Monthly Newsletter – March 2023
March’s Newsletter features:
- APAC Summit – Keynote Highlights
- Health-ISAC Publication – Current and Emerging Healthcare Cyber Threat Landscape Report
- Spring Americas Summit – Registration Open and Agenda Available
- Member Service Spotlight — Vulnerability Bulletins
- New Secure Chat — Rolling out this month
- Committee Highlight — Business Resilience Committee (BRC)
- Upcoming Events — Workshops and Webinars
Pdf version:
Text version:
Only 2 Weeks Until the Inaugural APAC Summit in Singapore!
21-23 March 2023 —- You do not want to miss out on this event!
Two exciting keynotes announced!
Wednesday Keynote Leon Chang, is the Assistant Chief Executive and Chief Risk Officer for IS at Integrated Health Information Systems organization (IHIS). Mr. Chang is responsible for enterprise risk management, audit management, data protection, compliance, third party risk management Come hear Mr. Chang’s perspective on healthcare cybersecurity in APAC.
Thursday Keynote Craig Jones, Director of Cybercrime, INTERPOL. Mr. Jones is recognized as a strategic thinker, who shapes the policies that deliver outcomes and results against national, regional and global cyber threats. He will share his perspectives on the rapidly evolving global cybercrime threat landscape based upon his 29 years in law enforcement.
Besides a content rich agenda with topics such as risk management; security operations; security architecture; fraud; incident response; and medical device security, Health-ISAC has planned memorable dinner outings for attendees to experience together while creating important peer connections. Summit events include a Cocktail Reception, Touch Pool Experience and dinner at the Singapore Aquarium on Wednesday Night followed by Dinner and The Famous Night Safari Experience at the Singapore Zoo on Thursday Night.
The central location of this Inaugural event makes it accessible to healthcare and security professionals from Japan, India, Malaysia, and Australia, in addition to those in the Singapore area. Plan to stay at the contemporary and glamorous Hard Rock Hotel in Singapore to easily participate in evening networking and after-hours discussions.
Don’t wait! Register and book your room at https://h-isac.org/summits/2023-apac-summit/
HEALTHCARE CYBER THREAT LANDSCAPE REPORT
Health-ISAC, in partnership with Booz Allen Hamilton, published its annual Current and Emerging Healthcare Cyber Threat Landscape Report.
The report covers the top threats to healthcare organizations from a Cyber Threat Intelligence (CTI) perspective. It offers projections for 2023 based on retrospective trend analysis of threat actor Tactics, Techniques, and Procedures observed in 2022.
This report is available to Members and healthcare stakeholders currently receiving TLP: Green information from Health-ISAC.
The public version is available here: https://h-isac.org/annual-threat-landscape-report-2/
SPRING AMERICAS SUMMIT
PREPARE TO STRIKE
Announcing the keynote for the Spring Americas Summit
Geoffrey Ling MD, PhD, Colonel, US Army (ret) and CEO of On Demand Pharmaceuticals will speak in Tampa this May. You won’t want to miss Dr. Ling’s exciting and entertaining keynote where he will pull on his experience as the Founding Director of Biological Technologies at DARPA, his creation of the most advanced prosthetic arm to date, and his position as Assistant Director of Medical Innovation in the Science Division at President Obama’s White House Office of Science, Technology and Policy to gaze into the future of healthcare and look at the threats the sector will face as technology rapidly unfolds.
The Agenda is now available
Be sure to secure early bird pricing! https://h-isac.org/summits/2023-spring-americas-summit/
Ensure you have a room on property Hotel Cutoff is April 17, 2023; however, Summit room blocks often sell out before deadline.
COMMUNITY SERVICES SPOTLIGHT
Vulnerability Bulletins Health-ISAC Vulnerability Bulletins are distributed by the Threat Operations Center after analysis and validation of a vulnerability potentially impacting Member networks. Vulnerability Bulletins are issued to alert organizations of cyber vulnerabilities and to help vulnerability management teams prioritize patch updates. These bulletins often contain mitigation steps that include security updates and/or mitigation steps/tools.
