Cybersecurity & Risk Advisory Services

Cybersecurity vulnerabilities and intrusions pose risks for every hospital, and its reputation.

APCP: American Hospital Association Preferred Cybersecurity Service

/other-cybersecurity-reports/2021-05-10-advisory-further-ttps-associated-svr-cyber-actors page 1

Advisory: Further TTPs Associated with SVR Cyber Actors

This report provides further details of Tactics, Techniques and Procedures (TTPs) associated with SVR cyber actors. SVR cyber actors are known and tracked in open source as APT29, Cozy Bear, and the Dukes. UK and US governments recently attributed SVR’s responsibility for a series of cyber-attacks, including the compromise of SolarWinds and the targeting of COVID-19 vaccine developers. Alongside this attribution, the United States’ National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA) released an advisory detailing the exploits most recently used by the group. The FBI, Department of Homeland Security (DHS) and CISA also issued a joint report providing information on the SVR’s cyber tools, targets, techniques, and capabilities. Download the PDF.

White Paper: Strategic Threat Intelligence: Preparing for the Next “Solarwinds” Event page 1

White Paper: Strategic Threat Intelligence: Preparing for the Next “Solarwinds” Event

As the impact of the SolarWinds incident is still being investigated and discussed, the American Hospital Association (AHA) and Health-ISAC collaborated on this strategic intelligence analysis to identify what other “SolarWinds” like issues might be lurking in enterprise networks. The paper is meant for all audiences, non-technical and technical, as we present strategic level decision elements that senior leaders including C-Suite Executives can use to help understand the risks involved with certain enterprise IT systems in their network environment. We then provide detailed technical analysis and recommendations for IT and information security teams to help address immediate concerns by providing tactical mitigations and recommendations. For our technical audience, this paper presents a detailed analysis of characteristics that allowed the SolarWinds incident to affect multiple industries, organizations, and systems. Download the PDF.

Hackers Target on Premises Microsoft Exchange Server Vulnerabilities

FDA cyber imageCyber attackers are using Microsoft Exchange Server vulnerabilities to access Exchange server email accounts on an organization’s premises and install malware to facilitate long-term access to victim environments, View Microsoft's announcement.

Joint Cybersecurity Advisory: Ransomware Activity Targeting the Healthcare and Public Health Sector

This advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with Ryuk ransomware for financial gain. Download the PDF

While there are significant benefits for care delivery and organizational efficiency from the expanded use of networked technology, Internet-enabled medical devices and electronic databases for clinical, financial and administrative operations, networked technology and greater connectivity also increase exposure to possible cybersecurity threats that require hospitals to evaluate and manage new risks in the context of federal privacy rules and related polices.

Hospitals can prepare and manage such risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital’s existing governance, risk management and business continuity framework.

Hospitals also will want to ensure that the approach they adopted remains flexible and resilient to address threats that are likely to be constantly evolving and multi-pronged.

This web page provides resources for hospital leaders as well as the latest updates from federal officials to help manage cyber threats.

Additional Key Cybersecurity Resources

HC3 Sector Notice TLP White: Exploitation of SolarWinds Software Affecting HPH Sector

HC3 Sector Alert TLP White: Active Exploitation of SolarWinds Software Potentially Affecting HPH Sector

Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials

Hospital Robocall Protection Group Adopts Best Practices Report on Preventing Unlawful Calls

Hospital Robocall Protection Group (HRPG) Report December 14, 2020

Hospital Robocall Protection Group Virtual Meeting Agenda, December 14, 2020

Joint Cybersecurity Advisory TLP White: North Korean Advanced Persistent Threat Focus: Kimsuky, October 27, 2020

HC3 Threat Brief TLP White:  COVID-19 Cyber Threats (Update), (August 13, 2020)

FBI Cybersecurity Advisory TLP White: Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware, August 2020

Current Malware Threats Targeting the Healthcare And Public Health (HPH) Sector, June 16, 2020

FBI & CISA PSA: People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations, May 13, 2020

Joint Activity Alert: Top 10 Routinely Exploited Vulnerabilities, May 13, 2020

CISA Insights COVID-19 Disinformation Activity, May 8, 2020

HC3 Cyber Alert TLP White: Quantitative Risk Management for Healthcare Cybersecurity, May 7, 2020

CISA: Guidance for Securing Video Conferencing, May 1, 2020

CISA: Telework Guidance and Resources, May 1, 2020

Health Industry Cybersecurity Information Sharing Best Practices - March 2020

Draft: Data Integrity Identifying and Protecting Assets Against Ransomware and Other Destructive Events - January 2020

The 405(d) Post Vol 3 - January, 2020

The 405(d) Post  Vol 2- November, 2019

Members-Only: Theft of Intellectual Property: Threats to Medical Research and Innovation

Members-Only Cybersecurity Alerts and Resources

Cyber Threat Intelligence

This section contains publicly available Cyber Threat Intelligence reports including FBI and TLP-White reports. For access to restricted distribution reports please sign in to see members-only cybersecurity resources.   /* reset */ .cc_tabs ul.a-container { margin: 0; p...

Cybersecurity and Risk Advisory Services

At present, John Riggi, senior advisor for cybersecurity and risk, is available to provide: Strategic Cybersecurity and Risk Advisory Services Related To: Cyber threat and risk profile of the organization Information security and risk mitigation strategy development and integratio...

Related Resources

The Russian Foreign Intelligence Service, known as SVR, poses a significant risk to U.S. and allied government networks.
The AHA shares with Senate and House leaders the association’s recommendations for infrastructure investments that should be included in an upcoming…
Health care is increasingly moving to a digital platform. Recent major investments in health information technology, such as electronic health records and…
Issue Landing Page
The AHA has created a panel of a limited number of highly-reputable and qualified cybersecurity service providers to support AHA member hospitals and health…
John Riggi, AHA senior advisor for cybersecurity and risk, testimony before the Senate Homeland Security and Governmental Affairs Committee on defending…
Special Bulletin
Federal agencies this morning are providing new information on an imminent ransomware threat to U.S. hospitals.