Cybersecurity strategies
The healthcare sector faces a variety of cyberthreats, but experts are constantly working to provide organizations with reliable cybersecurity strategies to address them. Learn about the latest tactics for tackling cyber risk, with efforts led by security practitioners, federal agencies and leading cybersecurity companies.
Top Stories
-
Podcast
23 Sep 2024
Implementing cyber hygiene best practices in healthcare
Applying best practices for cyber hygiene and employee security training can help healthcare organizations effectively mitigate cyber-risk. Continue Reading
By- Jill McKeon, Associate Editor
-
Tip
04 Sep 2024
Microsoft Purview Audit helps IT flush out bad behavior
The auditing tool gives enterprises a way to find problems by examining logs from Microsoft 365 cloud services, such as Exchange Online, to see what actions were taken and where. Continue Reading
By
-
News
15 Jul 2021
Cyberattack Exposes Protected Health Information of 43K New Yorkers
A cyberattack exposed the PHI of over 43,000 New Yorkers. Continue Reading
By- Lisa Gentes-Hunt
-
News
15 Jul 2021
California Updates Health Facility Data Breach Requirements
California updated its health facility data breach regulations. Continue Reading
By- Lisa Gentes-Hunt
-
News
14 Jul 2021
Connecticut’s Updated Cybersecurity Law Now Protects Patient Data
Connecticut's new cybersecurity law will help protect patients' private medical information. Continue Reading
By- Lisa Gentes-Hunt
-
News
14 Jul 2021
OIG: Gaps in CMS ERM Puts Genomic Data Security at Risk
A new OIG report notes flaws in CMS ERM processes. Continue Reading
By- Lisa Gentes-Hunt
-
News
13 Jul 2021
ClearBalance Data Incident Impacts Over 200,000 US Patients' PII
A new cyber attack is impacting over 200,000 ClearBalance customers. Continue Reading
By- Lisa Gentes-Hunt
-
News
13 Jul 2021
Colorado Governor Signs The Colorado Privacy Act Into Law
The governor of Colorado signed the new privacy act into law. Continue Reading
By- Lisa Gentes-Hunt
-
News
12 Jul 2021
IRS: Cyberthief Sentenced to Prison After Stealing Patients PHI
A Texas mas was sentenced to prison for stealing patients' private health information. Continue Reading
By- Lisa Gentes-Hunt
-
News
12 Jul 2021
Patient Info Exposed in Health Clinic Cyberattack Data Breach
An Iowa-based health clinic is the latest victim of a cyberattack. Continue Reading
By- Lisa Gentes-Hunt
-
News
09 Jul 2021
Data Breach Impacts Patients, Employees of Dermatology Practice
A cyber attack impacted both patients and employees of a dermatology practice. Continue Reading
By- Lisa Gentes-Hunt
-
News
09 Jul 2021
HHS Warns Health PACS: Patient Data Vulnerable to Cyber Exploitation
Health PACS are vulnerable to hackers according to a new alert from the Department of Health & Human Services (HHS.) Continue Reading
By- Lisa Gentes-Hunt
-
News
08 Jul 2021
Report Draws Patient Privacy Concern with Prenatal Test
A Reuters report says that a globally used, prenatal test is being used by a Chinese company to collect patients’ data. Continue Reading
By- Lisa Gentes-Hunt
-
News
08 Jul 2021
Report: Privacy Concerns With Apps Used For Opioid Addiction Treatment
A new report on smartphone apps used for opioid addiction treatment is raising concerns over patient privacy. Continue Reading
By- Lisa Gentes-Hunt
-
News
07 Jul 2021
Mississippi’s Coastal Family Health Center Falls Victim To Hacker, PHI Exposed
The May incident did not interfere with patient care, but did expose patients’ private information. Continue Reading
By- Lisa Gentes-Hunt
-
News
06 Jul 2021
GAO: Some Progress, But Changes Still Needed For The Department of Veterans Affairs HIT System
GAO released its latest findings on the VA in a July 1 report. Continue Reading
By- Lisa Gentes-Hunt
-
News
01 Jul 2021
KLAS: Top Healthcare Security, Privacy Consulting Firms
KLAS researchers spoke with healthcare security and privacy leaders to understand which security consulting firms are true partners with organizations. Continue Reading
By- Jill McKeon, Associate Editor
-
News
30 Jun 2021
GAO: HHS Must Collaborate to Ensure Healthcare Cybersecurity
A GAO study shows that while HHS has defined roles and responsibilities within its security arm, further collaboration is needed to ensure healthcare cybersecurity. Continue Reading
