Cybersecurity News

• CISA Launches Initiative to Improve Critical Infrastructure Resilience During Geopolitical Conflicts
• Healthcare Organizations Exposing Patient Data Via Poorly Secured DICOM Servers
• Settlement Resolves FTC Lawsuit Against Kochava Over Sale of Geolocation Data
• New Cyber Resilience Readiness Program Developed by Joint Commission; AHA
• Urgent Action Required by MOVEit Automation Users
• World Password Day 2026 – Password Tips and Best Practices
• Frequency and Severity of Hacks of Medical Devices Increasing
• AI Analysis Identifies 38 Flaws in OpenEMR Platform
• Healthcare Organizations Struggling to Implement Primary Method of Blocking Lateral Movement
• Former FBI Deputy Cyber Chief Calls for Terrorism Classification for Healthcare Ransomware Actors
• HSCC Issues Guidance for Healthcare Organizations on Managing Third Party AI Risks
• 2025 Losses to Cybercrime Exceeded $20 Billion
• Critical Flaws Identified in Progress Software ShareFile Service
• Urgent Action Required to Fix Actively Exploited Critical Citrix NetScaler Vulnerability
• BakerHostetler: Healthcare Remains Most Targeted Sector with Extortion-Only Attacks on the Rise
• High Severity Vulnerability Identified in Grassroots DICOM
• FDA Issues Recall Notice for GE HealthCare Centricity Universal Viewer
• CISA Advises U.S. Organizations to Harden Microsoft Intune Following Stryker Data Wiping Attack
• Paubox Research on Email Security Identifies Top Security Risks in 2026
• Trump Administration Announces Aggressive Cyber Strategy
• Senate HELP Committee Advances Healthcare Cybersecurity Bill
• Ransom Demands Increase as Ransom Payments Fall to Record Low
• Soaring Insider Breach Costs Driven by Shadow AI Use
• North Korean Hackers Using Medusa Ransomware in Attacks on U.S. Healthcare Sector
• Report Reveals Elevenfold Increase in Data-only Extortion Attacks
• Healthcare Sector Most Targeted by Ransomware Groups as Attacks Increase 49% YOY
• FBI Urges Organizations to Take 10 Actions to Improve Cyber Resilience
• HHS-OIG Identifies Web Application Security Weaknesses at Large U.S. Hospital
• CISA Issues Guidance for Proactively Defending Against Insider Threats
• U.S. Data Compromises Hit Record Breaches in 2025
• HHS-OIG Report Highlights Key HHS Cybersecurity Challenges
• OCR Advises HIPAA-Regulated Entities to Take Steps to Harden System Security
• What is HIPAA Safe Harbor and how does Cybersecurity Training help?
• Ransomware Attacks Increased by 58% in 2025
• How to Secure Patient Information (PHI)
• What is the Relationship Between HITECH, HIPAA, and Electronic Health and Medical Records?
• Why Do Criminals Target Medical Records?
• October 2025 Healthcare Data Breach Report
• HIPAA Password Requirements
• HIPAA Encryption Requirements
• Critical Vulnerability Allows Bluetooth Takeover of WHILL Electric Wheelchairs
• New HIPAA Regulations in 2026
• Patch Released for Medium-severity Grassroots DICOM Vulnerability
• High-severity Vulnerability Patched in AJAT Panoramic Dental Imaging Software
• U.S. Critical Infrastructure Entities Targeted by Pro-Russia Hacktivists
• AHA: Understand Your Risk Environment to Better Protect Patient Data
• Bill Reintroduced to Strengthen Healthcare Cybersecurity
• Over 100 Hospital Systems and Provider Associations Call for Withdrawal of Proposed HIPAA Security Rule Update
• High Severity Vulnerabilities Patched in Mirion Medical EC2 Software NMIS BioDose
• Europol Takes Down Illegal Crypto Mixing Laundering Service Used by Ransomware Actors
• Cryptocurrencies’ Central Role in Healthcare Ransomware Attacks
• Threat Actors Time Attacks to Coincide with Periods of Reduced Vigilance
• HSCC Updates Model Contract Language Framework for HDOs & MDMs
• Critical Flaw in Oracle Identity Manager Under Active Exploitation
• Critical Vulnerability Identified in Emerson Appleton UPSMON-PRO
• Compromised VPN Credentials Leading Attack Vector in Ransomware Campaigns
• Healthcare’s Reliance on Outdated IT Putting Patient Safety and Cybersecurity at Risk
• Fortinet Patches Actively Exploited FortiWeb Zero Day Flaw
• Cyberattack Volume Increases Fueled by 48% YOY Increase in Ransomware Attacks
• HSCC Publishes Preview of Health Sector AI Cybersecurity Risk Guidance
• Warning Issued About Akira Ransomware as Attacks on Critical Infrastructure Accelerate
• Urgent Patching Required to Fix Actively Exploited Cisco Flaws
• NHS Pathology Provider Synnovis Notifies Organizations Affected by June 2024 Ransomware Attack
• Healthcare Sees 224% Annual Increase in Attacks Targeting Mobile Devices
• Cybersecurity Should be Viewed as a Strategic Enabler of the Business
• CISA; NSA Issue Guidance on Hardening Microsoft Exchange Server Security
• Vulnerabilities Identified in Vertikal Systems Hospital Information Management Solution
• Only 23% of Ransomware Victims Pay the Ransom
• State Medicaid Agencies Need to Improve Security Controls for MMIS and E&E Systems
• Ransomware Groups’ Evolving Tactics Spur 44% Increase in Ransom Demands
• Cybersecurity Firm Reports 36% YOY Increase in Ransomware Attacks
• ITRC: 23 Million Individuals Affected by Data Breaches in Q3, 2025
• 72% of Healthcare Orgs Report Disruption to Patient Care Due to Cyberattacks
• Cl0p Mass Exploiting Zero-day Vulnerability in Oracle E-Business Suite
• Critical GoAnywhere Vulnerability Exploited in Medusa Ransomware Attacks
• Healthcare Cyberattacks Costing $200K+ Rise 400% in a Year
• Cybersecurity Awareness Month 2025: Building a Cyber Strong America
• Cyber Insurance Claims Fall But Ransomware Losses Increase
• Microsoft Seizes Sites Used by Popular Phishing Operation to Attack Healthcare Orgs
• GAO: HHS Yet to Implement 82 Cybersecurity and IT Management Recommendations
• Sen. Wyden Urges FTC to Take Action Against Microsoft for “Gross Cybersecurity Negligence”
• Feds Offer $10 Million Reward for Ransomware Administrator Who Attacked U.S. Healthcare Orgs
• Healthcare Industry Good at Preventing Serious Vulnerabilities but Lags in Remediation
• Report Reveals Worrying Abuses of Agentic AI by Cybercriminals
• CISA Seeks Feedback on Updated Software Bill of Materials Guidance
• Vulnerability Identified in FujiFilm Synapse Mobility Medical Image Viewer
• Warnings Issued About RCE Vulnerabilities in FortiSIEM & N-able N-central
• Remotely Exploitable Critical Vulnerability Identified in Santesoft Sante PACS Server
• Feds Confirm Seizure of BlackSuit Ransomware Infrastructure
• Warning Issued About High-severity Flaw Affecting Microsoft Exchange Hybrid Deployments
• More Than Half of Healthcare Orgs Attacked with Ransomware Last Year
• Average Cost of a Healthcare Data Breach Falls to $7.42 Million
• HHS-OIG Audit Finds Security Gaps at Large Northeastern Hospital
• Feds Issue Interlock Ransomware Warning as Healthcare Attacks Spike
• Microsoft Issues Emergency Patches for Actively Exploited SharePoint Server Vulnerabilities
• June 2025 Healthcare Data Breach Report
• High Severity Vulnerability Identified in Panoramic Dental Imaging Software
• Data Breaches Up 10% Although Victim Count Falls Sharply
• Ransomware Attacks Fall in Q2 as Ecosystem Reshuffles
• Trend Micro Warns of New Ransomware Group Targeting Healthcare Orgs
• Hunters International Ransomware Group Shuts Down; Offers Free Decryptors
• FBI; CMS Issue Warning About Fraud and Phishing Attempts on Healthcare Orgs
• FDA Urges Medical Device Manufacturers to Improve OT Security
• Patient Death Linked to Ransomware Attack on Pathology Services Provider
• Ransomware Groups Increasingly Conducting Extortion-Only Attacks
• NIST Publishes Guidance on Implementing Zero Trust Architectures
• Bipartisan Healthcare Cybersecurity Act Introduced in House and Senate
• High Severity Vulnerability Identified in MicroDicom DICOM Viewer
• Qilin Ransomware Group Exploiting Critical Fortinet Flaws
• MSPs & IT Vendors Targeted by Scattered Spider Threat Group
• Updated Play Ransomware Cybersecurity Advisory Issued as Victim Count Reaches 900
• High Severity Vulnerability Identified in Santesoft Sante DICOM Viewer Pro
• NIST Proposes New Metric for Predicting Probability of Vulnerability Exploitation
• Silent Ransom Group Targets U.S. Law Firms with Vishing Attacks
• Law Enforcement Disrupts DanaBot & Lumma Stealer Malware Operations
• Rhode Island Releases Details of RIBridges Hacking Investigation
• Study Explores Extent of Hacking and Ransomware Attacks in Healthcare
• Healthcare Organizations Take 3.7 Months To Announce Ransomware Data Breaches
• Microsoft, Fortinet & Ivanti Warn About Actively Exploited Zero Day Vulnerabilities
• Ransomware Attacks Increase 123% in 2 Years with 52 New Groups Emerging in 2024
• Cyber Insurance Provider Reports Fall in Claims Frequency in 2024
• NIST Privacy Framework Updated to Incorporate Latest Cybersecurity Guidelines
• Vulnerabilities Identified in Pixmeo OsiriX MD DICOM Viewer
• LockBit Ransomware Group Hacked; Operations Database Leaked
• SonicWall SMA Vulnerabilities Actively Exploited in Attacks
• Two High-Severity Vulnerabilities Identified in MicroDicom DICOM Viewer
• ELENOR-Corp Ransomware Group Targets Healthcare with New Mimic Ransomware Variant
• Cybercrime Losses Increased by 33% in 2024 to $16.6bn
• March 2025 Healthcare Data Breach Report
• Verizon DBIR: Surge in Vulnerability Exploitation and Healthcare Espionage Breaches
• Healthcare Organizations Struggling to Shift from Reactive to Proactive Cybersecurity
• Healthcare Orgs Targeted with Malware Campaign Distributing Stealthy New RAT
• BakerHostetler: Ransomware in Decline with Fewer Attacks and Lower Payments
• Immediate Patching Required to Address High Severity INFINITT PACS Vulnerability
• Cybersecurity Firms Report Record-Breaking Quarter for Ransomware Attacks
• Windows CLFS Flaw Being Actively Exploited by Ransomware Group
• Lawsuit Filed Against Teaching Hospital Over Pharmacist’s Decade-long Cyber-Spying Campaign
• Fortinet Advises Immediate Upgrade to Fix Critical FortiSwitch Vulnerability
• House Committee Hears New Concerns About Legacy Medical Device Cybersecurity
• Ivanti Connect Secure, Policy Secure, ZTA Gateways Flaw Under Active Exploitation
• HSCC Recommends Consultation Process on Healthcare Cybersecurity Improvements
• More Than One-Third of Data Breaches Due to Third-Party Supplier Compromises
• 99% Of Healthcare Orgs Managing IoMT Devices with Known Exploited Vulnerabilities
• FBI Finds No Specific Credible Terror Threat Against U.S. Hospitals
• Almost One-Third of Rural Hospitals Benefiting from Microsoft’s Cybersecurity for Rural Hospitals Program
• February 2025 Healthcare Data Breach Report
• High Severity Vulnerabilities Identified in Philips Intellispace Cardiovascular (ISCV)
• Collaborative Effort Decreases Cobalt Strike Abuse by 80%
• Critical Infrastructure Entities Warned About Medusa Ransomware as Victim Count Hits 300
• 58% of Ransomware Attacks Involve Compromised Perimeter Security Appliances
• Survey Confirms Majority of Healthcare Orgs Plan to Increase Cybersecurity Investment
• Ransomware Attack Surge Continues in 2025
• Vulnerabilities Identified in Dario Health’s Blood Glucose Monitoring Android App
• Lawsuit Filed Against Amazon Alleging Unlawful Collection of Health & Location Data
• China-Based Threat Group Targets Healthcare with Malicious DICOM Installers
• Study Explores the Effectiveness of Insider Risk Management Programs
• Healthcare Was the Most Breached Industry in 2024
• Vulnerability Identified in Medixant RadiAnt DICOM Viewer
• Can You Make WordPress HIPAA Compliant?
• Feds Sound Alarm About Ghost Ransomware Group
• U.S. Sanctions Russian Bulletproof Hosting Service for Supporting LockBit Ransomware Attacks
• January 2025 Healthcare Data Breach Report
• Warning Issued BlackLock Ransomware Operation After 1,425% Increase in Data Leaks
• Insights into the Current Healthcare Threat Landscape
• 41% of 2024 Third Party Breaches Affected Healthcare Organizations
• Law Enforcement Operation Takes Down 8Base Ransomware Group
• Vulnerabilities Identified in Orthanc Server and MicroDicom DICOM Viewer
• 2024 Saw Increase in Ransomware Attacks but 35% Decrease in Payments
• Healthcare Providers Warned About Vulnerability in SimpleHelp Remote Access Software
• Is Google Drive HIPAA Compliant?
