Healthcare Cybersecurity

Ransomware gangs are increasingly skipping file encryption and are concentrating on data theft and extortion, according to a recent report...

The Federal Bureau of Investigation (FBI) has published its 2022 Internet Crime Report, which shows at least $10.3 billion was...

The number of healthcare data breaches reported over the past three months has remained fairly flat, with only a small...

A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency...

On Thursday last week, the U.S. Senate Committee on Homeland Security and Governmental Affairs held a hearing to examine cybersecurity...

There are no specific HIPAA social media rules because HIPAA was enacted several years before social media networks such as...

What is considered PHI is one of the most complicated HIPAA-related questions to answer because – in some cases –...

The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence information about the Black Basta ransomware group to help...

This month, the Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) published guidance to help healthcare...

The U.S. Cybersecurity and Infrastructure Agency (CISA) has launched a new pilot program in response to the increase in ransomware...

The Health Sector Cybersecurity Coordination Center has issued a security advisory warning about data exfiltration in healthcare cyberattacks, highlighting the...

A joint cybersecurity advisory has been published by CISA and the FBI, sharing details of the tactics, techniques, and procedures...

In what is believed to be a first, the BlackCat ransomware gang has published naked images of patients that were...

A new guide has been published by the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group and the U.S. Department...

Cybercriminal groups have been experiencing declining revenues. Just like the businesses they attack, when profits start to fall, changes need...

Two individuals suspected of being core members of the DoppelPaymer ransomware gang have been arrested by police officers in Germany...

Losses to phishing attacks increased by 76% last year, with almost one-third of companies losing money to successful phishing attacks...

The Biden Administration has announced a long-awaited new national cybersecurity strategy for tackling the growing threat of cyberattacks on critical...

A recent survey conducted by the Pew Research Center found a majority of Americans are uncomfortable with their healthcare providers...

Defenses need to be put in place to detect and block attempts by cybercriminals to access healthcare networks, but not...

The healthcare and public health (HPH) sector has been warned about cyberattacks involving MedusaLocker ransomware – one of the lesser-known...

In Early February, a zero-day vulnerability in Fortra’s GoAnywhere MFT secure file transfer software (CVE-2023-0669) was exploited in attacks on...

Enterprise email archiving solutions are becoming more and more important for organizations of all sizes due to the growing volume...

Google Drive is a useful tool for sharing documents, but can those documents contain PHI? Is Google Drive HIPAA compliant?...

Security researchers have issued warnings following an increase in cyberattacks distributing a malware variant called GootLoader. GootLoader is a malware...

The Health Sector Cybersecurity Coordination Center (HC3) at the Department of Health and Human Services has issued a DDoS guide...

The threat intelligence provider, Mandiant, says almost all cybersecurity leaders are happy with the threat intelligence they are consuming, but...

Cyberattacks on business associates of healthcare organizations have increased to the point where attacks on business associates now outnumber attacks...

A joint cybersecurity advisory has been issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA),...

Business Email Compromise scams are the biggest cause of losses to cybercrime. Over the past 5 years, more than $43...

Malicious actors used a variety of methods to gain initial access to victims’ networks but in 2022, cybercriminal groups appeared...

Healthcare organizations have been investing in cybersecurity to improve their defenses against increasingly numerous and sophisticated cyberattacks; however, while an...

The French Computer Emergency Response Team (CERT-FR) has warned about an ongoing ransomware campaign targeting VMware ESXi hypervisors that have...

To best answer the question what is a HIPAA violation, it is necessary to explain what HIPAA is, who it...

It is important that Covered Entities and Business Associates understand the HIPAA password requirements and the best way to comply...

The pro-Russian hacking group, Killnet, is conducting a campaign of Distributed Denial of Service (DDoS) attacks on U.S. hospitals in...

Multiple vulnerabilities have been identified in the popular open source electronic health record and medical practice management software, OpenEMR. OpenEMR...

While the Hive ransomware operation was infiltrating servers, exfiltrating data, and demanding ransom payments from their victims, their activities were...

Blackberry has recently published its Global Threat Intelligence Report, which provides actionable and contextualized intelligence that can be used to...

Cybercriminals are increasingly using legitimate remote monitoring and management (RMM) software in their attacks, according to a recent joint alert...

Ransomware gangs are finding it much harder to profit from their attacks as fewer victims are ransoms to obtain the...

For the first time since 2015, there was a year-over-year decline in the number of data breaches reported to the...