By- Jill McKeon, Associate Editor
-
News
29 Jun 2021
NIST Defines “Critical Software” Per Cybersecurity Executive Order
NIST published its definition of “critical software” as directed in President Biden’s executive order aimed at improving the nation’s cybersecurity. Continue Reading
By- Jill McKeon, Associate Editor
-
News
29 Jun 2021
Health Data Security a Staple of Holy Name’s Vaccine Record System
Holy Name Medical Center in New Jersey tapped a global security firm to offer a COVID-19 vaccination record system with health data security in mind. Continue Reading
By- Jill McKeon, Associate Editor
-
News
28 Jun 2021
Survey Reveals How Leaders are Overcoming Cybersecurity Hurdles
A recent survey of cybersecurity leaders across all sectors reveals that most organizations see compliance with data privacy regulations as a top priority. Continue Reading
By- Jill McKeon, Associate Editor
-
News
25 Jun 2021
Most Healthcare Organizations Expect to Be Ransomware Targets
A third of healthcare organizations experienced ransomware attacks in the last year, and the remaining 63 percent expect to be attacked in the future, a survey reveals. Continue Reading
By- Jill McKeon, Associate Editor
-
News
25 Jun 2021
OIG: Medicare Lacks Oversight of Cybersecurity for Medical Devices
A study from HHS’ Office of the Inspector General reveals that Medicare’s hospital survey protocol does not address the cybersecurity of networked medical devices. Continue Reading
By- Jill McKeon, Associate Editor
-
News
18 Jun 2021
FCC Finalizes Best Practices to Combat Hospital Robocalls
The Federal Communications Commission released a public notice on how hospitals can implement the Hospital Robocall Protection Group’s best practices. Continue Reading
By- Jill McKeon, Associate Editor
-
News
17 Jun 2021
Cloud Security Alliance Releases Telehealth Risk Management Paper
A new Cloud Security Alliance paper provides telehealth risk management guidance along with best practices for cybersecurity and HIPAA compliance. Continue Reading
By- Jill McKeon, Associate Editor
-
News
17 Jun 2021
NIST Releases Draft of Ransomware Risk Management Framework
NIST released a draft of its Cybersecurity Framework Profile for Ransomware Risk Management which aims to help organizations prevent and respond to ransomware attacks. Continue Reading
By- Jill McKeon, Associate Editor
-
News
16 Jun 2021
FDA Outlines Medical Device Cybersecurity Goals
The FDA outlined its medical device cybersecurity goals in response to NIST’s call for position papers to fulfill President Biden’s executive order signed in May. Continue Reading
By- Jill McKeon, Associate Editor
-
News
15 Jun 2021
Scripps CEO Reveals Lessons Learned from Ransomware Attack
In an op-ed published in the San Diego Union-Tribune, Scripps Health CEO Van Gorder revealed lessons learned from the healthcare provider's ransomware attack in May. Continue Reading
By- Jill McKeon, Associate Editor
-
News
14 Jun 2021
IT Security Company COO Charged with Medical Center Cyberattack
Vikas Singla, chief operating officer of a network security company, was charged in connection with a 2018 cyberattack on Gwinnett Medical Center in Georgia. Continue Reading
By- Jill McKeon, Associate Editor
-
Answer
14 Jun 2021
Sky Lakes Medical: A First-Hand Look at Fall Ransomware Attack, Recovery
Sky Lakes Medical Center was among the dozen healthcare providers caught up in the wave of ransomware attacks last fall. Its analyst shares a first-hand account of the incident and recovery. Continue Reading
By- Jessica Davis
-
News
10 Jun 2021
Ransomware Attacks: CISA Shares Operational Tech Asset Security Guide
In response to ongoing ransomware attacks targeting operational tech assets and control systems of critical infrastructure entities, CISA published a guide to mitigation and response. Continue Reading
By- Jessica Davis
-
News
10 Jun 2021
HSCC to Biden: Invest in Healthcare Cybersecurity, Partnerships
Through the American Rescue Plan, HSCC urges the Biden Administration to make similar investments in healthcare cybersecurity partnerships to improve its cyber posture. Continue Reading
By- Jessica Davis
-
Answer
09 Jun 2021
What Happens After a Ransomware Attack in the Health IT Environment?
