Cybersecurity Roundup: Four Threats to Know

September 21, 2022

The nation’s cybersecurity experts are warning the health care community to be on alert for several new vulnerabilities that pose a significant threat to hospital operations and patient care.

“Threats and vulnerabilities cannot be eliminated and reducing cybersecurity risks is especially challenging,” the FDA said. “The health care environment is complex, and manufacturers, hospitals, and facilities must work together to manage cybersecurity risks.”

In a series of alerts, the government outlined new cybersecurity threats for the health care community, including:

• Monkeypox phishing scam:  This week, the Health Sector Cybersecurity Coordination Center sent an alert about a monkeypox phishing scam targeting health care providers. The email includes an attached PDF with a malicious link.
• Payment processors:  This month, the FBI warned the health care community about cyber criminals increasingly targeting health care payment processors to redirect victim payments.
• Medical devices:  Hardware for medical devices can remain active for decades, allowing cyber threat actors ample time “to discover and exploit vulnerabilities,” the FBI’s cyber division noted this month.
• Foreign threats:  The Cybersecurity and Infrastructure Security Agency issued an alert last week highlighting malicious cyber activity by advanced persistent threat actors, such as exploiting vulnerabilities for data extortion and disk encryption.

This month, the federal government issued a Request for Information (RFI) and notice of public listening sessions related to the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

The legislation requires critical infrastructure companies to report covered cyber incidents within 72 hours after a cyber-incident has occurred and report ransom payments within 24 hours after a payment is made.

Additional information about the RFI and listening sessions is available online.

HAP will continue to monitor the latest cybersecurity developments and provide updates to members. For more information, contact Jason Tomashunas, MS, CHEP, HAP manager, emergency management. John Riggi, the AHA’s senior advisor for cybersecurity and risk, also offers coverage and resources about health care cybersecurity.