The HHS Cybersecurity Program was a very active publisher last week. It issued
- On April 5, HC3 released a list of March vulnerabilities of interest to the healthcare sector;
- On April 6, HC3 issued a second ICS Medical Advisory – Philips Vue PACS;
- On April 7, HC3 provided a comprehensive slide deck about “Lapsus$, Okta and the Health Sector,” and
- On April 8, HC3 issued a sector alert titled “Phishing Campaigns Leveraging Legitimate Email Marketing Platforms.”
Meanwhile, the Cybersecurity and Infrastructure Security Agency released
- A one-pager on how to report cyber incidents to CISA. This document should help FEHB carriers when they need to report cyber incidents to OPM pursuant to the standard FEHB carrier contract;
- A “Secure Tomorrow Series Toolkit: Using Strategic Foresight to Prepare for the future.” CISA explains “The Secure Tomorrow Series is a unique platform that brings together SMEs, thought leaders, and others from academia, think tanks, the private sector, and National Labs to think proactively about future risks”, and
- A list of four known exploited vulnerabilities added to CISA’s vulnerabilities catalog.
CISA also announced that
April is Emergency Communications Month! Throughout the month, we’ll be recognizing the important work of both CISA and the emergency response community. The 911 operating system only begins to scratch the surface of emergency communications. This is a broad, complex, and strategically critical field that includes everything from radio communications systems, broadband and narrowband data systems, to alerts and warning systems, and so much more. It’s only because of this communications backbone that our emergency response community can be operational, collaborative, secure and resilient at the most critical moments.
From the cyberthreats front, ZDnet informs us
A hacking and cyber espionage operation is going after victims around the world in a widespread campaign designed to snoop on targets and steal information.
Identified victims of the cyber attacks include organisations in government, law, religious groups, non-governmental organisations (NGOs), the pharmaceutical sector and telecommunications. Multiple countries have been targeted, including the U.S., Canada, Hong Kong, Japan Turkey, Israel, India, Montenegro, and Italy.
Detailed by cybersecurity researchers at Symantec, the campaign is the work of a group they call Cicada – also known as APT10 – a state-sponsored offensive hacking group which western intelligence agencies have linked to Chinese Ministry of State Security. In some cases, the attackers spent as long as nine months inside the networks of victims.
APT10 has been active for over a decade, with the earliest evidence of this latest campaign appearing in mid-2021. The most recent activity which has been detailed took place in February 2022 and researchers warn that the campaign could still be ongoing. * * *
Defending against a well-resourced nation-state backed hacking group isn’t easy, but there are steps which network defenders can take to help avoid becoming the victim of an attack. These include patching known vulnerabilities– such as those in Microsoft Exchange which Cicada appear to have exploited – and hardening credentials via the use of multi-factor authentication.
Researchers also recommend the introduction of one-time credentials for administrative work to help prevent theft and misuse of admin logins and that cybersecurity teams should contiously monitor the network for potentially suspicious activity.
The Wall Street Journal reports on how hackers target bridges between blockchains to engage in massive cryptoheists. A recent heist reaped $540 million in cryptocurrency for the hackers.
Hackers moved the funds by exploiting the Ronin Network, software that allows users of the online game “Axie Infinity” to transfer digital assets across different blockchains. Growing sums of money exchanged over such bridges has turned them into targets.
The FEHBlog understood that decentralized blockchains were hack proof, but apparently not.
From the cyberdefense front, Security Week offers a commentary on using a resilient zero trust policy.
The FEHBlog was delighted earlier this week to read this Department of Health and Human Services announcement requesting public comment to help HHS crafting a rule to implement the December 2021 HITECH Act amendmentl creating a limited safe harbor for HIPAA covered entities and business associates that use recognized security practices. HHS seeks public input on identifying these recognized security practices. The public comment deadline is June 6, 2022.
Individuals seeking more information about the RFI or how to provide written or electronic comments to OCR should visit the Federal Register to learn more: https://www.federalregister.gov/documents/2022/04/06/2022-07210/considerat