There are many benefits of using AI in healthcare, including the acceleration of drug development and medical image analysis, but...

An inspection of information security at Tuscaloosa VA Medical Center in Alabama by the VA Office of Inspector General (OIG)...

While it is difficult to obtain accurate data on the number of ransomware attacks being conducted on healthcare organizations, the...

The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence on two sophisticated and aggressive ransomware operations – Blackcat...

The number of reported healthcare data breaches declined for the second successive month, with 40 data breaches of 500 or...

A group of 20 security and risk executives from leading healthcare provider organizations have come together to share their insights...

Healthcare organizations can put a host of cybersecurity measures in place to secure their networks and prevent direct attacks by...

Healthcare ransomware attacks have at least doubled in the past 5 years, data recovery from backups has decreased, and it...

The latest data released by the cybersecurity firm Check Point has confirmed that 2022 was a particularly bad year for...

The Health Sector Cybersecurity Coordination Center (HC3) has shared information on the Clop (Cl0p) ransomware-as-a-service operation, the affiliates of which...

Vulnerabilities have been discovered in Citrix solutions, Netgear routers, and Zoho ManageEngine products that require immediate patching. One of the...

Ransomware attacks continue to be conducted on healthcare organizations in high numbers but determining the extent to which healthcare organizations...

The information risk management, standards, and certification body, HITRUST, has announced that it will be releasing a new version of...

The issue of how to secure patient information and PHI is challenging because HIPAA does not require all patient information...

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in August 1996 and led to the development...

The healthcare and public health (HPH) sector has been warned about the risk of cyberattacks by a pro-Russian hacktivist group...

The text of a $1.7 trillion omnibus appropriations bill has been released by the House and Senate Appropriations Committees which,...

HIPAA-covered entities must ensure protected health information (PHI) transmitted by email is secured to prevent unauthorized individuals from intercepting messages,...

Citrix Application Delivery Controller (ADC) and Citrix Gateway users have been urged to check to make sure that their systems...

Cyberattacks have increased in volume and sophistication to the point where it is inevitable that a successful attack will be...

Automation cuts costs and improves productivity, and it is as important in cybersecurity as it is in manufacturing. Many labor-intensive...

Ransomware remains one of the most serious threats to the healthcare industry. Attacks can be incredibly costly to resolve, they...

The Health Sector Cybersecurity Coordination Center (HC3) has released analyses of two ransomware variants that are being used in attacks...

The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the healthcare and public health (HPH) sector about...

Sen. Mark Warner (D-Va) recently published a white paper framing cybersecurity as a patient safety issue. The paper suggested several...

The security of medical devices is one of the biggest cybersecurity concerns in healthcare. Hospitals continue to add more connected...

The medical Internet of Things (IoT) is helping to improve efficiency and make healthcare more patient-centric; however, as hospitals increase...

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint cybersecurity advisory...

LastPass has confirmed that hackers have gained access to a third-party cloud storage service that contained customer data, although no...

There was a slight downturn in ransomware attacks in Q3, although it is too early to tell if that downward...

There was a global increase in cyberattacks in Q3, 2022, with attacks rising by 28% compared to the corresponding period...

The healthcare and public health sector (HPH) has been warned about the threat of ransomware attacks by the Lorenz threat...

October was the worst month of the year to date for healthcare data breaches, with 71 breaches reported and more...

The Hive ransomware-as-a-service (RaaS) operation first emerged in June 2021 and has aggressively targeted the health and public health sector...

In the event of a cyberattack that impacts the functionality of medical devices, a rapid and effective response is essential...

Many healthcare organizations are unsure whether Hotmail is HIPAA compliant and whether sending protected health information via a Hotmail account...

CISA has issued a decision tree methodology that can be adopted by healthcare organizations to help them develop an efficient...

The Health Sector Cybersecurity Coordination Center (HC3) has recently shared details of the tactics, techniques, and procedures associated with Venus...

The number of connected devices being used in hospitals continues to grow and while these devices can improve efficiency, safety,...

Security awareness training is a vital part of any security strategy; however, one area where it appears to be having...

The federal government has issued a warning to the healthcare sector about the threat of cyberattacks by Iranian threat actors....

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center...

All employees must receive training on HIPAA Rules, but when should you promote HIPAA awareness? How often should HIPAA retraining...

Senator Mark Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, has recently published a white paper – Cybersecurity...