• Backdoor Identified in Contec CMS8000 Patient Monitors That Transmits Patient Data
• Study Reveals 88% of Companies Experienced a Ransomware Attack Last Year
• More Than 1.7 Billion Individuals Had Personal Data Compromised in 2024
• SonicWall & Apple Issue Patches for Actively Exploited Zero-Days
• The Ransomware Groups Targeting Healthcare Organizations
• 84% of Healthcare Organizations Detected a Cyberattack in the Past 12 Months
• Ransomware Groups Claim 13% More Healthcare Victims in 2024
• December 2024 Healthcare Data Breach Report
• 2024 Was Another Bad Year for Healthcare Ransomware Attacks
• Patch Warning: Critical Ivanti Connect Secure Zero-day Exploited
• HHS Urges Health Sector to Improve OT & IoMT Security
• Health Sector Warned About Ongoing Credential Harvesting Campaigns
• CISA Seeks Comment on National Cyber Incident Response Plan Update
• BD Identifies High Severity Vulnerability in its Diagnostic Solutions Products
• Survey Reveals 65% of Employees Take Security Shortcuts
• FDA Urges Blood Establishments to Improve Their Security Posture Following Spate of Ransomware Attacks
• Critical Cleo File-Transfer Flaw Under Active Exploitation; Cl0p Claims Responsibility
• Bipartisan Senate Bill Seeks to Strengthen Healthcare Cybersecurity
• Feds Update BianLian Cybersecurity Alert as Threat Actor Adopts New Tactics
• October 2024 Healthcare Data Breach Report
• Ransomware Groups Increasingly Targeting Poorly Secured and Outdated VPNs for Initial Access
• Phishing Campaign Abuses DocuSign API to Send Fake Invoices
• Alleged Phobos Ransomware Administrator Extradited to the U.S. to Face 13-Count Indictment
• HSCC Publishes Cyber Incident Response Playbook for Medical Product Manufacturers
• GAO: HHS Continues to Have Challenges Carrying out its Cybersecurity Responsibilities
• New Interlock Ransomware Group Targets US Healthcare Organizations
• US Calls for Russia and Other States to Take Action Over Healthcare Ransomware Attacks
• CISA Shares Best Practices for Improving the Security and Resilience of Critical Infrastructure
• Ransomware Attack Severity Increased 68% in H1, 2024
• CISA Warns of Ongoing Spear Phishing Campaign Using RDP Attachments
• HPH Sector Warned About Exploitation of Miracle Exploit Vulnerabilities in Oracle Systems
• HC3 Issues Warning About Scattered Spider Threat Actor
• OCR Offers Advice on Recognizing, Avoiding, and Mitigating Social Engineering Attacks
• FortiManager Zero-Day Has Been Exploited Since July 2024
• Two Men Indicted for Role in February 2024 Cyberattack on Cedars-Sinai
• OCR Issues Guidance on Ransomware Prevention and Response
• Thousands of Medical Devices and Data Systems Exposed Over the Public Internet
• Iranian Threat Actors Targeting Critical Infrastructure Entities Using Brute Force Tactics
• Q3 Sees 8% Fall in Data Compromises; 77% Reduction in Victims
• Threat Actors Actively Exploiting Critical Fortinet; Veeam Backup & Replication Vulnerabilities
• CISA Warns F5 BIG-IP Users About Abuse of Unencrypted Cookies
• New York Implements New Cybersecurity Regulations For General Hospitals
• 92% Of U.S. Healthcare Organizations Experienced a Cyberattack in the Past Year
• HHS Issues Warning About Trinity Ransomware Following Healthcare Attacks
• Critical Zimbra Flaw Being Mass Exploited
• Four Individuals Connected to LockBit Ransomware Attacks Arrested; Evil Corp Members Sanctioned
• Report Provides Insights into the Financial Impact of Cyberattacks
• Healthcare Ransomware Attacks Continue to Increase in Number and Severity
• Updated NIST Password Guidelines Replace Complexity with Password Length
• Democratic Senators Propose Mandatory Cybersecurity Standards in Healthcare and Greater Accountability
• 2024 National Cybersecurity Awareness Month
• Healthcare Most Targeted Industry in Mobile Phishing Campaigns
• Vanilla Tempest (Vice Society) Threat Group Using INC Ransomware to Attack Healthcare Orgs
• Valid Credentials Most Common Initial Access Vector in Cyberattacks on Critical Infrastructure
• APT Group Actively Exploiting Windows MSHTML Platform Zero Day Flaw
• FBI Issues Warning About BEC Attacks as Losses Increase to $55.5 Billion
• Two More Healthcare Orgs Attacked by RansomHub
• HPH Sector Warned About Grant Donation Email Scam
• Microsoft & Ivanti Patch Multiple Critical and Actively Exploited Flaws
• Critical SonicWall Firewall Vulnerability Actively Exploited by Ransomware Actors
• Maximum Severity Vulnerability Identified in Baxter Connex Health Portal
• Feds Issue Warning About Russian Hacking Group Targeting Critical Infrastructure
• Active Ransomware Groups Increase by 57% as Ransomware Landscape Fragments
• CISA Launches New Cyber Incident Reporting Portal
• Feds Sound Alarm About RansomHub Ransomware Group
• Healthcare Cybersecurity Act Introduced in House of Representatives
• Iranian Espionage Group Providing Network Access to Ransomware Groups
• $460 Million Paid to Ransomware Groups in H1, 2024
• Healthcare Sector Warned About Everest Ransomware Group
• CISA & Partners Issue Guidance & Best Practices for Event Logging and Threat Detection
• Critical SolarWinds Web Help Desk Vulnerability Under Active Exploitation
• NIST Releases Finalized Post-Quantum Encryption Standards
• Vulnerabilities Identified in Azure Health Bot Service
• FBI-led Operation Shut Down Radar/Dispossessor Ransomware Group’s Servers
• Feds Issue Secure by Design Guidance for Software Purchasers
• CISA, FBI Issue Updated Warning Confirming Royal Ransomware Has Rebranded as BlackSuit
• CrowdStrike Confirms Root Cause of Falcon Sensor Outage; Healthcare Losses Anticipated to be $1.94B
• NHS Software Provider Facing £6M Fine Over Ransomware Attack
• BEC Emails Increase 20% YoY; AI Used in 40% of Attacks
• Health-ISAC/AHA Issue Warning Following Ransomware Attacks on Mission-Critical Suppliers
• Ransomware Group Targets IT Workers by Impersonating Legitimate Scanning Tool
• Almost Three-quarters of Ransomware Victims Hit Multiple Times
• Average Cost of a Data Breach Rises to $4.88M; Falls to $9.77M in Healthcare
• HHS Restructures to Consolidate Technology, Cybersecurity, Data, AI, and HealthIT
• North Korean Hacker Indicted for Ransomware Attacks on U.S. Hospitals and Healthcare Orgs
• Healthcare Organizations Are Exposing PII Through Incorrect File Sharing
• Survey Highlights Challenges in Healthcare with Managing Sensitive Content in Communications
• Mandiant Warns of North Korean Threat Actors Targeting Healthcare
• Ransomware Attacks Increased by 9% In Q2, 2024
• Ransomware Attack on Australian eScripts Provider Affects 12.9 Million Australians
• Two LockBit Ransomware Affiliates Plead Guity and Face Up to 70 Years in Prison
• Faulty CrowdStrike Software Update Causing Major Disruption at U.S. Healthcare Organizations
• CISA Issues Alert About Multiple Philips Vue PACS Vulnerabilities
• ITRC: More Than 1 Billion Individuals Affected by H1, 2024 Data Compromises
• Ransomware Groups’ Data Leak Site Listings Increased by 20% in Q2, 2024
• Bipartisan Bill Introduced to Improve Cybersecurity in Healthcare
• Sen. Warner Calls for HHS to Develop Mandatory Minimum Cybersecurity Standards for Healthcare
• Risks of HIPAA Compliance Failures with Email
• Health-ISAC Issues Warning Abuse of TeamViewer Remote Connectivity Software
• Vulnerabilities Identified in Sensor Net Connect and Thermoscan IP Temperature Control Devices and Software
• Hackers Start Attempting Exploitation of Critical MOVEit Transfer Vulnerability
• Feds Warn of Phishing and Social Engineering Campaign Targeting Healthcare Organizations
• Healthcare Scores a B for Cybersecurity
• Warning Issued to HPH Sector About Qilin Ransomware Group
• Multifactor Authentication Could Have Prevented 9.7 Million-Record Medibank Data Breach
• Cyber Insurance Claims Reached Record High in 2023
• High Severity Flaws Identified in MicroDicom DICOM Viewer
• Snowflake Customers Attacked in Ongoing Extortion Campaign
• Microsoft & Google Offering Free and Discounted Cybersecurity Services to Rural Hospitals
• FBI Urges LockBit Ransomware Victims to Contact IC3; 7,000 Decryption Keys Obtained
• HHS Must Take Immediate Action to Improve Cybersecurity at Large Healthcare Organizations
• Ransomware Victim Count Increased by 75% in 2023
• HHS Shares Best Practices for Preventing and Responding to Healthcare DDoS Attacks
• Critical Vulnerabilities Identified in Baxter Welch Allyn Products
• Impact of Hospital Ransomware Attacks on Neighboring Hospitals
• Check Point Issues Warning About Attacks Targeting VPNs for Initial Access
• 37% of Healthcare Organizations Do Not Have a Security Incident Response Plan
• HPH Sector Warned About Business Email Compromise Attacks
• Critical NextGen Healthcare Mirth Connect Vulnerability Under Active Exploitation
• HHS Agency Launches Program to Improve Cyber Resiliency in Hospitals
• April 2024 Healthcare Data Breach Report
• 11 Vulnerabilities Identified in GE HealthCare Ultrasound Products
• Microsoft Patches Zero-Day Vulnerability Exploited to Deliver QakBot and Other Malware
• Black Basta Ransomware Group Targeting Healthcare Organizations
• Only 49% of Critical Infrastructure Entities Acted on CISA Ransomware Vulnerability Warnings
• LockBit Leader Named and Sanctioned
• BakerHostetler Report Identifies Healthcare Data Breach and Litigation Trends
• Healthcare Ransomware Attacks Involve 20% of Stored Sensitive Data
• Verizon 2024 DBIR: 70% of Healthcare Data Breaches Caused by Insiders
• Threat Actors Increasingly Targeting Vulnerabilities for Initial Access
• March 2024 Healthcare Data Breach Report
• Only 28% of Ransomware Victims Choose to Pay Ransom
• CISA & Partners Share New Threat Intelligence on Akira Ransomware
• Palo Alto Networks Updates Mitigations as Exploitation of 0Day Firewall Vulnerability Grows
• Ransomware Attacks Up 20% YoY with 55% Increase in Active Ransomware Groups
• 96% of Hospitals Still Use Website Tracking Technologies That Share Data with Third Parties
• Epic Systems Shuts off Access for Certain Particle Health Customers Over Patient Privacy Concerns
• Ransomware Attacks Reported by 4 Healthcare Providers
• Cyberattacks Increase But Ransomware Attacks Decline
• Companies with Strong Cybersecurity Programs Deliver Higher Returns for Shareholders
• Social Engineering Campaign Targets Hospital IT Helpdesks
• HHS Shares Credential Harvesting Mitigations
• Legislation Introduced to Provide Advance Payments to Providers Affected by Cyberattacks
• Senator Cassidy Demands Answers About HHS Cyberattack and $7.5M Theft
• Healthcare Cyber Security Summit June 12-13 with 20% Discount
• Five Eyes Agencies Urge Critical Infrastructure to Take Volt Typhoon Threat Seriously
• HPH Sector Warned About Email Bombing Attacks
• 63% of Known Exploited Vulnerabilities Can be Found in Hospital Networks
• FBI Data Shows Ransomware Attack Surge as Cybercrime Losses Reach $12.5 Billion
• CISA, NSA Release Cloud Security Guides
• NSA Publishes Guidance on Implementing Zero Trust to Limit Lateral Movement
• 40% of Malware Infections in Healthcare Originate from Cloud Apps
• HHS Responds to Change Healthcare Cyberattack with New Flexibilities for Affected Providers
• Blackcat Affiliate Behind Change Healthcare Ransomware Claims Group Stole $22 Million Ransom
• Healthcare Experiences More Third-Party Data Breaches Than Any Other Sector
• Change Healthcare Ransomware Attack Having Massive Impact on Providers
• Five Eyes Agencies Warn of Ongoing Exploitation of Ivanti Connect Secure and Policy Secure Flaws
• High Severity Vulnerabilities Identified in MicroDicom DICOM Viewer
• CISA, FBI Share Latest Threat Intelligence on Phobos Ransomware
• Feds Sound Alarm as ALPHV/Blackcat Ransomware Group Targets Healthcare
• Higher NIST CSF and HCIP Coverage Linked with Lower Cyber Insurance Premium Growth
• HSCC Releases 5-Year Strategic Plan for Improving Healthcare Cybersecurity
• NIST Cybersecurity Framework 2.0 Released
• LockBit Ransomware Group Restores Servers Following Law Enforcement Takedown
• Majority of Ransomware Victims That Pay a Ransom Suffer a Second Attack
• ConnectWise ScreenConnect Vulnerabilities Under Active Exploitation
• January 2024 Healthcare Data Breach Report
• International Law Enforcement Operation Takes Down LockBit RaaS Infrastructure
• Free Decryptor Released for Rhysida Ransomware
• Bipartisan Bill Aims to Ensure the HHS is Implementing Effective Cybersecurity Measures
• GAO: Federal Agencies Need to Enhance Oversight of Ransomware Practices
• Healthcare Sector Warned About Akira Ransomware Attacks
• Ransom Payments Exceeded $1 Billion in 2023
• CISA Pre-Ransomware Alerts Helped 154 Healthcare Organizations Save Millions in Costs
• Emerging Ransomware Groups Disproportionately Attack Healthcare Organizations
• ITRC: Data Compromises Reach All-time High in 2023
• FTC Orders Blackbaud to Improve Security and Enforce Data Retention Policies
• Security Breaches in Healthcare in 2023
• 71% of Ransomware Attack Victims Refuse to Pay the Ransom
• HHS Unveils Voluntary HPH Cybersecurity Performance Goals
• Patch Fortra GoAnywhere Now: Exploit Code Released for Critical Flaw
• HC3 Warns of Threat of Unauthorized Remote Access via ScreenConnect Tool
• Hospital IT Help Desks Targeted in Sophisticated Payment Fraud Scam
• Citrix Patches 2 Actively Exploited NetScaler ADC and Gateway Zero Days
• December 2023 Healthcare Data Breach Report
• Multiple Threat Groups Exploiting Ivanti VPN/NAS Zero-Days
• At Least 141 Hospitals Directly Affected by Ransomware Attacks in 2023
• November 2023 Healthcare Data Breach Report
• ALPHV/BlackCat Claims Healthcare Restrictions Removed for Affiliates
• Feds Share Threat Intelligence on Play Ransomware Operation
• How Often Should Passwords be Changed in the EHR System?
• ALPHV/BlackCat Ransomware Operation Disrupted by FBI
• CISA Publishes Healthcare-Specific Guidance for Improving Cyber Resilience
• HIPAA Rules on Contingency Planning
• When Should You Promote HIPAA Awareness?
• AHA Opposes HHS Plan to Penalize Hospitals for Cybersecurity Failures
• Who Should HIPAA Complaints be Directed to Within the Covered Entity?
