cyber-attack, with, 61% feeling unprepared to cope with it. Other findings include: The loss […]
Study: Cyberattacks That Take Out Even a Single Hospital Should be Considered Regional Disasters
Cyberattacks, such as ransomware, “can have real patient care impacts that extend far beyond a single effected hospital,” according to a new University of California San Diego School of Medicine study, causing disruptions at nearby regional hospitals. The study, published in the May 8 online edition of JAMA, analyzed data from two emergency departments that […]
HC3 Warns of New Data Breaches from Cl0p and Lockbit Ransomware Groups
Ransomware-as-a-service (RaaS) groups Cl0p and Lockbit recently conducted several distinct attacks, exploiting three known vulnerabilities (CVE-2023-27351, CVE-2023-27350, and CVE-2023-0669), according to a new sector alert from the Health Sector Cybersecurity Coordination Center (HC3). CISA added the latter two vulnerabilities to its Known Exploited Vulnerabilities Catalog but has not yet added the first. This Sector Alert […]
Nurse Call Systems Top List of Riskiest Medical & IoT Devices in Clinical Environments
Nurse call systems, followed by infusion pumps and medication dispensing systems top the list of medical and IoT devices that are exposed to malicious activity in clinical environments, according research from Armis, an asset visibility and security company. When looking at IoT devices, IP cameras, printers and Voice Over Internet Protocol (VoIP) devices were found […]
HC3 Issues March Vulnerability Bulletin
HC3 says March vulnerabilities to the health sector include the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for this month are from Microsoft, Google/Android, Apple, Mozilla, SAP, Cisco, Fortinet, and Adobe. A vulnerability is given the classification as a zero-day if it […]
HHS 405(d) Releases HICP 2023 & More
HHS 405(d) has released new resources to help cybersecurity professionals protect their healthcare organizations. The HICP 2023 Edition has been updated by over 150+ industry and federal professionals and includes a new identification of the top-5 threats along with mitigating practices. Knowledge on Demand is a new free cyber training platform located on the HHS […]
ECRI to Hospitals on 3rd-Party Site Tracking: Cut it Out; CISOs Must Be in on Fix
HSCC Releases “Cybersecurity for the Clinician” Video Training Series
The Health Sector Coordinating Council has released a free cybersecurity training video series entitled “Cybersecurity for the Clinician,” which covers how cyber-attacks can affect clinical operations and patient safety, and what clinicians can do to help keep healthcare data, systems and patients safe from cyber threats. The eight-episode series, totaling about 45 minutes, is intended […]