WordPress is a convenient content management system that allows websites to be quickly and easily constructed. The platform is popular...

Is G Suite HIPAA compliant? Can G Suite be used by HIPAA-covered entities without violating HIPAA Rules? Google has developed...

The White House has issued a proclamation from President Biden declaring November as Critical Infrastructure Security and Resilience Month –...

MFA is one of the most important measures to take to prevent unauthorized account access; however, it does not provide...

Last week, the OpenSSL Project announced a patch would be released on November 1, 2022, to address a critical OpenSSL...

A warning has been issued to the healthcare and public health sector about a critical vulnerability in the OpenSSL software...

A set of cross-sector Cybersecurity Performance Goals (CPGs) have been published by the Cybersecurity and Infrastructure Security Agency (CISA) for...

The healthcare industry is an attractive target for cybercriminals and data thieves. Healthcare organizations store vast amounts of sensitive data...

In a recent blog post, Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA) explained that for...

A relatively new data extortion and ransomware gang known as Daixin team is actively targeting U.S. healthcare organizations, prompting a...

Check Point’s 2022 Mid-Year Report has revealed the healthcare industry has seen the biggest percentage rise in cyberattacks out of...

The U.S. government is taking steps to improve critical infrastructure cybersecurity, with healthcare, water, and the communications sectors the next...

Businesses are appreciating the importance of cybersecurity and realizing that they need to invest more heavily in cybersecurity as threats...

Ransomware attacks continue to plague the healthcare industry. The attacks disrupt operations due to essential IT systems being taken offline,...

It has become increasingly common for threat actors to use living-off-the-land techniques for conducting reconnaissance, privilege escalation, persistence, and moving...

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a medical advisory about a recently discovered vulnerability that affects the...

October is Cybersecurity Awareness Month – a 19-year collaborative effort between the government and industry to improve awareness of cybersecurity...

Microsoft was warned that two zero-day vulnerabilities in Microsoft Exchange Server are being actively exploited in the wild and has...

The National Institutes of Health (NIH) failed to implement adequate cybersecurity measures to protect sensitive data in its pre-award risk...

The U.S Food and Drug Administration (FDA) user fee reauthorization bill passed by the House of Representatives in June included...

The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning about the Chinese state-sponsored threat actor tracked as APT41....

The Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued a warning about a...

A warning has been issued to the healthcare and public health (HPH) sector about an ongoing Monkeypox phishing campaign targeting...

The ISO 27001 standard is currently being updated and the latest version is due for publication next month. The early...

For the third successive month, the number of healthcare data breaches reported to the Department of Health and Human Services’...

The Federal Bureau of Investigation (FBI) has issued a TLP:WHITE Private Industry Notification warning about ongoing cybercriminal campaigns targeting healthcare...

The Federal Bureau of Investigation (FBI) has issued a private industry notification warning about the rising number of vulnerabilities in...

Researchers at Rapid 7 have identified four vulnerabilities in Baxter and Sigma Spectrum infusion pumps, which are used to deliver...

A recent study has revealed that more than 20% of healthcare organizations experienced an increase in mortality rate after a...

The open source password manager provider, Bitwarden, has raised $100 million in funding which will be used to provide greater...

The HHS’ Office of Inspector General (OIG) has called for the Health Resources and Services Administration (HRSA) to improve oversight...

Health-ISAC has published a white paper for healthcare CISOs looking to implement zero trust security architectures to help them overcome...

Five vulnerabilities have been identified in Contec Health’s CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor. Successful exploitation of the...

The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the healthcare and public health sector (HPH) about...

A cyberattack and data breach has been reported by LastPass, the provider of the world’s most popular password management solution....

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the Healthcare...

The Health Sector Cybersecurity Coordination Center has issued a warning about social engineering and voice phishing (vishing) attacks on the...

In July 2022, 66 healthcare data breaches of 500 or more records were reported to the Department of Health and...

There has been a marked increase in the number of healthcare organizations that have implemented zero trust initiatives, according to...

The Fido Alliance is an association of businesses from many different industries with a shared vision – to make logging...

Senator Angus S. King Jr. (I-ME) and Congressman Mike Gallagher (R-WI), Co-Chairs of the Cyberspace Solarium Commission, have written to...

Multiple ransomware groups have adopted the BazarCall callback phishing technique to gain initial access to victims’ networks, including threat actors...

A malicious phishing campaign has been identified that is targeting healthcare providers. The emails have an Evernote-themed lure to trick...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint security...

