Reading Room

SC Media, March 10, 2022

Securing the healthcare sector is a crucial part of national security. Particularly as the spread of COVID-19 wanes and is replaced by heightened geopolitical tensions, advocating for and investing in critical cybersecurity defenses will protect patients, and the country, from harm.

Read full SC Media article.

American Hospital Association, March 9, 2022

Health-ISAC is issuing a threat bulletin regarding ongoing and increased Conti Ransomware activity provided in an updated Joint Cybersecurity Advisory (AA21-265A) by the United States Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the United States Secret Service (USSS). Conti Ransomware affiliates remain active in which reported cyber attacks stemming from their ransomware-as-a-service (RaaS) operations against US and international organizations are increasing.

Read full AHA article.

CPO Magazine, March 4, 2022

Irish Foreign Minister Simon Coveney described the incident as a “very serious attack.” Similarly, Irish Minister of State Ossian Smyth claimed it was “possibly the most significant cybercrime attack on the Irish State.”

Read full CPO Magazine article.

HIMSS, March 4, 2022

The U.S. Department of Health & Human Services has issued a Health Sector Cybersecurity Coordination Center (HC3) analyst note regarding the Russia-Ukraine cyber conflict and potential threats to the U.S health sector.

Read full HIMSS article.

Info Security Magazine, March 3, 2022

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the US health sector over the possibility of collateral cyber-attacks linked to Russia’s invasion of Ukraine.

In a notice issued Tuesday, HC3 said that the conflict had “as expected, spilled over into cyber space,” and identified three potential threat groups which could possibly target American healthcare organizations.

Read full Info Security Magazine article.

Gov Info Security, March 2, 2022

A West Virginia-based healthcare entity that reported a phishing breach in December affecting nearly 399,000 individuals this week reported a separate security incident that appears to have potentially involved ransomware.

Read full Gov Info Security article.

Health IT Security, March 2, 2022

Sophos disclosed an unusual case of two separate ransomware gangs targeting one healthcare organization simultaneously.

Read full Health IT Security article.

Gov Info Security, March 1, 2022

HHS HC3: Beware of 3 Main Threat Groups, 2 Wiper Malware Variants

Federal authorities are warning that while they are unware of specific cyberthreats to the U.S. healthcare and public health sector related to Russia’s attack on Ukraine, entities in those sectors should stay proactive and vigilant to at least three main potential threat groups and two wiper malware variants.

IT World Canada, March 1, 2022

Two ransomware gangs separately exploited an unpatched on-premises Microsoft Exchange server at a Canadian healthcare provider last year to steal and hold data hostage, although security updates to prevent successful attacks had been issued months earlier.

Read full IT World Canada article.

Health IT Security, February 28, 2022

HermeticWiper and WhisperGate, destructive malware variants used to target Ukraine, pose an increased threat to healthcare.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint advisory to warn organizations about HermeticWiper and WhisperGate malware, two destructive malware variants that have been used to target organizations in Ukraine.

Read full Health IT Security article.