Exploit Released for ‘PrintNightmare’ Zero-Day Windows Print Spooler RCE Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert following the publication of a proof of concept (PoC)…
Healthcare cybersecurity is a growing concern for anyone requiring HIPAA compliance. The last few years have seen hacking and IT security incidents steadily rise and many healthcare organizations have struggled to defend their network perimeter and keep cybercriminals at bay.
The articles in this healthcare cybersecurity section are intended to help HIPAA covered entities decide on the best technologies to protect their networks from attack and develop effective policies, procedures and security awareness training programs to prevent costly data breaches.
BakerHostetler has released the 10th edition of its Data Security Incident Response Report, which shares data from the incidents the...
Ransomware groups target the healthcare sector because a successful attack gives them access to large amounts of sensitive data that...
Thursday, May 2, 2024, is World Password Day. Established in 2013, the event is observed on the first Thursday of...
The exploitation of vulnerabilities in software and operating systems is becoming far more common for initial access to networks, with...
March was a particularly bad month for healthcare data breaches with 93 branches of 500 or more records reported to...
According to the Q1, 2024 ransomware report from the ransomware remediation firm Coveware, ransom payments have fallen to a record...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert following the publication of a proof of concept (PoC)…
President Biden’s Cybersecurity Executive Order requires all federal agencies to reevaluate their approach to cybersecurity, develop new methods of evaluating…
The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Europol’s European Cybercrime Centre (EC3), and the Netherlands’...
Exploitation of a recently disclosed zero-day vulnerability affecting Palo Alto Networks firewalls has grown since proof-of-concept exploits were released, and...
An analysis of ransomware activity by GuidePoint Security’s Research and Intelligence Team (GRIT) shows a 55% year-over-year increase in active...
Ransomware attacks have been reported by Canopy Children’s Solutions, the Sleep Management Institute, the Epilepsy Foundation of Metro New York,...
IT professionals and security executives believe cyberattacks have increased since 2023 according to a recent survey by Keeper Security. The...
Investing in cybersecurity can help organizations prevent data breaches and avoid regulatory fines, but there are other benefits. A recently...
This week, Senator Mark R. Warner (D-VA) introduced new legislation that will allow for advance and accelerated payments to healthcare...
Senator Bill Cassidy, M.D. (R-LA), ranking member of the Senate Health, Education, Labor, and Pensions (HELP) Committee, has demanded answers...
The HealthSec: Cyber Security for Healthcare Summit returns for its 2nd edition in Boston, Massachusetts on June 12th – 13th!...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and other U.S. and international partners have issued...
Healthcare organizations have been warned about the threat of email bombing attacks, which are a type of denial-of-service (DoS) attack...
A typical U.S. hospital has between 10 and 15 medical devices per bed, which means a 1,000-bed hospital could have...
In 2023, the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) received record numbers of complaints about cybercrime with...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have issued five cybersecurity information sheets...
The National Security Agency (NSA) has issued guidance on implementing zero trust security to limit lateral movement within the network...
Microsoft OneDrive is the most popular cloud app in healthcare, and it is also one of the most popular for...
The Department of Health and Human Services (HHS) has issued a statement about the February 2024 Blackcat ransomware attack on...
The ALPHV/Blackcat ransomware group appears to have shut down its ransomware-as-a-service (RaaS) operation, indicating there may be an imminent rebrand....
A recent analysis of data breaches by Security Scorecard for its Global Third-Party Cybersecurity Breaches Report found healthcare was the...
The Five Eyes Cybersecurity Agencies have issued a warning that previously disclosed vulnerabilities in Ivanti Connect Secure and Ivanti Policy...
Two high-severity vulnerabilities have been identified in the free-to-use MicroDicom DICOM Viewer, which is used to view and manipulate DICOM...
A joint cybersecurity alert has been issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency...
Adoption of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) improves resilience to cyberattacks and the reduced...
Healthcare cyberattacks are increasing each year in number and severity. In 2023, almost 740 healthcare data breaches were reported to...
The National Institute of Standards and Technology (NIST) has finalized version 2.0 of the NIST Cybersecurity Framework. This is the...
Last week, 32 servers, the affiliate portal, and the data leak site used by the LockBit ransomware group were seized...
Paying a ransom may allow encrypted files to be recovered and threat actors usually remove stolen data from data leak...
Recently disclosed vulnerabilities in the remote desktop application ConnectWise ScreenConnect are being exploited to deliver a variety of different malicious...