• HHS Publishes Healthcare Sector Cybersecurity Strategy
• Urgent Action Required to Address Critical ownCloud Vulnerabilities
• CitrixBleed Vulnerability Requires Urgent Action as Ransomware Groups Scale Up Attacks
• BD Discloses Vulnerabilities in FACSChorus Software
• Ransomware Affiliate Group Dismantled in International Law Enforcement Operation
• Warren General Hospital Data Breach Affects 169,000 Patients
• HC3 Warns HPH Sector About Critical FortiSIEM Vulnerability and Ongoing Emotet Malware Threat
• CISA Publishes Mitigation Guide for the Healthcare and Public Health Sector
• October 2023 Healthcare Data Breach Report
• FDA Releases Guidance on Managing Legacy Medical Device Cybersecurity Risks
• Feds Issue Updated Mitigations for Blocking Rhysida Ransomware Attacks
• Updates on Royal, LockBit 3.0, Hunters International & ALPHV Ransomware Groups
• Stricter Cybersecurity Regulations Proposed for New York Hospitals
• SysAid Zero-Day Vulnerability Exploited to Deploy Clop Ransomware
• CISA Issues Software Bill of Materials Guidance
• Q3, 2023 Sees 76% Fall in Data Breaches
• Data Successfully Encrypted in 75% of Healthcare Ransomware Attacks
• FBI Shares Intel on Emerging Initial Access Techniques Used by Ransomware Gangs
• BlackSuit Ransomware Poses a Credible Threat to the HPH Sector
• Malicious Actors Increasingly Targeting Cloud Services in Healthcare Cyberattacks
• September Saw Record Number of Ransomware Attacks
• HPH Sector Warned About 8Base Data Extortion Group
• 40 Countries Pledge to Never Pay Ransomware Gangs
• OCR Video Explains How to Improve Cybersecurity Defenses Through HIPAA Security Rule Compliance
• CISA Releases Log Management Tool for Organizations with Limited Cybersecurity Resources
• AI Can Save Phishers 2 Days Per Campaign
• CISA & HHS Release Healthcare Cybersecurity Toolkit
• QR Codes Increasingly Used in Phishing Attacks
• Feds Issue Guidance on Stopping the Phishing Attack Cycle at Phase One
• September 2023 Healthcare Data Breach Report
• The Chattanooga Heart Institute Doubles 2023 Cyberattack Victim Count
• FBI: Plastic Surgery Offices Targeted by Extortion Groups
• HHS Stresses Importance of Having an Effective Cybersecurity Incident Response Plan
• HPH Sector Warned About NoEscape Ransomware Attacks
• CISA Shares Vulnerabilities and Misconfigurations Exploited by Ransomware Gangs
• CISA and FBI Update AvosLocker Ransomware Cybersecurity Advisory
• Atlassian Confluence Data Center and Server Vulnerability Actively Exploited by Chinese APT Actor
• 66% of Healthcare Organizations Say Patient Care was Disrupted by a Cyberattack
• Lack of Antivirus Software Behind PhilHealth Ransomware Attack
• Zero-Day Vulnerability Exploited to Launch Record-Breaking DDoS Attacks
• Top Ten Cybersecurity Misconfigurations and Recommended Mitigations
• 23andMe User Data Stolen in Credential Stuffing Attack
• HPH Sector Warned About Remote Access Software Risks
• Progress Software WS_FTP Server Vulnerability Exploited After Release of PoC Code
• HHS Issues Warning Issued About LokiBot Malware
• FBI Sounds Alarm About Dual Ransomware Attacks and Data Wiping Tactics
• Cybersecurity Awareness Month 2023 Focuses on 4 Key Behaviors
• 79% Of Healthcare Organizations Experienced an API Security Incident in the Past 12 Months
• FDA Publishes New Guidance on Medical Device Cybersecurity Requirements
• Users of Progress Software WS_FTP Server Urged to Immediately Upgrade
• Insider Security Threat Costs up 40% in 4 Years
• Healthcare Industry Sees Sharp Increase in Advanced Email Attacks
• DHS Makes Recommendations to Harmonize Reporting of Cyber Incidents to the Federal Government
• Ransomware Groups are Increasingly Targeting Small Businesses
• Healthcare Cloud Usage Grows But Protecting PHI Can Be a Challenge
• Feds Issue Snatch Ransomware Warning Following Attack on Hospital
• August 2023 Healthcare Data Breach Report
• Lazarus Group Actively Exploiting ManageEngine Vulnerability in Attacks on Healthcare Organizations
• Russian National Indicted for Scripps Health Ransomware Attack; 11 TrickBot/Conti Actors Sanctioned
• Akira Ransomware Group Targeting the Healthcare and Public Health Sector
• 78% of Healthcare Organizations Suffered a Cyberattack in the Past Year
• Study Reveals State of External Exposure Management
• Joint Commission Issues Guidance on Ensuring Patient Safety After a Cyberattack
• Ransomware Groups are Accelerating Their Attacks with Dwell Time Falling to Just 5 Days
• Know Your Adversary: HC3 Shares Details of Chinese APT Groups Targeting the Healthcare Sector
• Digital Health Security Initiative Launched by the HHS
• Largescale Phishing Campaign Targets Zimbra Collaboration Email Servers
• July 2023 Healthcare Data Breach Report
• Mandiant: Malicious Actors Use of Generative AI Remains Limited
• Hackers Backdoor 1,900 Citrix NetScaler Devices
• HC3 Provides Guidance on Multifactor Authentication and Highlights Smishing Risks
• 59% Year-over-year Increase in Exploitable Vulnerabilities in Medical Devices
• Even Well-Defended Companies are Vulnerable to Lapsus$ Attacks
• NIST Releases Draft Version of Cybersecurity Framework 2.0 for Public Comment
• Ransomware Gangs Increasingly Exploiting 0Day and 1Day Vulnerabilities
• Healthcare Data Breach Risk Doubles in 2-Year Window Around M&As
• HC3 Sounds Alarm About Rhysida Ransomware Group
• Healthcare and Financial Services Remain Top Targets for Cyber Threat Actors
• Cybersecurity Agencies Share 2022’s Most Commonly Exploited Vulnerabilities
• Ivanti Discloses Another Maximum Severity Endpoint Manager Mobile Vulnerability
• 95% of Patients are Worried About Medical Record Breaches
• Biden Administration Announces National Cyber Workforce and Education Strategy
• CISA Releases Guidance on Preventing Web Application Access Control Abuse
• Health3PT Shares Best Practices for Improving Third Party Risk Management in Healthcare
• Patches Released to Fix Actively Exploited Flaw in Ivanti Endpoint Mobile Manager
• Massive Spike in Ransomware Activity in June
• HC3 Stresses the Importance of Robust Identity and Access Management
• IBM: Average Cost of a Healthcare Data Breach Increases to Almost $11 Million
• June 2023 Healthcare Data Breach Report
• Patch Released for Actively Exploited Citrix NetScaler Zero Day Vulnerability
• Generative AI Tool Without Ethical Restrictions Offered on Hacking Forums
• BD Warns of Vulnerabilities in its Alaris Guardrails Suite MX Infusion Pumps
• HC3 Shares Tips for Defending Against AI-Enhanced Cyberattacks
• CISA Publishes Factsheet to Help Businesses Securely Transition to Cloud Environments
• White House Publishes National Cybersecurity Strategy Implementation Plan
• Return to Big Game Hunting Sees Ransomware Revenues Soar
• Multiple Security Vulnerabilities Identified at Arizona VA Healthcare System
• Vulnerabilities Identified in Popular Telemedicine Software Development Kit
• HSCC Publishes Coordinated Healthcare Incident Response Plan Template
• EU Health Sector Cyber Study Confirms Ransomware is the Leading Threat
• Progress Software Patches Another Critical Flaw in MOVEit Transfer
• 75% of Users Admit Taking Risks with Passwords
• Cybersecurity Agencies Warn of TrueBot Malware Campaign Targeting U.S. and Canadian Orgs
• Critical RCE Vulnerability Identified in Medtronic Paceart Optima System
• HIPAA Business Associate Fined $75,000 for Maintaining ePHI on an Unsecured Server
• CISA Publishes Guidance on Securing Cloud Services
• Healthcare Organizations Warned of Risk of Cyberattacks via SEO Poisoning
• Study Identifies Lack of Preparedness for Ransomware Attacks in Emergency Departments
• PoC Exploit Published for CISCO AnyConnect Secure Vulnerability
• SEC Postpones Final Rule on Cyber Incident Disclosures
• May 2023 Healthcare Data Breach Report
• TimisoaraHackerTeam Ransomware Group Linked with Recent Attack on U.S. Cancer Center
• Progress Software Warns of New MOVEit Zero-Day Vulnerability – Immediate Action Required
• Senate Committee Advances Rural Hospital Cybersecurity Enhancement Act
• Comprehensive LockBit Ransomware Cybersecurity Advisory Issued by CISA & Partners
• Ransomware Attack Key Factor in Decision to Close Rural Illinois Hospital
• HPH Sector Urged to Make FIN11 Threat Group a Priority for Security Teams
• HC3 Raises Awareness of Diverse Threat Actors Targeting the HPH Sector
• Update on MOVEit Vulnerability Exploitation and Extortion: Victims Given Until June 14 to Pay Ransoms
• Guide Released on Securing Remote Access Software
• Verizon 2023 DBIR: Social Engineering Attacks Increase; Ransomware Plateaus
• Mass Exploitation of MOVEit Transfer Zero-day Vulnerability Confirmed
• CISA & Partners Release Updated StopRansomware Guide
• Cyberattacks on Hospitals Cause Significant Disruption at Neighboring Healthcare Facilities
• CommonSpirit Health Says Ransomware Attack Likely to Cost $160 Million
• AHA Urges OCR To Reconsider its Guidance on Tracking Technologies
• April 2023 Healthcare Data Breach Report
• Bipartisan Legislation Introduced to Address Rural Hospital Cybersecurity Skill Gaps
• FBI and CISA Issue Warning About BianLian Ransomware and Extortion Group
• Illumina Sequencing Instruments Affected by Maximum Severity Vulnerability
• HC3: Ransomware Groups are Exploiting GoAnywhere and PaperCut Vulnerabilities
• Organizations Face Increased Scrutiny of Health Data Breaches
• Healthcare Industry Facing Increased Malware and Ransomware Threats
• NIST Releases Discussion Draft of NIST CSF 2.0 Core
• Riskiest Connected Medical Devices Revealed
• Healthcare Ransomware Attacks Threaten Up to 30% of Operating Income
• One-Fifth of Healthcare Organizations Do Not Enforce Cybersecurity Protocols
• March 2023 Healthcare Data Breach Report
• Mandiant Shares Threat Intelligence from 2022 Cyber Incident Investigations
• Survey Highlights Ongoing Healthcare Cybersecurity Challenges
• CISA Updates its Zero Trust Maturity Model
• Microsoft, Fortra, and Health-ISAC Join Forces to Disrupt Malicious Use of Cobalt Strike
• Security Teams Pressured into Keeping Quiet About Security Breaches
• 94% of Organizations Experienced a Cyberattack in 2022
• Hackers Increasingly Targeting Cloud Apps to Distribute Malware
• KillNet Hacktivist Group Continues to Target U.S. Healthcare Organizations
• Healthcare CISOs Undervalue Dark Web Intelligence
• Microsoft Will Block Dangerous File Types in OneNote Documents
• Health-ISAC Report Explores Current and Emerging Cyber Threats to the Healthcare Sector
• FDA Cybersecurity Requirements for Medical Devices Now in Effect
• Improve Mobile Device Security with this HC3 Checklist
• Ransomware Attacks Increased by More Than 51% in February
• 20% of Ransomware Attacks Involve Victim Harassment
• FBI: Losses to Cybercrime Increased by 49% in 2022 to $10.3 Billion
• February 2023 Healthcare Data Breach Report
• Feds Release Updated Threat Intelligence on LockBit 3.0 Ransomware
• Senate Committee Told How Federal Government Can Improve Healthcare Cybersecurity
• HC3 Shares Black Basta Ransomware Threat Intelligence Data
• HSCC Issues Guidance for Healthcare Organizations on Managing Legacy Technology Security
• CISA Launches Ransomware Vulnerability Warning Pilot Program
• HC3 Sheds Light on Data Exfiltration Trends in Healthcare Cyberattacks
• Feds Share Technical Details of Royal Ransomware
• Ransomware Gang Ups the Ante by Publishing Naked Images of Patients
• HSCC & HHS Release Guide to Help Healthcare Organizations Adopt the NIST Cybersecurity Framework
• Cybercriminals Adopt Corporate Tactics to Address Declining Revenues
• Suspected DoppelPaymer Ransomware Core Members Arrested in Europol-Led Operation
• Losses to Phishing Attacks Increased by 76% in 2022
• Biden Administration Announces New National Cybersecurity Strategy
• Amazon Completes Acquisition of OneMedical Amid Concern About Uses of Patient Data
• Survey Reveals a Majority of Americans Are Uncomfortable with AI in Healthcare
• On-the-Spot Intervention 95% Effective at Preventing Further Unauthorized Medical Record Access
• Healthcare Organizations Warned About MedusaLocker Ransomware Attacks
• HC3 Issues HPH Sector Alert Following Suspected Clop Cyberattacks
• Healthcare Sector Warned About Increase in GootLoader Malware Infections
• HC3 Issues DDoS Guide for the Healthcare Sector
• Mandiant: Organizations Are Not Getting the Maximum ROI from Threat Intelligence
• Healthcare Organizations Most Common Victims in 3rd Party Data Breaches
• Senators Demand Answers from Telehealth Firms on Pixel-Related Data Sharing Practices
• Warning Issued About North Korean Ransomware Attacks on Healthcare Organizations
• 28% BEC Emails are Opened and 15% Get a Reply
• RDP and Cloud Databases Most Common Targets of Threat Actors
• 98% of Organizations Use a Vendor That Had a Data Breach in the Past 2 Years
• Pro-Russian Hacking Group Conducting DDoS Attacks on U.S. Hospitals
• Multiple Vulnerabilities Identified in OpenEMR Health Record and Practice Management Software
• Hive Ransomware Operation Disrupted as FBI Seizes the Gang’s Infrastructure
• Healthcare Industry Most Commonly Attacked with Downloaders and Ransomware
• Feds Warn of Malicious Use of RMM Software in Callback Phishing Attacks
• Ransomware Profits Decline as Victims Refuse to Pay Ransoms
• 2022 Healthcare Data Breach Report
• Hackers are Using AI Tools such as ChatGPT for Malware Development
• Vulnerability Management and Remediation Deficiencies Identified at Alabama VA Medical Center
• NortonLifeLock Warns Customers About Potential Password Manager Breach
• Ransomware Appears to be in Decline, but Don’t Lower your Guard
• HC3 Shares Intelligence on BlackCat and Royal Ransomware Operations
• December 2022 Healthcare Data Breach Report
• Password Management Howlers Identified at U.S. Department of the Interior
• Leading Healthcare CISOs Join Forces to Solve Third Party Risk Management Challenges
• Healthcare Organizations Failing to Assess and Mitigate Supply Chain Risks
• Study Identifies Healthcare Ransomware Attack Trends
• Global Healthcare Cyberattacks Increased by 74% in 2022
• HPH Sector Warned About Clop Ransomware-as-a-Service Operation
• Urgent Patching Required to Fix Critical Citrix, Netgear, and Zoho ManageEngine Vulnerabilities
• 290 Hospitals Potentially Affected by Ransomware Attacks in 2022
• HITRUST Cybersecurity Framework Gets 2023 Update
• HPH Sector Warned About Threat of DDoS Attacks by Pro-Russian Hacktivist Group
• Medical Device Cybersecurity Provisions Included in Omnibus Appropriations Bill
• Critical Citrix ADC and Gateway Vulnerability Exploited in Attacks on Healthcare Organizations
• Improper Use of Password Managers Is Increasing
• Most Important Factors for Improving Cyber Resilience
• Automation Can Help Network Defenders Achieve More in Less Time and Stay One Step Ahead of Hackers
• Ransomware Gangs Adopt New Tactics to Attack Victims and Increase Likelihood of Payment
• HC3 Shares Analyses of LockBit 3.0 and BlackCat Ransomware
• Healthcare Organizations Warned About Royal Ransomware Attacks
• Industry Groups Provide Feedback on Sen. Warner’s ‘Cybersecurity is Patient Safety’ White Paper
• Guide Released for Assessing and Improving Connected Medical Device Security
• Medical Practices with a High Percentage of Connected Medical Devices Experience More Cyberattacks
• Healthcare Sector Warned About Cuba Ransomware Attacks
• LastPass Confirms Customer Data Breached in Hacking Incident
• Healthcare Ransomware Threat High Despite Slight Downturn in Attacks in Q3
• Privacy Risks Identified in Websites Used to Deliver Opioid Addiction Treatment and Recovery Services
• Healthcare Sees 60% YoY Increase in Cyberattacks
• HPH Sector Warned About Lorenz Ransomware Group
• October 2022 Healthcare Data Breach Report
• Feds Issue Warning to HPH Sector About Aggressive Hive Ransomware Group
• FDA, MITRE Update Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook
• CISA Releases Decision Tree Methodology for Assessing and Remediating Software Vulnerabilities
• HC3 Sounds Alarm About Venus Ransomware
• The Riskiest Connected Devices in Healthcare
• Healthcare Sector Warned About Cyberattacks by Iranian State-Sponsored Threat Actors
• Feds Issue Guidance on Responding to and Reducing the Impact of DDoS Attacks
• Cybersecurity is Now a Patient Safety Issue, Suggests Sen. Warner In Congressional Report
• President Biden Declares November as Critical Infrastructure Security and Resilience Month
• CISA Urges Organizations to Implement Phishing-Resistant Multifactor Authentication
• OpenSSL Downgrades Bug Severity to High and Releases Patches
• Patch Due for Release on November 1, 2022 to Fix Critical OpenSSL Vulnerability
• CISA Publishes Voluntary Cybersecurity Performance Goals for Critical Infrastructure Organizations
• Adoption of Passwordless Authentication Grows But Poor Password Practices Persist
• Only One in Five Organizations Follow the 3-2-1 Rule for Data Backups
• CHIME Urges FTC to Stringently Enforce Health Breach Notification Rule
• CISA Director Encourages All Organizations to Adopt FIDO Authentication
• Government Issues Warning to Healthcare Organizations About Daixin Team Extortion and Ransomware Attacks
• Meta Facing Scrutiny Over Use of Meta Pixel Tracking Code on Hospital Websites
• Mid-Year Report Shows Healthcare Cyberattacks Have Increased by 69%
• White House Plans to Issue New Cybersecurity Standards for the Healthcare Industry
• Study Suggests Businesses Are Not Prepared for the Escalation in Cyberattacks
• 25% of Healthcare Organizations Said a Ransomware Attack Forced Them to Completely Halt Operations
• HHS Warns HPH Sector About Abuse of Legitimate Software and Security Tools by Threat Actors
• Advisory Issued About BD Totalys MultiProcessor Vulnerability
• Cybersecurity Awareness Month Focuses on 4 Key Behaviors
• Zero Day Microsoft Exchange Server Vulnerabilities Being Actively Exploited
• NIH Needs to Improve Cybersecurity Requirements for its Grant Program
• Medical Device Cybersecurity Requirements Stripped from FDA Reauthorization Bill
• GAO: HHS Should Strengthen Oversight of Medicare Telehealth and Help Providers Communicate Privacy Risks
• Healthcare Industry Warned About Risk Posed by APT41 Threat Group
• Vulnerability Identified in Medtronic MiniMed 600 Series Insulin Pumps
• Monkeypox Phishing Campaign Targets Healthcare Providers
• August 2022 Healthcare Data Breach Report
• FBI Warns of Ongoing Cybercriminal Campaigns Targeting Healthcare Payment Processors
• FBI Warns Healthcare Providers About Unpatched and Outdated Medical Device Risks
• HC3 Highlights Privacy and Security Risks Associated with Emerging Technologies
• 4 Vulnerabilities Identified in Baxter & Sigma Spectrum Infusion Pumps
• Study Confirms Increase in Mortality Rate and Poorer Patient Outcomes After Cyberattacks
• Bitwarden’s $100 Million Investment will Accelerate Addition of Passwordless Authentication and Developers Secrets
• OIG Calls for Greater Oversight of the Cybersecurity of the Organ Procurement and Transplantation Network
• Health-ISAC Publishes Guidance for CISOs on Implementing Zero Trust Security Architectures
• Multiple Vulnerabilities Identified in Contec Health Vital Signs Patient Monitors
• Healthcare Organizations Warned About Evil Corp. Cybercrime Syndicate
• Source Code Stolen in LastPass Data Breach
• Study Explores How Medical Apps are Sending Health Data to Facebook and Others
• HC3 Sounds Alarm Over Data Theft and Extortion Attacks by Karakurt Threat Actors
• HC3 Warns of Increase in Vishing Attacks and the Dangers of Social Engineering
• July 2022 Healthcare Data Breach Report
• 58% of Healthcare Organizations Have Implemented Zero-Trust Initiatives
• Survey Confirms Patients Are Extremely Concerned About Healthcare Data Privacy
• How the FIDO Alliance Aims to Make Logging In More Secure
• Cyberspace Solarium Commission Co-Chairs Call for HHS to Improve Threat Information Sharing with HPH Sector
• Ransomware Gangs Adopt Callback Phishing Techniques for Gaining Initial Network Access
• Healthcare Providers Targeted in Evernote Phishing Campaign
• CISA Sounds Alarm About Zeppelin Ransomware Targeting Healthcare Organizations
• 1H 2022 Healthcare Data Breach Report
• Ensuring Personal Password Privacy in Shared-Vault Environments
• HC3 Warns About Risks of IoT in Healthcare
• Most Common Malware Strains in 2021
• 55% of Healthcare Organizations Suffered a Third-Party Data Breach in the Past Year
• Why Businesses Should Reconsider Their Enterprise Password Policies
• Ransom Payment Data Suggests More Victims are Choosing Not to Pay
• Ransomware Attacks Drop by 23% Globally but Increase by 328% in Healthcare
• IBM: Average Cost of a Healthcare Data Breach Reaches Record High of $10.1 Million
• Survey Reveals Bad Cyber Hygiene and Poor Password Practices are Commonplace
• Cloud Security Alliance Releases Third Party Vendor Risk Management Guidance for Healthcare Organizations
• Study Reveals Top Websites Fail to Follow Password Best Practices
• HC3 Warns of Risk of Web Application Attacks on Healthcare Organizations
• Department of Justice Announces Seizure of $500,000 in Ransom Payments Made by U.S. Healthcare Providers
• Cyber Safety Review Board Says Log4j Vulnerabilities Endemic and Will Persist for Years
• Oklahoma State University Settles HIPAA Case with OCR for $875,000
• Over 10,000 Organizations Targeted in Ongoing MFA-Bypassing Phishing and BEC Campaign
• Feds Warn of Threat of Maui Ransomware Attacks By North Korean State-Sponsored Hackers
• Google Announces New Measures to Protect User Privacy on Healthcare Matters
• FBI, CISA, & FinCEN Sound Alarm About MedusaLocker Ransomware
• Warning Issued About 3 High-Severity Vulnerabilities in OFFIS DICOM Software
• FBI Thwarted ‘Despicable’ Cyberattack on Boston Children’s Hospital
• Vulnerabilities Identified in Welch Allyn Resting Electrocardiograph Devices
• HHS Offers Advice to Help Healthcare Organizations Strengthen Their Cyber Posture
• Bipartisan Legislation Introduced to Strengthen Cybersecurity for Medical Devices
• DogWalk Zero-day Windows MSDT Vulnerability Gets Unofficial Patch
• HC3 Warns Healthcare Sector About Growing Threat from Emotet Malware
• Atlassian Releases Patch for Maximum Severity Widely Exploited Vulnerability in Confluence Server and Data Center
• Healthcare Organizations Warned About Maximum Severity Vulnerabilities in Illumina Devices
• BD Issues Security Advisories About Pyxis and Synapsys Vulnerabilities
• Zero Day Microsoft Office Vulnerability can be Exploited with Macros Disabled
• CISA Adds 75 Vulnerabilities to the Known Exploited Vulnerability Catalog
• What is CMMC Compliance?
