Skip to main content

Post Topic: Media Mention

The Year Ahead: What Can We Expect Within the Cybersecurity Landscape?

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

Cybersecurity experts predict cybersecurity attacks will continue to happen with more sophistication

2024 was a year that saw several blows to the healthcare industry when it came to cybersecurity. Data breaches and ransomware attacks caused major disruptions in the daily operations of healthcare organizations with significant monetary implications.
 

Read the full article in Healthcare Innovation Click Here

 

Errol Weiss, chief security officer at Health-ISAC, confirms that this year, a higher number of cybersecurity events were observed than the year prior. What’s happening now, he says, is that not only are hospitals victims of ransomware attacks but now patients as well. Criminals will threaten to release private patient data if a ransomware sum is not being paid. The ransomware group BlackCat attacked Leigh Valley Health, for example, and threatened to release nude pictures of its cancer patients. The class action suit was settled for $65 million. Weiss expects to see more of these types of attacks in the year ahead. “They will go after whatever they can,” Weiss says about the cybercriminals.

To the question of whether he thinks federal legislation on cybersecurity measures within healthcare will be helpful, Weiss responds, “Hospitals are operating on razor-thin margins as it is, and it is very difficult for them to invest in things that aren’t directly related to patient care. If we’re going to talk about any kind of legislation moving forward, especially in the new administration, it needs to come with the adequate resources to make sure that that happens.”

Weiss doesn’t believe in throwing money at the problem. He advocates getting the right people into organizations to address issues. He believes a virtual CISO program is a way to get additional help in. Weiss says there are a lot of cybersecurity vendors and point solutions. “The market is very confusing…. So if you had $100 to spend on cyber security, where would you spend that?”

As to what to expect in 2025, Weiss points to the issue of attacks on the supply chain, where the level of sophistication is increasing. In this area, Weiss says, the attacks don’t seem so random, “where many of these malware attacks, the ransomware gang will send out millions of malicious emails and hope that they get somebody somewhere to click on something and install the ransomware.” The attacks this past year seem to be more targeted.

Weiss anticipates artificial intelligence (AI) will also be part of more attacks. “We’ve already seen the talk about malicious actors leveraging AI to develop zero-day attacks, which is absolutely mind-boggling because you leverage AI to help develop some new attack technique.” Weiss adds, “If the bad guys can use AI to develop a new zero-day, I think we’ve got to also be proactive, finding out those zero-days, and then defending against those.”

HHS Urges Health Sector to Beef Up OT, IoMT Security

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

Feds Warn That Connected Devices Are Prey for Cyberattackers

HHS is urging healthcare entities to enhance security of OT, IoMT and other devices used in their environments

The security of medical devices has been getting most of the attention from regulators in recent years, but other devices that make up the medical internet of things and operational technology systems are also vulnerable to cyberattacks, federal authorities warned in a new advisory.

Recent analysis by Health Information Sharing and Analysis Center (Health-ISAC) found that 12 medical devices from five different manufacturers had vulnerabilities that were top targets of exploitation by malicious cyber actors, said Errol Weiss, chief security officer at Health-ISAC.

“What strikes me is that we now know that attackers are actively exploiting known vulnerabilities that also exist in medical devices – if anything that should raise the priority to patch these devices before they are compromised,” he said.

Click Here

Defending Healthcare Facilities Against Ransomware Attacks

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

As ransomware attacks and tactics evolve, healthcare facilities must be aware of what threats exist and how to stay secure.

Cybersecurity in the healthcare space is a prominent topic as cyberattacks continue to assault healthcare organizations daily. Worse, cybercriminals are constantly changing how they operate and execute their attacks, making adapting to their methods difficult.  

The biggest change in their tactics is the increasing use of ransomware, according to Errol Weiss, chief security officer at Health-ISAC. Not only that, but Weiss says healthcare organizations are also becoming more vulnerable to cyberattacks due to a lack of investment in cybersecurity and IT in general.  

“I think there’s a perfect storm in healthcare where we’ve got an already cyber vulnerable population out there because of the lack of cybersecurity investment,” says Weiss. 

Read the full article in Healthcare Facilities Today.

Click Here

Collecting Cyber Vulnerability Metrics is Critical

Written by Julia Annaloro on . Posted in In The News.

Collecting Cyber Vulnerability Metrics is Critical, But Communicating Them to Stakeholders in a Clear & Compelling Way is Key, Says H-ISAC Report

As the healthcare industry becomes more reliant on interconnected digital systems the importance of robust vulnerability management has never been more pronounced. A recent report by Health-ISAC, Vulnerability Metrics and Reporting, sheds light on best practices and strategies to strengthen cybersecurity in health systems.

Read the full article in HealthSystemCIO.com Click Here

 

FDA Urges Blood Suppliers to Beef Up Cyber

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

Bulletin Comes in Wake of Recent Attacks Disrupting Blood Collection, Supplies

The Food and Drug Administration is urging blood suppliers to bolster their cybersecurity practices to prevent and mitigate cyber incidents that could affect the supply and safety of critical blood and blood components used for transfusions and other patient care.

“The trio of ransomware attacks starting in April 2024 on OneBlood, Synnovis, and Octapharma Plasma by Russian cybercrime ransomware gangs caused disruption to blood and plasma supplies in regions across the U.S. and U.K., ultimately causing major impacts to patient care,” said Errol Weiss, chief security officer at Health-ISAC.

