A recent survey of healthcare professionals indicates 78% of healthcare organizations have experienced at least one cybersecurity incident in the past 12 months. 60% of those incidents had a moderate or significant impact on the delivery of care, 15% had a severe impact, and 30% involved sensitive data. Protected Health Information (PHI) was exposed or stolen in 34% of incidents in North America. The survey was conducted by Pollfish on behalf of the cybersecurity firm Claroty on 1,100 individuals in North and South America, APAC, and Europe. Respondents worked full-time in the health sector in ..read more

The Joint Commission has issued a Sentinel Event Alert offering guidance on preserving patient safety following a cyberattack. Healthcare cyberattacks have been increasing in number and sophistication and it is no longer a case of if a healthcare organization will be attacked but when. Cyberattacks can cause considerable disruption to healthcare operations and put patient care at risk so it is critical that healthcare organizations do all they can to prevent cyberattacks, such as decreasing the attack surface, updating software and patching promptly, providing phishing awareness training, and ..read more

Ransomware groups have accelerated their attacks and are now spending less time inside victims’ networks before triggering file encryption, according to the 2023 Active Adversary Report from Sophos. The data for the report came from the first 6 months of 2023 and was gathered and analyzed by the Sophos X-Ops team. The median dwell time for ransomware groups fell from 9 days to 5 days in the first half of 2023, which the researchers believe is close to the limit of what is possible for hackers. They do not expect the median dwell time to fall below 5 days due to the time it typically takes for ..read more

The healthcare industry is actively targeted by financially motivated cybercriminal gangs; however, state-sponsored hacking groups also seek access to healthcare networks and are actively targeting healthcare providers and other entities in the healthcare and public health sector. In a recently published security advisory, the Health Sector Cybersecurity Coordination Center (HC3) provides a threat profile of some of the most capable Chinese hacking groups that are known to target U.S. healthcare organizations. While at least one Chinese state-sponsored hacking group is known to conduct cyberat ..read more

The U.S. Department of Health and Human Services’ Advanced Research Projects Agency for Health (ARPA-H) has announced the launch of the Digital Health Security (DIGIHEALS) project which seeks to improve the electronic infrastructure of the U.S. healthcare industry. ARPA-H is a funding agency that was created in 2022 to support biomedical and health research, specifically research that has the potential to advance aspects of medicine and health that cannot be achieved through more traditional research and commercial activity. Over the past few years, cybercriminals have been targeting the healt ..read more

Researchers at ESET have identified a largescale and ongoing phishing campaign targeting Zimbra Collaboration email servers at small- and medium-sized businesses and government agencies. The campaign has been active since at least April and is being conducted globally, with Poland, Ecuador, and Italy the most targeted countries. The campaign does not appear to be targeted on any specific vertical. Targets are sent an email with an HTML attachment. The email warns the user about an email server update or another Zimbra issue, such as a security update. The From field indicates the email has bee ..read more

There was a 15.2% fall in reported data breaches in July with 56 breaches of 500 or more records reported to the HHS’ Office for Civil Rights (OCR), which makes July an average month for data breaches. Over the past 12 months, 57 breaches have been reported each month on average; however, July was not an average month in terms of the number of compromised records. There was a 261% month-over-month increase in breached records in July, with 18,116,982 records breached across the 56 reported incidents. The incredibly high total was due to a major data breach at HCA Healthcare that saw the recor ..read more

There is justifiable fear that malicious actors will leverage generative AI to facilitate their malicious activities; however, the adoption of generative AI by threat actors appears to be limited, certainly for intrusion operations. Mandiant reports that it has been tracking threat actor interest in generative AI, but its research and open source accounts indicate generative AI is only currently being used to a significant extent for social engineering and misinformation campaigns. Mandiant has found evidence indicating generative AI is being used to create convincing lures for phishing and bu ..read more

Hackers have been conducting a mass exploitation campaign targeting Citrix NetScalers to exploit a critical vulnerability tracked as CVE-2023-3519. The automated exploitation campaign compromises NetScalers and installs web shells to provide a persistent backdoor into systems. The web shell allows the threat actor to execute arbitrary commands on compromised systems, even when the patch is applied to fix the vulnerability. The vulnerability affects Citrix Application Delivery Controller and Gateway appliances configured as gateway servers and was disclosed by Citrix on July 18, 2023. A patch w ..read more

A joint research project by Health-ISAC, Finite State, and Securin has revealed exploitable vulnerabilities in medical devices have increased by almost 60% since 2022. The researchers identified almost 1,000 vulnerabilities in 966 medical products, which is a 59% year-over-year increase from 2022. 993 vulnerabilities were identified that could be exploited by malicious actors to gain access to healthcare networks, 160 of the identified vulnerabilities have already been weaponized, and a further 101 are trending in the wild. Advanced Persistent Threat (APT) actors are known to be actively explo ..read more