Cybersecurity strategies
The healthcare sector faces a variety of cyberthreats, but experts are constantly working to provide organizations with reliable cybersecurity strategies to address them. Learn about the latest tactics for tackling cyber risk, with efforts led by security practitioners, federal agencies and leading cybersecurity companies.
Top Stories
-
Podcast
23 Sep 2024
Implementing cyber hygiene best practices in healthcare
Applying best practices for cyber hygiene and employee security training can help healthcare organizations effectively mitigate cyber-risk. Continue Reading
By- Jill McKeon, Associate Editor
-
Tip
04 Sep 2024
Microsoft Purview Audit helps IT flush out bad behavior
The auditing tool gives enterprises a way to find problems by examining logs from Microsoft 365 cloud services, such as Exchange Online, to see what actions were taken and where. Continue Reading
By
-
News
23 Sep 2020
Just 44% of Healthcare Providers Meet NIST Cybersecurity Standards
CynergisTek data shows that despite a dramatic increase in healthcare data breaches, cybersecurity progress in the sector is regressing as just 44 percent meet NIST standards. Continue Reading
By- Jessica Davis
-
News
22 Sep 2020
Senators Probe VA After Data Breach Affecting 46K Veterans, Providers
The VA recently reported that a hacker diverted payments to community health providers and funds meant for veterans’ medical treatments. A group of senators demands answers. Continue Reading
By- Jessica Davis
-
News
18 Sep 2020
3 Key Entry Points for Leading Ransomware Hacking Groups
Ransomware attacks rapidly increased in sophistication and impact this year, with healthcare as a prime target. Providers need to understand the entry points used by these hacking groups. Continue Reading
By- Jessica Davis
-
News
17 Sep 2020
Exploit Code Prompts CISA Alert to Microsoft Netlogon Vulnerability
A publicly available exploit code for a vulnerability that allows for elevation of privilege in Microsoft’s Netlogon will be an attractive target for cybercriminals, DHS CISA warns. Continue Reading
By- Jessica Davis
-
News
16 Sep 2020
Iranian Hackers Targeting, Exploiting VPN Flaws of US Healthcare, IT Orgs
FBI and CISA warn Iran-backed hackers are targeting US federal agencies and businesses, including those in healthcare and IT, exploiting known vulnerabilities in VPN connections. Continue Reading
By- Jessica Davis
-
Answer
14 Sep 2020
Cyber Resilient Vendor Relationships for Healthcare’s Threat Landscape
A healthcare third-party vendor breach can have a devastating impact on multiple entities, which means it’s crucial to have cyber resilient vendor relationships to keep pace with these threats. Continue Reading
By- Jessica Davis
-
News
10 Sep 2020
Phishing Campaign Uses Overlay Tactic for Employee Credential Theft
Cofense researchers detected a new phishing campaign leveraging message quarantine emails that use the homepage of the targeted company for employee credential theft. Continue Reading
By- Jessica Davis
-
News
09 Sep 2020
Zeppelin Ransomware Returns Using New Trojan to Evade Antivirus
First seen in the wild targeting healthcare in 2019, Juniper Threat Labs detected a wave of new Zeppelin ransomware employing a new trojan downloader to evade antivirus applications. Continue Reading
By- Jessica Davis
-
News
04 Sep 2020
5 Top Critical Vulnerabilities In Need of Patch, Software Update
An attacker only needs to exploit one flaw to gain a foothold onto a network. Given patch management challenges and a reliance on legacy tech, providers must update critical vulnerabilities. Continue Reading
By- Jessica Davis
-
Answer
02 Sep 2020
Healthcare’s Password Problem and The Need for Management, Vaults
Credential theft remains a prominent issue in healthcare. Given many are habitual in password reuse, the sector must improve its policies, management, and consider employing password vaults. Continue Reading
