Monthly Newsletter – May 2022

May’s Newsletter features:

• Health-ISAC’s 2022 Spring Americas Summit — Download and sign into the H-ISAC Summit App
• Health-ISAC Takes a Stand – Health-ISAC helps protect the global health sector through botnet disruption
• Annual Member Survey — It Only Takes 9 minutes To Help Shape the Value You Receive From Your Health-ISAC Membership!
• Upcoming Health-ISAC Summits — European and Fall Americas Summit Call for Papers Now Open!
• Working Group Spotlight — Purple Teams
• Community Services Spotlight — Zerofox
• Upcoming Events —  Webinars

Pdf version:

View PDF

Text version:

Ohana Village – Spring Americas Summit

Happening Now!

The Health-ISAC community is connecting this week in Orlando, Florida – sharing  experiences, asking questions and strengthening the bond that makes us Ohana, family.

The Summit platform is LIVE! Log in to start conversations, win game points, and customize your schedule. Summit notifications can alert you prior to sessions you don’t want to miss. Attendees needing assistance with the platform, please email Contact@h-isac.org.

Sessions are recorded and available for all registered attendees to watch on-demand through June 30th.

Health-ISAC helps protect the global health sector through botnet disruption

On April 6, 2022, Microsoft, Health-ISAC and FS-ISAC filed a civil suit in the US Federal Court in Atlanta against operators of the Zloader botnet.

Zloader is responsible for delivering Ryuk ransomware (among other malware) which has been linked to more than 200 ransomware attacks impacting hospitals, public health departments, nursing homes and patient care facilities around the world since 2018.  In many cases, the ransomware attacks knocked hospital IT systems off-line resulting in cancelled surgeries and delayed medical care.

The Court approved our request for a restraining order that allowed Microsoft to seize the botnet infrastructure, including hundreds of domains used by the criminal organization.  The efforts showed an immediate impact with nearly 50,000 infected computers no longer able to take commands from the Zloader bot controllers.  That number should continue to increase and hope possibly put an end to Zloader’s ability to distribute malware forever.

Health-ISAC plans to continue botnet disruption projects like this in the future to help protect the global health sector.  If you’re interested in participating, please email Contact@h-isac.org.

Top 10 Cyber and Physical Healthcare Security Articles for May

Anonymous Hacked Russian Thozis Corp

Anonymous Targets Oligarchs’ Russian Businesses
Pictures Reveal Brutal Extent of £90bn Damage to Hospitals, Schools and Key Infrastructure

CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability 

Germany Shuts Down Russian Hydra Darknet Market 

Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year

‘Catastrophic Event’ Imminent as Physical Assault Rate Escalates at Canberra’s Dhulwa Mental Health Unit

India Claims It Foiled Chinese Cyberattack on Disputed Border

WMware Warns of Critical Remote Code Execution Bug in Workspace ONE Access 

Spring4Shell Vulnerability Exploited by Mirai Botnet 

​

It Only Takes 9 minutes to Help Shape the Value you Receive from Your Health-ISAC Membership.

Health-ISAC is conducting its first annual Membership Satisfaction Survey.  Your participation will help Health-ISAC as we strive to understand how well we are serving the needs of our members and the industry and how we can ensure ongoing value in the future. Individual responses are completely confidential and will not be shared with outside partners or agencies.

Please take a few minutes to complete the Member Survey. The link can be found in the Member list server dated 5-26-2022 and in the Spring Americas Summit app. Completed surveys may be entered to win a $50 gift card. Note: option to participate in the drawing does require contact information.

SAVE THE DATE!  UPCOMING HEALTH-ISAC SUMMITS

2022 European Summit

October 17-20, 2022

Call for Papers Now Open!

Seeking dynamic speakers; please consider submitting a
3-5 sentence abstract to share with your healthcare
security peers.

Take a look at the location:
Hilton Vilamoura As Cascatas Golf Resort & Spa, Portugal

https://www.hilton.com/en/hotels/faohihi-hilton-vilamoura-as-cascatas-golf-resort-and-spa/gallery/

Route to Security – Fall Americas Summit

December 6-8, 2022

Get your kicks on Route to Security in Phoenix, Arizona!
View this video for a sneak peek: https://youtu.be/-eNzgFPniuk

Call For Papers is Now Open!

Be part of the amazing content. Submit a brief abstract of
a relevant topic.

View information about these summits and other events of interest to the Health-ISAC Community at 
https://h-isac.org/events

WORKING GROUPS

NEW WORKING GROUP: PURPLE TEAMS

Come collaborate with peers and participate in Health-ISAC’s latest Purple Team Working Group.

This working group will be looking at:

• Augmenting its capabilities
• Implementing value-driven concepts to expand
  its benefits
• Demonstrating its value to leadership along with a host of other ground breaking initiatives

Meets the first Thursday of each Month at 2pm ET

Email contact@h-isac.org to learn more.

COMMUNITY SERVICES

The ZeroFox Platform is a cloud-based digital risk protection and full spectrum threat intelligence solution giving organizations comprehensive visibility and protection across the surface, deep and dark web protecting millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Instagram, Pastebin, YouTube, mobile app stores, domains, cloud-based email and more.

Free Annual Risk Findings Report for Health-ISAC Tier 1 members

Learn more here: https://h-isac.org/community-services/

UPCOMING EVENTS

Health-ISAC Navigator webinar

Security that Empowers the Business

by Axonius
Tuesday, May 10
2:00pm ET

https://h-isac.org/hisacevents/security-that-empowers-the-business-by-axonius/

Health-ISAC Navigator webinar

The Raising the Bar to Disrupt BEC: Combatting the Biggest Threats Targeting Healthcare

by Cofense
Tuesday, May 17
1:00pm ET

https://h-isac.org/hisacevents/raising-the-bar-to-disrupt-bec-by-cofense/

Monthly Member Threat Briefing

Tuesday, May 31
12pm ET

ETC from Community Services

Thursday, May 26
12pm ET

 Link swill be sent via the Member list server

Health-ISAC Member Meetup at RSA Conference

Dinner June 7 – RSVP, and Catch these Health-ISAC presentations:

ISAC’s Critical Role for Increasing Regulatory Environment for Cybersecurity

Securing Medical Devices panel

https://h-isac.org/hisacevents/h-isac-member-meet-up-at-rsa-conference-3/

• Related Resources & News
• Leveraging ISO 81001-5-1 Amid Medical Device Procurement
• Mitigating risk as healthcare supply chain attacks prevail
• Enhancing Cybersecurity in Rural Hospitals
• Health-ISAC Hacking Healthcare 11-15-2024
• Cyber Incident Response: Playbook for Medical Product Makers
• Feds Warn of Godzilla Webshell Threats to Health Sector
• Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs
• Health-ISAC Hacking Healthcare 11-7-2024
• Protecting the Healthcare Supply Chain Against Russian Ransomware Attacks
• All hospitals should be concerned about cyberattacks. Here’s why