Feds Warn of Godzilla Webshell Threats to Health Sector

Stealthy Backdoor Publicly Available on GitHub Can Be Weaponized for Larger Attacks

Excerpt from November 13, 2024 article in Healthcare Infosecurity

While the Health-Information Sharing and Analysis Center has seen an increase in recent reports of ransomware and malware incidents impacting the global healthcare sector, it has had “no direct sightings” of Godzilla webshell so far, said Errol Weiss, chief security officer of Health-ISAC.

Nonetheless, Weiss said he’s glad HHS issued the warning about Godzilla. “I would encourage all organizations, no matter what sector they’re in, to follow the recommendations in the bulletin,” he said.

Health-ISAC’s Weiss recommends that healthcare organizations review and implement the voluntary Cybersecurity Performance Goals published by HHS in January (see HHS Details New Cyber Performance Goals for Health Sector).

“Implementing the CPGs and participating in an information sharing community would help greatly improve the security posture of an organization.”

Read the full story in Healthcare Infosecurity here.

Click Here

• Related Resources & News
• Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
• New Cybersecurity Policies Could Protect Patient Health Data
• CyberWire Podcast: PHP flaw sparks global attack wave
• Health-ISAC Hacking Healthcare 3-14-2025
• HSCC Aiming to Identify Healthcare Workflow Chokepoints
• New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
• Are Efforts to Help Secure Rural Hospitals Doing Any Good?
• CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
• 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
• Cobalt Strike takedown effort cuts cracked versions by 80%