By- Jessica Davis
-
News
01 Sep 2020
CISA Shares Incident Detection, Response Playbook for Cyber Activity
The joint DHS CISA alert highlights the best practice methods for incident detection and remediation of malicious cyber activity, including mitigation steps and indicators of compromise. Continue Reading
By- Jessica Davis
-
News
01 Sep 2020
Report: Phishing Campaign Uses Hidden Text to Bypass Email Security
Using techniques that the average user would be unable to spot, a new phishing campaign is using hidden text, or what’s known as zero font, to bypass email security controls. Continue Reading
By- Jessica Davis
-
News
31 Aug 2020
Healthcare Key Target of Hacker Selling Access to Compromised RDP
A Nuspire report shows the hacker TrueFighter is actively targeting and compromising the remote desktop protocol (RDP) in a range of sectors, with healthcare as the key target. Continue Reading
By- Jessica Davis
-
News
27 Aug 2020
COVID-19 PPE Phishing Campaign Delivers Agent Tesla RAT Malware
A prominent phishing campaign has been preying on COVID-19 fears with targeted emails that offer personal protective equipment (PPE), but instead delivers Agent Tesla RAT malware. Continue Reading
By- Jessica Davis
-
Answer
26 Aug 2020
Key Needs for a Resilient Healthcare Information Security Program
Impact Advisor’s Shefali Mookencherry examines the current threat landscape and the tools entities need to build a resilient healthcare information security program. Continue Reading
By- Jessica Davis
-
News
25 Aug 2020
Credential Theft Via Spoofed Login Pages Increase, Healthcare Top Target
Hackers are drastically increasing credential theft attempts through social engineering and spoofed login pages, and healthcare recipients are the biggest target, IRONSCALES finds. Continue Reading
By- Jessica Davis
-
News
25 Aug 2020
FBI, CISA Alert of Surge in Vishing Cyberattacks on Remote Workers
Hackers are targeting remote workers through a voice phishing, or “vishing,” campaign in an effort to collect enterprise login credentials, later selling access to company networks. Continue Reading
By- Jessica Davis
-
News
24 Aug 2020
Search Engines May Expose Patient Health Information, ACR warns
New search engine capabilities used by Google, Bing, and other vendors may inadvertently expose patient identifiers and other protected health information, ACR, RSNA, and SIIM warn. Continue Reading
By- Jessica Davis
-
News
20 Aug 2020
Brute-Force P2P Botnet Targeting SSH Servers of Medical Centers, Banks
A sophisticated peer-to-peer (P2P) botnet has been actively breaching SSH servers with brute-force cyberattacks from a range of organizations, including medical centers, banks, and others. Continue Reading
By- Jessica Davis
-
News
19 Aug 2020
IBM: Remote Exploit Flaw Found in Millions of Connected IoT Devices
An IoT vulnerability has been uncovered in a host of Thales products, which are found in millions of connected devices, including medical devices, and can be remotely exploited. Continue Reading
By- Jessica Davis
-
News
19 Aug 2020
CISA Alerts to Phishing Campaign Deploying KONNI RAT Malware
Hackers are leveraging a phishing campaign to deploy KONNI malware, a remote access trojan (RAT), to steal data, capture keystrokes, take screenshots, and launch cyberattacks. Continue Reading
By- Jessica Davis
-
News
18 Aug 2020
Judge Dismisses Heritage Valley Malware Lawsuit Against Nuance
Heritage Valley Health System filed a lawsuit against Nuance after the vendor fell victim to the 2017 NotPetya malware attack, which then allegedly infected and damaged the health system’s network. Continue Reading
By- Jessica Davis
-
News
17 Aug 2020
Telehealth Adoption Requires Modern Identity Verification
It’s time for healthcare organizations to replace paper-based systems and manual processes with a biometric-based approach Continue Reading
By- Jumio
-
News
13 Aug 2020
