Skip to main content

Post Topic: Media Mention

Collecting Cyber Vulnerability Metrics is Critical

Collecting Cyber Vulnerability Metrics is Critical, But Communicating Them to Stakeholders in a Clear & Compelling Way is Key, Says H-ISAC Report

As the healthcare industry becomes more reliant on interconnected digital systems the importance of robust vulnerability management has never been more pronounced. A recent report by Health-ISAC, Vulnerability Metrics and Reporting, sheds light on best practices and strategies to strengthen cybersecurity in health systems.

Read the full article in HealthSystemCIO.com Click Here

 

FDA Urges Blood Suppliers to Beef Up Cyber

Bulletin Comes in Wake of Recent Attacks Disrupting Blood Collection, Supplies

The Food and Drug Administration is urging blood suppliers to bolster their cybersecurity practices to prevent and mitigate cyber incidents that could affect the supply and safety of critical blood and blood components used for transfusions and other patient care.

“The trio of ransomware attacks starting in April 2024 on OneBlood, Synnovis, and Octapharma Plasma by Russian cybercrime ransomware gangs caused disruption to blood and plasma supplies in regions across the U.S. and U.K., ultimately causing major impacts to patient care,” said Errol Weiss, chief security officer at Health-ISAC.

Read the full article in Healthcare Infosecurity Click Here

As Health-ISAC and AHA warned in August, the attacks on those three critical third-party suppliers significantly affected healthcare delivery, Weiss said. “It should serve as a wake-up call across the industry to address supply chain resilience. It’s not just about ensuring IT systems are secure, but also making sure critical hospital operations can continue to function in the face of widespread IT system outages,” Weiss said.

Cyware Launches Threat Intelligence Platform to Defend Healthcare Organizations from Cyber Threats

An Industry-Tuned Threat Intelligence Platform to Defend Healthcare Organizations from Cyber Threats

Purpose-built solution enables healthcare security teams with healthcare-specific threat feeds and automated response capabilities.

Media mention:

Errol Weiss, Chief Security Officer at Health-ISAC and Cyware customer, expressed the critical need for this innovation: “Healthcare is one of the most targeted sectors by cybercriminals. Having a threat intelligence platform that’s designed specifically for our industry will allow healthcare organizations to quickly access relevant, actionable insights that can make a tangible difference in defending against sophisticated attacks.”

Rachel James, Health-ISAC Threat Intelligence Committee member, noted, “In an environment where time is critical, healthcare security teams need tools that allow them to do more with less effort but with greater accuracy. Cyware’s Healthcare Threat Intelligence Platform is designed to quickly identify and respond to healthcare-specific threats, empowering organizations to stay ahead of attacks without being overwhelmed by complexity.”

Read the full press release in BusinessWire:

Click Here

Mitigating risk as healthcare supply chain attacks prevail

A focus on cyber resilience is essential for mitigating the risk of healthcare supply chain attacks, which have the potential to cause widespread disruptions.

 

Read the full article in TechTarget Extelligent Healthcare here:

Click Here

 

Healthcare supply chain attacks have the potential to disrupt care and operations across the healthcare system through just one successful infiltration. The single points of failure that exist across the sector make the risk of supply chain attacks even greater.

“The bad guys have figured out that if they can hit this small supplier who’s a single-source supplier in a particular region, they could cause a lot of impact to the healthcare sector more broadly and maximize their payoffs downstream,” said Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center (Health-ISAC).”It’s definitely different from what we were seeing before.”

Enhancing Cybersecurity in Rural Hospitals

Blog by Health-ISAC VP of Medical Device Security, Phil Englert

 

Rural hospitals face unique challenges, including financial constraints and staffing shortages.

Between 2010 and 2021, 136 rural hospitals closed, with a Crisis in Rural Healthcare report stating 600 more of the remaining 1,796 are at risk of closing. 

HealthIT Security.com reports that “Cyberattacks are pivoting to target smaller health care companies and specialty clinics without the resources to protect themselves, instead of larger health systems that – despite being treasure troves of personal and medical data – generally have more sophisticated security.” Most smaller hospitals are connected to larger systems becoming the “path of least resistance” into those larger health care networks increasing risk on a national level.

Read the full blog in TechNation here.

Click Here

Feds Warn of Godzilla Webshell Threats to Health Sector

Stealthy Backdoor Publicly Available on GitHub Can Be Weaponized for Larger Attacks

Excerpt from November 13, 2024 article in Healthcare Infosecurity

 

While the Health-Information Sharing and Analysis Center has seen an increase in recent reports of ransomware and malware incidents impacting the global healthcare sector, it has had “no direct sightings” of Godzilla webshell so far, said Errol Weiss, chief security officer of Health-ISAC.

Nonetheless, Weiss said he’s glad HHS issued the warning about Godzilla. “I would encourage all organizations, no matter what sector they’re in, to follow the recommendations in the bulletin,” he said.

Health-ISAC’s Weiss recommends that healthcare organizations review and implement the voluntary Cybersecurity Performance Goals published by HHS in January (see HHS Details New Cyber Performance Goals for Health Sector).

“Implementing the CPGs and participating in an information sharing community would help greatly improve the security posture of an organization.”

 

Read the full story in Healthcare Infosecurity here.

Click Here

Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs

Experts on Potential Data Security and HIPAA Privacy Changes in Trump’s Second Term

With Donald J. Trump set to return to the White House in January to serve another four-year term as U.S. president, what might the healthcare sector expect to see when it comes to his next administration’s cybersecurity priorities and HIPAA regulations and enforcement?

 

Excerpt from the November 6th article in BankInfo Security

“Any cybersecurity mandates for hospitals need to be accompanied by funding to support those programs,” said Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center.

“Historically, hospitals have been underfunded in cybersecurity, leaving organizations without the technology, and more importantly, the experienced cybersecurity people to properly protect those networks,” he said.

 

Read the full article here.

Click Here

Protecting the Healthcare Supply Chain Against Russian Ransomware Attacks

The healthcare sector is under siege.

 

In recent months, an alarming wave of cyber-attacks has laid bare critical weaknesses within the healthcare supply chain.

 

Russian ransomware gangs, known for their sophisticated and relentless tactics, have targeted key healthcare suppliers such as Synnovis, OctaPharma and OneBlood, disrupting essential services and jeopardizing patient care on a global scale.

 

As these threats escalate, healthcare organizations must reassess their cybersecurity strategies and take steps to include mission-critical suppliers in their risk management plans. Failure to do so could leave them vulnerable to severe disruptions, compromising the integrity of their operations – and leaving them unable to deliver life-saving patient care. 

 

Health-ISAC chief security officer Errol Weiss outlines the similarity of recent attacks targeting the healthcare supply chain, explains why collaboration and information sharing in sorely needed within the global health sector, and offers steps to bolster supply chain resiliency.

 

Read the full article in Infosecurity Magazine here:

Click Here

 

This site is registered on Toolset.com as a development site.