• Former IT Consultant Charged with Intentionally Causing Damage to Healthcare Company’s Server
• Verizon Data Breach Investigations Report Reveals 2021 Data Breach Trends
• HHS Shares Information on Advanced Persistent Threat Groups Linked with the Russian Intelligence Services
• Cybersecurity Agencies Share Most Common Attack Vectors for Initial Access and Recommended Mitigations
• Five Eyes Intelligence Alliance Warns of Increase in Cyberattacks Targeting Managed Service Providers
• Bill Introduced that Seeks to Improve Medical Device Cybersecurity
• Misconfigured AWS S3 Bucket Exposed Sensitive Data of Breast Cancer Patients
• HC3 Highlights Trends in Ransomware Attacks on the HPH Sector
• NIST Publishes Updated Cybersecurity Supply Chain Risk Management Guidance
• Average Ransom Payment Dropped by 34% in Q1, 2022
• FBI Issues Warning About BEC Scams as Losses Increase to $43 Billion
• HHS Information Security Program Rated ‘Not Effective’
• Operational Continuity-Cyber Incident Checklist Published by HSCC
• WEDI Makes Healthcare-Specific Recommendations for Improving the NIST Cybersecurity Framework
• 15 Most Exploited Vulnerabilities in 2021
• Five Eyes Agencies Warn Critical Infrastructure Orgs About Threat of Russian State-Sponsored and Criminal Cyberattacks
• 2021 Saw Record Numbers of DDoS Attacks on the Healthcare Industry
• FBI Issues Warning About BlackCat Ransomware Operation
• HHS Issues Warning to HPH Sector about Hive Ransomware
• Microsoft Sinkholes Notorious ZLoader Botnet
• JekyllBot:5 Vulnerabilities Allow Hackers to Take Control of Aethon TUG Hospital Robots
• CISA Issues Guidance on Sharing Cyber Event Information
• Warning Issued About Phishing Campaigns Involving Legitimate Email Marketing Platforms
• Increase in Class Action Lawsuits Following Healthcare Data Incidents
• FDA Releases Updated Guidance on Medical Device Cybersecurity
• NCCoE Releases Final Guidance on Effective Enterprise Patch Management
• OCR Seeks Comment on Recognized Security Practices and the Sharing of HIPAA Settlements
• The PATCH Act Introduced to Improve Medical Device Cybersecurity
• Differences Between Small and Large Healthcare Organizations on Security
• Warnings Issued About Vulnerabilities in the Spring Application Building Platform and UPS Devices
• Bipartisan Bill Proposed to Strengthen Healthcare Cybersecurity
• FBI: At Least 148 Healthcare Organizations Suffered Ransomware Attacks in 2021
• President Urges Private Sector to Harden Cybersecurity Defenses
• OCR: HIPAA Security Rule Compliance Can Prevent and Mitigate Most Cyberattacks
• Russian State-Sponsored Actors are Exploiting MFA and the PrintNightmare Vulnerability
• Healthcare Scores Poorly for Practicing the Cyber Incident Response
• Breach Barometer Report Shows Over 50 Million Healthcare Records Were Breached in 2021
• Warning Issued About Access:7 Vulnerabilities Affecting IoT and Medical Devices
• HC3 Report Reveals Cyberattack Trends and Provides Insights to Improve Healthcare Cybersecurity
• HSCC Releases Model Contract Template for HDOs and Medical Device Manufacturers
• Poor Employee Cyber Hygiene is Putting Healthcare Cybersecurity at Risk
• Security Issues Identified in 75% of Infusion Pumps
• Paying a Ransom Doesn’t Put an End to the Extortion
• HHS Warns of Potential Threats to the Healthcare Sector
• OCR Director Encourages HIPAA-Regulated Entities to Strengthen Their Cybersecurity Posture
• NIST Requests Comments on How to Improve its Cybersecurity Framework
• NCCoE Releases Final Version of NIST Securing Telehealth Remote Patient Monitoring Ecosystem Guidance
• CISA Publishes List of Free Cybersecurity Tools to Advance Security Capabilities
• HHS Raises Awareness of Threats to Electronic Health Record Systems
• 2021 Saw Sharp Increase in Ransomware Data Leaks and Ransom Demands
• HIMSS Cybersecurity Survey Suggests the Human Factor is the Largest Vulnerability in Healthcare
• CISA, FBI, NSA Warn of Increased Threat of Ransomware Attacks on Critical Infrastructure
• Immediate Patching Required to Fix Critical SAP Vulnerabilities
• Latest Phishing Kits Allow Multi-Factor Authentication Bypass
• HC3: Lessons Learned from the Ransomware Attack on Ireland’s Health Service Executive
• FBI Shares Technical Details of Lockbit 2.0 Ransomware
• Unpatched Vulnerabilities are the Most Common Attack Vector Exploited by Ransomware Actors
• HC3: BlackMatter Ransomware Threat Level Reduced
• Technologies Supporting Telehealth Have Placed Healthcare Data at Risk
• Settlement Reached in Excellus Class Action Data Breach Lawsuit
• New York Fines EyeMed $600,000 for 2.1 Million-Record Data Breach
• More Than Half of All Healthcare IoT Devices Have a Known, Unpatched Critical Vulnerability
• Healthcare Cybersecurity Risks in 2022
• CISA Urges All U.S. Orgs to Take Immediate Action to Protect Against Wiper Malware Attacks
• December 2021 Healthcare Data Breach Report
• Disruption to Services at Maryland Department of Health Continues One Month After Ransomware Attack
• Critical Infrastructure Entities Warned About Cyberattacks by State-sponsored Russian APT Actors
• 2020-2021 HIPAA Violation Cases and Penalties
• 92% of IT Leaders Guilty of Password Reuse
• Healthcare Supply Chain Association Issues Guidance on Medical Device and Service Cybersecurity
• November 2021 Healthcare Data Breach Report
• New Data Reveals Extent of Ransomware Attacks on the Healthcare Sector
• Third Version of Log4j Released to Fix High Severity DoS Vulnerability
• Most Patients Don’t Trust Their Healthcare Providers to Securely Store PII and Payment Information
• Learnings from a Major Healthcare Ransomware Attack
• Max-Severity Apache Log4j Zero-day Vulnerability Extensively Exploited in the Wild
• High-Severity Authentication Bug Identified in Hillrom Welch Allyn Cardio Products
• SonicWall Recommends Immediate Firmware Upgrade to Fix Critical Flaws in SMA 100 Series Appliances
• Guidance Issued for Healthcare CISOs on Identity, Interoperability, and Patient Access
• Biomanufacturing Sector Warned of High Risk of Tardigrade Malware Attacks
• APT Actors Exploiting Zoho ManageEngine ServiceDesk Plus to Deliver Webshells
• HHS Launches 405(d) Program Website Providing Resources to Help Mitigate Healthcare Cybersecurity Threats
• CISA Publishes Mobile Device Cybersecurity Checklist for Organizations
• Increased Risk of Cyber and Ransomware Attacks Over Thanksgiving Weekend
• HC3 Warns Healthcare Sector About Risk of Zero-day Attacks
• Vulnerabilities Identified in Philips IntelliBridge, Patient Information Center and Efficia Patient Monitors
• 82% Of Healthcare Organizations Have Experienced an IoT Cyberattack in the Past 18 Months
• Patients Unaware of the Extent of Healthcare Cyberattacks and Data Theft
• Medical Devices Affected by 13 Siemens Nucleus RTOS TCP/IP Stack Vulnerabilities
• DOJ Indicts 2 REvil Ransomware Gang Members: State Department Now Offering $10 Million Reward for Information
• HC3: Cobalt Strike Penetration Testing Framework Increasingly Used in Cyberattacks on Healthcare Organizations
• 3 Medium Severity Vulnerabilities Identified in Philips MRI Solutions
• Chinese APT Group Compromised Healthcare Organizations by Exploiting Zoho Password Management Platform Flaw
• FBI: Ransomware Gangs Exploiting Corporate Financial Events to Facilitate Extortion
• 42% of Healthcare Organizations Have Not Developed an Incident Response Plan
• OCR: Ensure Legacy Systems and Devices are Secured for HIPAA Compliance
• Microsoft Warns of Ongoing Attacks by SolarWinds Hackers on Service Providers and Downstream Businesses
• Study Reveals Healthcare Employees Have Unnecessary Access to Huge Amounts of PHI
• International Law Enforcement Operation Takes Down REvil Ransomware Gang’s Infrastructure
• Cybersecurity Awareness Month: Put Cybersecurity First
• 44% of Healthcare Organizations Don’t Have Full Visibility into 3rd Party Access and Permissions
• Healthcare CISOs Need Federal Assistance to Deal with Increase in Cyber Threats
• September 2021 Healthcare Data Breach Report
• Alert Issued About Ongoing BlackMatter Ransomware Attacks
• MITRE Launches Centers to Protect Critical Infrastructure and Public Health
• Cybersecurity Awareness Month: Fight the Phish!
• FIN12 Ransomware Gang Actively Targeting the Healthcare Sector
• Ransom Disclosure Act Requires Disclosure of Payments to Ransomware Gangs Within 48 Hours
• Medtronic Recalls MiniMed Remote Controllers Due to Serious Cybersecurity Vulnerability
• Insider Threat Self-Assessment Tool Released by CISA
• Lawsuit Alleges Ransomware Attack Resulted in Hospital Baby Death
• National Cybersecurity Awareness Month: Do Your Part, #BeCyberSmart
• NSA/CISA Issue Guidance on Selecting Secure VPN Solutions and Hardening Security
• Fifth of Healthcare Providers Report Increase in Patient Mortality After a Ransomware Attack
• 1 in 3 Americans Have Tried to Guess Someone’s Password and 3/4 Succeeded
• CISA and FBI Warn About Escalating Conti Ransomware Attacks
• Health and Public Health Sector Warn of Elevated Risk of BlackMatter Ransomware Attacks
• Patch Released to Fix Critical Flaw in Zoho ManageEngine Password Management Solution
• NCCoE Releases Final Cybersecurity Practice Guide on Mobile Application Single Sign-On for First Responders
• CISA Updates List of Cybersecurity Bad Practices to Eradicate
• FBI & CISA Warn of Increased Risk of Ransomware Attacks over Labor Day Weekend
• Outpatient Facilities Targeted by Cyber Actors More Frequently Than Hospitals
• Researchers Identify Easily Exploitable Vulnerabilities in Drug Infusion Pumps
• July 2021 Healthcare Data Breach Report
• CISA Publishes Guidance on Protecting Sensitive Data and Responding to Double-Extortion Ransomware Attacks
• Mid-Year Threat Report Shows Massive Increase in Ransomware Attacks
• Scripps Health Ransomware Attack Cost Increases to Almost $113 Million
• CISA Issues Warning About Blackberry’s QNX Vulnerability Affecting Critical Infrastructure
• Password Reuse is Rife and Security Awareness Training Has Little Effect
• Study Reveals Extent of Cybersecurity Vulnerabilities at Major Pharmaceutical Firms
• New ‘DeepBlueMagic’ Ransomware Discovered by Heimdal Security Researchers
• NIST Updates Guidance on Developing Cyber Resilient Systems
• Hospitals More Vulnerable to Botnets, Spam, and Malware than Fortune 1000 Firms
• 73% of Businesses Suffered a Data Breach Linked to a Phishing Attack in the Past 12 Months
• Healthcare Industry has Highest Number of Reported Data Breaches in 2021
• NSA & CISA Issue Guidance on Hardening Security and Managing Kubernetes Environments
• Multiple Critical Vulnerabilities Identified in Pneumatics System Used in 2,300 U.S. Hospitals
• CISA Publishes List of the Most Commonly Exploited Vulnerabilities
• The Average Cost of a Healthcare Data Breach is Now $9.42 Million
• Report: The State of Privacy and Security in Healthcare
• The Average Ransomware Payment Fell by 38% in Q2, 2021
• June 2021 Healthcare Data Breach Report
• U.S. Government Launches New One-Stop Ransomware Website
• Imminent Risk of Ransomware Attacks Exploiting Flaw in SonicWall SRA/SMA 100 Series VPN Appliances
• CISA Publishes Guidance for MSPs and SMBs on Hardening Security Defenses
• REvil Ransomware Websites Disappear Fueling Speculation of Law Enforcement Takedown
• Kaseya Security Update Addresses Flaws Exploited in KSA Ransomware Attack
• Study Explores Why Many People Don’t Use a Password Manager
• Multiple Critical Vulnerabilities Affect Philips Vue PACS Products
• Kaseya KSA Supply Chain Attack Sees REvil Ransomware Sent to 1,000+ Companies
• HHS: Take Action Now to Secure Vulnerable PACS Servers
• CISA Releases Ransomware Readiness Assessment Audit Tool
• Survey Reveals Password Best Practices are Not Being Folllowed
• Exploit Released for ‘PrintNightmare’ Zero-Day Windows Print Spooler RCE Vulnerability
• CISA Publishes Catalog of Cybersecurity Bad Practices That Must Be Eradicated
• OIG Survey Reveals Lack of Oversight of Cybersecurity of Networked Medical Devices in Hospitals
• NIST Publishes Critical Software Definition for U.S. Agencies
• Government Watchdog Makes 7 Recommendations to HSS to Improve Cybersecurity
• 1 Billion-Record Database of Searches of CVS Website Exposed Online
• Bipartisan Group of Senators Introduce Draft Federal Data Breach Notification Bill
• May 2021 Healthcare Data Breach Report
• Avaddon Ransomware Operation Shuts Down and Releases Decryption Keys
• HSCC Urges Biden to Provide Funding to Bolster Cybersecurity Posture of the Healthcare Sector
• Patch Issued to Fix Critical RCE Vulnerability in ZOLL Defibrillator Dashboard
• Rights of Data Subjects Under GDPR
• Vulnerabilities Identified in Hillrom Medical Device Management Products
• Critical Vulnerabilities identified in MesaLabs Laboratory Temperature Monitoring System
• SolarWinds Orion Hackers Targeting U.S. Organizations with New Spear Phishing Campaign
• PasswordState Password Manager Supply Chain Attack Delivers Password-Stealing Malware
• Healthcare Organizations Facing Higher Cyber Insurance Costs for Less Coverage
• FBI Warns of Ongoing Conti Ransomware Attacks on Healthcare Organizations and First Responders
• U.S Advances 5 Bills to Improve Cyber Defenses of SLTT Governments and Critical Infrastructure Entities
• Ransomware Gangs Adopt Triple Extortion Tactics
• CISA Issues Guidance on Evicting Adversaries from Networks Following SolarWinds Attacks
• April 2021 Healthcare Data Breach Report
• DarkSide RaaS Shut Down and Ransomware Gangs Ban Attacks on Healthcare Organizations
• President Biden Signs Expansive Executive Order to Improve Cybersecurity for Federal Networks
• Verizon: Healthcare Phishing and Ransomware Attacks Increase while Insider Breaches Fall
• CISA/FBI Provide Best Practices for Preventing Business Disruption from Ransomware Attacks
• CISA Warns of FiveHands Ransomware Threat
• Network Intrusions and Ransomware Attacks Overtake Phishing as Main Breach Cause
• CISA/NIST Issue Guidance on Improving Defenses Against Software Supply Chain Attacks
• Study: 1 in 5 Enterprise Users Have Set Weak Passwords
• Ransom Payment Increase Driven by Accellion FTA Data Exfiltration Extortion Attacks
• Best Practices for Network Defenders to Identify and Block Russian Cyber Operations
• DOJ Launches Ransomware and Digital Extortion Task Force
• Three Zero-Day Vulnerabilities in SonicWall Email Security are Being Actively Exploited
• Pulse Connect Secure Vulnerabilities Being Actively Exploited, Including New Zero-Day Flaw
• HSCC Publishes Guidance on Securing the Telehealth and Telemedicine Ecosystem
• Health-ISAC Helps Healthcare Organizations Prepare for Supply Chain Cyberattacks
• NSA/CISA/FBI: Patch Now to Stop Russian Government Hackers Exploiting These 5 Vulnerabilities
• COVID-19 Vaccine Cold Chain Continues to Be Targeted by Threat Groups
• Immediate Patching Required for 4 New Critical Microsoft Exchange Server Vulnerabilities
• HHS OIG: HHS Information Security Program Rated ‘Not Effective’
• CISA Releases Tool for Assessing Post Compromise Activity in Microsoft 365 Environments
• Vulnerabilities in Mission Critical SAP Systems Actively Exploited by Multiple Threat Groups
• Iranian APT Group Linked to Spear Phishing Campaign Targeting Senior Staffers at Medical Research Firms
• New Report Provides Deep Dive into COVID-19 Themed Phishing Tactics
• FBI Issues Warning About Mamba Ransomware
• FBI Warns of Increase in Business Email Compromise Attacks on Local and State Governments
• Verkada Surveillance Camera Hacker Indicted on Multiple Counts of Conspiracy, Wire Fraud and Aggravated Identity Theft
• February 2021 Healthcare Data Breach Report
• FBI: $4.2 Billion Lost to Cybercrime in 2020
• CISA/FBI Issue Joint Alert About Spear Phishing Attacks Delivering TrickBot Malware
• 2020 Saw Major Increase in Healthcare Hacking Incidents and Insider Breaches
• Hackers Access Live Feeds and Archived Footage from 150,000 Verkada Security Cameras
• Cost of 2020 US Healthcare Ransomware Attacks Estimated at $21 Billion