In January, 61 data breaches of 500 or more records were reported to the U.S. Department of Health and Human...
The prolific LockBit ransomware-as-a-service (RaaS) group has been severely disrupted by a global law enforcement operation that has seen much...
Healthcare organizations that have been unable to recover files that were encrypted in Rhysida ransomware attacks may now be able...
A bipartisan Senate bill has been introduced that aims to improve healthcare cybersecurity and ensure that the Department of Health...
An amended Federal Trade Commission (FTC) complaint against the data broker Kochava has survived a motion to dismiss. Idaho District...
The Government Accountability Office (GAO) has found that most federal agencies that manage risk for critical infrastructure sectors have assessed...
The Healthcare and Public Health (HPH) Sector has been warned about cyberattacks involving Akira ransomware, of which there have been...
A new report from Chainalysis has revealed victims of ransomware attacks paid hackers $1.1 billion in 2023 to obtain the...
In the past year, more than 150 healthcare organizations have benefitted from alerts from the Cybersecurity and Infrastructure Security Agency...
Ransomware activity almost doubled in 2023 according to the annual GuidePoint Research and Intelligence Team (GRIT) Ransomware Report. The GRIT...
There was a huge increase in data compromises in 2023 but a fall in the number of individuals affected by...
The Federal Trade Commission (FTC) has ordered South Carolina-based Blackbaud to implement a raft of security measures and enforce its...
Report: Security Breaches in Healthcare (Direct Download PDF, 1.9MB, 16 pages) An unwanted record was set in 2023...
The latest data from the ransomware remediation firm, Coveware, shows the number of victims of ransomware attacks choosing to pay...
The Department of Health and Human Services (HHS) has unveiled the Cybersecurity Performance Goals (CPGs) that were outlined in its...
Fortra has disclosed and patched a critical vulnerability in its GoAnywhere Managed File Transfer (MFT) solution. The vulnerability – CVE-2024-0204 –...
The ScreenConnect remote access tool has been abused by a threat actor to gain access to the networks of organizations...
U.S. hospitals are being targeted by cybercriminals in a sophisticated payment fraud scam, according to the American Hospital Association (AHA)....
Two zero-day vulnerabilities have been identified in customer-managed Citrix NetScaler Application Delivery Controller and NetScaler Gateway devices that are being...
There was no letup in healthcare data breaches as the year drew to a close, with December seeing the second-highest...
Urgent action is required to fix two zero day flaws in Ivanti Connect Secure VPN and Policy Secure NAS appliances....
There are multiple new HIPAA regulations currently under consideration, and while some may be introduced as individual regulations, many could...
Last year was a particularly bad year for ransomware attacks. According to an analysis by the cybersecurity firm Emsisoft, 46...
After two months of declining healthcare data breaches, there was a 45% increase in reported breaches of 500 or more...
In response to the law enforcement operation that resulted in the seizure of its websites, the ALPHV/BlackCat ransomware group has...
A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA),...
The ALPHV/BlackCat ransomware group has been disrupted by the Federal Bureau of Investigation, in partnership with Europol and law enforcement...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published healthcare sector-specific guidance on enhancing cyber resilience. The guidance is...
The HIPAA rules on contingency planning are that covered entities must prepare a contingency plan for each type of foreseeable...
HIPAA awareness should be promoted whenever possible by integrating HIPAA-related tasks into daily routines and sharing responsibilities for events such...
The American Hospital Association (AHA) is urging the U.S. Department of Health and Human Services (HHS) to reconsider its plan...
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has released a threat report warning about...
HIPAA complaints made to a covered entity should be directed to the organization’s Privacy Officer regardless of whether the complaint...
On Wednesday, the U.S. Department of Health and Human Services published a concept paper that outlines the HHS’s cybersecurity strategy...
Three critical vulnerabilities in the ownCloud platform have been identified, one of which is being actively exploited. Urgent action is...
Concern is growing as ransomware groups ramp up exploitation of a critical vulnerability in NetScaler ADS (formerly Citrix ADC) and...
To best explain how to secure patient information and PHI, it is necessary to distinguish between what is patient information...
A HIPAA violation refers to the failure to comply with HIPAA rules, which can include unauthorized access, use, or disclosure...
The relationship between HITECH, HIPAA, and electronic health and medical records is primarily that certain provisions of the HITECH Act...
The HIPAA password requirements are a combination of Administrative and Technical Safeguards designed to manage and monitor access to PHI....