CyberMDX’s Ido Geffen takes a hard look at ransomware attacks within a healthcare environment, including what providers are getting wrong and needed security mitigations. Continue Reading
By- Jessica Davis
-
News
08 Jun 2021
VMware Flaw: Patch Now as Hackers, Malware Exploit Security Gap
A widespread bot campaign has been observed delivering worming malware via a recently disclosed VMware RCE flaw, as CISA warns attackers are seeking to exploit the security gap. Continue Reading
By- Jessica Davis
-
News
07 Jun 2021
Report: New Ransomware Variant Targeting Microsoft Exchange Servers
A Sophos report shows threat actors, with likely ties to REvil ransomware, are deploying a new malware variant by exploiting flaws in Microsoft Exchange Servers. Continue Reading
By- Jessica Davis
-
News
07 Jun 2021
Medical Device Security, Mitigation Needs to Reduce Patient Safety Risk
Connected medical devices are crucial to supporting patient care, but providers cannot overlook crucial cybersecurity mitigations and processes needed to protect patient safety. Continue Reading
By- Oracle Cerner
-
News
04 Jun 2021
DOJ, White House Take Aim at Critical Infrastructure Ransomware Attacks
Following disruptive ransomware attacks on NY MTA, MA Steamship Authority, and JBS Meats, the DOJ and the White House announce steps to crack down on threat actors. Continue Reading
By- Jessica Davis
-
Answer
02 Jun 2021
Could The SASE Model Move the Needle on Healthcare Cybersecurity?
The threat landscape is evolving faster than healthcare cybersecurity. AT&T Cybersecurity’s Rupesh Chokshi believes secure access service edge (SASE) might better support providers. Continue Reading
By- Jessica Davis
-
News
01 Jun 2021
Scripps Reports Data Theft, EHR Back Online, but Global Outages Persist
Providers swept up in the latest ransomware wave are in various stages of recovery. Leading this cyber roundup: Scripps Health has brought its EHR back online four weeks after an attack. Continue Reading
By- Jessica Davis
-
News
01 Jun 2021
FBI: Unpatched Fortinet Flaws Remain Under Attack by APT Actors
A recent FBI flash alert warns advanced persistent threat (APT) actors are continuing to exploit unpatched Fortinet flaws to gain access for malicious activities, including data theft. Continue Reading
By- Jessica Davis
-
News
28 May 2021
Microsoft: Active NOBELIUM Malware Actors' Spear-Phishing Campaign
The NOBELIUM malware actors, the group behind the SolarWinds compromise, have been rapidly evolving their tactics; Microsoft details an active spear-phishing campaign. Continue Reading
By- Jessica Davis
-
News
27 May 2021
NIST IoT Guidance for Network-Based Attacks, Device Communication
Aimed at smaller entities, new NIST guidance provides a standards-based approach to network communication to reduce the risk of network-based attacks. Continue Reading
By- Jessica Davis
-
News
27 May 2021
CISA: VMware Patches Critical Server Flaw, Warns of Ransomware Threat
A new CISA alert urges entities to apply the software update provided by VMware, which will patch a critical flaw in all server deployments. Continue Reading
By- Jessica Davis
-
News
24 May 2021
FBI: Conti Ransomware Actors Exploit Healthcare, First Responder Networks
An FBI flash alert warns the Conti ransomware hacking group is actively targeting and exploiting the healthcare sector and first responder networks, with at least 16 victims in the last year. Continue Reading
By- Jessica Davis
-
Answer
17 May 2021
Critical Infrastructure Attacks: Threat Landscape Forces Security to Evolve
Ongoing and recent outages at critical infrastructure entities highlight the sophistication and evolution of the threat landscape, driving the need for improved security posture in healthcare. Continue Reading
By- Jessica Davis
-
News
14 May 2021
Ransomware Keeps Healthcare in Crosshairs, Triple Extortion Emerges
A Check Point report on ransomware attacks seen in the first half of 2021, shows a 102 percent increase from 2020’s numbers, as hackers begin employing triple extortion to increase profits. Continue Reading
By- Jessica Davis
-
News
13 May 2021
