Health-ISAC Medical Device Security Blog – May 2024
Building Resilience During Mergers and Acquisitions A three-phase framework to identify and prioritize what needs to be done to build resilience into the technology stack Access the full blog by Health-ISAC VP of Medical Devices Security, Phil Englert in TechNation here:...
Black Basta Threat Actor Emerges as a Major Threat to the Healthcare Industry
Update May 10, 2024, 6:06 pm ET. New indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) were made available through a joint Cybersecurity Advisory (CSA) from the Cybersecurity and Infrastructure Security Agency (CISA). Health-ISAC is sharing the updated information...
Vulnerabilities Observed in Exploit Campaign Affecting Cisco ASA and FTD Software
Health-ISAC is distributing this bulletin to increase your situational awareness. On April 24, 2024, Cisco released security advisories regarding the abuse of vulnerabilities (CVE-2024-20353 and CVE-2024-20359) identified in campaigns targeting Cisco Adaptive Security Appliance (ASA) and...
Health-ISAC’s response to the Change Healthcare incident and Recommendations for Action
Chief Security Officer (CSO) at Health-ISAC recommends the following: 1. Identify and analyze health sector systemic risks 2. Determine key supplier and sector concentration risks 3. Discern lessons learned and update Incident Response Plans 4. Hold industry exercises to identify single points...
Volt Typhoon State-Sponsored Threat Actors Targeting Critical Infrastructure
Health-ISAC is distributing this bulletin for your situational awareness. PDF Version: [pdf-embedder url="https://h-isac.org/wp-content/uploads/2024/03/TLP-WHITE-2d926381-Volt-Typhoon-State-Sponsored-Threat-Actors-Targeting-Critical-Infrastructure-with-Attachments.pdf" title="TLP WHITE -...
Current and Emerging Healthcare Cyber Threat Landscape: Executive Summary for CISOs
Actionable cybersecurity market trends that leadership can use for strategic decision-making. This report is a collaboration between Health-ISAC and the American Hospital Association (AHA.) "Proud to release Health-ISAC's third annual threat report. This year's executive summary is targeted for...
Change Healthcare / Optum Network Connectivity and Additional Recommendations
TLP WHITE - Feb 26, 2024, 06:32 AM, updated June 10, 2024 On Wednesday, February 21, Change Healthcare began experiencing a cyber security issue and isolated its systems to prevent further impact. Health-ISAC is sharing this Threat Bulletin to provide additional information: - Maintaining...
Healthcare Heartbeat Q4 2023
Cybersecurity Trends and Threats in the Healthcare Sector Health-ISAC’s Q4 2023 Healthcare Heartbeat provides observations of ransomware, cybercrime trends, and malicious actor forum postings that could potentially impact healthcare sector organizations. This product is for your...
Healthcare Heartbeat Q3 2023
Cybersecurity Trends and Threats in the Healthcare Sector Health-ISAC’s Q3 2023 Healthcare Heartbeat provides observations of ransomware, cybercrime trends, and malicious actor forum postings that could potentially impact healthcare sector organizations. This product is for your...
Decoding HTTP/2 Rapid Reset Zero-Day (CVE-2023-44487) Exploited
Health-ISAC is distributing this bulletin for your situational awareness. On October 10, 2023, DDoS Protection firm CloudFlare, in conjunction with Google and Amazon AWS released a statement regarding the discovery of a zero-day vulnerability which could generate massive hyper-volumetric...