• Thu. Sep 28th, 2023

Overall health Sector Notified of Important Cyber Vulnerability by HHS


Sep 20, 2023
Overall health Sector Notified of Important Cyber Vulnerability by HHS

The Division of Overall health and Human Solutions (HHS) lately issued a warning relating to a crucial vulnerability in ManageEngine solutions that is becoming exploited by a North Korean state-sponsored actor to target healthcare organizations in Europe and the United States. HHS’s Overall health Sector Cybersecurity Coordination Center (HC3) strongly advises healthcare entities to promptly update their systems to mitigate the possible danger of compromise.

ManageEngine is a third-celebration network technologies that assists organizations in monitoring, managing, and securing their IT infrastructure, such as active directory management. John Riggi, the national advisor for cybersecurity and danger at the American Hospital Association (AHA), emphasizes that a compromise of ManageEngine technologies would pose a important cyber danger to organizations, potentially supplying wide-ranging access to the sophisticated and risky Lazarus hacking group. This group has been accountable for numerous higher-profile cyber attacks, such as the 2014 destructive cyberattack against Sony, an $81 million theft from the Society for Worldwide Interbank Economic Telecommunications, and the 2017 worldwide WannaCry ransomware attacks that impacted several US hospitals. Riggi emphasizes the significance of closely monitoring and securing third-celebration network management tools, as they are generally desirable targets for malicious actors. On top of that, he urges third-celebration technologies providers to prioritize safety by adhering to the principles of “secure by design and style, safe by default.”

For additional data on this problem or other cybersecurity and danger matters, folks can make contact with John Riggi at jriggi@aha.org. The AHA’s internet site, aha.org/cybersecurity, also gives the most recent sources, threat intelligence, and guidance on cybersecurity and danger management.

Leave a Reply