CISA Alerts to Phishing Campaign Spoofing COVID-19 Loan Relief Site
A hacking group has launched a malicious phishing campaign that spoofs the Small Business Administration COVID-19 loan relief website for credential stealing and malicious redirects. Continue Reading
By- Jessica Davis
-
News
12 Aug 2020
Citrix Urges Patch of Critical XenMobile Server Vulnerabilities
Warning that threat actors will likely move to quickly exploit the flaws, Citrix released patches for two critical vulnerabilities found in its XenMobile Server, a mobile device management platform. Continue Reading
By- Jessica Davis
-
News
12 Aug 2020
Microsoft Patches Remote Execution, Spoofing Flaws Under Active Exploit
DHS CISA alerted private sector organizations to two security updates released by Microsoft, which patch a spoofing flaw and a remote code execution vulnerability under active exploit. Continue Reading
By- Jessica Davis
-
News
11 Aug 2020
NIST Shares Final Zero Trust Architecture Strategies, Guidance
Developed in collaboration with federal agencies, the final NIST Zero Trust Architecture publication details the enterprise security model and provides a roadmap for deploying the concept. Continue Reading
By- Jessica Davis
-
News
10 Aug 2020
BEC Phishing Campaigns Bypass MFA, Target Office 365 Executive Accounts
Researchers observed an increase in business email compromise phishing campaigns able to bypass MFA, while Trend Micro found an uptick in BEC scams targeting executive Office 365 accounts. Continue Reading
By- Jessica Davis
-
News
10 Aug 2020
Breaking Down Telehealth Inclusivity Barriers for Older Adults
COVID-19 has greatly changed the outlook for virtual visits, but the process can be frustrating Continue Reading
By- Jumio
-
News
06 Aug 2020
Hacker Leaks 900 Enterprise VPN Server Passwords on Dark Web
Threat intelligence firm KELA shared a list of more than 900 Pulse Secure VPN enterprise server usernames and passwords with ZDNet, which a hacker had posted on the dark web in plain text. Continue Reading
By- Jessica Davis
-
News
05 Aug 2020
FBI: Operating Windows 7 Increases Cyber Risk to Network Infrastructure
An industry alert from the FBI warns that network infrastructures still operating with Windows 7 platforms, after it reached end of life status in January 2020, are at an increased risk of cyberattack. Continue Reading
By- Jessica Davis
-
Answer
04 Aug 2020
The Risk of Nation-State Hackers, Government-Controlled Health Data
Throughout the COVID-19 pandemic, an increasing amount of health data is being controlled and stored by the government. As nation-state hacking increases, the risks to privacy will follow. Continue Reading
By- Jessica Davis
-
News
04 Aug 2020
COVID-19 Impact on Ransomware, Threats, Healthcare Cybersecurity
Interpol, Coveware, and Fortified Health Security shed light on how the COVID-19 crisis spurred an increase in ransomware and cybercriminal efforts to take advantage of the remote landscape. Continue Reading
By- Jessica Davis
-
News
03 Aug 2020
DHS CISA Alert Warns of Chinese-Backed Malware Cyberattacks
DHS CISA identified a malware variant known as Taidoor tied to the government of China, designed to maintain presence on victim networks and for further exploits and cyberattacks. Continue Reading
By- Jessica Davis
-
Answer
31 Jul 2020
How Zero Trust in Healthcare Can Keep Pace with the Threat Landscape
Hackers are outpacing healthcare in the overall cybersecurity race. Zero trust in healthcare can help stop attack proliferation, but it will be an uphill battle. Continue Reading
By- Jessica Davis
-
News
30 Jul 2020
FBI Alerts to Rise in Targeted Netwalker Ransomware Attacks
An FBI flash alert warns of a significant increase in targeted Netwalker ransomware attacks on US and foreign health agencies, governments, private companies, and education entities. Continue Reading
By- Jessica Davis
-
News
29 Jul 2020