External Threat Actors Outpace Insiders in Healthcare Data Breaches
For the second consecutive year, the Verizon Data Breach Investigations Report (DBIR) found external threat actors were behind more healthcare data breaches than insider errors. Continue Reading
By- Jessica Davis
-
News
13 May 2021
Biden’s Executive Order to Boost Threat Sharing, Supply Chain Security
As the cyberattack on the Colonial Pipeline joins a host of other supply chain security incidents, the President signed an executive order to boost infrastructure security and threat sharing. Continue Reading
By- Jessica Davis
-
News
12 May 2021
DHS CISA, FBI Alert to DarkSide Ransomware, After Pipeline Attack
Just five days ago, DarkSide ransomware threat actors attacked a critical pipeline company, disrupting the supply chain. FBI and DHS urge entities to bolster their security defenses. Continue Reading
By- Jessica Davis
-
News
12 May 2021
Threat Alert: Russian-Backed Threat Actors, Avaddon Ransomware
Recent federal threat alerts detail ongoing Russian-backed and Avaddon ransomware campaigns targeting global entities, including healthcare and COVID-19 vaccine developers. Continue Reading
By- Jessica Davis
-
Answer
07 May 2021
Healthcare’s Email Problem: Insider Threats, Data Retention, Phishing
Email is a crucial communication tool, but as insider threats remain the biggest risk, healthcare must address key problem areas like data retention and phishing defenses to reduce risks. Continue Reading
By- Jessica Davis
-
News
06 May 2021
CISA Alerts to New Ransomware, Trojan Using Public Pen Testing Tools
FiveHands ransomware has been spotted in the wild paired with a remote access trojan. Its actors used publicly available pen testing and exploitation tools to steal data. Continue Reading
By- Jessica Davis
-
Answer
06 May 2021
Report: Healthcare IoT, Devices Most Impacted by TCP/IP Vulnerabilities
Forescout’s ongoing TCP/IP vulnerability research shows that IoT and medical devices in healthcare face the greatest risk of exposure and attack. Continue Reading
By- Jessica Davis
-
News
04 May 2021
CISA: Patch Issued for Critical Pulse Secure VPN Flaw Under Active Attack
Ivanti released a patch for a critical zero-day authentication bypass flaw found in its Pulse Secure VPN, which CISA previously warned was under active attack. Continue Reading
By- Jessica Davis
-
News
03 May 2021
NSA Insights: Malicious Cyber Activity on Connected, IT Operational Tech
New NSA insights shed light on securing connections between IT and OT technologies from malicious, cyber activities to bolster overall cybersecurity posture. Continue Reading
By- Jessica Davis
-
News
03 May 2021
Why Providers Must Prepare for a Ransomware Attack
The COVID-19 pandemic has made the healthcare industry even more vulnerable to ransomware attacks. Continue Reading
By- Avanan
-
News
29 Apr 2021
NIST, CISA Share Software Supply Chain Attack Defense Guidance
In response to the supply chain attack against SolarWinds, NIST and DHS CISA released guidance to support entities with defense means, including risks and recommendations. Continue Reading
By- Jessica Davis
-
News
28 Apr 2021
Health CIO: IT Must Be Core Business Element to Tackle Security Challenges
At Xtelligent Healthcare Media’s Privacy and Security Summit, health CIO Michael Archuleta stressed the need for IT to be a key business element if the sector hopes to overcome cybersecurity challenges. Continue Reading
By- Jessica Davis
-
News
28 Apr 2021
Joint Fed Guidance on Russian APT Cyberattacks, Exploits, Malware
Recent joint federal guidance sheds light on the tactics used by Russian Advanced Persistent Threat (APT) actors, including vulnerability exploits and malware deployment. Continue Reading
By- Jessica Davis
-
News
27 Apr 2021
77% of Ransomware Spurs Data Extortion, Driven by Accellion Hack
Data extortion attempts now occur in 77 percent of all ransomware attacks. According to Coveware, the Clop hack of Accellion FTA contributed to the rise. Continue Reading
By- Jessica Davis
-
News
26 Apr 2021
Healthcare’s Biggest Cybersecurity Blind Spots and Misconceptions
