Health-ISAC

From Health-ISAC's Daily Cyber Headline: https://lnkd.in/gTx_5jrC Over the last couple of years, an emphasis has been placed on cybersecurity issues within healthcare organizations as it is becoming a growing concern. ENISA looks to bring more awareness to the variety of issues that threat actors have posed to organizations, fortifying security against them in the process. The European Union Agency for Cybersecurity’s (ENISA) conference highlights the growing challenges posed by threat actors of #ransomware, #phishing, and other cybercrime attacks. ENISA reports that ransomware has been one of, if not the biggest, disruption faced in the healthcare industry.?Ransomware is a common and effective strategy used by threat actors to gain access to an organization’s sensitive information. Health-ISAC recommends its members be wary of emails from unknown senders avoiding attached files or links.

Most smaller hospitals are connected to larger systems becoming the “path of least resistance” into those larger health care networks increasing risk on a national level. HealthIT Security.com reports that “Cyberattacks are pivoting to target smaller health care companies and specialty clinics without the resources to protect themselves, instead of larger health systems that – despite being treasure troves of personal and medical data – generally have more sophisticated security.” https://lnkd.in/eZYPfZyG #ruralhealth #hospital #healthit

Healthcare #supplychain attacks?have the potential to disrupt care and operations across the healthcare system through just one successful infiltration. The single points of failure that exist across the sector make the risk of supply chain attacks even greater.?https://lnkd.in/efjtsmg8 "The bad guys have figured out that if they can hit this small supplier who's a single-source supplier in a particular region, they could cause a lot of impact to the healthcare sector more broadly and maximize their payoffs downstream," said Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center (Health-ISAC)."It's definitely different from what we were seeing before." #healthcare #businesscontinuity #cybersecurity

As a proud Non-Profit Participant of the Center for Threat-Informed Defense, today we celebrate the 5th Anniversary of the Center’s launch. Health-ISAC and the Center are aligned in our mission and the symbiotic relationship we share provides for greater depth and breadth of our work. #collaboration

The Fall Americas Summit is only two weeks away! It's time to plan your "Threat Catcher" sessions. Here are a few session highlights from the agenda: - Healthcare Heartbeat Quarterly Threat Intelligence Briefing - The Resilient Mind: Addressing Mental Health in Cybersecurity - After Action Report from the Active Shooter Hostile Event Response (ASHER) Series - Breaking Boundaries Between OT and Information Security - Software Bill of Materials Journey - CTI in a Box: A Cyber Threat Intelligence Program Toolkit - Enhancing Emergency Preparedness and Workflow Efficiency in Health Services - Managing Hybrid Identity Attack Paths - Decrypting Fear: Quantum Computing's Looming Threat - Enhancing Third Party Risk Assessment in Today's Cybersecurity Landscape - Implementing SPDF using ISO 81001-5-1 - Adaptive Risk Management #healthit #biotech #pharmaceuticals Joshua Justice Zach N. Jon Crosson Janeine Charpiat Geoffrey Mann

Health-ISAC's chief security officer, Errol Weiss, recommends health sector organizations review and implement the voluntary Cybersecurity Performance Goals?published?by HHS in January (see:?HHS Details New Cyber Performance Goals for Health Sector). "Implementing the CPGs and participating in an information sharing community would help greatly improve the security posture of an organization." https://lnkd.in/eJ6RGhGk #ransomware?#incidentresponse #biotech

From Health-ISAC's Daily Cyber Headline: https://lnkd.in/geGWmpTC Threat actors associated with the Democratic People’s Republic of Korea have been found to be practicing the embedding of #malware into Flutter applications. This scenario marks the first incident where the combatant has targeted devices owned by the American company Apple. The threat actor is commonly known for its use of social engineering; however, it has had plenty of success in the past, making it a likely tactic to use once these samples are administered. Threat actors commonly use malware attacks to access and exploit one's system and data. Health-ISAC recommends its members issue the latest system patches and limit file sharing to mitigate the risks of malware attacks via threat actors.

The agenda is ready for the November Monthly Threat Briefings. Americas - Tuesday, November 26?at 12:00 PM ET European - Tuesday, November 27 at 3:00 PM CET (9:00 AM ET) - Trending Impacts on Healthcare - Threats to AI Applications in Healthcare - Bluetooth Low Energy: Simple, Systemic, Secure? - Living off the Cloud: Stealthy, Fast-moving Threats - Plus legal & regulatory and physical security updates Members will receive instructions on how to register via email.? Thank you to this month's contributors from Cybellum, Finite State, Acalvio, and Venable, as well as Errol Weiss Zach N. Geoffrey Mann Ethan Muntz Taylor Porter #healthit #cloudsecurity #AI #hospital

Read the?new playbook from the Health Sector Coordinating Council - Cybersecurity that aims to help medical device manufacturers and drug makers improve cyber response https://lnkd.in/ebsnJF_x “Additionally, the guidelines infuse regulatory considerations into the cyber incident response team process, including reporting suspected or confirmed incidents to?Health-ISAC?and other information-sharing and analysis organizations,” says Phil Englert, VP of Medical Device Security for Health-ISAC. #medicaldevices #pharma #biotech

From Health-ISAC's Daily Cyber Headline: https://lnkd.in/enGeJ8mT The Colorado-based pathology service provider Summit Pathology recently disclosed a data breach affected. The Summit Pathology identified suspicious activity and subsequently engaged a third-party cybersecurity firm to investigate the security breach.?Although the breach notification did not disclose the specific nature of the incident, legal counsel for Summit Pathology confirmed that the Medusa #ransomware group perpetrated the attack. The initial access vector has been deemed to be an employee opening a malicious attachment contained in a phishing email.?Health-ISAC recommends that organizations implement email security solutions and security awareness training to help employees identify, avoid, and report malicious or suspicious emails to defend against #phishing tactics leveraged by threat actors as a springboard to conduct additional operations.?