• Small and Medium Sized Practices Under Increased Pressure from Cyberattacks
• IBM X-Force: Healthcare Cyberattacks Doubled in 2020
• Multiple Threat Groups Exploiting Zero Day Microsoft Exchange Server Flaws
• NSA Releases Guidance on Adopting a Zero Trust Approach to Cybersecurity
• CISA Warns of Active Exploitation of Accellion File Transfer Appliance Vulnerabilities
• Insights into Healthcare Industry Cyber Threats and the Supply Chain Supporting Criminal Activity
• LastPass Restricts Functionality of its Free Password Manager
• 100% of Tested mHealth Apps Vulnerable to API Attacks
• Ransomware Gang Dumps Data Stolen from Two U.S. Healthcare Providers
• Feds Release Ransomware Fact Sheet
• FDA Appoints Kevin Fu as its First Director of Medical Device Security
• Global Law Enforcement Action Disrupts NetWalker Ransomware Operation
• Multinational Law Enforcement Operation Takes Down the Emotet Botnet
• Ransomware Attacks Account for Almost Half of Healthcare Data Breaches
• FBI Issues Warning Following Spike in Vishing Attacks
• 2020 Healthcare Data Breach Report: 25% Increase in Breaches in 2020
• At Least 560 U.S. Healthcare Facilities Were Impacted by Ransomware Attacks in 2020
• December 2020 Healthcare Data Breach Report
• CISA Warns of Hackers Exploiting Poor Cyber Hygiene to Access Cloud Environments
• Healthcare Industry Web Application Attacks Have Increased by 51% in the Past Two Months
• Hackers Leak Data Stolen in European Medicines Agency Cyberattack
• HITECH Act Amendment Creating Cybersecurity Safe Harbor Signed into Law
• FBI Issues Warning About Increasing Egregor Ransomware Activity
• Vulnerabilities Identified in Innokas Yhtymä Oy Vital Signs Monitors
• Federal Task Force Says SolarWinds Supply Chain Attack Likely Russian in Origin
• NSA Releases Guidance on Eliminating Weak Encryption Protocols
• Healthcare Industry Cyberattacks Increase by 45%
• Hidden Backdoor Identified in 100,000 Zyxel Devices
• Largest Healthcare Data Breaches in 2020
• CISA Launches SolarWinds Supply Chain Compromise Website and Free Malicious Activity Detection Tool
• NIST Releases Final Guidance on Securing the Picture Archiving and Communication System (PACS) Ecosystem
• FBI Warns of DoppelPaymer Ransomware Attacks Targeting Critical Infrastructure
• NSA Warns of Authentication Mechanism Abuse to Gain Access to Cloud Resources
• OCR HIPAA Audits Industry Report Identifies Common Areas of Noncompliance with the HIPAA Rules
• House Passes Bill Calling for HHS to Recognize Adoption of Cybersecurity Best Practices
• CISA: SolarWinds Orion Software Under Active Attack
• Serious Vulnerabilities Identified in Medtronic MyCareLink Smart Patient Readers
• Critical Vulnerabilities Identified in More Than 100 GE Healthcare Imaging and Ultrasound Products
• COVID-19 Vaccine Cold Chain Organizations Targeted in Global Phishing Campaign
• Vulnerabilities in OpenClinic Application Could Allow Unauthorized PHI Access
• Researchers Describe Possible Synthetic DNA Supply Chain Attack
• FBI Issues Warning About Increasing Ragnar Locker Ransomware Activity
• Free Google Services Abused in Phishing Campaigns
• HHS Releases Final Rules with Safe Harbors for Cybersecurity Donations
• October 2020 Healthcare Data Breach Report
• ASPR Provides Update on Ransomware Activity Targeting the Healthcare Sector
• Vendor Access and HIPAA Compliance: Are you Secured?
• Nation State APT Groups Targeting Companies Involved in COVID-19 Research and Vaccine Development
• Phishing Campaign Uses Employment Termination Lure to Deliver Bazar and Buer Malware
• Half of Ransomware Attacks Now Involve the Theft of Data Prior to Encryption
• Majority of Microsoft 365 Admins Have Not Enabled Multi-Factor Authentication
• Advisory Warns of Targeted Ryuk Ransomware Attacks on the Healthcare and Public Health Sector
• Survey Explores Cybersecurity Impact of COVID-19 Enforced Switch to a Remote Working Environment
• Hackers Blackmail Finnish Psychotherapy Provider and Patients and Leak Psychotherapy Notes
• FDA Approves Tool for Scoring Medical Device Vulnerabilities
• Vulnerabilities Identified in B. Braun OnlineSuite and SpaceCom
• 6 Russian Hackers Indicted for Offensive Cyber Campaigns Including 2017 NotPetya Wiper Attacks
• Active Threat Warning Issued About SharePoint RCE Vulnerability
• Universities Targeted in Silent Librarian Spear Phishing Campaign
• Patch Wormable ‘Bad Neighbor’ Windows TCP/IP Flaw Now, Warns CISA
• CISA/FBI: APT Groups Chaining Legacy Vulnerabilities with Netlogon Flaw
• CISA Issues Alert Following Increase in Emotet Malware Attacks
• CISA Releases Telework Toolkit to Help Businesses Transition to a Permanent Telework Environment
• Treasury Department Warns of Sanctions Risks if Facilitating or Paying a Ransomware Payment
• NIST Publishes Updated Security and Privacy Controls Guidance for Information Systems and Organizations
• CISA Issues Alert Following Surge in LokiBot Malware Activity
• August 2020 Healthcare Data Breach Report
• Hospital Ransomware Attack Results in Patient Death
• CISA Warns of Public Exploit for Windows Netlogon Remote Protocol Vulnerability
• Vulnerabilities Identified in Philips Clinical Collaboration Platform
• CISA/FBI Warn of Targeted Attacks by Iranian Hacking Groups
• CISA Warns of Ongoing Attacks by Chinese Hacking Groups Targeting F5, Citrix, Pulse Secure, and MS Exchange Flaws
• 8 Vulnerabilities Identified in Philips Patient Monitoring Devices
• Privacy Risks Found on Almost All Websites Offering COVID-19 Information
• Poll Shows Consumers Unaware of the Extent Health Insurers Gather and Use Consumer-Generated Data
• Resources to Help Healthcare Organizations Improve Resilience Against Insider Threats
• CISA Issues Technical Guidance on Uncovering and Remediating Malicious Network Activity
• Cisco Warns of Active Exploitation of Zero Day Flaws in IOS XR Software Used by Cisco Carrier-Grade Routers
• Agent Tesla Trojan Distributed in COVID-19 Phishing Campaign Offering PPE
• OCR Highlights the Importance of Creating and Maintaining a Comprehensive IT Asset Inventory
• Study Reveals Increase in Credential Theft via Spoofed Login Pages
• FBI and CISA Issue Joint Warning About Vishing Campaign Targeting Teleworkers
• Millions of Devices Affected by Vulnerability in Thales Wireless IoT Modules
• New FritzFrog P2P Botnet Targets SSH Servers of Banks, Educational Institutions, and Medical Centers
• Three Vulnerabilities Identified in Philips SureSigns Vital Signs Monitors
• Healthcare Data Leaks on GitHub: Credentials, Corporate Data and the PHI of 150,000+ Patients Exposed
• NIST Publishes Final Guidance on Establishing Zero Trust Architecture to Improve Cybersecurity Defenses
• Patches Released to Fix Critical Vulnerabilities in Citrix Endpoint Management / XenMobile Server
• More Than 1,000 Companies Targeted in New Business Email Compromise Scam
• FBI Urges Enterprises to Upgrade Windows 7 Devices to a Supported Operating System
• CISA Warns of Increase in Cyberattacks by Chinese Nation State Threat Groups using the Taidoor RAT
• Vulnerability Identified in Philips DreamMapper Software
• $53 Million Cash Injection Proposed to Improve Cybersecurity and Protect COVID-19 Research Data
• FBI Issues Flash Alert Warning of Increasing Netwalker Ransomware Attacks
• IBM Security 2020 Cost of Data Breach Report Shows 10% Annual Increase in Healthcare Data Breach Costs
• FBI Warns of Increase in Destructive Distributed Denial of Service Attacks and Risk of Malware in Chinese Tax Software
• Study Reveals COVID-19 Research Companies are Vulnerable to Cyberattacks
• Emotet Botnet Reactivated and Sending Large Volumes of Malicious Emails
• 70% of Companies Have Suffered a Public Cloud Data Breach in the Past Year
• Russian APT Group is Targeting Organizations Involved in COVID-19 Research
• Vulnerability Identified in Capsule Technologies SmartLinx Neuron 2 Medical Information Collection Devices
• At Least 41 Healthcare Providers Experienced Ransomware Attacks in the First Half of 2020
• FBI and CISA Issue Joint Alert About Threat of Malicious Cyber Activity Through Tor
• Microsoft Shuts Down COVID-19 Phishing Campaign and Warns of Malicious OAuth Apps
• NSA Issues Guidance on Securing IPsec Virtual Private Networks
• Serious Vulnerabilities Identified in Apache Guacamole Remote Access Software
• Serious Vulnerabilities identified in the OpenClinic GA Integrated Hospital Information Management System
• University of California San Francisco Pays $1.14 Million Ransom to Resolve NetWalker Ransomware Attack
• Surge in Attacks Prompts Fresh Warning to Patch Microsoft Exchange Server Vulnerability
• Vulnerability identified in Philips Ultrasound Systems
• May 2020 Healthcare Data Breach Report
• Lack of Visibility and Poor Access Management are Major Contributors to Cloud Data Breaches
• Advisories Issued About Vulnerabilities in Baxter, BD, and BIOTRONIK Medical Devices
• CISA Warns of Ongoing Ransomware Campaign Exploiting Vulnerabilities in RDP and VPNs
• Cloud Security Alliance Publishes Guidance on Storing Telehealth Data Securely in the Cloud
• Exploitable ‘Ripple20’ RCE TCP/IP Flaws Affect Hundreds of Millions of Connected Devices
• Software Glitch in Telehealth App Allowed Patients to View Videos of Other Patients’ Appointments
• Misconfigured Public Cloud Databases are Found and Attacked Within Hours
• Survey Confirms Increase in Phishing and Email Impersonation Attacks
• Attacks on Cloud Services Increased by 630% Between January and April
• Proof of Concept Exploit Released for Critical SMBGhost Windows 10 SMBv3 Vulnerability
• Voicemail Phishing Scam Identified Targeting Remote Healthcare Workers
• Fake VPN Alerts Used as Lure in Office 365 Credential Phishing Campaign
• Mobile Phishing Attacks Have Surged During the COVID-19 Health Crisis
• Russian Sandworm Group Targeting Exim Mail Servers, Warns NSA
• HHS’ OIG to Scrutinize HHS COVID-19 Response and Recovery Efforts
• NetWalker Ransomware Gang Targeting the Healthcare Industry
• Senators Seek Answers from CISA and FBI About Threat to COVID-19 Research Data
• H-ISAC Publishes Framework for Managing Identity in Healthcare
• Web Application Attacks Double as Threat Actors Target Cloud Data
• Guidance on Managing the Cybersecurity Tactical Response in a Pandemic
• Study Suggests Paying a Ransom Doubles the Cost of Recovery from a Ransomware Attack
• Chinese Hacking Groups are Targeting COVID-19 Research Organizations
• CISA and FBI Publish List of Top 10 Exploited Vulnerabilities
• Zoom Reaches Settlement with NY Attorney General Over Privacy and Security Issues
• Government Healthcare Agencies and COVID-19 Research Organizations Targeted by Nigerian BEC Scammers
• CISA Issues Fresh Alert About Ongoing APT Group Attacks on Healthcare Organizations
• HHS Has Been Slow to Address High Priority GAO Recommendations
• Worldwide Spike in Brute Force RDP Attacks During COVID-19 Pandemic
• NSA Cybersecurity Guidance for Teleworkers and Other Useful COVID-19 Threat Resources
• Advice for Healthcare Organizations on Preventing and Detecting Human-Operated Ransomware Attacks
• EFF Warns of Privacy and Security Risks with Google and Apple’s COVID-19 Contact Tracing Technology
• WHO Confirms Fivefold Increase in Cyberattacks on its Staff
• Senators Call for CISA and U.S. Cyber Command to Issue Healthcare-specific Cybersecurity Guidance
• FBI Issues Flash Alert About COVID-19 Phishing Scams Targeting Healthcare Providers
• Privacy Must Come First with COVID-19 Contact Tracing Technology, Warn Scientists
• CISA Warns of Continuing Attacks on Pulse Secure VPNs After Patching
• AHA and AMA Release Joint Cybersecurity Guidance for Telecommuting Physicians
• Scammers Target Healthcare Buyers Trying to Purchase PPE and Medical Equipment
• Small-Sized and Medium-Sized Healthcare Providers Most Likely to Be Attacked with Ransomware
• Microsoft Patches Three Actively Exploited Flaws and Delays End of Support for Software and Services
• More Than 82% of Public-Facing Exchange Servers Still Vulnerable to Actively Exploited Critical Flaw
• INTERPOL Issues Warning Over Increase in Ransomware Attacks on Healthcare Organizations
• FBI Warns of Increase in COVID-19 Related Business Email Compromise Scams
• Kwampirs APT Group Continues to Attack Healthcare Organizations via the Supply Chain
• 2019 Novel Coronavirus and COVID-19 Themed Attacks Dominate Threat Landscape
• OCR Investigators Impersonated to Obtain PHI
• Zoom Security Problems Raise Concern About Suitability for Medical Use
• Microsoft Helps Healthcare Organizations Protect Against Human-Operated Ransomware Attacks
• Hackers Target WHO, HHS, and COVID-19 Research Firm
• Cybersecurity Best Practices for Protecting Remote Employees During the COVID-19 Crisis
• February 2020 Healthcare Data Breach Report
• Cybersecurity Firms Offer Free Assistance to Healthcare Organizations During the Coronavirus Pandemic
• Vulnerabilities Identified in Insulet Omnipod and Systech NDS-5000 Terminal Server
• CISA Warns of Exploitation of Vulnerabilities in VPNs and Campaigns Targeting Remote Workers
• Department of Health and Human Services Targeted in Cyberattack
• HSCC Publishes Best Practices for Cyber Threat Information Sharing
• 83% of Medical Devices Run on Outdated Operating Systems
• 90% of Healthcare Organizations Have Experienced an Email-Based Attack in the Past Year
• Maximum Severity SMBv3 Flaw Identified: Patch Released
• Healthcare and Pharma Companies Targeted in HIV Test Phishing Campaign
• Q3, 2019 Saw a 350% Increase in Ransomware Attacks on Healthcare Providers
• March 2020 Deadline for Compliance with New York SHIELD Act Data Security Requirements
• University of Kentucky and UK HealthCare Impacted by Month-Long Cryptominer Attack
• 53% of Healthcare Organizations Have Experienced a PHI Breach in the Past 12 Months
• ‘SweynTooth’ Vulnerabilities in Bluetooth Low Energy Chips Affect Many Medical Devices
• IT Weaknesses at the National Institutes of Health Placed EHR Data at Risk
• NIST Publishes Roadmap for Regional Alliances and Partnerships to Build the Cybersecurity Workforce
• Healthcare Organizations are Overconfident About Their Ability to Protect PHI and Control Data Sharing
• New Report Reveals the Brands Most Impersonated by Phishers
• January 2020 Healthcare Data Breach Report
• Alarming Number of Medical Devices Vulnerable to Exploits Such as BlueKeep
• 2020 Protenus Breach Barometer Report Reveals 49% Increase in Healthcare Hacking Incidents
• Spacelabs Xhibit Telemetry Receiver and GE Healthcare Ultrasound Products Vulnerabilities Reported
• eHI and CDT Collaborate to Develop Consumer Privacy Framework for Health Data not Covered by HIPAA
• Ransomware Attacks Have Cost the Healthcare Industry at Least $157 Million Since 2016
• $1.77 Billion Was Lost to Business Email Compromise Attacks in 2019
• Draft Cyber Supply Chain Risk Management Guidance Published by NIST
• Medtronic Issues Patches for CareLink Programmers and Implanted Cardiac Devices
• Annual Cost of Insider Cybersecurity Incidents Has Risen 31% in 2 Years
• Average Ransomware Payment Increased Sharply in Q4, 2019
• NIST Seeks Comment on Two Draft Cybersecurity Practice Guides on Ransomware and Other Data Integrity Events
• 65% of U.S. Organizations Experienced a Successful Phishing Attack in 2019
• Critical ‘MDHex’ Vulnerabilities Identified in GE Healthcare Patient Monitoring Products
• Maze Ransomware Gang Publishes Research Data of Medical Diagnostic Laboratories
• CISA Issues Warning About Increase in Emotet Malware Attacks
• NIST Privacy Framework Version 1.0 Now Released
• Emergency Directives Issued by CISA and OCR to Mitigate Critical Windows Vulnerabilities
• DHS Warns of Continuing Cyberattacks Exploiting Pulse Secure VPN Vulnerability
• Support for Windows 7 Finally Comes to an End
• DHS Warns of Critical Citrix Vulnerability Being Exploited in the Wild
• Healthcare Data Breaches Predicted to Cost Industry $4 Billion in 2020
• FBI Issues Alert as Maze Ransomware Attacks Increase in the U.S.
