The FBI has released its annual Internet Crime Report which confirms that healthcare suffered more ransomware attacks last year than any other critical infrastructure sector. The FBI’s Internet Crime Complaint Center (IC3) received 2,825 complaints about ransomware attacks in 2023, with 1,193 of those complaints coming from critical infrastructure entities. Healthcare organizations reported 249 complaints. Across all sectors, ransomware attacks increased by 18% from 2022 and ransom payments increased by 74% to $59.6 million. There are several reasons behind the increase in reported attacks and ..read more

The Department of Health and Human Services (HHS) has released details of the voluntary cybersecurity goals for organizations in the healthcare and public health sector (HPH), which were first announced in December 2023 in the HHS Healthcare Sector Cybersecurity concept paper. Healthcare organizations covered by the Health Insurance Portability and Accountability Act (HIPAA) must comply with the HIPAA Security Rule, which sets baseline standards for cybersecurity to safeguard electronic protected health information (ePHI). Those cybersecurity standards were developed more than 20 years ago, an ..read more

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a healthcare cybersecurity mitigation guide that outlines defensive mitigation strategies for combatting healthcare-specific cyber threats. The guidance document – The Mitigation Guide: Healthcare and Public Health (HPH) Sector – serves as a companion to previously issued guidance – The HPH Cyber Risk Summary – which was published by CISA in July 2023. Through its own efforts and those of its partner organizations, CISA has identified several common vulnerabilities and misconfigurations that are often exploited by m ..read more

A joint cybersecurity advisory has been issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and U.S. Cyber Command’s Cyber National Mission Force (CNMF) warning that multiple nation-state hacking groups are exploiting vulnerabilities in Zoho ManageEngine software and Fortinet firewalls to gain access to networks and steal sensitive data. The vulnerabilities under active exploitation have patches available, which should be applied as soon as possible to prevent them from being exploited. In addition to applying patches, investigatio ..read more

There has been a 59% increase in vulnerabilities in medical devices and the software applications on which they run, according to recent research by the Health Information Sharing and Analysis Center (Health-ISAC), Finite State, and Securin. Medical devices, such as pacemakers, infusion pumps, and monitoring systems, are used for monitoring patients and managing care. Vulnerabilities in these devices and the software on which the devices operate can therefore have serious consequences. If vulnerabilities are exploited, malicious actors could cause the devices to malfunction, which could disrup ..read more

The Cyber Safety Review Board (CSRB) has recently shared details of the tactics, techniques, and procedures used by the Lapsus$ threat group and has made several recommendations for hardening defenses and building resilience. The CSRB was established by the Biden Administration to improve the nation’s cybersecurity and has been tasked with reviewing significant cyber attacks and providing actionable recommendations for critical infrastructure entities to help them harden their defenses. The CSRB worked with more than 40 organizations to obtain insights into attacks by the Lapsus$ hacking group ..read more

The healthcare and public health (HPH) sector has been warned about a new ransomware-as-a-service (RaaS) group – Rhysida – that has been active since at least May 2023. According to the Health Sector Cybersecurity Coordination Center (HC3), the ransomware used in the attacks lacks advanced features and is thought to be in the early stages of development; however, it has already been successfully used in several attacks in Europe, Australia, and North and South America. While the group is thought to target the education, government, and manufacturing sectors, some healthcare organizations ..read more

SEO poisoning (search engine poisoning) is a tactic used by cybercriminals to manipulate search results and the tactic is being increasingly used to gain access to healthcare networks. In contrast to phishing, where contact is made with employees via email, SMS messages, or instant messaging services, SEO poisoning is a web-based attack and targets individuals as they browse the Internet. The aim of these attacks is to drive traffic to malicious websites where credentials are stolen or malware is downloaded, both of which can provide initial access to devices and accounts allowing the theft of ..read more

The healthcare and public health (HPH) sector is in the crosshairs of the Clop and MedusaLocker ransomware gangs, according to the Health Sector Cybersecurity Coordination Center (HC3), which has recently issued alerts about both cybercriminal groups. The latest HPH sector alert on Clop was published a matter of weeks after a previous alert from HC3 about Clop in January 2023. Clop has been active since at least February 2019 and has been one of the most prolific ransomware groups over the past 3 years. The group has gained notoriety following several attacks on high-profile organizations and ..read more

Artificial Intelligence tools have been incorporated into many cybersecurity solutions to improve their threat detection capabilities, but there is growing concern that these systems could be adopted by malicious actors and used to accelerate malware development and for social engineering and phishing. One popular AI-based tool, which was launched in November and has proven extremely popular, is ChatGPT, and there are indications that cybercriminals have been abusing that tool. The recent advances in natural language AI tools such as ChatGPT and the growing evidence of misuse prompted the Heal ..read more