Cybersecurity and Privacy

HIMSS Healthcare and Cross-Sector Cybersecurity Report

Reports on healthcare and cross-sector cybersecurity

The HIMSS Healthcare and Cross-Sector Cybersecurity Report is a monthly report that details the latest threats facing healthcare and other critical infrastructure sectors and industries. Mitigation information is also provided whenever it is available. Information is also discussed regarding the latest cybersecurity reports and tools.

The HIMSS Healthcare and Cross-Sector Cybersecurity report is a means for sharing information and insights on the topic of healthcare cybersecurity. Healthcare cybersecurity is a rapidly moving target. Threats and vulnerabilities are plentiful. The threat and vulnerability landscape changes with the adoption and use of novel technologies and applications. Additionally, the threat and vulnerability landscape changes with existing technology, including those that are supported and legacy systems. It is vital to protect both the old and new technologies.

Because healthcare touches virtually everything, it is important to understand what is happening in other critical infrastructure sectors and industries. Each report seeks to provide the latest and most critical information from both an intra-sector and inter-sector point of view. Much can be learned from other sectors, including the threats and vulnerabilities that they are facing and lessons learned.

April 2020 Healthcare and Cross-Sector Cybersecurity Report (Vol. 33)

Volume 33 of the HIMSS Healthcare and Cross-Sector cybersecurity report provides an intra-sector and inter-sector perspective on what is happening in cybersecurity with a special focus on the COVID-19 pandemic. Phishing remains a significant threat whereby threat actors are preying on the concerns and fears of individuals. In this report, we provide a broad perspective on what is happening regarding cybercriminal activity and nation state-sponsored activity across the healthcare sector and other sectors. Businesses, individuals, and government entities are targets of COVID-19 inspired cyber activity.

Threats include remote access trojans, ransomware, credential stealing malware, and others as detailed in Volume 33 of this report. In some instances, patient care has been impacted as a result of such activity. The threat landscape is further complicated by the fact that many individuals are now working from home. Some of these individuals lack security awareness as well as situational awareness about the COVID-19 cyber threat (and related scams). As a result, businesses, governments, associations, and others have issued security awareness alerts for their constituents with an eye towards threat mitigation.

Volume 33 Highlights

  • Phishing campaigns
  • Security awareness campaigns
  • Remote access trojans
  • Banking trojans
  • Ransomware
  • Distributed denial of service attacks
  • Advanced persistent threats

MD5: bd88a04530940e0988795536ce072f80
SHA-1: 55f474ec7d4458e0b7add72fcd462ff76082bc4a

Questions or Feedback?

Lee Kim, BS, JD, CISSP, CIPP/US, FHIMSS
Director, Privacy and Security
lkim@himss.org