October 8, 2024 at 03:17PM The healthcare sector’s resilience against ransomware attacks has worsened, with two-thirds of organizations experiencing attacks. New threats, such as the Trinity ransomware, continue to emerge. Legislation is being proposed to improve cybersecurity in the industry, as cybercriminals target healthcare due to its critical operations and willingness to pay ransoms. Healthcare … Read more
August 13, 2024 at 02:40PM Multiple privilege escalation issues in Microsoft Azure’s Health Bot service allowed server-side request forgery and potential access to cross-tenant resources. Quickly patched by Microsoft, these vulnerabilities highlight concerns about chatbot risks, specifically regarding access to sensitive health information. Tenable Research found that exploitation could lead to management capabilities for other … Read more
August 9, 2024 at 08:18AM The American Hospital Association and the Health-ISAC issued a joint threat bulletin cautioning about ransomware attacks causing blood shortages and disrupting patient care in the U.S. and U.K. The bulletin highlighted recent attacks and urged healthcare organizations to prepare for supply chain disruptions and develop risk management plans for third-party … Read more
July 3, 2024 at 03:03AM The South African National Health Laboratory Service (NHLS) continues to recover from a ransomware attack, causing disruptions in lab testing and access to test results. This adds pressure to the already strained healthcare system, potentially leading to more infections and worsened health outcomes. The government and organizations must enhance cybersecurity … Read more
May 10, 2024 at 12:47PM Ascension, a healthcare provider operating 140 hospitals, suffered a cyberattack affecting essential systems like electronic health records and patient communication platforms. The organization has paused non-emergency procedures and is diverting some emergency services. Incident response help has been sought, and patient data exposure is being investigated. The attack highlights healthcare’s … Read more
May 8, 2024 at 05:33PM Ascension, a major U.S. nonprofit health system with 140 hospitals and 40 senior care facilities across 19 states and the District of Columbia, has detected a cybersecurity event, prompting the organization to advise business partners to suspend connections to its systems. The incident has disrupted clinical operations, and an investigation … Read more
April 10, 2024 at 05:22PM MedSec, a medical device security firm, has launched the Hospital Roadmap to Resilience ProgramSM, assisting hospitals in enhancing cybersecurity to protect patients. With a focus on resource-constrained hospitals, the program offers foundational policies, processes, and procedures, enabling informed risk decisions and basic network risk management. MedSec aims to address the … Read more
April 8, 2024 at 09:54AM Healthcare and public health (HPH) organizations are being targeted by threat actors aiming to infiltrate corporate networks and divert payments. The US Department of Health warns of a recent attack in which an IT help desk employee was impersonated over the phone to gain network access and initiate unauthorized payment … Read more
March 13, 2024 at 10:45AM The White House has released a $7.3 trillion budget proposal for fiscal year 2025, emphasizing increased cybersecurity spending. This includes specific allocations such as $13 billion across civilian departments, $3 billion for the cybersecurity agency CISA, and additional funding for the Justice Department and healthcare sector. The budget also addresses … Read more
March 12, 2024 at 02:37PM President Joe Biden has proposed a $103 million increase in funding for the Cybersecurity and Infrastructure Security Agency (CISA), as part of the $7.3 trillion spending plan for fiscal year 2025. The plan also allocates $13 billion for improving cybersecurity across government agencies. Additionally, the budget includes cybersecurity funding for … Read more