Becton, Dickinson and Company (BD) has recently disclosed seven vulnerabilities in its FACSChorus software. The vulnerabilities are low- to medium-severity...
An international law enforcement operation has led to the arrest of multiple core members of an organized group of ransomware...
You can make WordPress HIPAA compliant by installing plug-ins into a WordPress site that collect and secure Protected Health Information...
Data breaches have recently been reported by Warren General Hospital in Pennsylvania, Southwest Behavioral Health Center in Utah, CareTree in...
The Health Sector Cybersecurity Coordination Center (HC3) has warned healthcare organizations that use Fortinet’s FortiSIEM platform to patch a critical...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a new mitigation guide for Healthcare and Public Health (HPH)...
For the second consecutive month, the number of reported data breaches of 500 or more healthcare records has fallen, with...
The U.S. Food and Drug Administration (FDA) has published a report it commissioned that makes recommendations on how to manage...
A joint cybersecurity advisory has been issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an updated cybersecurity advisory...
New York has proposed tighter cybersecurity regulations for hospitals throughout New York State in response to a series of crippling...
A zero-day vulnerability in the SysAid IT service management solution is being exploited by the Lace Tempest (aka FIN11, DEV-0950,...
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, Office of the Director of National Intelligence, and partners have...
The United States remains the country most targeted by cybercriminals and nation-state actors, with 8.1 million breached accounts in Q3,...
A new report from Sophos on healthcare cybersecurity trends indicates data encryption occurred in 75% of ransomware attacks on healthcare...
The Cyber Division of the Federal Bureau of Investigation (FBI) has issued a private industry notification that includes details of...
The Health Sector Cybersecurity Coordination Center (HC3) has published an analyst note about BlackSuit ransomware, a new ransomware group believed...
Advanced cyberattacks on cloud environments often make headline news, but these attacks occur in small numbers. The majority of cyberattacks...
Google Drive is HIPAA compliant if it is used as part of a paid-for Google Workspace plan with the capabilities...
Ransomware groups stepped up their attacks in September according to data recently published by NCC Group. At least 514 ransomware...
The 8Base hacking group has been active since March 2022 and while the group does not appear to actively target...
Forty counties have committed to sign a pledge never to pay money to digital extortionists such as ransomware gangs. In...
The HHS’ Office for Civil Rights has released a video in recognition of National Cybersecurity Awareness Month that explains how...
The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new logging tool for simplifying log management. The ‘Logging Made...
Concern is growing about the use of generative artificial intelligence (AI) models for malicious purposes. Security researchers have demonstrated that...
The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) have collaborated and produced a cybersecurity...
Malware phishing attacks, where phishing emails are used to trick end users into downloading and executing malicious code, have been...
Phishing is one of the most common methods used by malicious actors to gain initial access to internal networks. Phishing...
September was a much better month for healthcare data privacy, with the lowest number of reported healthcare data breaches since...
The Chattanooga Heart Institute in Texas has confirmed the protected health information of 411,383 individuals was compromised in a cyberattack...
U.S. plastic surgery offices are being targeted by cybercriminal groups that gain access to their networks, steal data, and attempt...
The Health Sector Cybersecurity Coordination Center (HC3) has published a threat brief that highlights the importance of developing an effective...
In May 2023, a new ransomware-as-a-service (RaaS) group started conducting attacks and in the past 5 months has attacked several...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) maintains a Known Exploited Vulnerabilities (KEV) Catalog, which includes a list of...
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an update on AvosLocker...
Microsoft has issued a security alert warning that a Chinese Advanced Persistent Threat (APT) Group has been exploiting a zero-day...
More than 700 healthcare data breaches of 500 or more records were reported to the HHS’ Office for Civil Rights...
A zero-day vulnerability in the HTTP/2 protocol has been exploited to conduct distributed denial of service (DDoS) attacks at an...
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have shared the top ten cybersecurity misconfigurations...
The San Francisco, CA-based direct-to-consumer genetic testing company, 23andMe, confirmed on Friday that the sensitive of some of its users...
Healthcare professionals often require remote access to their networks and electronic health records, such as for providing remote patient care....
Last week, Progress Software issued a security advisory about 8 vulnerabilities that had been discovered in WS_FTP Server, and customers...
The Health Sector Cybersecurity Coordination Center (hC3) has published an Analyst Note about LokiBot – one of the most prevalent...