Proposed COVID-19 Relief Bills Include Privacy, Security Funding
The COVID-19 relief package proposed by Senate Republicans would allocate $53 million to DHS CISA to protect research data, while Senate Democrats are urging for the inclusion of privacy protections. Continue Reading
By- Jessica Davis
-
News
29 Jul 2020
IBM: Health Sector Leads in Annual Data Breach Costs, Topping $7.13M
While the average global data breach costs for all sectors was just $3.86 million, IBM finds health sector breaches are the costliest at $7.13 million due to federal and state regulations, like HIPAA. Continue Reading
By- Jessica Davis
-
Answer
27 Jul 2020
COVID-19 Cybersecurity: Building Resilience Beyond the Crisis
Visibility, network access management, and automation are crucial to securing and building resilience to the healthcare infrastructure long after the COVID-19 pandemic ends. Continue Reading
By- Jessica Davis
-
News
27 Jul 2020
Telehealth Is the New Normal, But So Is Online Fraud
Given the breadth and scope of fraud threats, healthcare systems need to take a comprehensive three-pronged approach to cybersecurity. Continue Reading
By- Jumio
-
News
23 Jul 2020
FBI Alerts to Rise in DDoS Attacks Via Exploited Built-In Network Protocols
Hackers are exploiting built-in network protocols to fuel more destructive distributed-denial-of-service (DDoS) cyberattacks using limited resources, according to a recent FBI alert. Continue Reading
By- Jessica Davis
-
News
22 Jul 2020
Emotet Malware Threat Actors Return with Massive Email Campaign
Reports from Proofpoint and Malwarebytes found the notorious Emotet malware threat actors have reemerged after a hiatus, sending 250,000 malicious emails with highly obfuscated macros. Continue Reading
By- Jessica Davis
-
News
22 Jul 2020
Top Risks of 1H 2020: Ransomware, Mobile, Health Infrastructure
Fueled by COVID-19, Skybox Security predicts over 20,000 vulnerability reports by the end of 2020, as hackers ramp up ransomware and health infrastructure and mobile device attacks. Continue Reading
By- Jessica Davis
-
News
21 Jul 2020
DOJ Accuses China of Targeted Hacking on COVID-19 Research Data
Two hackers are accused by DOJ of working with the Chinese government to target and hack hundreds of US entities, stealing more than a terabyte of data, including COVID-19 research. Continue Reading
By- Jessica Davis
-
News
20 Jul 2020
Feds Issue Emergency Directive to Patch Critical DNS Server Flaw
CISA officials stress that while the emergency directive on patching the critical Windows DNS server flaw is aimed at federal agencies, private sector organizations should also take immediate action. Continue Reading
By- Jessica Davis
-
News
20 Jul 2020
DHS Shares Insights on Network Tunneling, Obfuscating Cyberattacks
Threat actors leverage obfuscation, network tunneling, and spoofing techniques to mislead incident responders. New DHS CISA insights shed light on these cyberattack methods. Continue Reading
By- Jessica Davis
-
News
17 Jul 2020
Report Finds Serious Flaws in COVID-19 Vaccine Developers' Systems
BitSight assessed 17 biomedical companies publicly recognized for playing a role in the development of a COVID-19 vaccine and found many operate with serious security vulnerabilities. Continue Reading
By- Jessica Davis
-
News
16 Jul 2020
Russian Hackers Target COVID-19 Vaccine Developers with Cyberattacks
A UK NSCS advisory, supported by the NSA, warns the Russian hackers known as APT29 are targeting healthcare, pharma, and COVID-19 vaccine developers with cyberattacks to steal data. Continue Reading
By- Jessica Davis
-
Answer
16 Jul 2020
The Key to Improving Medical Device Security is Collaboration, Visibility
Manufacturers, healthcare delivery organizations, policymakers, and even patients need collaboration to better understand and address medical device security risks and improve visibility. Continue Reading
By- Jessica Davis
-
News
