Cybersecurity

HC3 alerts shed light on two popular healthcare cyberattack tactics

March 26, 2024 - The HHS Health Sector Cybersecurity Coordination Center (HC3) released two sector alerts recently, each highlighting a different cyber threat tactic that bad actors may use to facilitate healthcare cyberattacks. Both tactics, email bombing and credential harvesting, are not new or emerging threat tactics. Rather, they are tried-and-true strategies...


More Articles

New cyber legislation would provide advance payments to providers facing hacks

by Jill McKeon

Senator Mark Warner (D-VA) has introduced the Health Care Cybersecurity Improvement Act of 2024, which would allow for advance and accelerated payments to providers in the event of a cybersecurity...

Change Healthcare cyberattack affecting hospital finances, care access

by Victoria Bailey

The majority of hospitals say the Change Healthcare cyberattack is negatively affecting their finances and hindering patient care access, according to a survey from the American Hospital Association...

MA hospitals losing $24M per day following Change Healthcare cyberattack

by Victoria Bailey

The Change Healthcare cyberattack is costing Massachusetts hospitals at least $24 million per day, according to the Massachusetts Health & Hospital Association (MHA). After Change...

63% of known exploited vulnerabilities found on healthcare networks

by Jacqueline LaPointe

Healthcare networks and medical devices are highly vulnerable to cyberattacks, according to a recent study from cyber-physical systems protection company Claroty. The study found that 63 percent of...

Healthcare data breaches are piling up 3 months into the year

by Victoria Bailey

As of the first week of March, 116 healthcare data breaches have been reported to the HHS Office of Civil Rights (OCR) in 2024, impacting over 13 million individuals. The most common breach types were...

Healthcare hit hardest by ransomware last year, FBI IC3 report shows

by Jill McKeon

The healthcare sector suffered more ransomware attacks than any other critical infrastructure sector last year, according to complaint data examined in the Federal Bureau of Investigation’s 2023...

What the LockBit ransomware gang’s return means for healthcare

by Jill McKeon

Since its emergence four years ago, the LockBit ransomware gang has been ruthlessly targeting organizations across critical infrastructure at alarming rates. The group’s constant tactic modifications and vast network of affiliates...

Lurie Children’s Restores Key Systems Following Cyberattack

by Jill McKeon

Lurie Children's Hospital in Chicago has restored its Epic EHR platform and other key systems following a cyberattack that began on January 31st, the hospital stated. MyChart remains unavailable as...

NIST Releases CSF 2.0, Caters to Audience Beyond Critical Infrastructure

by Jill McKeon

The National Institute of Standards and Technology (NIST) released version 2.0 of its Cybersecurity Framework (CSF), which is broadly used to reduce cyber risk across critical infrastructure....

Healthcare Faces Uncertainty Amid Change Healthcare Cyberattack

by Jill McKeon

UPDATE 2/29/2024 - BlackCat/ALPHV has claimed responsibility for the attack and denied using the ConnectWise vulnerabilities for initial access. Healthcare organizations everywhere are feeling the impact of the Change Healthcare...

HSCC Issues Five-Year Health Industry Cybersecurity Strategic Plan

by Jill McKeon

The Healthcare and Public Health (HPH) Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) announced the publication of its “Health Industry Cybersecurity Strategic Plan”...

Cybersecurity Preparedness Tied to Lower Insurance Premium Increases

by Jill McKeon

Surveyed healthcare organizations that used the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) as their primary framework saw lower cyber insurance premium...

Exploring the Health Industry Cybersecurity Practices (HICP) Publication, How to Use It

by Jill McKeon

The “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” publication, known as “HICP” for short, is the product of healthcare industry leaders and government representatives coming...

New Legislation Aims to Strengthen Healthcare Cybersecurity Within HHS

by Jill McKeon

US Senators Angus King (I-ME) and Marco Rubio (R-FL) introduced the Strengthening Cybersecurity in Health Care Act, aimed at bolstering cybersecurity efforts within HHS. Specifically, the act would...

Chicago Children’s Hospital Confirms Cyber Threat Activity

by Jill McKeon

UPDATE 2/13/24 - This article has been updated to reflect new information about the cyberattack on Lurie Children's Hospital.  Lurie Children's Hospital has entered its third week of...

Akira Ransomware Aggressively Targets Healthcare, HC3 Warns

by Jill McKeon

The Health Sector Cybersecurity Coordination Center (HC3) issued an analyst note about Akira ransomware, a group that has been active since at least May 2023. In its short tenure, Akira has conducted...

KLAS Highlights Top Security, Privacy Solutions This Year

by Jill McKeon

KLAS Research recognized several leading security and privacy vendors as Best in KLAS winners for 2024. The 2024 Best in KLAS software and services winners were designated based on information...

Ransomware Makes ECRI’s Top Health Tech Hazards List

by Jill McKeon

ECRI named ransomware as one of the top ten health tech hazards of 2024 in its annual report, following a record year for healthcare data breaches. Ransomware and other cyber risk areas have made...

How HHS Cybersecurity Performance Goals Will Impact Healthcare

by Jill McKeon

HHS recently unveiled healthcare-specific cybersecurity performance goals (CPGs) with the intent of helping the sector prioritize the implementation of key security best practices. On their surface, the voluntary CPGs are straightforward,...