The tactics, techniques, and procedures (TTPs) used by ransomware gangs often evolve, and with increasing numbers of victims refusing to...
The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new cybersecurity awareness program – Secure Our World – through...
78% of healthcare organizations experienced an Application Programming Interface (API) security incident in the past 12 months, up 9% from...
The U.S. Food and Drug Administration (FDA) has published new guidance on its requirement for medical device manufacturers to include...
Progress Software, the company behind the MOVEit Transfer file transfer solution that was recently subject to mass hacking and data...
The average annual cost of insider security threats has increased by 40% in 4 years to $16.2 million per organization,...
The healthcare industry has seen a sharp increase in advanced email attacks this year, according to new data from Abnormal...
The U.S. Department of Homeland Security (DHS) has issued a report to Congress that includes recommendations on how the reporting...
A new report from Trend Micro shows ransomware attacks have increased by 47% since 2H 2022. While the most prolific...
The cloud is taking over from on-premises infrastructures, but healthcare still lags other sectors for cloud adoption. Cloud adoption has...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint security...
There was a 21.4% month-over-month increase in healthcare data breaches in August. 68 data breaches of 500 or more records...
Healthcare organizations in the United States have been warned that a vulnerability in Zoho’s ManageEngine products is being actively exploited...
The indictments of multiple members of the TrickBot/Conti Ransomware groups have recently been unsealed and 11 members of these cybercriminal...
The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a health and public health (HPH) sector alert about a...
A recent survey of healthcare professionals indicates 78% of healthcare organizations have experienced at least one cybersecurity incident in the...
The HIPAA encryption requirements have increased in relevance since an amendment to the HITECH Act in 2021 gave HHS’ Office...
CyCognito has published its latest State of External Exposure Management Report, which highlights the extent to which vulnerabilities affect organizations...
The Joint Commission has issued a Sentinel Event Alert offering guidance on preserving patient safety following a cyberattack. Healthcare cyberattacks...
Ransomware groups have accelerated their attacks and are now spending less time inside victims’ networks before triggering file encryption, according...
The healthcare industry is actively targeted by financially motivated cybercriminal gangs; however, state-sponsored hacking groups also seek access to healthcare...
The U.S. Department of Health and Human Services’ Advanced Research Projects Agency for Health (ARPA-H) has announced the launch of...
Researchers at ESET have identified a largescale and ongoing phishing campaign targeting Zimbra Collaboration email servers at small- and medium-sized...
There was a 15.2% fall in reported data breaches in July with 56 breaches of 500 or more records reported...
There is justifiable fear that malicious actors will leverage generative AI to facilitate their malicious activities; however, the adoption of...
Hackers have been conducting a mass exploitation campaign targeting Citrix NetScalers to exploit a critical vulnerability tracked as CVE-2023-3519. The...
The Health Sector Cybersecurity Coordination Center has published guidance on multifactor authentication (MFA) that explains why MFA is important for...
A joint research project by Health-ISAC, Finite State, and Securin has revealed exploitable vulnerabilities in medical devices have increased by...
The Cyber Safety Review Board (CSRB) has published an analysis of cyberattacks by the Lapsus$ threat group and has made...
The National Institute of Standards and Technology (NIST) has published a draft version of an updated version of its popular...
Ransomware gangs use a variety of methods for initial access to victims’ networks and while phishing is still one of...
The risk of a data breach at hospitals doubles in the year before and after mergers and acquisitions (M&As), according...
The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a security alert about a new ransomware group – Rhysida...
Healthcare and financial services were the two most attacked industries, according to Blackberry’s latest Global Threat Intelligence Report. The data...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and their Five...
Ivanti has disclosed another maximum-severity vulnerability in its Endpoint Manager Mobile (EPMM) solution (formerly MobileIron Core). The vulnerability is tracked...
The Biden Administration has unveiled its National Cyber Workforce and Education Strategy (NCWES) which seeks to address the current cyber...
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the Australian Signals Directorate’s Australian Cyber Security Centre...
The Health 3rd Party Trust Initiative (Health3PT) has published the findings of a recent survey of HIPAA-covered entities and their...
Ivanti has released patches to fix a maximum-severity zero-day vulnerability in its Endpoint Mobile Manager (EPMM) mobile device management solution...
A recent analysis of ransomware activity by NCC Group’s Global Threat Intelligence team shows a major spike in cyberattacks by...
The Health Sector Cybersecurity Coordination Center (HC3) has highlighted the importance of implementing a robust Identity and Access Management (IAM)...