• DHS Warns of Retaliatory Cyberattacks in Response to U.S. Drone Strike
• 2019 Healthcare Data Breach Report
• HIPAA Enforcement in 2019
• FBI Issues Warning Following Spate of LockerGoga and MegaCortex Ransomware Attacks
• November 2019 Healthcare Data Breach Report
• Poor RSA Encryption Implementation Opens Door to Attacks on Medical Devices and Implants
• 15 Million Customers Potentially Impacted by Ransomware Attack on Large Canadian Medical Testing Company
• Blue Cross Blue Shield of Minnesota Starts Correcting 200,000 Critical and Severe Vulnerabilities
• Rep. Jayapal Seeks Answers from Google and Alphabet on Ascension Partnership
• MSPs and Healthcare Organizations Targeted with New Zeppelin Ransomware Variant
• Ryuk Ransomware Decryptor Bug May Result in Permanent Data Loss
• Deadline for Upgrading Windows 7 Devices is Fast Approaching
• Ransomware Attack on Managed Service Provider Impacts More than 100 Dental Practices
• Senator Wicker Introduces U.S. Consumer Data Privacy Act of 2019
• Microsoft Issues Advice on Defending Against Spear Phishing Attacks
• HIPAA Compliance Can Help Covered Entities Prevent, Mitigate, and Recover from Ransomware Attacks
• Healthcare Threat Detections Up 45% in Q3 and 60% Higher Than 2018
• DHS Updates Top 25 Most Dangerous Software Errors List for First Time in 8 Years
• October 2019 Healthcare Data Breach Report
• Phishing Attacks at Highest Level Since 2016
• IT Firm Ransomware Attack Prevents Nursing Homes and Acute Care Facilities from Accessing Medical Records
• House Committee Leaders Request Answers from Google and Ascension on Project Nightingale Partnership
• Update Issued on Unsecured PACS as Exposed Medical Image Total Rises to 1.19 Billion
• Vulnerability Identified in Philips IntelliBridge EC40/80 Hubs
• Proofpoint Q3 2019 Threat Report Shows Increase in RAT and Banking Trojan Activity
• Sen. Warner Demands Answers from HHS Over Apparent Lack of Response to Major PACS Data Breach
• Microsoft Issues Fresh Warning to Patch BlueKeep Vulnerability
• Vulnerabilities Identified in Medtronic Valleylab Energy Platform and Electrosurgery Products
• Healthcare Data Breaches Predicted to Cost Industry $4 Billion in 2019
• Lack of Encryption Leads to $3 Million HIPAA Penalty for New York Medical Center
• Average Ransomware Payment Increased 13% to $41,198 in Q3, 2019
• BlueKeep Vulnerability Being Actively Exploited in Real World Attacks
• NIST Releases Final Big Data Interoperability Framework
• HHS Releases Updated HIPAA Security Risk Assessment Tool
• Report Suggests Augmented Security Following a Data Breach Contributes to Increase in Patient Mortality Rate
• 57% Rely on Multi-Factor Authentication to Improve Security but MFA is Not Infallible
• FBI Issues Warning About E-Skimming Threats and Tips for Reducing Risk
• Vulnerability Identified in Philips IntelliSpace Perinatal Information Management System
• 39% of Cybersecurity Professionals Say Their Company is Under Prepared for a Data Breach
• 76% of SMBs Have Experienced a Data Breach in the Past Year
• September 2019 Healthcare Data Breach Report
• Microsoft and NCCoE Start Working on Guidelines for Implementing an Effective Enterprise Patch Management Strategy
• Adoption of Standards Improves Cybersecurity of Internet of Medical Things (IoMT) Devices
• Report Reveals the Most Common Cyber Threats Faced by Healthcare Organizations
• MITA Publishes New Medical Device Security Standard
• HHS Proposes New Stark Law Safe Harbor Covering Cybersecurity Donations
• McCombs School of Business Offers Nation’s First Healthcare-Specific Professional Cybersecurity Certification Program
• Pulse Connect, GlobalProtect, Fortigate VPN Vulnerabilities Being Actively Exploited by APT Actors
• An Internal Security Operations Center Cuts Data Breach Costs by More Than Half
• Cybercriminals Switching from Business Email Compromise to Vendor Email Compromise Attacks
• FBI Issues Updated Ransomware Guidance: Extent of U.S. Ransomware Epidemic Revealed
• URGENT/11 Cybersecurity Vulnerabilities in Medical Devices Prompt FDA Warning
• Sen. Rand Paul Introduces National Patient Identifier Repeal Act
• Senator Demands Answers Over Exposure of Medical Images in Unsecured PACS
• Businesses Slow to Modify and Block Access Rights When Employees Change Roles or Leave the Company
• August 2019 Healthcare Data Breach Report
• 400 Million Medical Images Are Freely Accessible Online Via Unsecured PACS
• Mobile Device Security Guidance for Corporate-Owned Personally Enabled Devices Issued by NCCoE
• NCCoE Issues Draft Guidelines for Securing the Picture Archiving and Communication System (PACS) Ecosystem
• Vulnerabilities Identified in WLAN Firmware Used by Philips IntelliVue Portable Patient Monitors
• Multi-Factor Authentication Blocks 99.9% of Automated Cyberattacks
• HSCC Publishes Guidance on Healthcare Information Sharing Organizations
• Insurance Companies are Fueling the Ransomware Epidemic by Paying Ransoms
• Vulnerability Discovered in Philips HDI 4000 Ultrasound Systems
• Code Execution Vulnerability Identified in Change Healthcare Cardiology Devices
• OCR Offers Advice on Managing Malicious Insider Threats
• Ransomware Attack Impacts More Than 400 U.S. Dental Practices
• OMB Audit Confirms HHS Information Security Program is “Not Effective”
• July 2019 Healthcare Data Breach Report
• Why Are Hackers Targeting the Healthcare Industry?
• Study Raises Awareness of Threat of Lateral Phishing Attacks
• NIST Releases New Guidance on Securing IoT Devices
• GAO Discovers Widespread Cybersecurity Risk Management Failures at Federal Agencies
• VA OIG Report Highlights Risk of Medical Device Workarounds
• Judge Approves $74 Million Premera Blue Cross Data Breach Settlement
• First Half of 2019 Sees 31.6 Million Healthcare Records Breached
• DHS Issues Best Practices to Safeguard Against Ransomware Attacks
• Sonicwall 2019 Mid-Year Cyber Threat Report Shows Rise in Ransomware, Cryptojacking and IoT Attacks
• Critical VxWorks Vulnerabilities Impact 2 Billion Devices
• Kentucky Community Health Center Pays $70,000 Ransom to Recover PHI
• HIPAA Compliance and Cloud Computing Platforms
• NIST Releases Draft Mobile Device Security Guidance for Corporately-Owned Personally-Enabled Devices
• $301 Million Lost to BEC Attacks Each Month
• How to Choose the Right Healthcare Cloud Provider
• AMCA Data Breach Victim Count Swells to Almost 25 Million Records
• June 2019 Healthcare Data Breach Report
• Study Reveals Increase in Ransomware Attacks and 3x Hike in Ransom Demands
• Direct-to-Consumer DNA Testing Company Exposed Personal Information Online
• Webinar: Ransomware, Malware, Phishing, and HIPAA Compliance
• Vulnerability Identified in GE Aestiva and Aespire Anesthesia Machines
• Consumers Concerned About Medical Device Security
• Critical Vulnerability Identified in Burrow-Wheeler Aligner Genomics Mapping Software
• U.S. Cyber Command Warns of Active Exploitation of 2017 Outlook Vulnerability
• Smaller Healthcare Providers Struggling to Implement Healthcare Cybersecurity Best Practices
• CMS Uses Weak ID Verification and Has No Plans to Change
• Medtronic Recalls Insulin Pumps Due to Cybersecurity Risk
• DHS Warns of Increasing Risk of Wiper Malware Attacks by Iranian Threat Actors
• Vulnerabilities in Servers Behind Majority of Healthcare Data Breaches
• May 2019 Healthcare Data Breach Report
• Estes Park Health Ransomware Attack Highlights Risks of Paying Ransoms
• High and Critical Severity Vulnerabilities Identified in Certain BD Alaris Gateway Workstations
• HHS One of Three Departments in Most Critical Need of IT Modernization
• Ransomware and Data Destruction Attacks Dominate Healthcare Threat Landscape
• Fresh BlueKeep Warning Issued by Microsoft: Public Exploits Exist and Attacks Imminent
• 40% of Healthcare Delivery Organizations Attacked with WannaCry Ransomware in the Past 6 Months
• Almost 1 Million Windows Devices Still Vulnerable to Microsoft BlueKeep RDS Flaw
• Siemens Healthineers Products Vulnerable to Microsoft BlueKeep Wormable Flaw
• Multi-State Action Results in $900,000 Financial Penalty for Medical Informatics Engineering
• HHS Confirms When HIPAA Fines Can be Issued to Business Associates
• Medical Informatics Engineering Settles HIPAA Breach Case for $100,000
• ONC Report Reveals Trends in Access and Viewing of Medical Records Online
• April 2019 Healthcare Data Breach Report
• Vulnerabilities Identified in Siemens Sinamics Perfect Harmony Drives and Scalance Access Points
• New Study Uncovers Serious Holes in Healthcare Cybersecurity
• Microsoft Patches Critical Flaw That Could be Exploited in WannaCry-Style Malware Attacks
• DHS Issues Security Best Practices to Mitigate Risks Associated with Office 365 Migrations
• Alleged Anthem Hackers Indicted Over 2015 Cyberattack Involving the Theft of 78.8 Million Records
• Key Findings of the 2019 Verizon Data Breach Investigations Report
• Ransomware Attacks Increased by 195% in Q1, 2019 but Trojans Remain the Biggest Threat
• OIG Gives HHS Information Security Program Rating of “Not Effective”
• Vulnerability Identified in Philips Tasy EMR
• Feature of DICOM Image Format Could Be Abused to Fuse Malware with PHI
• Critical Vulnerability Identified in Fujifilm Computed Radiography Cassette Readers
• Healthcare Organizations Found Not to be In Conformance with NIST CSF and HIPAA Rules
• HHS Slow to Implement GAO Health IT and Cybersecurity Recommendations
• Data Security Incident Response Analysis Published by BakerHostetler
• Study Reveals How Well Consumers Feel Health Data is Protected
• Hardin Memorial Health Cyberattack Results in EHR Downtime
• Malware Alters CT Scans and Creates and Removes Tumors
• Cross-sector and Bi-partisan Collaboration Critical for Improving Healthcare Organizations
• OCR Issues Warning on Advanced Persistent Threats and Zero-Day Exploits
• Webinar: April 4, 2019: Email Security, DMARC, and Sandboxing
• Study Reveals Health Information the Least Likely Data Type to be Encrypted
• Health Apps Share User Data but Lack Transparency About the Practice
• Concerns Raised About the Sharing of Health Data with Non-HIPAA Covered Entities via Apps and Consumer Devices
• Concerns Raised with FDA over Medical Device Security Guidance
• Critical Vulnerability Affects Medtronic CareLink Monitors, Programmers, and ICDs
• UCLA Health Settles Class Action Data Breach Lawsuit for $7.5 Million
• Internet of Things Improvement Act Requires Minimum Security Standards for IoT Devices
• Study Confirms Healthcare Employees Are Susceptible to Phishing Attacks
• OIG Audits Reveal Multiple Vulnerabilities at HHS Operating Divisions
• Serious Security Risks Found in Healthcare Laptops
• Security Risks of Medical Devices Explored by Check Point
• 25% of Healthcare Organizations Have Experienced a Mobile Security Breach in Past 12 Months
• Beazley Report Reveals Major Increase in Healthcare Hacking and Malware Incidents
• HIPAA Compliance at Odds with Healthcare Cybersecurity
• Moody’s: Hospitals at High Risk of Suffering Devastating Cyberattack
• IRS Issues Warning About Tax-Related Phishing Scams
• Senator Demands Answers from Government Agencies and Healthcare Associations on Healthcare Cybersecurity
• Healthcare Associations Call for Safe Harbor for Breached Entities That Have Adopted Cybersecurity Best Practices
• New Cybersecurity Requirements for Ohio Health Insurers
• NHS to Phase Out Pagers by End of 2021
• NIST NCCoE Releases Mobile Device Security Guide
• Maryland Considers Tougher Penalties for Ransomware Attacks
• Free Decryptor for GandCrab Ransomware v5.1 Released
• Data Access and Sharing Risks Identified at National Institutes of Health
• Healthcare Email Fraud Attacks Have Increased 473% in 2 Years
• 2019 Data Breach Barometer Report Shows Massive Increase in Exposed Healthcare Records
• HIMSS Cybersecurity Survey: Phishing and Legacy Systems Raise Grave Concerns
• January 2019 Healthcare Data Breach Report
• Vulnerabilities Identified in IDenticard PremiSys Access Control System
• New Cybersecurity Framework for Medical Devices Issued by HSCC
• Patches Released to Mitigate KRACK Vulnerabilities Affecting Stryker Medical Beds
• Vulnerability Identified in BD FACSLyric Flow Cytometry Solution
• Multiple Flaws Identified in LabKey Server Community Edition
• Analysis of 2018 Healthcare Data Breaches
• New Report Reveals Spiraling Cost of Cyberattacks
• Vulnerabilities Identified in Dräger Infinity Delta Patient Monitors
• December 2018 Healthcare Data Breach Report
• State AG Proposes Tougher Data Breach Notification Laws in North Carolina
• SingHealth Breach Investigation Reveals Catalogue of Cybersecurity Failures
• Feds Launch Campaign to Raise Awareness of Cyber Risks Faced by Private Sector Firms
• Advertising Expenditures Increase 64% Following a Healthcare Data Breach
• Summary of 2018 HIPAA Fines and Settlements
• IT Service Providers and Customers Warned of Increase in Chinese Malicious Cyber Activity
