On April 4, 2017, GNYHA hosted the Department of Homeland Security (DHS) and various law enforcement and regulatory agencies for a facilitated discussion with hospital cybersecurity teams. This four-hour exercise explored the response and oversight activities of local, state, and federal agencies to a cybersecurity incident affecting one or more New York hospitals. This report outlines the objectives of the event, observations, and recommendations.
NYS Healthcare Cybersecurity Exercise After Action Report
October 24, 2018
Open SSL Patch Available Tomorrow
On November 1, the OpenSSL Project will provide users with a patch for a recently identified critical vulnerability. OpenSSL is a software library used with most common operating systems and applications for secure communications. It is deployed across industries, including by the health sector. The OpenSSL Project rarely classifies a vulnerability as critical, which is...
October 31, 2022
FBI Issues Advisories on Recent Cyberattacks and Increasing Vulnerabilities
The US Federal Bureau of Investigation (FBI) has released two Private Industry Notification (PIN) advisories in response to a recent uptick in cybercriminals targeting health care payment processors and an observed increase in vulnerabilities in unpatched medical devices. Summaries of the PINs are below. Hospitals are encouraged to carefully review the advisories in detail. Cybercriminals...
September 19, 2022
Cybersecurity Advisory: Zeppelin Ransomware Summary
GNYHA is sharing an advisory jointly issued by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) about known Zeppelin ransomware variants identified through FBI investigations. Hospitals are encouraged to carefully review the details of the ransomware threat and mitigation strategies as hospitals and other health care entities are specifically...
August 12, 2022