Cybersecurity & Risk Advisory Services

Cybersecurity vulnerabilities and intrusions pose risks for every hospital, and its reputation.

APCP: American Hospital Association Preferred Cybersecurity Service

Image Cybersecurity Advisory:

Microsoft Releases Security Updates for ‘PrintNightmare’ Cybersecurity Vulnerability

Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability — known as PrintNightmare (CVE-2021-34527) — in the Windows Print spooler service. The Computer Emergency Response Team Coordination Center (CERT/CC), part of the Software Engineering Institute at Carnegie Mellon University, last week reported a critical RCE vulnerability impacting the Windows Print Spooler service that allows a remote authenticated attacker to execute arbitrary code with system privileges on a vulnerable system.

FBI Issues ‘Conti’ Ransomware Alert as High-impact Global Attacks Persist against Health Care and Critical Infrastructure page 1

AHA Calls on Government to Use All Elements of National Power to Disrupt Foreign Ransomware Attackers

The Federal Bureau of Investigation May 20 issued an alert regarding “Conti,” a highly disruptive ransomware variant. Attacks associated with Conti and the previously published Darkside ransomware variant are believed to be emanating from criminal networks operating from a non-cooperative foreign jurisdiction. Ransomware attacks associated with these variants have resulted in regionally disruptive impacts to critical infrastructure, including hospitals and health systems in the United States and Ireland. These ransomware attacks have delayed or disrupted the delivery of patient care and pose significant potential risks to patient safety and the communities that rely on hospitals’ availability.

AHA Testimony: Senate Hearing on Cyber Threats Amid Pandemic. John Riggi testifies before the Senate on cybersecurity threats to hospitals.

AHA Senate Testimony On Cyber Threats to Hospitals – Attacks Up, Victim Hospitals Need Government Assistance Not Blame

Within the context of the COVID-19 pandemic, in Senate testimony John Riggi discusses increased incidences of cyber threats toward hospitals and health systems, the resulting, unique challenges confronting the health care sector, and what the federal government can and must do to help ensure appropriate mechanisms are in place to share threat information and defend the nation’s hospitals and health systems from cyber attacks.

/other-cybersecurity-reports/2021-05-10-advisory-further-ttps-associated-svr-cyber-actors page 1

Advisory: Further TTPs Associated with SVR Cyber Actors

This report provides further details of Tactics, Techniques and Procedures (TTPs) associated with SVR cyber actors. SVR cyber actors are known and tracked in open source as APT29, Cozy Bear, and the Dukes. UK and US governments recently attributed SVR’s responsibility for a series of cyber-attacks, including the compromise of SolarWinds and the targeting of COVID-19 vaccine developers. Alongside this attribution, the United States’ National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA) released an advisory detailing the exploits most recently used by the group. The FBI, Department of Homeland Security (DHS) and CISA also issued a joint report providing information on the SVR’s cyber tools, targets, techniques, and capabilities. Download the PDF.

White Paper: Strategic Threat Intelligence: Preparing for the Next “Solarwinds” Event page 1

White Paper: Strategic Threat Intelligence: Preparing for the Next “Solarwinds” Event

As the impact of the SolarWinds incident is still being investigated and discussed, the American Hospital Association (AHA) and Health-ISAC collaborated on this strategic intelligence analysis to identify what other “SolarWinds” like issues might be lurking in enterprise networks. The paper is meant for all audiences, non-technical and technical, as we present strategic level decision elements that senior leaders including C-Suite Executives can use to help understand the risks involved with certain enterprise IT systems in their network environment. We then provide detailed technical analysis and recommendations for IT and information security teams to help address immediate concerns by providing tactical mitigations and recommendations. For our technical audience, this paper presents a detailed analysis of characteristics that allowed the SolarWinds incident to affect multiple industries, organizations, and systems. Download the PDF.

Hackers Target on Premises Microsoft Exchange Server Vulnerabilities

FDA cyber imageCyber attackers are using Microsoft Exchange Server vulnerabilities to access Exchange server email accounts on an organization’s premises and install malware to facilitate long-term access to victim environments, View Microsoft's announcement.

Joint Cybersecurity Advisory: Ransomware Activity Targeting the Healthcare and Public Health Sector

This advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with Ryuk ransomware for financial gain. Download the PDF

While there are significant benefits for care delivery and organizational efficiency from the expanded use of networked technology, Internet-enabled medical devices and electronic databases for clinical, financial and administrative operations, networked technology and greater connectivity also increase exposure to possible cybersecurity threats that require hospitals to evaluate and manage new risks in the context of federal privacy rules and related polices.

Hospitals can prepare and manage such risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital’s existing governance, risk management and business continuity framework.

Hospitals also will want to ensure that the approach they adopted remains flexible and resilient to address threats that are likely to be constantly evolving and multi-pronged.

This web page provides resources for hospital leaders as well as the latest updates from federal officials to help manage cyber threats.

Additional Key Cybersecurity Resources

HC3 Sector Notice TLP White: Exploitation of SolarWinds Software Affecting HPH Sector

HC3 Sector Alert TLP White: Active Exploitation of SolarWinds Software Potentially Affecting HPH Sector

Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials

Hospital Robocall Protection Group Adopts Best Practices Report on Preventing Unlawful Calls

Hospital Robocall Protection Group (HRPG) Report December 14, 2020

Hospital Robocall Protection Group Virtual Meeting Agenda, December 14, 2020

Joint Cybersecurity Advisory TLP White: North Korean Advanced Persistent Threat Focus: Kimsuky, October 27, 2020

HC3 Threat Brief TLP White:  COVID-19 Cyber Threats (Update), (August 13, 2020)

FBI Cybersecurity Advisory TLP White: Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware, August 2020

Current Malware Threats Targeting the Healthcare And Public Health (HPH) Sector, June 16, 2020

FBI & CISA PSA: People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations, May 13, 2020

Joint Activity Alert: Top 10 Routinely Exploited Vulnerabilities, May 13, 2020

CISA Insights COVID-19 Disinformation Activity, May 8, 2020

HC3 Cyber Alert TLP White: Quantitative Risk Management for Healthcare Cybersecurity, May 7, 2020

CISA: Guidance for Securing Video Conferencing, May 1, 2020

CISA: Telework Guidance and Resources, May 1, 2020

Health Industry Cybersecurity Information Sharing Best Practices - March 2020

Draft: Data Integrity Identifying and Protecting Assets Against Ransomware and Other Destructive Events - January 2020

The 405(d) Post Vol 3 - January, 2020

The 405(d) Post  Vol 2- November, 2019

Members-Only: Theft of Intellectual Property: Threats to Medical Research and Innovation

Members-Only Cybersecurity Alerts and Resources

Cyber Threat Intelligence

This section contains publicly available Cyber Threat Intelligence reports including FBI and TLP-White reports. For access to restricted distribution reports please sign in to see members-only cybersecurity resources.   /* reset */ .cc_tabs ul.a-container { margin: 0; p...

Cybersecurity and Risk Advisory Services

At present, John Riggi, senior advisor for cybersecurity and risk, is available to provide: Strategic Cybersecurity and Risk Advisory Services Related To: Cyber threat and risk profile of the organization Information security and risk mitigation strategy development and integratio...

Related Resources

Issue Landing Page
Insider Briefings, updates, and exclusive participation to AHA’s live and virtual events. Resources crafted to get inside the mind of hospital leaders.
Issue Landing Page
Keep an eye on AHA Member activity with insider content curated towards the interests of the business community, available to AHA Associate Program…