Ransomware attacks are rife, hacking incidents are being reported at high levels, and there have been several very large healthcare...

The Health Sector Cybersecurity Coordination Center (HC3) has published a security advisory warning the healthcare and public health sector about...

The U.S. Cybersecurity and Infrastructure Security Agency has published a list of the top malware strains identified in 2021. Malware...

Cyberattacks on businesses have been increasing year over year across all industry sectors, and there has been an increase in...

Many business password managers offer the capability to apply enterprise password policies. This capability allows administrators to stipulate the minimum...

The average payment to ransomware gangs increased in Q2, 2022; however, there was a fall in the median payment for...

SonicWall has released a mid-year update to its 2022 Cyber Threat Report, which highlights the global cyberattack trends in H1...

The average cost of a healthcare data breach has reached double digits for the first time ever, according to the...

Most Americans are confident about their knowledge of cybersecurity according to a recent AT&T survey of 2,000 Americans, yet bad...

Cyber actors are increasingly targeting business associates of HIPAA-covered entities as they provide an easy way to gain access to...

A peer-reviewed study conducted by researchers at Princeton University explored the password policies of the most popular English Language websites...

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued guidance to help healthcare organizations...

The U.S Department of Justice has announced that around $500,000 in Bitcoin has been seized from North Korean threat actors...

A recent Phishing by Industry Benchmarking Report has confirmed that providing security awareness training to the workforce significantly reduces susceptibility...

The Cyber Safety Review Board (CSRB), established by President Biden in February 2022, has published a report on the Log4j...

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has announced that Oklahoma State University –...

Microsoft has warned of a large-scale phishing campaign targeting Office 365 credentials that bypasses multi-factor authentication (MFA). The campaign is...

A joint security alert has been issued to the healthcare and public health sector by the Federal Bureau of Investigation...

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of the Treasury, and the Financial Crimes...

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory for the healthcare and public health sector warning...

In 2021, the Federal Bureau of Investigation (FBI) helped Boston Children’s Hospital mitigate a cyberattack by Iranian state-sponsored hackers before...

Hillrom Medical Device Management has announced that two vulnerabilities have been identified in certain Welch Allyn medical devices. If exploited...

The HHS’ Health Sector Cybersecurity Coordination Sector (HC3) has published guidance for healthcare organizations to help them improve their cyber...

Healthcare providers, health plans, healthcare clearinghouses, and business associates of those entities that come into contact with protected health information...

A bipartisan bill – The Strengthening Cybersecurity for Medical Devices Act – has been introduced which calls for the U.S....

Another zero-day vulnerability has been identified that affects the same Windows tool as Follina. While the vulnerability is not known...

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the healthcare sector about the threat from...

Ransomware attacks on healthcare organizations increased by 94% year over year, according to the 2022 State of Ransomware Report from...

Atlassian has released a patch to fix a critical zero-day vulnerability that affects all supported versions of Confluence Server and...

Five vulnerabilities have been identified in the Illumina Local Run Manager (LRM), which is used by Illumina In Vitro Diagnostic...

BD has issued security advisories about two vulnerabilities that affect certain BD Pyxis automated medication dispensing system products and the...

Microsoft has issued a security advisory and has provided workaround to prevent a zero-day vulnerability in the Microsoft Windows Support...

Last week, the Cybersecurity and Infrastructure Security Agency (CISA) added a further 75 vulnerabilities to its Known Exploited Vulnerability Catalog....

Following a recent review of the Cybersecurity Maturity Model Certification (CMMC) framework, the requirements for CMMC compliance have changed considerably....

A recent study by Source Defense examined the risks associated with the use of third- and fourth-party code on websites...

An information technology consultant who worked as a contractor at a suburban healthcare company in Chicago has been charged with...

In our Bitwarden review, we explain the password manager´s key features and explore its strengths and weaknesses to help you...

For the past 15 years, Verizon has been publishing annual Data Breach Investigation Reports (DBIR), with this year’s report confirming...

The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued a threat brief providing...

An emergency directive has been issued by the Cybersecurity and Infrastructure Security Agency (CISA) to all federal agencies, requiring them...

According to a recent security advisory issued by the Five Eyes Cybersecurity agencies in the US, UK, Canada, Australia, and...

The Five Eyes intelligence alliance, which consists of cybersecurity agencies from the United States, United Kingdom, Australia, New Zealand, and...

