Monthly Newsletter – March 2023

March 3, 2023

#newsletter

March’s Newsletter features:

APAC Summit – Keynote Highlights
Health-ISAC Publication – Current and Emerging Healthcare Cyber Threat Landscape Report
Spring Americas Summit – Registration Open and Agenda Available
Member Service Spotlight — Vulnerability Bulletins
New Secure Chat — Rolling out this month
Committee Highlight — Business Resilience Committee (BRC)
Upcoming Events — Workshops and Webinars

Pdf version:

Text version:

Only 2 Weeks Until the Inaugural APAC Summit in Singapore!

21-23 March 2023 —- You do not want to miss out on this event!

Two exciting keynotes announced!

Wednesday Keynote Leon Chang, is the Assistant Chief Executive and Chief Risk Officer for IS at Integrated Health Information Systems organization (IHIS). Mr. Chang is responsible for enterprise risk management, audit management, data protection, compliance, third party risk management Come hear Mr. Chang’s perspective on healthcare cybersecurity in APAC.

Thursday Keynote Craig Jones, Director of Cybercrime, INTERPOL. Mr. Jones is recognized as a strategic thinker, who shapes the policies that deliver outcomes and results against national, regional and global cyber threats. He will share his perspectives on the rapidly evolving global cybercrime threat landscape based upon his 29 years in law enforcement.

Besides a content rich agenda with topics such as risk management; security operations; security architecture; fraud; incident response; and medical device security, Health-ISAC has planned memorable dinner outings for attendees to experience together while creating important peer connections. Summit events include a Cocktail Reception, Touch Pool Experience and dinner at the Singapore Aquarium on Wednesday Night followed by Dinner and The Famous Night Safari Experience at the Singapore Zoo on Thursday Night.

The central location of this Inaugural event makes it accessible to healthcare and security professionals from Japan, India, Malaysia, and Australia, in addition to those in the Singapore area. Plan to stay at the contemporary and glamorous Hard Rock Hotel in Singapore to easily participate in evening networking and after-hours discussions.

Don’t wait! Register and book your room at https://h-isac.org/tmp24/summits/2023-apac-summit/

HEALTHCARE CYBER THREAT LANDSCAPE REPORT

Health-ISAC, in partnership with Booz Allen Hamilton, published its annual Current and Emerging Healthcare Cyber Threat Landscape Report.
The report covers the top threats to healthcare organizations from a Cyber Threat Intelligence (CTI) perspective. It offers projections for 2023 based on retrospective trend analysis of threat actor Tactics, Techniques, and Procedures observed in 2022.

This report is available to Members and healthcare stakeholders currently receiving TLP: Green information from Health-ISAC.

The public version is available here: https://h-isac.org/tmp24/annual-threat-landscape-report-2/

SPRING AMERICAS SUMMIT

PREPARE TO STRIKE

Announcing the keynote for the Spring Americas Summit

Geoffrey Ling MD, PhD, Colonel, US Army (ret) and CEO of On Demand Pharmaceuticals will speak in Tampa this May. You won’t want to miss Dr. Ling’s exciting and entertaining keynote where he will pull on his experience as the Founding Director of Biological Technologies at DARPA, his creation of the most advanced prosthetic arm to date, and his position as Assistant Director of Medical Innovation in the Science Division at President Obama’s White House Office of Science, Technology and Policy to gaze into the future of healthcare and look at the threats the sector will face as technology rapidly unfolds.

The Agenda is now available

Be sure to secure early bird pricing! https://h-isac.org/tmp24/summits/2023-spring-americas-summit/

Ensure you have a room on property Hotel Cutoff is April 17, 2023; however, Summit room blocks often sell out before deadline.

COMMUNITY SERVICES SPOTLIGHT

Vulnerability Bulletins Health-ISAC Vulnerability Bulletins are distributed by the Threat Operations Center after analysis and validation of a vulnerability potentially impacting Member networks. Vulnerability Bulletins are issued to alert organizations of cyber vulnerabilities and to help vulnerability management teams prioritize patch updates. These bulletins often contain mitigation steps that include security updates and/or mitigation steps/tools.

A recent Member Satisfaction Survey shows Members appreciate the succinct summaries with vulnerability analysis to free up time that can be directed to higher value tasks.

• Outstanding Value or Very Good Value = 83%

• Some Value, Very Little Value, or No Value = 11%

• Don’t Know / Don’t Use = 6%

NEW SECURE CHAT

Learn more about Community Services available to Members: https://h-isac.org/tmp24/community-services/

Available March 6th!

New Chat Collaboration Platform Health-ISAC will be moving off of Mattermost to a new Secure Chat Platform. This new platform will enhance collaboration capabilities between Members. Existing groups and channels will be migrated and the experience should be seamless. One thing to note is Chat histories will not be able to transfer, but the current platform will remain available for a period of time to allow you to save any relevant information.

If you have any issues logging in please reach out to contact@h-isac.org Access to the platform will be available Monday, March 6.

COMMITTEE UPDATE

Business Resilience Committee

Health-ISAC’s Business Resilience Committee (BRC) identifies non-cybersecurity threats relevant to the health sector. It also determines associated risks and appropriate security considerations, and supports the Health-ISAC Threat Operations Center (TOC) to share information broadly with Members. The BRC meets on the 2nd Wednesday of each month at 12:00 pm ET. Those interested in joining the BRC should send a short bio to contact@h-isac.org.

UPCOMING EVENTS

View all Health-ISAC Events here https://h-isac.org/tmp24/events/

March 7 in Santa Clara, California
Health-ISAC Healthcare Cybersecurity Workshop,
hosted by Health-ISAC and Agilent

March 9 in San Diego, California Health-ISAC
Healthcare Cybersecurity Workshop,
hosted by Health-ISAC and Rady Children’s

March 7 at 1pm: Ambassador webinar by RiskRecon a Mastercard Company
Insights from 10 Years of Data Breach Monitoring

March 8 at 2pm: Navigator webinar Medigate by Claroty
Medical Device Cybersecurity – HHS 405(d) Best Practices Update
March 14 at 1pm: Navigator webinar by Finite State
Medical Device Cybersecurity: A Holistic Approach to Decrease Attack Surface & Improve Patient Safety

March 26 – Visit Health-ISAC at
ViVE Powered by CHIME + HLTH 2023 Information booth and presentation sessions

MONTHLY MEMBER EVENTS

March 28 –
Member Threat Briefing
Last Tuesday of each month
at 12pm ET

March 30 –
ETC webinar
Last Thursday of each month
at 12pm ET

Top Health Related Cyber and Physical Events for March

News Analysis: Nurses in Britain walk out over payment amid strained medical services

https://english.news.cn/20230207/8a466ffc85c343ffa99769691722ef6c/c.html

Hackers are selling a service that bypasses ChatGPT restrictions on malware

https://arstechnica.com/information-technology/2023/02/now-open-fee-based-telegram-service-that-uses-chatgpt-to-generate-malware/

Siemens License Manager Vulnerabilities Allow ICS Hacking

https://www.securityweek.com/siemens-license-manager-vulnerabilities-allow-ics-hacking/

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/

2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged

https://www.securityweek.com/2022-ics-attacks-fewer-than-expected-on-us-energy-sector-but-ransomware-surged/

Spain, U.S. dismantle phishing gang that stole $5 million in a year

https://www.bleepingcomputer.com/news/security/spain-us-dismantle-phishing-gang-that-stole-5-million-in-a-year/

3.3 Million Impacted by Ransomware Attack at California Healthcare Provider

https://www.securityweek.com/3-3-million-impacted-by-ransomware-attack-at-california-healthcare-prov