15 Jul 2020
Microsoft Patches Critical, Wormable Flaw in Windows DNS Servers
DHS CISA is urging organizations to apply Microsoft's patch for a critical, wormable vulnerability found in its Windows DNS Servers. The bug has the most severe security rating of 10.0. Continue Reading
By- Jessica Davis
-
News
14 Jul 2020
Report: Over 1 in 10 Ransomware Attacks Results in Data Theft
Double extortion ransomware attacks were made popular by the Maze hacking group, but other threat actors are following suit; Emsisoft finds over one-tenth of these attacks results in data theft. Continue Reading
By- Jessica Davis
-
News
10 Jul 2020
41 Providers Reported Ransomware Attacks in First Half of 2020
While the rate of successful ransomware attacks remained flat during Q1 and Q2 of 2020, Emsisoft predicts a likely uptick due to the season and as the workforce returns to the office. Continue Reading
By- Jessica Davis
-
News
09 Jul 2020
15 Billion Compromised Credentials Available for Sale on Hacker Forums
A Digital Shadows report shares insights into the function of hacker forums and the severity of the risk posed by compromised credentials, given the frequency of account takeover attacks. Continue Reading
By- Jessica Davis
-
News
08 Jul 2020
Microsoft Sues, Now Controls COVID-19 Phishing Campaign Domains
Recently unsealed court documents shed light on Microsoft’s efforts to block a massive phishing campaign tied to COVID-19 themes directed at business leaders from 62 countries. Continue Reading
By- Jessica Davis
-
Answer
06 Jul 2020
Impact of Ripple20 Vulnerabilities on Healthcare IoT, Connected Devices
The healthcare sector is the most affected by a group of 19 critical vulnerabilities known as Ripple20, found in over 52,000 medical device models and with remote code execution possibilities. Continue Reading
By- Jessica Davis
-
News
06 Jul 2020
FBI, CISA Share Mitigation Guidance for Obfuscated Cyberattacks Via Tor
Hackers leverage Tor (The Onion Router) to anonymously conduct malicious cyberattacks against organizations, which conceals their identity as they perform reconnaissance, FBI and CISA warn. Continue Reading
By- Jessica Davis
-
News
03 Jul 2020
DHS CISA Alerts to OpenClinic GA Hospital Management System Flaws
Vulnerabilities found in the OpenClinic GA integrated hospital information management system have prompted a medical advisory from DHS CISA ICS-CERT, urging a system upgrade. Continue Reading
By- Jessica Davis
-
News
01 Jul 2020
DHS CISA Urges Patch of Critical Palo Alto Pan-OS Vulnerability
Following an advisory from Palo Alto Networks, DHS CISA took to Twitter to urge enterprises to immediately patch a critical PAN-OS vulnerability given the likelihood of advanced persistent threats. Continue Reading
By- Jessica Davis
-
News
30 Jun 2020
Ransomware Attacks Delivered Via Phishing Campaigns on the Rise
While the increase in ransomware attacks delivered through phishing campaigns is just slight, Proofpoint warns these attacks could be a sign of what’s to come in future campaigns. Continue Reading
By- Jessica Davis
-
News
29 Jun 2020
UCSF Pays $1.14M to NetWalker Hackers After Ransomware Attack
After NetWalker ransomware locked down several servers of its School of Medicine, UCSF paid the hackers’ ransom demand to decrypt the data and restore function to the impacted systems. Continue Reading
By- Jessica Davis
-
News
26 Jun 2020
Microsoft Again Urges Exchange Server Patch, as Attacks Resurge
DHS first alerted to an increase in attacks on a critical Microsoft Exchange server vulnerability in March. The tech giant issued a repeat warning, as researchers have detected a resurgence in attacks. Continue Reading
By- Jessica Davis
-
News
25 Jun 2020
Most At-Risk Medical Devices: PACS, HL7 Gateway, Radiotherapy Systems
Forescout finds 35 percent of healthcare workstations operate on unsupported versions of Windows, with PACS, HL7 Gateway and Radiotherapy Systems as some of the riskiest devices in the sector. Continue Reading