The 2023 IBM Security Cost of a Data Breach Report shows the average data breach cost has increased to $4.45...
The Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal shows a 12% month-over-month reduction in...
Citrix has released patches to fix three vulnerabilities that affect the Netscaler Application Delivery Controller (ADC) and NetScaler Gateway appliances...
Generative AI tools such as ChatGPT and Google Bard have restrictions in place to prevent abuse by malicious actors; however,...
Becton, Dickinson, and Co. and the Cybersecurity and Infrastructure Security Agency (CISA) have issued advisories about 8 recently identified vulnerabilities...
Generative Artificial Intelligence (AI) tools such as ChatGPT can be used as virtual assistants, for customer support, quickly retrieving and...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a new resource that healthcare organizations can use to guide...
The White House has published a roadmap for implementing President Biden’s March 2023 National Cybersecurity Strategy to ensure transparency and...
There has been a sizeable fall in revenues from cryptocurrency-related crimes in the first half of 2023, with scammers seeing...
A recent inspection of the Northern Arizona VA Healthcare System by the Department of Veterans Affairs Office of Inspector General...
Security flaws have been identified in the QuickBlox software development kit (SDK) and application programming interface (API) that supports the...
The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) has published a Coordinated Healthcare Incident Response...
The European Union Agency for Cybersecurity (ENISA) has published the results of its first-ever analysis of the cyber threat landscape...
Progress Software has released a service pack to address three recently disclosed vulnerabilities in its MOVEit Transfer software, one of...
According to the Verizon Data Breach Investigations Report, 80% of successful data breaches are due to the use of compromised...
A joint cybersecurity advisory has been issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation...
A critical vulnerability has been identified in the Medtronic Paceart Optima System, which is used to compile and manage patients’...
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has agreed to settle potential HIPAA violations...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published guidance that details security and resilience best practices to adopt...
In a recently published analyst note, the Health Sector Cybersecurity Coordination Center (HC3) draws attention to the practice of SEO...
Ransomware attacks on hospitals cause major disruption to healthcare operations over several weeks. During the acute and recovery phases, access...
Proof-of-concept exploit code has been released for a high-severity vulnerability in AnyConnect Secure Mobility Client Software for Windows and Cisco...
The Securities and Exchange Commission (SEC) was due to issue a final rule that would implement new regulatory requirements for...
May 2023 was a particularly bad month for healthcare data breaches. 75 data breaches of 500 or more healthcare records...
An alarm has been sounded about a relatively unknown threat group called TimisoaraHackerTeam following a recent attack on a U.S....
Progress Software has issued a warning about another vulnerability in its MOVEit Transfer file transfer software, an exploit for which...
The Senate Homeland Security and Governmental Affairs Committee has advanced a bill that seeks to address the current shortage of...
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and...
Ransomware attacks can cause healthcare facilities to temporarily close and small healthcare practices have made the decision not to reopen...
The Health Sector Cybersecurity and Coordination Center (HC3) has compiled a profile of the FIN11 threat group (TA505/Lace Tempest/Hive0065) which...
The HHS’ Health Sector Cybersecurity Coordination Center has issued a threat brief to highlight the types of cyber threat actors...
A zero-day vulnerability in the MOVEit file transfer service (CVE-2023-34362) started to be exploited by a cyber threat actor at...
Remote access software is used by organizations and their vendors to improve efficiency and productivity and cut costs; however, the...
The eagerly anticipated Verizon 2023 Data Breach Investigations Report (DBIR) has been published – An annual report that provides insights...
A zero-day vulnerability in the MOVEit Transfer managed file transfer (MFT) solution is being actively exploited by hackers to perform...
An updated version of the StopRansomware Guide has been published that includes further recommendations on actions that can be taken...
A recent study has confirmed that healthcare cyberattacks not only cause disruption at the organization that experiences an attack but...
CommonSpirit Health has provided an updated estimate on the cost of its October 2022 ransomware attack, which is expected to...
There was a 17.5% month-over-month fall in the number of reported healthcare data HIPAA compliance breaches with 52 breaches of...
New bipartisan legislation has recently been introduced to help address the current shortage of cybersecurity skills at rural hospitals. The...
A joint cybersecurity alert has been issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA),...
Healthcare providers and laboratory personnel have been warned about a maximum severity vulnerability in Illumina Universal Copy Service software used...
The Health Sector Cybersecurity and Coordination Center (HC3) has issued a fresh ransomware warning to the healthcare and public health...