• HHS Publishes Cybersecurity Best Practices for Healthcare Organizations
• Most Common Security Weaknesses in Healthcare Identified
• NIST Releases Final Version of Updated Risk Management Framework
• Largest Healthcare Data Breaches of 2018
• November 2018 Healthcare Data Breach Report
• 27% of Healthcare Organizations Have Experienced a Ransomware Attack in the Past Year
• Vulnerability Identified in Medtronic Encore and Carelink Programmers
• 30% of Healthcare Databases Misconfigured and Accessible Online
• University of Maryland Medical System Discovers 250-Device Malware Attack
• DHS/FBI Issue Fresh Alert About SamSam Ransomware
• Vulnerability Identified in Philips HealthSuite Health Android App
• ONC Announces Winners of Easy EHR Issues Reporting Challenge
• OIG Identified Serious Security Failures at Arizona Managed Care Organizations
• DOJ Indicts Two Iranian Hackers for Role in SamSam Ransomware Attacks
• 2.65 Million Atrium Health Patients Impacted by Business Associate Data Breach
• Ransomware Attack Results in Partial Closure of Emergency Rooms at Two Hospitals
• NIST Releases Draft Paper on Telehealth and Remote Monitoring Device Cybersecurity
• 53% Of Healthcare Data Breaches Due to Insiders and Negligence
• OIG: Cybersecurity One of Top 10 Management and Performance Challenges Faced by HHS
• October 2018 Healthcare Data Breach Report
• Congress Passes CISA Act: New Cybersecurity Agency to be Formed Within DHS
• New Philips iSite and IntelliSpace PACS Vulnerability Identified
• Vulnerabilities Identified in Roche Point of Care Handheld Medical Devices
• OIG Finds Deficiencies in FDA’s Policies and Procedures to Address Cybersecurity Risk to Postmarket Medical Devices
• Q3 Healthcare Data Breach Report: 4.39 Million Records Exposed in 117 Breaches
• Fewer Than One Third of Healthcare Organizations Have a Comprehensive Cybersecurity Program
• Healthcare Organizations Account for a Quarter of SamSam Ransomware Attacks
• Ransomware Attacks Increase: Healthcare Industry Most Heavily Targeted
• HHS Officially Opens its New Health Sector Cybersecurity Coordination Center
• Cybersecurity Best Practices for Healthcare Organizations
• Study Reveals 75% of Employees Lack Security Awareness
• September 2018 Healthcare Data Breach Report
• OIG Publishes 2016 Medicaid Data Breach Report
• CMS Investigating 75,000-Record Breach of Federally Facilitated Exchanges Direct Enrollment System
• FDA and DHS to Increase Collaboration and Better Coordinate Efforts to Improve Medical Device Cybersecurity
• The HIPAA Risk Analysis: Guidance and Tools for HIPAA Covered Entities and Business Associates
• FDA Issues Warning About Flaws in Medtronic Implantable Cardiac Device Programmers
• Most Common Healthcare Phishing Emails Identified
• HHS OIG Raises Awareness of Its Cybersecurity-Related Activities on New Web Page
• Vulnerabilities Identified in PeerVue Web Server, Carestream Vue RIS and Siemens Healthcare Products
• Cybersecurity Best Practices for Device Manufacturers and Healthcare Providers to be Issued by HSCC
• Remote Hacking of Medical Devices and Systems Tops ECRI’s 2019 List of Health Technology Hazards
• FDA Issues Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook
• Healthcare Industry Highly Susceptible to Phishing Attacks and Lags Other Industries for Phishing Resiliency
• NIST Releases Guidance on Managing IoT Cybersecurity and Privacy
• Study Reveals 70% Increase in Healthcare Data Breaches Between 2010 and 2017
• FDA to Increase Scrutiny of Medical Device Cybersecurity
• Healthcare Organizations Reminded of Importance of Securing Electronic Media and Devices Containing ePHI
• NY Attorney General Fines Arc of Erie County $200,000 for Security Breach
• ICS-CERT Issues Advisory After Nine Vulnerabilities Discovered in Philips E-Alert Units
• NIST Finalizes Guidance on Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
• Critical ‘Misfortune Cookie’ Flaw Identified in Qualcomm Life Capsule Datacaptor Terminal Server
• Critical Flaw Identified in BD Alaris Plus Medical Syringe Pumps
• July 2018 Healthcare Data Breach Report
• Warnings Issued About Vulnerabilities in Philips PageWriter Cardiographs and IntelliVue Information Center iX
• Only 30% of Healthcare Organizations Have Taken Out Cybersecurity Insurance
• Survey Reveals Lack of Anti-Phishing Measures at U.S. Businesses
• Significant Vulnerabilities Identified in Maryland’s Medicaid Management Information System
• ICS-CERT Warns of Vulnerabilities in Philips IntelliSpace Cardiovascular Products
• Microsoft ADFS Vulnerability Allows Bypassing of Multi-Factor Authentication
• Vulnerabilities in Patient Monitors Allow Vital Signs to be Altered in Real Time
• Vulnerabilities in Fax Machines Can Be Exploited to Gain Network Access and Exfiltrate Sensitive Data
• APWG Detects 46% Rise in Phishing Websites in Q1, 2018
• At Least 3.14 Million Healthcare Records Were Exposed in Q2, 2018
• More Than 20 Serious Vulnerabilities in OpenEMR Platform Patched
• The Cost of SamSam Ransomware Attacks: $17 Million for the City of Atlanta
• Vulnerabilities Discovered in Medtronic MyCareLink Patient Monitors and MiniMed Insulin Pumps
• Healthcare Organizations Reminded of HIPAA Rules for Disposing of Electronic Devices
• NIST/NCCoE Release Guide for Securing Electronic Health Records on Mobile Devices
• Consumers More Worried About Exposure of Financial Information Than Health Data
• 1.4 Million Patients Warned About UnityPoint Health Phishing Attack
• Warnings Issued Following Increase in ERP System Attacks
• FDA Issues New Guidance on Use of EHR Data in Clinical Investigations
• June 2018 Healthcare Breach Report
• LabCorp Cyberattack Forces Shutdown of Systems: Investigators Currently Determining Scale of Breach
• Healthcare Data Breach Costs Highest of Any Industry at $408 Per Record
• HIMSS Warns of Exploitation of API Vulnerabilities and USB-Based Cyberattacks
• AHA Voices Concern About CMS’ Hospital Inpatient Prospective Payment System Proposed Rule
• Warning About HIPAA Journal Spoofing Campaign
• OCR Draws Attention to HIPAA Patch Management Requirements
• Vulnerabilities Identified in Medtronic MyCareLink Patient Monitors
• Business Email Compromise Attacks Dominate 2017 FBI Internet Crime Report
• Unencrypted Hospital Pager Messages Intercepted and Viewed by Radio Hobbyist
• Advisory Issued After 8 Vulnerabilities Discovered in Natus Xltek NeuroWorks Software
• May 2018 Healthcare Data Breach Report
• Advisory Issued About Vulnerabilities in Siemens RAPIDLab and RAPIDPoint Blood Gas Analyzers
• Medical Device Security a Major Concern, Yet Funds Not Available to Improve Security
• Advisory Issued About Vulnerabilities in Phillips IntelliVue Patient and Avalon Fetal Monitors
• Advisory Issued Over Vulnerabilities in BeaconMedaes TotalAlert Scroll Medical Air Systems Web Application
• Lack of Visibility into Employee Activity Leaves Organizations Vulnerable to Data Breaches
• DMARC Still Not Widely Adopted by Healthcare Organizations
• Healthcare Data Breach Report: April 2018
• Healthcare IT Security Budgets Frozen Despite Increase in Cyberattacks
• Spate of Phishing Attacks on Healthcare Organizations Sees 90,000 Records Exposed
• Becton Dickinson Takes Leadership Role in Proactive IT Security Disclosure over KRACK Vulnerability
• How to Defend Against Insider Threats in Healthcare
• House Committee Seeks Advice from Industry Stakeholders on Fixing Cybersecurity Flaws
• Report: Healthcare Data Breaches in Q1, 2018
• Kwampirs Backdoor Used in Targeted Attacks on Healthcare Industry
• FDA Develops Five-Point Action Plan for Improving Medical Device Cybersecurity
• Version 1.1 of the NIST Cybersecurity Framework Released
• Analysis of March 2018 Healthcare Data Breaches
• HHS Report Offers Tips to Prevent and Block SamSam Ransomware Attacks
• How Long Does It Take to Breach a Healthcare Network?
• Study Reveals Poor Patching Practices in Healthcare
• Verizon PHI Breach Report Confirms Healthcare Has Major Problem with Insider Breaches
• Security Breaches in Healthcare in the Last Three Years
• Research Suggests Healthcare Data Breaches Cause 2,100 Deaths a Year
• Analysis of February 2018 Healthcare Data Breaches
• NH-ISAC Partnership with Anomali Helps Accelerate Threat Detection and Information Sharing in Healthcare
• OIG FISMA Compliance Review of HHS Shows Improvements Made but Vulnerabilities Remain
• Survey Reveals 62% of Healthcare Organizations Have Experienced a Data Breach in the Past Year
• 2018 HIPAA Changes and Enforcement Outlook
• HIMSS Survey Reveals Top Healthcare Security Threats
• Hacking Responsible for 83% of Breached Healthcare Records in January
• Fresh FBI Warning Issued Following Spike in W-2 Phishing Campaigns
• OPM Alleges Health Net Refused to Fully Comply with Recent Security Audit
• AJMC Study Reveals Common Characteristics of Hospital Data Breaches
• Healthcare Industry Scores Poorly on Employee Security Awareness
• How Many HIPAA Violations in 2017 Resulted in Financial Penalties?
• VA OIG Discovers Security Vulnerabilities Introduced at Orlando VA Medical Center
• How Can Healthcare Organizations Protect Against Cyber Extortion
• $3.5 Million Settlement to Resolve HIPAA Violations That Contributed to Five Data Breaches
• 2017 Worst Year Ever for Cybersecurity Incidents According to Online Trust Alliance
• Lightning Likely to Strike Twice for Victims of Ransomware Attacks
• 92% of U.S. Companies “Vulnerable” to Data Threats
• iPhone Users Can View Their Health Records Through the Apple Health App
• Colorado Considers New Privacy and Data Breach Legislation
• Analysis of Q4 2017 Healthcare Security Breaches
• HIPAA Covered Entities Urged to Address Spectre and Meltdown Chip Vulnerabilities
• Summary of Healthcare Data Breaches in December 2017
• 67% of CISOs Expect a Cyberattack or Data Breach in 2018
• Indiana Health System Pays $55K Ransom to Recover Files
• Is Azure HIPAA Compliant?
• Largest Healthcare Data Breaches of 2017
• OIG Finds Data Security Inadequacies at North Carolina State Medicaid Agency
• 2017 HIPAA Enforcement Summary
• Cybersecurity Best Practices for Travelling Healthcare Professionals
• New Malware Detections at Record High: Healthcare Most Targeted Industry
• Study Reveals Cybersecurity in Healthcare is Not Being Taken Seriously Enough
• More than 1,000 Lexmark Printers Open to Attack Due to Misconfiguration
• AHIMA Issues Guidance to Help Healthcare Organizations Develop an Effective Cybersecurity Plan
• Noncompliance with HIPAA Costs Healthcare Organizations Dearly
• AMA Study Reveals 83% of Physicians Have Experienced a Cyberattack
• Email Top Attack Vector in Healthcare Cyberattacks
• 2017 has seen a 62% Increase in Ransomware Attacks
• Second Draft of the Revised NIST Cybersecurity Framework Published
• Exploitable IV Infusion Pump and Digital Smart Pen Vulnerabilities Uncovered
• Effective Identity and Access Management Policies Help Prevent Insider Data Breaches
• Apple Releases Patch to Fix Serious MacOS High Sierra Vulnerability
• Survey Reveals Poor State of Email Security in Healthcare
• NHS to Hire Hackers to Probe for Security Vulnerabilities and Prevent Future Cyberattacks
• HHS Pressed to Act on Cybersecurity Task Force Recommendations for Medical Device Security
• Endpoint Security Trends and the Rising Threat of Fileless Malware Attacks
• Patches Released to Address Critical Intel Firmware Vulnerabilities
• 3 Year Jail Term for UK Man Linked to The Dark Overlord Hacking Group
• November Healthcare Breach Barometer Report Highlights Seriousness of Insider Data Breaches
• PCI and HIPAA Compliance Comparison
• Cybersecurity in Healthcare Report Highlights Sorry State of Security
• Ursnif Trojan Steals Contacts and Sends Spear Phishing Emails
• In What Year Was HIPAA Passed into Legislature?
• MongoDB and AWS Incorporate New Security Controls to Prevent Data Breaches
• 2017 Data Breach Report Reveals 305% Annual Rise in Breached Records
• Healthcare Data Breach Analysis Questioned
• How Can Healthcare Organizations Prevent Phishing Attacks?
• HIMSS Draws Attention to Five Current Cybersecurity Threats
• FDA Publishes Final Guidance for Medical Device Manufacturers Sharing Information with Patients
• Tips for Reducing Mobile Device Security Risks
• Phishing Attacks Using Malicious URLs Rose 600 Percent in Q3, 2017
• Bad Rabbit Ransomware Spread Via Fake Flash Player Updates
• Nuance Communications Urged to Share Details of NotPetya Wiper Attack
• FirstHealth Attacked with New WannaCry Ransomware Variant
• Summary of September 2017 Healthcare Data Breaches
• New AEHIS/ MDISS Partnership to Focus on Advancing Medical Device Cybersecurity
• 53% of Businesses Have Misconfigured Secure Cloud Storage Services
• 70% of Employees Lack Privacy and Security Awareness
• NIST Updates its Risk Management Framework for Information Systems and Organizations
• Is Amazon Alexa HIPAA Compliant?
