Decoding HTTP/2 Rapid Reset Zero-Day (CVE-2023-44487) Exploited
Health-ISAC is distributing this bulletin for your situational awareness. On October 10, 2023, DDoS Protection firm CloudFlare, in conjunction with Google and Amazon AWS released a statement regarding the discovery of a zero-day vulnerability which could generate massive hyper-volumetric...
Observed Increase in QR Code Phishing Attacks
Sep 19, 2023, 03:12 PM Pdf version: Text version: A recent...
Ransomware Actors Target Healthcare
Threat Bulletin issued August 8, 2023, 4:07 PM Health-ISAC has observed multiple incidents involving ransomware threat actors attacking healthcare and medical research facilities around the globe. These victims include multiple subsectors within healthcare, including mental health....
UPDATE: Ongoing Progress MOVEit Transfer Vulnerabilities Discovered
TLP WHITE June 30, 2023, Update – Ransomware Awareness for Holidays and Weekends Health-ISAC is encouraging members to remain vigilant due to potentially elevated risks from threat actors known to exploit the MOVEit vulnerability. Health-ISAC recommends cyber security teams also be wary of...
Defined Responsibility Whitepaper RACI
Improving Medical Device Security by Moving from Shared to Defined Responsibility Maintaining medical devices and systems requires the knowledge and skills of several different specialists. Those specialists may be provided by different organizations depending on the limitations in skills and...
Progress MOVEit Transfer Critical Vulnerability Actively Exploited
TLP:WHITE On June 1, 2023, NHS published a critical vulnerability bulletin focused on the Progress MOVEit File Transfer (MFT) product. Progress discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment....
Stopping cybercriminals from abusing security tools
Microsoft’s Digital Crimes Unit (DCU), cybersecurity software company Fortra™ and Health Information Sharing & Analysis Center (Health-ISAC) are taking technical and legal action to disrupt cracked, legacy copies of Cobalt Strike and abused Microsoft software, which have been used by...
Report: Threat Landscape Growing Scarier for Healthcare
Health-ISAC Warns of Cybercrimes Involving Synthetic Accounts, 'Product Abuse' Marianne Kolbasuk McGee (HealthInfoSec) • March 23, 2023 Link to full article in Healthcare InfoSecurity:...
Health-ISAC Releases Annual Report on Current and Emerging Cyber Threats to Healthcare
Actionable intelligence enhances situational awareness for global healthcare security professionals. Link to press release: https://www.newswire.com/news/health-isac-releases-annual-report-on-current-and-emerging-cyber-21986323 Access the Executive Summary to the Threat Report...
2023 Health Cybersecurity Annual Threat Report
Health Cybersecurity Annual Threat ReportThe Current & Emerging Healthcare Cyber Threat Landscape report covers the top cyber threats to healthcare organizations. The intent of this report is to help influence cybersecurity budget and investment decisions for senior leaders and...