While awareness of the threats facing the healthcare sector has improved, providers have inherent blindspots and misconceptions leaving them exposed to a host of cybersecurity risks. Continue Reading
By- Jessica Davis
-
News
26 Apr 2021
Secure Communication Used in 50% Malware Attacks to Evade Detection
Sophos data shows an increasing number of malware and ransomware threat actors are using TLS to hide communication and cyberattack activities. Continue Reading
By- Jessica Davis
-
News
22 Apr 2021
CISA Ties SUPERNOVA Malware to Pulse Secure, SolarWinds Exploits
First disclosed in January, SUPERNOVA malware began targeting vulnerable SolarWind Orion tech. A new CISA report, however, shows hackers are pivoting to the tech through Pulse Secure VPNs. Continue Reading
By- Jessica Davis
-
News
22 Apr 2021
RDP, Botnet Malware Top Access Point of Updated Ryuk Ransomware
The latest update of the notorious Ryuk ransomware seen throughout 2021, primarily leverages service-based RDP and botnet-based malware delivery to gain access to victims’ networks. Continue Reading
By- Jessica Davis
-
News
21 Apr 2021
Threat Actors Exploiting 3 SonicWall Email Security Vulnerabilities
FireEye’s Mandiant research team discovered a threat actor exploit three zero-day vulnerabilities found in SonicWall Email Security to perform a range of nefarious activities. Continue Reading
By- Jessica Davis
-
News
21 Apr 2021
DHS CISA: Critical Pulse Secure VPN Vulnerabilities Under Active Attack
Ivanti issued mitigation measures for a zero-day authentication bypass vulnerability in its Pulse Secure SSL VPN appliance, which DHS CISA warns is under active attack. Continue Reading
By- Jessica Davis
-
News
20 Apr 2021
Feds Find More Malware Tied to SolarWinds Supply Chain Compromise
A recent DHS and US Cyber Command alert provides insights into two recently identified malware variants tied to the widespread SolarWinds Orion supply chain compromise. Continue Reading
By- Jessica Davis
-
News
19 Apr 2021
Fed Joint Advisory: Patch These 5 Vulnerabilities Under Active Attack
Nation-state threat actors with ties to Russia are actively exploiting five publicly known vulnerabilities to compromise a range of entities within the US and its allies. Continue Reading
By- Jessica Davis
-
News
16 Apr 2021
H-ISAC Supply-Chain Insights Aim to Prevent Next SolarWinds Cyberattack
Designed in cooperation with AHA, the H-ISAC unveiled new supply-chain cyberattack insights meant to support healthcare providers in preventing another SolarWinds incident. Continue Reading
By- Jessica Davis
-
News
15 Apr 2021
COVID-19 Vaccine Cold Chain Entities Remain Key Spear-Phishing Target
IBM X-Force released an update of its December COVID-19 Vaccine Cold Chain attacks, finding additional spear-phishing attacks targeting global entities. Continue Reading
By- Jessica Davis
-
News
14 Apr 2021
DOJ: FBI Removed Web Shells From Exploited Microsoft Exchange Servers
A recent court-authorized FBI operation removed web shells from a range of exploited Microsoft Exchange Servers, to support unaware victims, according to a Tuesday DOJ press release. Continue Reading
By- Jessica Davis
-
News
14 Apr 2021
NSA Finds, Urges Patch of 4 New Critical Microsoft Exchange Flaws
Microsoft issued patches for four new on-prem Exchange Server vulnerabilities, found by NSA. Combined with the previous zero-day flaws, prioritization will be crucial. Continue Reading
By- Jessica Davis
-
Answer
13 Apr 2021
DNS Flaws in Millions of IoT Devices Pose Remote Attack, Exfiltration Risk
New Forescout research details Name:Wreck vulnerabilities found in millions of IoT devices, which could lead to hacking or remote code execution attacks. Continue Reading
By- Jessica Davis
-
Answer
12 Apr 2021
Healthcare's Data Extortion Problem, and How to Prepare for Ransomware
Data extortion attempts are now occurring in at least 70 percent of all ransomware attacks. How can healthcare providers best combat these pervasive tactics? Continue Reading
By- Jessica Davis
-
News
09 Apr 2021
GAO Audit Finds HHS Information Security Program “Not Effective”