• National Cyber Security Awareness Month: What to Expect
• HITRUST/AMA Launch Initiative to Help Small Healthcare Providers with HIPAA Compliance
• The Benefits of Using Blockchain for Medical Records
• OIG Discovers Multiple Security Vulnerabilities in Alabama’s Medicaid Management Information System
• FDA Releases Final Premarket Guidance for Medical Device Manufacturers on Secure Data Exchange
• Vulnerabilities Identified in Smiths Medical Medfusion 4000 Devices
• HIPAA and Ransomware: NCCoE/NIST Release Draft Guidelines for Ransomware Recovery
• FDA Announces Voluntary Recall of St. Jude Medical Implantable Cardiac Pacemakers
• New Ransomware and Phishing Warnings for Healthcare Organizations
• Security Scorecard Gives Government and Healthcare Poor Marks for Security Posture
• Security Weaknesses Discovered in New Mexico and North Carolina Medicaid Programs
• NIST Updates Digital Identity Guidelines and Tweaks Password Advice
• Phillips Ships DoseWise Portal with Serious Vulnerabilities
• Healthcare Hacking Incidents Overtook Insider Breaches in July
• Security Incidents Experienced by More Than a Third of Organizations in the IoT Medical Device Sphere
• August Sees OCR Breach Reports Surpass 2,000 Incidents
• Want to Prevent Data Breaches? Time to Go Back to Basics
• HIMSS Research Shows Healthcare Organizations Have Enhanced Their Cybersecurity Programs
• $5.5 Million Data Breach Settlement Highlights the Importance of Prompt Patching
• Medical Device Cybersecurity Act Takes Aim at Medical Device Security
• Warning Issued Over Vulnerabilities in Siemens PET/CT Scanners: Exploits Publicly Available
• Protenus Provides Insight into 2017 Healthcare Data Breach Trends
• Beazley Insights: 133% Increase in Healthcare Ransomware Demands
• 47% of Healthcare Organizations Have Experienced A HIPAA Data Breach in the Past 2 Years
• HITRUST Launches Community Extension Program to Promote Collaboration on Risk Management
• 4-Month Data Breach Discovered During Ransomware Investigation: 300,000 Patients Impacted
• NotPetya Attack Continues to Disrupt Nuance Communications’ Services
• U.S. Data Breaches Hit Record High
• Study Reveals 56% of Healthcare Organizations Plan to Invest in Data Breach Protection Solutions
• Office of Inspector General Releases Results of VA FISMA Audit
• Healthcare IoT Security Market Predicted to Grow at CAGR of 22% over Next 5 Years
• Princeton Community Hospital Replaces Network After NotPetya Attack
• U.S. Healthcare Providers Affected by Global Ransomware Attack
• Reports Flood in on New ‘Unprecedented’ Global Ransomware Attack
• Airway Oxygen Inc. Ransomware Attack Impacts up to 500,000 Individuals
• FDA Chief Announces New Plan for Post-Market Regulation of Digital Health Products
• Healthcare Data Breach Costs Fall to $380 Per Record
• May’s Healthcare Data Breach Report Shows Some Incidents Took 3 Years to Discover
• Ponemon Study Reveals Impact of Data Breaches on Organizations’ Reputation
• Microsoft Patches Two Critical, Actively Exploited Vulnerabilities
• Reducing the Impact of Healthcare-Focused WannaCry-Style Ransomware Attacks
• OCR Issues Guidance on the Correct Response to a Cyberattack
• Data Breach Risk From Out of Date Operating Systems and Web Browsers Quantified
• WannaCry Ransomware Continues to Cause Problems for U.S. Hospitals
• Final Healthcare Cybersecurity Task Force Report Details 6 Imperatives to Improve Security
• Seton Healthcare Family Hospitals Targeted by Cybercriminals
• OCR Reminds Covered Entities of Security Incident Definition and Notification Requirements
• Study Uncovers More Than 8,000 Security Flaws in Pacemakers from Four Major Manufacturers
• Molina Healthcare Patient Portal Discovered to Have Exposed Patient Data
• US-CERT: Patch Samba Now to Address Wormable Code Execution Bug
• Medical Device Security Testing Only Performed by One in Twenty Hospitals
• Purple Move on WiFi Security Sets Example for All Public WiFi Deployments
• HIPAA Enforcement Update Provided by OCR’s Iliana Peters
• Security Gaps Found in Virginia Medicaid Claims Processing Systems
• Leading Cause of Healthcare Data Breaches in April was Hacking
• Healthcare Cybersecurity Needs Immediate and Aggressive Attention, says HCIC Task Force
• HIPAA and Ransomware: Healthcare Organizations Reminded of HIPAA Rules Relating to Ransomware
• Medical Device Cybersecurity Gaps Discussed at FDA Workshop
• WannaCry Ransomware Encrypted Hospital Medical Devices
• WannaCrypt Ransomware Attacks Stopped, But Only Briefly
• Massive Ransomware Attack Hits NHS: Global Warning Issued as Attacks Spread
• PHI of Thousands of Patients of Bronx Lebanon Hospital Center Exposed Online
• Guidance on Securing Wireless Infusion Pumps Issued by NIST
• Security Breach Highlights Need for Patient Portals to be Pen Tested
• 180,000 Patient Records Dumped Online by The Dark Overlord
• NIST Small Business Cybersecurity Act of 2017 Approved by SST Committee
• NCCIC Warns of Highly Sophisticated Campaign Delivering Multiple Malware Variants
• Majority of Organizations Failing to Protect Against Mobile Device Security Breaches
• Rise in Business Email Compromise Scams Prompts IC3 Warning
• Bitglass Publishes 2017 Healthcare Data Security Report
• Survey Explores Trust in Healthcare Organizations’ Ability to Keep Data Secure
• HIMSS Privacy and Security Forum Offers Insight into Healthcare Cyber Threat Landscape
• Greenway Health Ransomware Attack Stops 400 Clients from Accessing EHRs
• OCR Director Stresses Importance of Keeping Health Data Secure
• Healthcare is The Only Industry Where Insiders Pose the Biggest Threat
• Malicious PDF Files used in New Locky Ransomware Campaign
• PHI Potentially Compromised in Atlantic Digestive Specialists Ransomware Attack
• Unencrypted Portable Devices are a HIPAA Breach Waiting to Happen
• Cardiology Center of Acadiana Ransomware Attack Impacts 9,700 Patients
• Poor Security Awareness Greatest Threat to Healthcare Data Security
• Abbot Labs Warned of Medical Device Cybersecurity Issues by FDA
• Ashland Women’s Health Reports Ransomware Attack
• Virus Infection at Erie County Medical Center Forces Computer System Shutdown
• Healthcare Organizations Targeted with New Ransomware Campaign
• 2017 Shaping Up to Be Another Record-Breaking Year for Healthcare Data Breaches
• AHA: Law Enforcement Needs Resources to Help Prevent Healthcare Cyberattacks
• Healthcare Organizations Warned of Risk of Man-In-The-Middle Attacks
• Small Business Cybersecurity Bill Heads to Senate
• Congress Advised to Offer Incentives to Improve Healthcare Threat Intelligence Sharing
• Large Hospitals and Teaching-Focused Hospitals Face Greater Risk of Data Breaches
• Dr. Donald Rucker Named New National Coordinator for Health IT
• IBM Report Shows Cybercriminals Have Switched Focus from Healthcare to the Financial Services
• FBI Warns Healthcare Industry About Anonymous FTP Server Cyberattacks
• SAFER Guides Updated by ONC: Ransomware Prevention and Mitigation Strategies Included
• WEDI Offers Healthcare Cybersecurity Tips to Improve Resilience Against Cyberattacks
• Snapshot of Healthcare Data Breaches in February 2017
• OIG Discovers Multiple Security Vulnerabilities in the Massachusetts’ Medicaid Management Information System
• 68% of Healthcare Organizations Have Compromised Email Accounts
• Redington-Fairview General Hospital Targeted with New Telephone Phishing Scam
• Security Analytics Solutions Can Improve Security Posture, But There Are Challenges
• OCR Urges Covered Entities to Monitor and Report Cyber Threats
• 81% of U.S. Healthcare Organizations Have Increased Security Spending in 2017
• A Quarter of Americans Have Been Impacted by a Healthcare Data Breach
• Healthcare Industry Threat Landscape Explored by Trend Micro
• Beware of Medical Device Hijack Attacks! Medjack.3 Discovered
• 2016 Healthcare Data Breach Report Ranks Breaches By State
• Cybercriminals Switch File Types to Infect More Organizations with Malware
• IRS Issues Warning About W-2 Phishing Scams
• Hacking and Phishing Attacks Continue to Plague Healthcare Organizations
• Forrester: Anthem-Sized Healthcare Data Breaches Will Be Commonplace in 2017
• IoT and Mobile Application Vulnerabilities Not Being Adequately Addressed
• OIG: 16% Increase in Security Gaps in Medicare Contractors’ Information Security Programs
• Tax Season Triggers Wave of W-2 Business Email Compromise Attacks
• Healthcare Organizations Warned About Fileless Ransomware Attacks
• New Report Reveals 2016 Data Breach Trends
• FDA Confirms Muddy Waters’ Claims that St. Jude Medical Devices Can be Hacked
• NIST Publishes Draft of Updated Cybersecurity Framework
• Hacking Group Attempts to Extort Funds from Cancer Services Provider
• Final Rule Updating Common Rule Regulations Issued by HHS
• Highmark BCBS of Delaware Investigates Data Breach Affecting 19,000 Individuals
• Warning for Healthcare Organizations that use MongoDB Databases
• Cosmetic Surgery Center Reports Ransomware Infection: 11,400 Patients Impacted
• Emory Healthcare Joins 28,000 Other Victims of MongoDB Ransom Attacks
• Patients Holding Back Health Information Over Data Privacy Fears
• 108 L.A. County Employees Fall for Phishing Attack: 756,000 Impacted
• Healthcare Pages Intercepted and Posted Online
• FDA Issues Final Cybersecurity Guidance for Medical Device Manufacturers
• Increase in Ransomware and Cyberattacks Linked to Fall in Price of Health Data
• Security Risks of Unencrypted Pages Evaluated
• November 2016 Worst Month for Healthcare Data Breaches: 57 Incidents Reported
• IBM: 70% of Businesses Paid Cybercriminals to Unlock Ransomware
• Phishing Emails Used in 91% of Cyberattacks
• Security Cameras Could Be Your Biggest Security Weakness
• OCR Warns Covered Entities of Risk of DDoS Attacks
• Medical Devices Can Be Hacked Using Black Box Approach
• Healthcare Organizations Main Target for Hackers in 2017
• Healthcare Industry Targeted with Gatak Trojan
• New Attack Vector Used to Spread Locky Ransomware
• OIG to Conduct Penetration Tests to Assess HHS Application Security
• Accenture Survey Reveals Dangerous Cybersecurity Disconnect
• A NICE New Framework for Developing A Skilled Cybersecurity Workforce
• Operations Cancelled After Three UK Hospitals are Crippled by Computer Virus
• Security Professionals Suffer ‘Threat Overload’ Due to Volume of Cyberthreat Data
• Data Theft and Social Engineering Biggest Concerns for Healthcare CIOs
• Healthcare Organizations Falling Short on Security Awareness
• Study Highlights Risk of PHI Exposure from Unencrypted Healthcare Pagers
• Healthcare Ransomware Infections Increased by 17% in Q3
• OIG Uncovers Vulnerabilities in State Health Information Systems
• OCR Warns of FTP Vulnerabilities in NAS Devices
• Majority of Companies Lack Confidence in Data Breach Response Plans
• Majority of Organizations Worried About Insider Threats
• HHS Awards Grants to Improve Cyber Information Sharing Ecosystem
• Johnson & Johnson Alerts Patients to Insulin Pump Vulnerability
• DDoS and Healthcare Web Application Attacks on the Rise
• Unknown Malware Downloaded Every 4 Seconds by Employees
• New Study Suggests Data Breach Cost is $200,000 per Incident
• Ponemon Institute Assesses the Cost of Insider Threats
• Healthcare Cybersecurity Knowledge Gaps Placing ePHI at Risk of Exposure
• Improving Healthcare Cybersecurity: HIMSS Suggests Information Sharing is Key
• St. Jude Medical Sues Muddy Waters/MedSec; FDA to Investigate Allegations
• Have You Remediated the EXTRABACON Vulnerability in your Cisco ASA?
• New EMC Study Highlights Impact of New Cyber Threats
• ONC Announces Winners of the Healthcare Blockchain Challenge
• St. Jude’s Medical Accused of Failing to Address ‘Stunning’ Cybersecurity Flaws
• Majority of Hospitals are Unprepared for Mobile Cyberattacks
• HIMSS Study Reveals Alarming Healthcare Security Vulnerabilities
• Healthcare Leaders Need to Move Faster to Meet Cybersecurity Challenges
• HITRUST CyberAid Cybersecurity Initiative Trialed in North Texas on Small Healthcare Organizations
• 13.6% Growth Expected in Hospital Cybersecurity Market to Combat New Threats
• American Optometric Association Warns Optometrists of Credit Fraud Risk
• Jefferson Medical Associates Reports 10,401-Record Hacking Incident
• FTC Reverses ALJ Decision on LabMD Data Security Case
• HHS Offers Funding to Improve Healthcare Threat Intelligence Sharing
• Locky Ransomware Becomes Biggest Email-Borne Security Threat
• Healthcare Industry Accounts for 88% of Ransomware Attacks
• CMS Finalizes New Rules for QEs on Sale and Sharing of Medicare Claims Data
• Bill Introduced to Better Protect Veterans from Identity Theft and Fraud
• Healthcare Organizations Need to Be Proactive and Hunt for Security Threats
• VA Implements New Measures to Improve Medical Device Cybersecurity
• OIG Discovers Security Flaws in Washington State Insurance Exchange Website
• NIST Cybersecurity Framework to be Updated
• FDA Issues Guidance for Medical Device Makers to Facilitate Data Sharing with Patients
• OCR Warns of Security Vulnerabilities in Third Party Apps
• CHIME Launches New Cybersecurity Center and Program Office
• HHS Announces Release of the Final Data Security Policy Principles Framework
• Cybersecurity Training Failing to Tackle Insider Threat
• Anti-Malware Scan Stops Cardiac Catheterization Procedure
• Review of Medicare Administrative Contractors Shows 8pc Annual Rise in Data Security Gaps
• American Dental Association Mails Malware-Infected USB Drives to Members
• California, Kentucky and Vermont Health Exchange Security Flaws Placed Data at Risk of Exposure
• Unpatched 2007 Vulnerability Exploited in MedStar Ransomware Attack, Says AP
• One In Five Companies Has Suffered a Data Breach Involving Mobile Devices
• 1,400 Vulnerabilities Found in Popular Drug Cabinet System
• Government Accountability Office Report Identifies Many HealthCare.Gov Security Flaws
• Virus Forces Shutdown of Medstar Health System’s 10-Hospital Computer Network
• Two More Californian Hospital Ransomware Attacks Reported
• VA Information Security Weaknesses Will Take Further 22 Months To Remediate
• Methodist Hospital in Lockdown After Ransomware Attack
• Non-Compliant Hospital Pager Use Persists
• 80% of Organizations Concerned About Large Data Breaches
• Economics of Cyberattacks Explored
• Second Californian Healthcare Ransomware Attack Announced
• Investigation Launched into Main Life Health Spear Phishing Attack
• Perceptions of Privacy and Security of Medical Records and Health Data Exchange Explored by ONC
• Mobile Device Ransomware Warnings Becoming More Urgent
• Cyberattack Detection: Confidence High Even If Detection is Often Slow
• HHS Proposes Rule Change to Facilitate Sharing of Substance Abuse Data
• OCR Launches New Cyber-Awareness Initiative
• NCH Healthcare System Cyberattack Announced
• Happy Data Privacy Day
• Franciscan St. Francis Health Patients Targeted by Phone Scammers
• CHIME Launches $1 Million Competition to Solve the National Patient Identifier Problem
• Only 45 Percent of Organizations Confident in Ability to Repel a Cyberattack
• Medical Device Manufacturers Receive New FDA Cybersecurity Recommendations
• Calculating the Cost of Spear Phishing
• How Secure are Mobile Health Apps?
• Visual Hacking Risk Needs to be Addressed, Says 3M
• Study Shows Only 49% of Hospitals Use 2-Factor Authentication to Improve ePHI Security
• Two Thirds of Healthcare Organizations Lack Confidence in Data Sharing
• Experian Third Annual Data Breach Preparedness Study Released
• Privacy and Security of Personal Wellness Data: CEA Releases New Private Sector Guidelines
• Over Half of IT Security Pro’s Do Not Believe They Will be Targeted by Hackers
• How Private Are Medical Records?
• New Adobe Flash “Critical” Zero Day Security Flaw Patched
• Healthcare Software Security Assessed by BSIMM Study
• Kaspersky Labs Report Probes Security Attitudes Among BYOD Participants
• Is the Risk of Cyberattacks Really Increasing? Study Says No
• New Cybersecurity Bill of Rights Announced by NAIC
• Android Smartphone Security Continues to Cause Concern
• How to Spot a Phishing Email
• 2016 Global State of Cybersecurity Study Released
• HealthCare.gov Security Vulnerability Critical, Says OIG
• Close Call but VA Hospital Thwarts Attempted Cyberattack
• New Android Smartphone Data Security Warnings Issued
• Hospital Drug Pump Hacking Risk Discovered
• Four Unpatched Internet Explorer Vulnerabilities Announced
• The Healthcare Cybersecurity Challenge: How to Keep ePHI Secure
• Survey Shows U.S Companies Are Saying Bye Bye to BYOD
• Healthcare Big Data: Privacy and Security Workgroup Gives Preliminary Report
• Two More Flash Vulnerabilities Discovered: Calls for Software to be Retired
• 2015 Most Wired Benchmarking Survey Reveals Data Security is Main Focus for Hospitals
• Malware as a Service Being Offered to Criminals on Darknet
• HIMSS Releases 2015 Healthcare Cybersecurity Report
• FBI Malware Warning Issued over CryptoWall Ransomware
• Medical Devices Being Targeted to Gain Access to Networks
• ONC Turns Attention to Big Data Security
• Phishing, Spear Phishing and Malware: How Hackers Gain Access to PHI
• Crime Leading HIPAA Breach Cause Says Ponemon Data Security Study
• Hacking: How Severe is the Threat to the Healthcare Industry?
• Major Focus on Cybersecurity at HIMSS15
• Study Says Website Security Gap in HIPAA Rules is Being Exploited
• CHIME Leader Says Healthcare Cybersecurity is Top Priority in 2015
• Visionworks Reports Second Server HIPAA Breach in Less Than a Month