A new bill has been introduced that seeks to address the cybersecurity of medical devices that will require manufacturers of...

Researchers have identified a misconfigured AWS S3 bucket belonging to the Ardmore, PA-based breast cancer support charity, Breastcancer.org, The unsecured...

The tactics, techniques, and procedures (TTPs) used by ransomware and other cyber threat actors are constantly evolving to evade detection...

On Thursday, the National Institute of Standards and Technology (NIST) published updated cybersecurity supply chain risk management (C-SCRM) guidance to...

The average ransom payment in ransomware attacks fell by 34% in Q1, 2022, from an all-time high in Q4, 2021,...

The Federal Bureau of Investigation (FBI) has issued a public service announcement warning about the threat of Business Email Compromise/Email...

An audit of the Department of Health and Human Services conducted for the HHS’ Office of Inspector General (OIG) to...

The Health Sector Coordinating Council’s (HSCC) Cybersecurity Working Group (CWG) has published an Operational Continuity-Cyber Incident (OCCI) checklist which serves...

The Workgroup for Electronic Data Interchange (WEDI) has responded to the request for information from the National Institute of Standards...

The Five Eyes security agencies, an alliance of intelligence agencies from Australia, Canada, New Zealand, the United Kingdom, and the...

The five eyes cybersecurity agencies have recently issued a joint security alert warning about the threat of cyberattacks on critical...

A new report from Comcast Business indicates 2021 was another record-breaking year for Distributed Denial of Service (DDoS) attacks. 9.84...

The Federal Bureau of Investigation (FBI) has issued a TLP: WHITE flash alert about the BlackCat ransomware-as-a-service (RaaS) operation. BlackCat, also...

The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has issued a TLP: White alert about the...

The notorious ZLoader cybercrime botnet, which was used to deliver Ryuk ransomware in attacks on healthcare providers, has been disabled...

Five zero-day vulnerabilities have been identified in Aethon TUG autonomous mobile robots, which are used in hospitals worldwide for transporting...

The Cybersecurity and Infrastructure Security Agency (CISA) has recently published a fact sheet on cyber threat information sharing to guide...

A recent data breach at the email marketing platform vendor Mailchimp has prompted a warning from the Department of Health...

The law firm BakerHostetler has published its 8th Annual Data Security Incident Response (DSIR) Report, which provides insights based on...

The U.S. Food and Drug Administration (FDA) has issued new draft guidance for medical device manufacturers to help them incorporate...

The National Cybersecurity Center of Excellence (NCCoE) has released the final versions of two Special Publications that provide guidance on...

The Department of Health and Human Services’ Office for Civil Rights has released a Request for information (RFI) related to...

A bipartisan pair of senators have introduced the Protecting and Transforming Cyber Health Care (PATCH) Act which aims to improve...

A recent survey of healthcare providers by Software Advice provides insights into healthcare data breaches, their root causes, and the...

Two remote code execution vulnerabilities have been identified in the Spring platform – a popular application framework that software developers...

A new bill has been proposed by a bipartisan pair of senators that aims to improve the cybersecurity of the...

Healthcare workers access electronic Protected Health Information (ePHI) on a daily basis – most often via the use of password-protected...

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released its 2021 Internet Crime Report, which reveals...

Present Biden has issued a warning about the increased threat of cyberattacks by Russian state-sponsored hackers as a result of...

Healthcare hacking incidents have been steadily rising for a number of years. There was a 45% increase in hacking/IT incidents...

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint cybersecurity advisory...

2021 was another record-breaking year for healthcare industry data breaches with over 50 million records breached and over 900 data...

Protenus has released its 2022 Breach Barometer Report which confirms 2021 was a particularly bad year for healthcare industry data...

7 vulnerabilities dubbed Access:7 have been identified in the web-based technologies PTC Axeda and Axeda Desktop Server, which are used...

The HHS’ Health Sector Cybersecurity Coordination Center has released a new report – Health Sector Cybersecurity: 2021 – Retrospective and 2022...

The Healthcare and Public Health Sector Coordinating Council (HSCC) has published a new Model Contract Language template for healthcare delivery...

There have been calls for healthcare organizations to take steps to improve security due to a major rise in hacking...

This week, researchers at Palo Alto’s Unit 42 team published a report that shows security gaps and vulnerabilities often exist...

The healthcare industry has been extensively targeted by ransomware gangs and victims often see paying the ransom as the best...

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the U.S....

