Skip to main content

Post Topic: Threat Intelligence

Health-ISAC 2025 Health Sector Cyber Threat Landscape

Written by Julia Annaloro on . Posted in In The News, Special Updates, Threat Intelligence, White Papers.

Annual Threat Report – 2025

2024 was a challenging year in cybersecurity for health sector systems around the world.

The Health-ISAC 2025 Health Sector Cyber Threat Landscape highlights a continued escalation of cyberattacks. Key findings include a surge in ransomware attacks, with increasingly sophisticated techniques employed by threat actors.

The report also emphasizes the growing threat of nation-state actors and cyber-espionage, targeting sensitive patient data and intellectual property. Furthermore, the rise of Internet of Medical Things (IoMT) devices has introduced new vulnerabilities, while the evolving threat landscape necessitates continuous adaptation of security measures for health sector organizations globally.

Includes the following, plus key insights pulled from the survey data:
  • Top Five Cyber Threats Health Sector Organizations Faced in 2024
  • Top Five Cyber Threats Health Sector Organizations are looking at in 2025
  • Top Three Challenges Medical Device Manufacturers reported in developing secure medical devices
  • Top Three Impacts on Healthcare Delivery Organizations

Health ISAC 2025 Annual Threat Report
Size : 7.1 MB Format : PDF

DeepSeek’s Security Risk Is A Critical Reminder For CIOs

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

Updated Jan 31, 2025, 12:12 pm EST
 

This article in Forbes covers the following topics:

  • Critical Security Flaws In DeepSeek’s System
  • Teach And Monitor
  • CIO Contract Sign-Off
  • Practice Breach Response

Pulled Health-ISAC quote:

Rapid response is especially critical when dealing with breaches involving unsupported technology. The recently proposed HIPAA rule requires healthcare organizations to restore systems within 72 hours. Errol Weiss, the chief security officer at Health-ISAC, said these three areas below are key.

  • Speed is crucial: The faster you respond to a cyber incident, the less damage the attacker can inflict.
  • Follow your incident response plan: If you have a pre-defined incident response plan, follow it closely.
  • Seek expert assistance: If you lack in-house expertise, consider engaging external cybersecurity professionals.

Read the article in Forbes. Click Here

Threat Bulletin: SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks

Written by Julia Annaloro on . Posted in Health-ISAC, Resources & News, Threat Intelligence.

TLP WHITE –

Update January 30, 2025

Health-ISAC, in collaboration with AHA, has identified attempted and ongoing ransomware attacks potentially due to SimpleHelp remote monitoring and management (RMM) software vulnerabilities.  Based on the potential threat and impact on patient care, the AHA worked with Health-ISAC to ensure this bulletin is distributed widely to the health sector.  
 
It is strongly recommended that all instances of the SimpleHelp application, especially within health care organizations, be identified and appropriate patches be applied per the bulletin guidance. It is also strongly recommended that health care organizations ensure that all third-party and business associates using SimpleHelp also apply appropriate patches.

January 29, 2025

Recent reporting indicates that threat actors are exploiting patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to gain unauthorized access to private networks. These vulnerabilities tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, were discovered by Horizon3 researchers in late December 2024 and disclosed to SimpleHelp on January 6, prompting the company to release patches. The flaws were publicly disclosed after the patches were released on January 13, 2025.

This campaign highlights the importance of patch management, as threat actors use exploits within a week of public disclosure. 

The vulnerabilities identified in SimpleHelp RMM could allow attackers to manipulate files and escalate privileges to administrative. A threat actor could chain these vulnerabilities in an attack to gain administrative access to the vulnerable server and then use that access to compromise the device running vulnerable SimpleHelp client software. 

TLPWHITE Cb3ee67f Simplehelp Rmm Software Leveraged In Exploitation Attempt To Breach Networks
Size : 139.4 kB Format : PDF

 

Potential Threats to Healthcare Executives Are Circulating On-Line

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

 

Following the tragic shooting of the UnitedHealthcare CEO in New York City on December 4, Health-ISAC issued an alert to Members on December 9 identifying eleven precautionary actions health sector organizations should take.

Health-ISAC has received reports of multiple on-line postings threatening executives within the health sector. Forums have been identified as a source of threats targeting CEOs in the healthcare industry, particularly those leading major health insurance companies and pharmaceutical firms. Health-ISAC has issued a threat bulletin to inform the global health sector on what to be aware of and recommend mitigation steps for organizations to take immediately. Please read and share within the health sector.