By- Jessica Davis
-
News
25 Jun 2020
New Malware Campaign Targets Unpatched Windows Vulnerabilities
Capable of launching DDoS attacks and cryptojacking, a new malware campaign known as Lucifer has been spotted targeting a spate of unpatched critical Windows vulnerabilities. Continue Reading
By- Jessica Davis
-
News
24 Jun 2020
3 Key Ways to Bolster Healthcare Cybersecurity with MFA, Training
Healthcare struggles with a lack of resources and staff, as well as a reliance on legacy technologies, which can be strengthened through effective training and security tools like MFA. Continue Reading
By- Jessica Davis
-
News
22 Jun 2020
DHS CISA: Serious Vulnerabilities Found in 6 Medical Device Systems
System vulnerabilities found in medical devices from Baxter and Biotronik could allow an attacker to compromise patient information and alter system configurations if exploited. Continue Reading
By- Jessica Davis
-
News
18 Jun 2020
DHS Alerts to Ransomware Campaign Targeting Remote Access Systems
Hackers are targeting enterprise networks through remote access systems, like RDP and VPNs, through unpatched systems and those lacking multi-factor authentication, as a foothold for later ransomware attacks. Continue Reading
By- Jessica Davis
-
News
18 Jun 2020
Microsoft: COVID-19-Related Cyberattacks, Phishing in Decline
COVID-19-related cyberattacks and phishing campaigns reached their peak in March and have since leveled off. Microsoft sheds light on these attacks and how to move forward. Continue Reading
By- Jessica Davis
-
News
17 Jun 2020
AGS Urge Apple, Google to Ensure Privacy of COVID-19 Contact Tracing
The National Association of Attorneys General asks Google and Apple to protect consumer privacy and ensure COVID-19 contact tracing apps are only released by public health authorities. Continue Reading
By- Jessica Davis
-
News
17 Jun 2020
Millions of IoT Medical Devices Impacted by Ripple20 Vulnerabilities
Researchers discovered 19 vulnerabilities called Ripple20 impacting the TCP/IP communication stack found in hundreds of millions of connected devices, including IoT medical tech. Continue Reading
By- Jessica Davis
-
News
11 Jun 2020
Email Critical Enterprise Risk, as Impersonation Attacks Increase
Mimecast’s latest State of Email Security report shows a rapid increase in phishing, ransomware, and impersonation attacks, with a need for organizations to bolster cyber resilience programs. Continue Reading
By- Jessica Davis
-
News
10 Jun 2020
Report: Unsecured, Misconfigured Databases Breached in Just 8 Hours
Comparitech finds it takes hackers less than nine hours to compromise unsecured or misconfigured databases, with attackers proactively targeting data instead of relying on Shodan. Continue Reading
By- Jessica Davis
-
News
09 Jun 2020
Health Sector Most Targeted by Hackers, Breach Costs Rise to $17.76B
ForgeRock’s annual consumer identity breach report found the healthcare sector was the most targeted by hackers in 2019, which has continued into 2020. And its 382 data breaches cost the sector more than $2.45 billion. Continue Reading
By- Jessica Davis
-
News
08 Jun 2020
DHS CISA: Threat Actors Targeting Unpatched Microsoft Windows Flaw
In a Friday alert, DHS CISA warns threat actors are using publicly available proof-of-concept (POC) code to target an unpatched critical vulnerability found in certain Microsoft Windows systems. Continue Reading
By- Jessica Davis
-
News
05 Jun 2020
Open Ports, Phishing Key Targets in Healthcare Ransomware Attacks
Corvus finds ransomware attacks on healthcare have persisted at the same levels seen during the last quarter of 2019, with hackers primarily exploiting open ports and phishing to gain footholds. Continue Reading
By- Jessica Davis
-
News
05 Jun 2020
Voicemails of Remote Workers Targeted in New Phishing Campaign
