Member Update:
Privacy & Security Resources
The U.S. Department of Health and Human Services, the Federal Bureau of Investigation, and the Department of Homeland Security are warning of "imminent and credible" threats against the U.S health sector. 

Malicious cyber actors are targeting the health sector with malware that can lead to ransomware. Any person or entity who is suspicious of or experiencing such an attack should make reports to your FBI Field Office. This link https://www.fbi.gov/contact-us/field-offices provides FBI Field Offices' contact information.


In addition to a long list of various technical attack techniques and indicators of compromise, CISA, FBI and HHS offered some basic suggestions for how hospitals and healthcare organizations can shore up their defenses to help protect against ransomware and other cyberattacks:
  • Patch operating systems, software and firmware as soon as manufacturers release updates.
  • Check configurations for every operating system version for HPH organization-owned assets to prevent issues from arising that local users are unable to fix, due to having local administration disabled.
  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
  • Use multifactor authentication where possible.
  • Disable unused remote access/Remote Desktop Protocol ports and monitor remote access/RDP logs.
Malware Analysis Report
The Cybersecurity and Infrastructure Security Agency (CISA) and the Cyber National Mission Force (CNMF) released a Malware Analysis Report (MAR) detailing the recommended mitigations against newly found Zebrocy malware executables. Files hashes and recommendations are available within MAR: AR20-303B, which is available here.
Cyber Advisory
The National Capital Region Threat Intelligence Consortium (NTIC) Cyber Center assesses with high confidence that organizations within the Healthcare and Public Health Sector are at high risk of targeted and opportunistic cyber attacks exploiting the COVID-19 pandemic to disrupt operations, steal sensitive data, and generate illicit revenue for profit-motivated cyber threat actors.

This report highlights cyber threats that are likely to impact this sector, along with additional resources cybersecurity teams and healthcare staff can reference to reduce risk.
WEDI Resources
The Rampant Growth of Cybercrime in Healthcare
This brief explores some of the common vulnerabilities of healthcare organizations that are typically exploited by threat adversaries in today’s environment as well as best practices to mitigate these vulnerabilities.
Webinar: 405(d) National Cyber-Security Updates
Learn about best practices and practical steps to decrease associated cybersecurity risk and provide preparedness risk planning your organization. 
Perspectives on Cybersecurity in Healthcare
This primer will briefly illustrate some of the challenges that healthcare organizations face in defending themselves from cyberattacks, and discuss some of the vectors in which they occur.
Webinar: HIPAA Safeguard Training Curriculum for Privacy & Security Officials
This Webinar provides an overview of the curriculum and how Privacy and Security Officials can validate workforce member “awareness and understanding” of the content.
Privacy & Security Workgroup
The Privacy & Security Workgroup has overall, general and ongoing responsibility to identify and work towards resolution on all implementation issues related to securing, and protecting health information across the industry. It follows the HIPAA Security, Breach and Privacy and related regulations, such as GINA. 

Please contact sholvey@wedi.org to join the workgroup.
WEDI | wedi@wedi.org | wedi.org