Healthcare hacking incidents are increasing, there are new regulatory requirements and compliance initiatives due to Dobbs and Pixel use, and...
Ransomware actors continue to target the U.S. healthcare sector, cybercriminals are increasingly using malware to steal data and provide persistent...
The National Institute of Standards and Technology (NIST) is in the process of updating the NIST Cybersecurity Framework (CSF) 1.1...
Through the Internet of Medical Things (IoMT), an array of medical devices have been connected to the Internet, allowing them...
Ransomware attacks increased by 91% in March 2023, according to a new analysis by NCC Group. There were 459 confirmed...
A recent Salesforce survey revealed some of the security gaps that exist in healthcare organizations, even those that have a...
Our monthly data breach reports are based on data breaches of 500 or more records that have been reported to...
The Google-owned cybersecurity firm Mandiant has released its M-Trends 2023 report. The report provides insights into the rapidly evolving cyber...
The healthcare industry continues to experience high numbers of cyberattacks and data breaches and healthcare organizations have responded by strengthening...
The Cybersecurity and Infrastructure Security Agency (CISA) has released an updated version of its Zero Trust Maturity Model, the purpose...
Microsoft has announced that its Digital Crimes Unit, the Health Information Sharing and Analysis Center (Health-ISAC), and the cybersecurity firm Fortra...
Ransomware and phishing attacks on organizations have increased over the past 12 months as have the costs associated with the...
Almost all organizations experienced at least one cyberattack in the past 12 months, according to new research published by Sophos...
Hackers are increasingly using cloud apps for malware delivery, according to the latest Netskope Threat Labs Report. Historically, malicious actors...
The pro-Russian hacktivist group KillNet has continued with its attacks on healthcare organizations in the United States in retaliation for...
The dark web is extensively utilized by cybercriminals and is therefore a rich source of information… information that can be...
Last year, Microsoft started blocking macros by default in Office files delivered via the Internet to make it harder for...
Ransomware and phishing continue to be the biggest cybersecurity concerns for healthcare organizations according to the February 2023 Current and...
Ensuring medical devices are cybersecure is one of the biggest security challenges in healthcare. Medical devices often have unpatched vulnerabilities,...
The Health Sector Cybersecurity Coordination Center (HC3) has published a mobile device security checklist to help healthcare organizations address a...
Ransomware activity increased in February according to the latest GRIT Ransomware Report from GuidePoint Security. The report is based on...
Ransomware gangs are increasingly skipping file encryption and are concentrating on data theft and extortion, according to a recent report...
The Federal Bureau of Investigation (FBI) has published its 2022 Internet Crime Report, which shows at least $10.3 billion was...
The number of healthcare data breaches reported over the past three months has remained fairly flat, with only a small...
A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency...
On Thursday last week, the U.S. Senate Committee on Homeland Security and Governmental Affairs held a hearing to examine cybersecurity...
The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence information about the Black Basta ransomware group to help...
This month, the Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) published guidance to help healthcare...
The U.S. Cybersecurity and Infrastructure Agency (CISA) has launched a new pilot program in response to the increase in ransomware...
The Health Sector Cybersecurity Coordination Center has issued a security advisory warning about data exfiltration in healthcare cyberattacks, highlighting the...
A joint cybersecurity advisory has been published by CISA and the FBI, sharing details of the tactics, techniques, and procedures...
In what is believed to be a first, the BlackCat ransomware gang has published naked images of patients that were...
A new guide has been published by the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group and the U.S. Department...
Cybercriminal groups have been experiencing declining revenues. Just like the businesses they attack, when profits start to fall, changes need...
Two individuals suspected of being core members of the DoppelPaymer ransomware gang have been arrested by police officers in Germany...
Losses to phishing attacks increased by 76% last year, with almost one-third of companies losing money to successful phishing attacks...
The Biden Administration has announced a long-awaited new national cybersecurity strategy for tackling the growing threat of cyberattacks on critical...
A recent survey conducted by the Pew Research Center found a majority of Americans are uncomfortable with their healthcare providers...
Defenses need to be put in place to detect and block attempts by cybercriminals to access healthcare networks, but not...
The healthcare and public health (HPH) sector has been warned about cyberattacks involving MedusaLocker ransomware – one of the lesser-known...
In Early February, a zero-day vulnerability in Fortra’s GoAnywhere MFT secure file transfer software (CVE-2023-0669) was exploited in attacks on...