Remote healthcare workers are facing a new cyber threat: hackers are targeting legacy technology used to send voicemails to employees with phishing attacks, according to IRONSCALES. Continue Reading
By- Jessica Davis
-
News
02 Jun 2020
Hackers Update Notorious TrickBot Malware to Evade Detection
The TrickBot malware variant, commonly used before ransomware deployments and designed to steal information, has been updated to evade detection, according to Palo Alto Networks. Continue Reading
By- Jessica Davis
-
News
29 May 2020
NSA Warns Russian Hacking Group Targeting Vulnerable Email Systems
The Russian hacking group known as Sandworm has been actively exploiting a vulnerability found in the Exim MTA software for email to launch malicious attacks, according to an NSA alert. Continue Reading
By- Jessica Davis
-
News
29 May 2020
New COVID-19 Spear-Phishing, Spoofing Attacks Mimic Google, WHO
Barracuda detected a new impersonation attack, where hackers spoof Google-branded sites in spear-phishing campaigns. Meanwhile, Google details spoofing campaigns mimicking WHO. Continue Reading
By- Jessica Davis
-
News
28 May 2020
Health Departments, State Govts. At Risk of COVID-19 Spoofing, Fraud
Proofpoint found most state governments and health departments lack the strictest and recommended DMARC protection and authentication, exposing them to COVID-19 spoofing and fraud attempts. Continue Reading
By- Jessica Davis
-
Answer
27 May 2020
External Threats Outpace Insider-Related Breaches in Healthcare
Verizon’s Data Breach Investigations Report finds external threats caused more healthcare data breaches than insiders last year, as the confirmed number of breaches substantially increased. Continue Reading
By- Jessica Davis
-
News
27 May 2020
H-ISAC Shares Identity Management Framework for Healthcare CISOs
Centered around governance, a new H-ISAC framework shows CISOs effective ways to implement identity and access management processes into overall enterprise security programs. Continue Reading
By- Jessica Davis
-
News
25 May 2020
Sens. Ask FBI, CISA How to Protect COVID-19 Medical Research Data
Four Senators ask the FBI and DHS CISA whether more resources are needed to protect COVID-19 medical research data, as Chinese hackers continue to target the intellectual property. Continue Reading
By- Jessica Davis
-
News
22 May 2020
NetWalker Ransomware Expands Operations, Targeting Healthcare
NetWalker ransomware actors have exploited the healthcare sector throughout the COVID-19 crisis. Now, the hackers are pairing up with other cybercriminals to gain enterprise access. Continue Reading
By- Jessica Davis
-
News
21 May 2020
Feds Issue Joint Alert on COVID-19 CARES Act Payment Fraud Scams
Given the increase in remote work, healthcare providers should review the joint alert from DHS CISA and other federal agencies on COVID-19 fraud scams tied to economic impact payments. Continue Reading
By- Jessica Davis
-
News
20 May 2020
Hackers Using COVID-19 Phishing, Website Spoofing for Credential Theft
Proofpoint observed over 300 COVID-19-related phishing campaigns since January, with hackers leveraging convincing phishing themes and website spoofing for credential theft. Continue Reading
By- Jessica Davis
-
News
18 May 2020
Guide to Healthcare's Security Tactical Crisis Response, Amid COVID-19
HSCC and the H-ISAC jointly shared tactical guidance for the healthcare sector on how to manage cybersecurity threats that arise amid an emergency, such as COVID-19 pandemic. Continue Reading
By- Jessica Davis
-
News
15 May 2020
Paying the Ransom Can Double Ransomware Attack Recovery Costs
The FBI has repeatedly warned against paying the ransom, but Sophos research confirms giving into the hackers’ demands does not ease recovery time – and doubles the overall recovery costs. Continue Reading
By- Jessica Davis
-
News
14 May 2020
HSCC Shares Guide to Protecting Healthcare Trade Secrets, Research