In a recent blog post, Director of the HHS’ Office for Civil Rights, Lisa J. Pino, urged HIPAA-regulated entities to...

The National Institute of Standards and Technology (NIST) is seeking feedback on the usefulness of its Framework for Improving Critical...

The National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST guidance on Securing Telehealth Remote Patient...

Expanding security capabilities is possible with a tight budget by using free cybersecurity tools and services. Many tools and services...

The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center has issued a threat brief warning about...

CrowdStrike has released its annual threat report which shows there was a major increase in data leaks following ransomware attacks...

The Healthcare Information and Management Systems Society (HIMSS) has published the findings of its 2021 Healthcare Cybersecurity Survey which revealed...

A joint security advisory has been issued by cybersecurity agencies in the United States, United Kingdom, and Australia, warning about...

The German business software provider SAP has released patches to fix a set of critical vulnerabilities that affect SAP applications...

Phishing attacks allow threat actors to obtain credentials, but multi-factor authentication (MFA) makes it harder for phishing attacks to succeed....

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has released a report providing insights into the May 2021 Conti ransomware...

The Federal Bureau of Investigation (FBI) has released indicators of compromise (IoCs) and details of the tactics, techniques, and procedures...

Ransomware gangs are increasingly targeting unpatched vulnerabilities in software and operating systems to gain access to business networks, and they...

In September 2021, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) issued an advisory to...

A new report from Kaspersky shows the massive increase in telehealth has placed healthcare data at risk. Vulnerabilities have been...

Excellus Health Plan Inc., its affiliated companies, and the Blue Cross Blue Shield Association (BCBSA) have reached a settlement to...

The first settlement of 2022 to resolve a healthcare data breach has been announced by New York Attorney General Letitia...

A recent study by the healthcare IoT security platform provider Cynerio has revealed 53% of connected medical devices and other...

The healthcare industry continues to face a considerable range of threats, with ransomware attacks and data breaches still highly prevalent....

The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to all organizations in the United States to...

Some 56 HIPAA compliance data breaches of 500 or more healthcare records were reported to the HHS’ Office for Civil...

Maryland Chief Information Security Officer (CISO) Chip Stewart has issued a statement confirming the disruption to services at the Maryland...

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have...

The Department of Health and Human Services’ Office for Civil Rights (OCR) settled 19 HIPAA compliance violation cases in 2020....

A recent survey has revealed password reuse is rife, even amongst IT leaders who should know better. 92% of IT...

The Healthcare Supply Chain Association (HSCA) has issued guidance for healthcare delivery organizations, medical device manufacturers, and service suppliers on...

The number of reported healthcare data breaches has increased for the third successive month, with November seeing 68 data breaches...

The CyberPeace Institute has released new data on cyberattacks on the healthcare industry. According to the latest figures, 295 cyberattacks...

The original vulnerability identified in Log4j (CVE-2021-44228) that sent shockwaves around the world due to its seriousness, ease of exploitation,...

One of the most serious healthcare ransomware attacks occurred in Ireland earlier this year. The Health Service Executive (HSE), the...

A maximum-severity vulnerability has been identified in Apache Log4j, an open-source Java-based logging library used by many thousands of organizations...

A high severity vulnerability has been identified in certain Hillrom Welch Allyn Cardio products that allows accounts to be accessed...

SonicWall has released new firmware for its Secure Mobile Access (SMA) 100 series remote access appliances that fixes 8 vulnerabilities...

The Health Information Sharing and Analysis Center (Health-ISAC) has released guidance for Chief Information Security Officers (CISOs) on adopting an...

A highly sophisticated malware capable of aggressively spreading within networks is being used in targeted attacks on the biomanufacturing sector....

An APT actor that was targeting a vulnerability in the enterprise password management and single sign-on solution Zoho ManageEngine ADSelfService...

The Department of Health and Human Services has launched a new website that offers advice and resources to help the...

TitanHQ has launched a new product to help businesses better protect against phishing attacks, which the company claims delivers best-in-class...

The Cybersecurity and Infrastructure Security Agency (CISA) has published new guidance for enterprises to help them secure mobile devices and...

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned organizations in the United...

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a threat brief warning the healthcare and public health sector...

Five vulnerabilities have been identified that affect the IntelliBridge EC 40 and EC 80 Hub, Philips Patient Information Center iX, and...

A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Australian...

A new study conducted by Medigate and CrowdStrike has highlighted the extent to which healthcare Internet of Things (IoT) devices...