A recent Member Satisfaction Survey shows Members appreciate the succinct summaries with vulnerability analysis to free up time that can be directed to higher value tasks.
• Outstanding Value or Very Good Value = 83%
• Some Value, Very Little Value, or No Value = 11%
• Don’t Know / Don’t Use = 6%
NEW SECURE CHAT
Learn more about Community Services available to Members: https://h-isac.org/community-services/
Available March 6th!
New Chat Collaboration Platform Health-ISAC will be moving off of Mattermost to a new Secure Chat Platform. This new platform will enhance collaboration capabilities between Members. Existing groups and channels will be migrated and the experience should be seamless. One thing to note is Chat histories will not be able to transfer, but the current platform will remain available for a period of time to allow you to save any relevant information.
If you have any issues logging in please reach out to contact@h-isac.org Access to the platform will be available Monday, March 6.
COMMITTEE UPDATE
Business Resilience Committee
Health-ISAC’s Business Resilience Committee (BRC) identifies non-cybersecurity threats relevant to the health sector. It also determines associated risks and appropriate security considerations, and supports the Health-ISAC Threat Operations Center (TOC) to share information broadly with Members. The BRC meets on the 2nd Wednesday of each month at 12:00 pm ET. Those interested in joining the BRC should send a short bio to contact@h-isac.org.
UPCOMING EVENTS
View all Health-ISAC Events here https://h-isac.org/events/
March 7 in Santa Clara, California
Health-ISAC Healthcare Cybersecurity Workshop,
hosted by Health-ISAC and Agilent
March 9 in San Diego, California Health-ISAC
Healthcare Cybersecurity Workshop,
hosted by Health-ISAC and Rady Children’s
March 7 at 1pm: Ambassador webinar by RiskRecon a Mastercard Company
Insights from 10 Years of Data Breach Monitoring
March 8 at 2pm: Navigator webinar Medigate by Claroty
Medical Device Cybersecurity – HHS 405(d) Best Practices Update
March 14 at 1pm: Navigator webinar by Finite State
Medical Device Cybersecurity: A Holistic Approach to Decrease Attack Surface & Improve Patient Safety
March 26 – Visit Health-ISAC at
ViVE Powered by CHIME + HLTH 2023 Information booth and presentation sessions
MONTHLY MEMBER EVENTS
March 28 –
Member Threat Briefing
Last Tuesday of each month
at 12pm ET
March 30 –
ETC webinar
Last Thursday of each month
at 12pm ET
Top Health Related Cyber and Physical Events for March
Elderly in China protest over slashed health benefits
https://www.bbc.com/news/world-asia-china-64658729
Equatorial Guinea confirms first Marburg virus disease outbreak
Severe Thunderstorms, Including Tornadoes, Possible In The South
News Analysis: Nurses in Britain walk out over payment amid strained medical services
https://english.news.cn/20230207/8a466ffc85c343ffa99769691722ef6c/c.html
Hackers are selling a service that bypasses ChatGPT restrictions on malware
Siemens License Manager Vulnerabilities Allow ICS Hacking
https://www.securityweek.com/siemens-license-manager-vulnerabilities-allow-ics-hacking/
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide
2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged
Spain, U.S. dismantle phishing gang that stole $5 million in a year
3.3 Million Impacted by Ransomware Attack at California Healthcare Provider
https://www.securityweek.com/3-3-million-impacted-by-ransomware-attack-at-california-healthcare-prov
- Related Resources & News
- Leveraging ISO 81001-5-1 Amid Medical Device Procurement
- Mitigating risk as healthcare supply chain attacks prevail
- Enhancing Cybersecurity in Rural Hospitals
- Health-ISAC Hacking Healthcare 11-15-2024
- Cyber Incident Response: Playbook for Medical Product Makers
- Feds Warn of Godzilla Webshell Threats to Health Sector
- Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs
- Health-ISAC Hacking Healthcare 11-7-2024
- Protecting the Healthcare Supply Chain Against Russian Ransomware Attacks
- All hospitals should be concerned about cyberattacks. Here’s why