Security researchers have issued warnings following an increase in cyberattacks distributing a malware variant called GootLoader. GootLoader is a malware...
The Health Sector Cybersecurity Coordination Center (HC3) at the Department of Health and Human Services has issued a DDoS guide...
The threat intelligence provider, Mandiant, says almost all cybersecurity leaders are happy with the threat intelligence they are consuming, but...
Cyberattacks on business associates of healthcare organizations have increased to the point where attacks on business associates now outnumber attacks...
A joint cybersecurity advisory has been issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA),...
Business Email Compromise scams are the biggest cause of losses to cybercrime. Over the past 5 years, more than $43...
Malicious actors used a variety of methods to gain initial access to victims’ networks but in 2022, cybercriminal groups appeared...
Healthcare organizations have been investing in cybersecurity to improve their defenses against increasingly numerous and sophisticated cyberattacks; however, while an...
The pro-Russian hacking group, Killnet, is conducting a campaign of Distributed Denial of Service (DDoS) attacks on U.S. hospitals in...
Multiple vulnerabilities have been identified in the popular open source electronic health record and medical practice management software, OpenEMR. OpenEMR...
While the Hive ransomware operation was infiltrating servers, exfiltrating data, and demanding ransom payments from their victims, their activities were...
Blackberry has recently published its Global Threat Intelligence Report, which provides actionable and contextualized intelligence that can be used to...
Cybercriminals are increasingly using legitimate remote monitoring and management (RMM) software in their attacks, according to a recent joint alert...
Ransomware gangs are finding it much harder to profit from their attacks as fewer victims are ransoms to obtain the...
For the first time since 2015, there was a year-over-year decline in the number of data breaches reported to the...
There are many benefits of using AI in healthcare, including the acceleration of drug development and medical image analysis, but...
An inspection of information security at Tuscaloosa VA Medical Center in Alabama by the VA Office of Inspector General (OIG)...
While it is difficult to obtain accurate data on the number of ransomware attacks being conducted on healthcare organizations, the...
The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence on two sophisticated and aggressive ransomware operations – Blackcat...
The number of reported healthcare data breaches declined for the second successive month, with 40 data breaches of 500 or...
A group of 20 security and risk executives from leading healthcare provider organizations have come together to share their insights...
Healthcare organizations can put a host of cybersecurity measures in place to secure their networks and prevent direct attacks by...
Healthcare ransomware attacks have at least doubled in the past 5 years, data recovery from backups has decreased, and it...
The latest data released by the cybersecurity firm Check Point has confirmed that 2022 was a particularly bad year for...
The Health Sector Cybersecurity Coordination Center (HC3) has shared information on the Clop (Cl0p) ransomware-as-a-service operation, the affiliates of which...
Vulnerabilities have been discovered in Citrix solutions, Netgear routers, and Zoho ManageEngine products that require immediate patching. One of the...
Ransomware attacks continue to be conducted on healthcare organizations in high numbers but determining the extent to which healthcare organizations...
The information risk management, standards, and certification body, HITRUST, has announced that it will be releasing a new version of...
The healthcare and public health (HPH) sector has been warned about the risk of cyberattacks by a pro-Russian hacktivist group...
The text of a $1.7 trillion omnibus appropriations bill has been released by the House and Senate Appropriations Committees which,...
Citrix Application Delivery Controller (ADC) and Citrix Gateway users have been urged to check to make sure that their systems...
Cyberattacks have increased in volume and sophistication to the point where it is inevitable that a successful attack will be...
Automation cuts costs and improves productivity, and it is as important in cybersecurity as it is in manufacturing. Many labor-intensive...
Ransomware remains one of the most serious threats to the healthcare industry. Attacks can be incredibly costly to resolve, they...
The Health Sector Cybersecurity Coordination Center (HC3) has released analyses of two ransomware variants that are being used in attacks...
The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the healthcare and public health (HPH) sector about...
Sen. Mark Warner (D-Va) recently published a white paper framing cybersecurity as a patient safety issue. The paper suggested several...
The security of medical devices is one of the biggest cybersecurity concerns in healthcare. Hospitals continue to add more connected...
The medical Internet of Things (IoT) is helping to improve efficiency and make healthcare more patient-centric; however, as hospitals increase...
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint cybersecurity advisory...
LastPass has confirmed that hackers have gained access to a third-party cloud storage service that contained customer data, although no...