A recent survey conducted by the unified asset visibility and security platform provider Armis has explored the state of cybersecurity...

13 vulnerabilities have been identified in the Siemens Nucleus RTOS TCP/IP stack that could potentially be exploited remotely by threat...

The United States Department of Justice (DoJ) has unsealed indictments charging two individuals for their roles in multiple REvil/Sodinokibi ransomware...

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a threat brief for the healthcare industry warning about the...

Three medium severity vulnerabilities have been identified in Philips MRI products which, if exploited, could allow an unauthorized individual to...

An advanced persistent threat (APT) actor has been conducting an espionage campaign that has seen the systems of at least...

Ransomware gangs often use double extortion tactics to encourage victims to pay the ransom. In addition to file encryption, sensitive...

Hacks, ransomware attacks, and other IT security incidents account for the majority of data breaches reported to the Department of...

The Department of Health and Human Services’ Office for Civil Rights has advised HIPAA-covered entities to assess the protections they...

The advanced persistent threat (APT) actor Nobelium (aka APT29; Cozy Bear) that was behind the 2020 SolarWinds supply chain attack...

A new study has revealed widespread security failures at healthcare organizations, including poor access controls, few restrictions on access to...

In July 2021, the notorious REvil (Sodinokibi) ransomware gang appeared to have ceased operations, with both its Tor payment site...

The theme of the fourth week of Cybersecurity Awareness Month is “Cybersecurity First”, with the focus on getting the message...

A recent study conducted by the Ponemon Institute on behalf of cybersecurity firm SecureLink has explored the state of third-party...

A recent survey conducted on Chief Information Security Officer (CISO) members of the College of Healthcare Information Management Executives (CHIME)...

There was a 23.7% month-over-month increase in reported healthcare data breaches in September, which saw 47 data breaches of 500...

A joint alert has been issued by the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and the Cybersecurity...

MITRE has launched two new organizations which have been tasked with addressing critical healthcare challenges and improving cybersecurity to better...

According to the Verizon Data Breach Investigations Report, phishing accounted for around 80% of all reported phishing attacks in 2019...

Ransomware is currently the biggest cyber threat faced by the healthcare industry. Attacks often cripple healthcare IT systems for weeks...

The provision of password managers for MSPs is a rapidly growing industry due to the increasing number of Managed Service...

A new bill has been introduced that, if passed, will require victims of ransomware attacks to disclose any payments made...

The Food and Drug Administration (FDA) has issued a warning to users of Medtronic wireless insulin pumps about a serious...

The online B2B publication Expert Insights has recognized TitanHQ’s cybersecurity solutions in its Fall 2021 Best of Cybersecurity Awards. The...

Public and private sector organizations have a new tool to help them assess their level of vulnerability to insider threats....

Entities regulated by the Health Insurance Portability and Accountability Act (HIPAA) are required to provide security awareness training to the...

A medical malpractice lawsuit has been filed against an Alabama hospital alleging vital information that could have prevented the death...

October is National Cybersecurity Awareness Month. Throughout October, the importance of cybersecurity is highlighted and resources are made available to...

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued new guidance on selecting and...

While there have been no reported cases of American patients dying as a direct result of a ransomware attack, a...

A recent study conducted on more than 1,000 Americans has revealed one in three Americans have attempted to guess someone...

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning about escalating...

The health and public health sector is facing an elevated risk of ransomware attacks by affiliates of the BlackMatter ransomware-as-a-service...

A critical vulnerability has been identified in the Zoho ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution...

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has recently released the...

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its list of cybersecurity bad practices that must be eradicated. Cyber...

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning to all...

A new analysis of breach reports submitted to the Department of Health and Human Services’ Office for Civil Rights has...

Researchers at McAfee Advanced Threat Research (ATR), in conjunction with the medical device cybersecurity firm Culinda, have identified 5 previously...

High numbers of healthcare data breaches continued to be reported by HIPAA-covered entities and their business associates. In July, there...

Ransomware attacks dramatically increased in 2020 and cyberattacks using the file-encrypting malware are showing no sign of abating. Attacks have...

Last month, SonicWall published a mid-year update of its Cyber Threat Report which confirmed there has been a major increase...

Ransomware attacks on hospitals can cause huge financial losses, as the Ryuk ransomware attack on Universal Health Services showed. UHS...

The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has issued a security alert warning about a vulnerability affecting Blackberry’s QNX...