The latest GAO audit of HHS’ information security program against FISMA standards found multiple flaws, including failure to implement continuous monitoring in select operating divisions. Continue Reading
By- Jessica Davis
-
News
09 Apr 2021
DHS CISA Shares SolarWinds Post-Threat Compromise Activity Tool
Designed to detect post-threat compromise activity from the SolarWinds incident, CISA’s Aviary dashboard visualizes and analyzes outputs from its Sparrow detection tool. Continue Reading
By- Jessica Davis
-
News
07 Apr 2021
CISA: SAP Vulnerabilities Under Active Attack, Poses Data Theft Risk
A report from Onapsis and CISA details an active campaign targeting unsecured SAP applications to gain control over affected devices, posing a risk of data theft or business disruptions. Continue Reading
By- Jessica Davis
-
News
05 Apr 2021
FBI, CISA: APT Actors Exploiting Unpatched Fortinet Vulnerabilities
Though Fortinet issued a software update for the vulnerabilities in 2019, FBI and CISA warn that APT threat actors are actively exploiting unpatched flaws to gain network access. Continue Reading
By- Jessica Davis
-
News
05 Apr 2021
Addressing the Security Vulnerabilities of Internal Communication Platforms
Communication platforms have enabled organizations to work throughout the potential but have also opened to door to unauthorized access Continue Reading
By- Avanan
-
News
01 Apr 2021
DHS CISA Shares More Microsoft Exchange Vulnerability Guidance
While directed at federal agencies, DHS CISA is urging private sector infrastructure entities to review triage guidance designed to further mitigate Microsoft Exchange vulnerabilities. Continue Reading
By- Jessica Davis
-
News
31 Mar 2021
Feds Seize Fraudulent COVID-19 Vaccine, Pharmacy, Pfizer Websites
A federal government effort has taken down multiple fraudulent websites tied to the COVID-19 response and vaccine rollout, in addition charges for 474 individuals. Continue Reading
By- Jessica Davis
-
News
31 Mar 2021
Attackers Target Medical Research Staff with Credential Phishing Attacks
A new Proofpoint report shows a nation-state hacking group with ties to Iran is targeting senior medical research personnel in the US and Israel with credential phishing attacks. Continue Reading
By- Jessica Davis
-
News
29 Mar 2021
The Risk and Challenge of Bad Bot Traffic on Healthcare Sites, Apps
Imperva saw a 372 percent spike in bad bot traffic against healthcare websites and applications in recent months. What’s worse, mitigating the risk will be a massive challenge. Continue Reading
By- Jessica Davis
-
News
26 Mar 2021
FBI: Mamba Ransomware Actors Weaponizing Freeware Encryption Tool
Hackers are leveraging Mamba ransomware to weaponize the legitimate, open source disk encryption software known as DiskCryptor, which blocks victims’ access to the network. Continue Reading
By- Jessica Davis
-
News
24 Mar 2021
Brute-Force Campaign on Windows SMBs Spreads Worming Malware
Hackers are performing brute-force attacks on vulnerable, internet-facing Windows SMBs to deliver Purple Fox malware. The variant has been updated with worming capabilities. Continue Reading
By- Jessica Davis
-
News
24 Mar 2021
Pharmacy, Hospital Phishing Attacks Spike 189% Amid Vaccine Rollout
A new report sheds light on the tactics leveraged by hackers amid the COVID-19 pandemic and the latest phishing schemes against hospitals and pharma spurred by the vaccine rollout. Continue Reading
By- Jessica Davis
-
News
23 Mar 2021
Exchange Flaw Latest: 30K Servers Vulnerable, Daily Attacks Spike
F-Secure researchers have observed upwards of thousands of daily attacks against the zero-day flaws in Exchange servers, while Microsoft estimates that at least 8 percent remain unpatched. Continue Reading
By- Jessica Davis
-
News
22 Mar 2021
FBI Alerts to Rise in BEC Cyberattacks on US Orgs, Impacting Resources
A recent private sector alert from the FBI warns that hackers have been increasingly using business email compromise (BEC) attacks that can hinder operations and strain resources. Continue Reading
By- Jessica Davis
-
News
19 Mar 2021
DHS CISA Shares Incident Response Tool for On-Prem Threat Activity