There was a slight downturn in ransomware attacks in Q3, although it is too early to tell if that downward...
There was a global increase in cyberattacks in Q3, 2022, with attacks rising by 28% compared to the corresponding period...
The healthcare and public health sector (HPH) has been warned about the threat of ransomware attacks by the Lorenz threat...
October was the worst month of the year to date for healthcare data breaches, with 71 breaches reported and more...
The Hive ransomware-as-a-service (RaaS) operation first emerged in June 2021 and has aggressively targeted the health and public health sector...
In the event of a cyberattack that impacts the functionality of medical devices, a rapid and effective response is essential...
CISA has issued a decision tree methodology that can be adopted by healthcare organizations to help them develop an efficient...
The Health Sector Cybersecurity Coordination Center (HC3) has recently shared details of the tactics, techniques, and procedures associated with Venus...
The number of connected devices being used in hospitals continues to grow and while these devices can improve efficiency, safety,...
The federal government has issued a warning to the healthcare sector about the threat of cyberattacks by Iranian threat actors....
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center...
Senator Mark Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, has recently published a white paper – Cybersecurity...
The White House has issued a proclamation from President Biden declaring November as Critical Infrastructure Security and Resilience Month –...
MFA is one of the most important measures to take to prevent unauthorized account access; however, it does not provide...
Last week, the OpenSSL Project announced a patch would be released on November 1, 2022, to address a critical OpenSSL...
A warning has been issued to the healthcare and public health sector about a critical vulnerability in the OpenSSL software...
A set of cross-sector Cybersecurity Performance Goals (CPGs) have been published by the Cybersecurity and Infrastructure Security Agency (CISA) for...
The healthcare industry is an attractive target for cybercriminals and data thieves. Healthcare organizations store vast amounts of sensitive data...
In a recent blog post, Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA) explained that for...
A relatively new data extortion and ransomware gang known as Daixin team is actively targeting U.S. healthcare organizations, prompting a...
Check Point’s 2022 Mid-Year Report has revealed the healthcare industry has seen the biggest percentage rise in cyberattacks out of...
The U.S. government is taking steps to improve critical infrastructure cybersecurity, with healthcare, water, and the communications sectors the next...
Businesses are appreciating the importance of cybersecurity and realizing that they need to invest more heavily in cybersecurity as threats...
Ransomware attacks continue to plague the healthcare industry. The attacks disrupt operations due to essential IT systems being taken offline,...
It has become increasingly common for threat actors to use living-off-the-land techniques for conducting reconnaissance, privilege escalation, persistence, and moving...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a medical advisory about a recently discovered vulnerability that affects the...
October is Cybersecurity Awareness Month – a 19-year collaborative effort between the government and industry to improve awareness of cybersecurity...
Microsoft was warned that two zero-day vulnerabilities in Microsoft Exchange Server are being actively exploited in the wild and has...
The National Institutes of Health (NIH) failed to implement adequate cybersecurity measures to protect sensitive data in its pre-award risk...
The U.S Food and Drug Administration (FDA) user fee reauthorization bill passed by the House of Representatives in June included...
The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning about the Chinese state-sponsored threat actor tracked as APT41....
The Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued a warning about a...
A warning has been issued to the healthcare and public health (HPH) sector about an ongoing Monkeypox phishing campaign targeting...
For the third successive month, the number of healthcare data breaches reported to the Department of Health and Human Services’...
The Federal Bureau of Investigation (FBI) has issued a TLP:WHITE Private Industry Notification warning about ongoing cybercriminal campaigns targeting healthcare...
The Federal Bureau of Investigation (FBI) has issued a private industry notification warning about the rising number of vulnerabilities in...
Researchers at Rapid 7 have identified four vulnerabilities in Baxter and Sigma Spectrum infusion pumps, which are used to deliver...
A recent study has revealed that more than 20% of healthcare organizations experienced an increase in mortality rate after a...
The open source password manager provider, Bitwarden, has raised $100 million in funding which will be used to provide greater...
The HHS’ Office of Inspector General (OIG) has called for the Health Resources and Services Administration (HRSA) to improve oversight...
Health-ISAC has published a white paper for healthcare CISOs looking to implement zero trust security architectures to help them overcome...
Five vulnerabilities have been identified in Contec Health’s CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor. Successful exploitation of the...
The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the healthcare and public health sector (HPH) about...
Is Your Organization HIPAA Compliant?
Find Out With Our Free HIPAA Compliance Checklist
Get Free Checklist