TLPWHITE Da2c7f6d Potential Threats To Healthcare Executives Are Circulating On Line
Size : 3.6 MB Format : PDF

 

These threats, which range from general intimidation to specific calls for violence, have emerged in the wake of the recent killing of a UnitedHealthcare CEO. It is important to note that the perpetrator of this recent assassination has not yet been apprehended, and the investigation into the possible motives is still ongoing.

While these circulating threats have not been verified, Health-ISAC recommends heightened security awareness among healthcare executives and more stringent security measures to ensure safety. 

Calls for violence may extend to the cyber domain, leading hacktivists to carry out DDoS and other disruptive attacks on the health sector. Health-ISAC recommends that members remain vigilant about safeguarding all infrastructure and that organizations share any specifics they can about threats to executives so we can keep the community informed.

Collecting Cyber Vulnerability Metrics is Critical

Written by Julia Annaloro on . Posted in In The News.

Collecting Cyber Vulnerability Metrics is Critical, But Communicating Them to Stakeholders in a Clear & Compelling Way is Key, Says H-ISAC Report

As the healthcare industry becomes more reliant on interconnected digital systems the importance of robust vulnerability management has never been more pronounced. A recent report by Health-ISAC, Vulnerability Metrics and Reporting, sheds light on best practices and strategies to strengthen cybersecurity in health systems.

Read the full article in HealthSystemCIO.com Click Here

 

Guidance for CTI in a Box

Written by Julia Annaloro on . Posted in Health-ISAC, Resources & News, White Papers.

This white paper presents an analysis of a survey conducted among Health-ISAC Members by the Cyber Threat Intelligence (CTI) Program Development Working Group. The survey aimed to provide critical insights into the current state of CTI programs across the health sector, identifying strengths and opportunities for growth.

 

Purpose

The survey results were instrumental in guiding the Working Group’s efforts to prioritize high-value deliverables and foster collaboration within the Health-ISAC community. These findings have informed the development of practical resources designed to support and advance CTI initiatives.

Key Findings

The paper explores 9 key findings from the survey, which have directly influenced the creation of resources and tools tailored to the needs of Health-ISAC members. These findings serve as the foundation for an innovative resource suite named CTI in a Box. This comprehensive resource organizes essential tools, strategies, and best practices to empower Health-ISAC Members in strengthening their CTI programs. Members can access CTI in a Box through the Health-ISAC Threat Intelligence Portal (H-TIP).

 

Click Here

Continue reading

Cyware Launches Threat Intelligence Platform to Defend Healthcare Organizations from Cyber Threats

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

An Industry-Tuned Threat Intelligence Platform to Defend Healthcare Organizations from Cyber Threats

Purpose-built solution enables healthcare security teams with healthcare-specific threat feeds and automated response capabilities.

Media mention:

Errol Weiss, Chief Security Officer at Health-ISAC and Cyware customer, expressed the critical need for this innovation: “Healthcare is one of the most targeted sectors by cybercriminals. Having a threat intelligence platform that’s designed specifically for our industry will allow healthcare organizations to quickly access relevant, actionable insights that can make a tangible difference in defending against sophisticated attacks.”

Rachel James, Health-ISAC Threat Intelligence Committee member, noted, “In an environment where time is critical, healthcare security teams need tools that allow them to do more with less effort but with greater accuracy. Cyware’s Healthcare Threat Intelligence Platform is designed to quickly identify and respond to healthcare-specific threats, empowering organizations to stay ahead of attacks without being overwhelmed by complexity.”

Read the full press release in BusinessWire:

Click Here

Vulnerability Metrics and Reporting

Written by Julia Annaloro on . Posted in Health-ISAC, White Papers.

A white paper published by Health-ISAC’s Vulnerability Management Working Group

In today’s always-on interconnected world, vulnerability management is a foundational process for all organizations. Metrics and reporting play a critical role in monitoring the services we provide, implementing detection capabilities, and remediation efforts of application or technology teams. Effective storytelling with metrics and reporting can help showcase improvements or the effectiveness of our technology support personnel. The vulnerability management team should have a scoring system to reflect the organization’s remediation timelines.

Vulnerability Metrics And Reporting (1)
Size : 2.3 MB Format : PDF

 

This site is registered on Toolset.com as a development site.