The new CISA Hunt and Incident Response Program (CHIRP) tool from DHS is meant to support entities with detection of threat activity and compromise of on-prem environments. Continue Reading
By- Jessica Davis
-
News
18 Mar 2021
FBI: $4.2B Lost to Cybercrime in 2020, Led By Phishing, BEC, Extortion
BEC, phishing, and extortion were among the leading threats behind complaints filed with the FBI in 2020, as cybercrime cost all victims $4.2 billion, overall. Continue Reading
By- Jessica Davis
-
News
17 Mar 2021
Feds Warn of TrickBot Spear-Phishing Attacks Delivering Malware Payload
DHS CISA and the FBI urge entities to be on alert for a sophisticated TrickBot spear-phishing campaign. Meanwhile, Check Point found TrickBot is the most distributed malware. Continue Reading
By- Jessica Davis
-
News
17 Mar 2021
Hackers Successfully Exploiting Older, Unpatched Microsoft Vulnerabilities
Despite the issue of software updates three years ago, hackers are continuing to exploit and gain access to networks through vulnerable, unpatched Microsoft vulnerabilities. Continue Reading
By- Jessica Davis
-
News
16 Mar 2021
Microsoft Shares One-Click Mitigation Tool for Exchange Server Flaws
Designed to support entities operating without an IT or security leader, Microsoft’s one-click, automated mitigation tool will automatically close the zero-day Exchange Server vulnerabilities. Continue Reading
By- Jessica Davis
-
News
16 Mar 2021
Healthcare Hacking Incidents Rose 42% in 2020, 31M Patients Impacted
The Protenus Breach Barometer shows the healthcare sector fought two silent enemies in 2020: COVID-19 and cyber threats; nearly 31 million patients were affected by hacking alone. Continue Reading
By- Jessica Davis
-
News
15 Mar 2021
APT Hackers Targeting Unpatched, On-Prem Microsoft Exchange Servers
Microsoft data found at least 82,000 Exchange servers remain unpatched. But 10 APT hacking groups are targeting the on-prem servers to take control without credentials, according to ESET. Continue Reading
By- Jessica Davis
-
News
10 Mar 2021
DHS CISA Shares Remediation, Risk Guidance for SolarWinds Compromise
Since the initial SolarWinds compromise, hundreds of entities have fallen victim to the supply-chain cyberattacks. New CISA guidance takes aim at remediation and risk decisions. Continue Reading
By- Jessica Davis
-
News
08 Mar 2021
Microsoft Shares IOC Scan Tool, as Attacks on Exchange Servers Expand
ASPR urges healthcare entities to patch critical flaws in some Exchange servers as attacks and exploits increase. Microsoft issues an IOC scanning tool to support mitigation efforts. Continue Reading
By- Jessica Davis
-
News
05 Mar 2021
FBI Probing 2 Hospital Ransomware Attacks; Hackers Remove Health Data
Previously leaked data from New Mexico’s Rehoboth McKinley Christian Health Care has been removed from the dark web, while the FBI is investigating the incident and another in North Carolina. Continue Reading
By- Jessica Davis
-
News
05 Mar 2021
Vaccine Rollout Spurs 372% Rise Bad Bots; Spear-Phishing Up 26%
Hackers are continuing to take advantage of COVID-19 fears, as the vaccine rollout has spurred a massive upswing in bad bot traffic, spear-phishing, and malicious domain registrations. Continue Reading
By- Jessica Davis
-
News
03 Mar 2021
MITRE Unveils Ransomware Resource for Hospitals, Healthcare Providers
A new ransomware resource center from MITRE is designed to help hospitals and other healthcare providers develop and maintain resilient security processes and policies. Continue Reading
By- Jessica Davis
-
News
03 Mar 2021
CISA Urges Patch, as Hackers Exploit Zero-Day Flaws in Microsoft Exchange
Microsoft issued out-of-band security updates for four zero-day vulnerabilities found in its Exchange servers, currently under active exploit. DHS CISA is urging entities to patch. Continue Reading
By- Jessica Davis
-
News
02 Mar 2021
50% Phishing Emails Seek Credential Theft, as Malware Delivery Declines
Cofense’s annual phishing report shows more than half of phishing emails are designed to steal user credentials, while just 12 percent contained a malware payload. Continue Reading
By- Jessica Davis