Read the full article in Healthcare Infosecurity Click Here

As Health-ISAC and AHA warned in August, the attacks on those three critical third-party suppliers significantly affected healthcare delivery, Weiss said. “It should serve as a wake-up call across the industry to address supply chain resilience. It’s not just about ensuring IT systems are secure, but also making sure critical hospital operations can continue to function in the face of widespread IT system outages,” Weiss said.

Cyware Launches Threat Intelligence Platform to Defend Healthcare Organizations from Cyber Threats

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

An Industry-Tuned Threat Intelligence Platform to Defend Healthcare Organizations from Cyber Threats

Purpose-built solution enables healthcare security teams with healthcare-specific threat feeds and automated response capabilities.

Media mention:

Errol Weiss, Chief Security Officer at Health-ISAC and Cyware customer, expressed the critical need for this innovation: “Healthcare is one of the most targeted sectors by cybercriminals. Having a threat intelligence platform that’s designed specifically for our industry will allow healthcare organizations to quickly access relevant, actionable insights that can make a tangible difference in defending against sophisticated attacks.”

Rachel James, Health-ISAC Threat Intelligence Committee member, noted, “In an environment where time is critical, healthcare security teams need tools that allow them to do more with less effort but with greater accuracy. Cyware’s Healthcare Threat Intelligence Platform is designed to quickly identify and respond to healthcare-specific threats, empowering organizations to stay ahead of attacks without being overwhelmed by complexity.”

Read the full press release in BusinessWire:

Click Here

Mitigating risk as healthcare supply chain attacks prevail

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

A focus on cyber resilience is essential for mitigating the risk of healthcare supply chain attacks, which have the potential to cause widespread disruptions.

 

Read the full article in TechTarget Extelligent Healthcare here:

Click Here

 

Healthcare supply chain attacks have the potential to disrupt care and operations across the healthcare system through just one successful infiltration. The single points of failure that exist across the sector make the risk of supply chain attacks even greater.

“The bad guys have figured out that if they can hit this small supplier who’s a single-source supplier in a particular region, they could cause a lot of impact to the healthcare sector more broadly and maximize their payoffs downstream,” said Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center (Health-ISAC).”It’s definitely different from what we were seeing before.”

Enhancing Cybersecurity in Rural Hospitals

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

Blog by Health-ISAC VP of Medical Device Security, Phil Englert

 

Rural hospitals face unique challenges, including financial constraints and staffing shortages.

Between 2010 and 2021, 136 rural hospitals closed, with a Crisis in Rural Healthcare report stating 600 more of the remaining 1,796 are at risk of closing. 

HealthIT Security.com reports that “Cyberattacks are pivoting to target smaller health care companies and specialty clinics without the resources to protect themselves, instead of larger health systems that – despite being treasure troves of personal and medical data – generally have more sophisticated security.” Most smaller hospitals are connected to larger systems becoming the “path of least resistance” into those larger health care networks increasing risk on a national level.

Read the full blog in TechNation here.

Click Here

Feds Warn of Godzilla Webshell Threats to Health Sector

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

Stealthy Backdoor Publicly Available on GitHub Can Be Weaponized for Larger Attacks

Excerpt from November 13, 2024 article in Healthcare Infosecurity

 

While the Health-Information Sharing and Analysis Center has seen an increase in recent reports of ransomware and malware incidents impacting the global healthcare sector, it has had “no direct sightings” of Godzilla webshell so far, said Errol Weiss, chief security officer of Health-ISAC.

Nonetheless, Weiss said he’s glad HHS issued the warning about Godzilla. “I would encourage all organizations, no matter what sector they’re in, to follow the recommendations in the bulletin,” he said.

Health-ISAC’s Weiss recommends that healthcare organizations review and implement the voluntary Cybersecurity Performance Goals published by HHS in January (see HHS Details New Cyber Performance Goals for Health Sector).

“Implementing the CPGs and participating in an information sharing community would help greatly improve the security posture of an organization.”

 

Read the full story in Healthcare Infosecurity here.

Click Here

Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

Experts on Potential Data Security and HIPAA Privacy Changes in Trump’s Second Term

With Donald J. Trump set to return to the White House in January to serve another four-year term as U.S. president, what might the healthcare sector expect to see when it comes to his next administration’s cybersecurity priorities and HIPAA regulations and enforcement?

 

Excerpt from the November 6th article in BankInfo Security

“Any cybersecurity mandates for hospitals need to be accompanied by funding to support those programs,” said Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center.

“Historically, hospitals have been underfunded in cybersecurity, leaving organizations without the technology, and more importantly, the experienced cybersecurity people to properly protect those networks,” he said.

 

Read the full article here.

Click Here

Protecting the Healthcare Supply Chain Against Russian Ransomware Attacks

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

The healthcare sector is under siege.

 

In recent months, an alarming wave of cyber-attacks has laid bare critical weaknesses within the healthcare supply chain.

 

Russian ransomware gangs, known for their sophisticated and relentless tactics, have targeted key healthcare suppliers such as Synnovis, OctaPharma and OneBlood, disrupting essential services and jeopardizing patient care on a global scale.

 

As these threats escalate, healthcare organizations must reassess their cybersecurity strategies and take steps to include mission-critical suppliers in their risk management plans. Failure to do so could leave them vulnerable to severe disruptions, compromising the integrity of their operations – and leaving them unable to deliver life-saving patient care. 

 

Health-ISAC chief security officer Errol Weiss outlines the similarity of recent attacks targeting the healthcare supply chain, explains why collaboration and information sharing in sorely needed within the global health sector, and offers steps to bolster supply chain resiliency.

 

Read the full article in Infosecurity Magazine here:

Click Here

 

This site is registered on Toolset.com as a development site.