The latest Healthcare and Public Health Sector Coordinating Council (HSCC)insights detail ways healthcare entities can better secure its trade secrets and medical research from cyber theft. Continue Reading
By- Jessica Davis
-
News
14 May 2020
DHS CISA, FBI Reveal The Top Exploited Vulnerabilities Since 2016
Organizations are being urged to prioritize patching and mitigation tactics for the top 10 exploited vulnerabilities between 2016 and 2019, and the three most exploited flaws from 2020, so far. Continue Reading
By- Jessica Davis
-
News
13 May 2020
DHS CISA, FBI Warn Chinese Hackers Targeting COVID-19 Research Firms
A joint alert from DHS CISA and the FBI warns hackers tied to the People’s Republic of China are targeting and compromising the networks of research facilities working on the COVID-19 response. Continue Reading
By- Jessica Davis
-
News
12 May 2020
Feds Alert to New North Korean Malware Threats, Mitigation Tactics
DHS CISA, the FBI, and DOD are urging organizations to review insights into three recent malware variants tied to North Korea and recommended mitigation techniques to bolster defenses. Continue Reading
By- Jessica Davis
-
Answer
07 May 2020
Ransomware Success Declines Amid COVID-19, But Resurgence is Likely
While hackers have continued to target providers amid the pandemic, the number of successful attacks is in decline. But healthcare should plan now for the inevitable resurgence. Continue Reading
By- Jessica Davis
-
News
07 May 2020
OCR Shares COVID-19 Privacy and Security Threat Resources
In response to the increase in COVID-19-related cyber threats, OCR released a list of privacy and security resources to help providers bolster their defenses and prevent HIPAA violations. Continue Reading
By- Jessica Davis
-
News
05 May 2020
APT Hackers Targeting Healthcare, Essential Services Amid COVID-19
A new joint alert from DHS CISA and UK NSCS warns advanced persistent threat (APT) hacking groups are exploiting the COVID-19 pandemic to target healthcare providers and other essential services. Continue Reading
By- Jessica Davis
-
News
04 May 2020
Ransomware Causes 15 Days of EHR Downtime, as Payments Avg $111K
Driven by the notorious Sodinokibi and Ryuk variants, the average ransomware payment demand surged to $111,000, on average, according to Coveware’s quarterly ransomware incident report. Continue Reading
By- Jessica Davis
-
News
30 Apr 2020
COVID-19 Remote Work Causes Spike in Brute-Force RDP Cyberattacks
Kaspersky detected a rapid increase in brute-force hacking attempts against the remote desktop protocol (RDP), given the record number of remote workforce amid the COVID-19 crisis. Continue Reading
By- Jessica Davis
-
News
29 Apr 2020
Microsoft: COVID-19 Fueling Human-Operated Ransomware Deployments
In the last two weeks, Microsoft has seen a surge in the volume of ransomware attacks against healthcare; but the human-operated attacks likely began months before deploying the malware. Continue Reading
By- Jessica Davis
-
News
28 Apr 2020
NSA Shares Cybersecurity Guidance, Assessments for COVID-19 Telework
New guidance from the National Security Agency (NSA) is designed to help organizations assess and compare collaboration tools used for remote work during the COVID-19 pandemic. Continue Reading
By- Jessica Davis
-
News
27 Apr 2020
New COVID-19 Phishing Campaigns Target Zoom, Skype User Credentials
Researchers have discovered two new phishing campaigns targeting user credentials for both Skype and Zoom, amid the spike in remote work tied to the COVID-19 pandemic. Continue Reading
By- Jessica Davis
-
News
24 Apr 2020
WHO Reports COVID-19 Spurs Rapid Rise in Cyberattacks Against Staff
Days after a report revealed a leak of hundreds of active WHO credentials, officials say they've seen a dramatic increase in cyberattacks against its staff and email scams targeting the public. Continue Reading
By- Jessica Davis