Microsoft's Log4j vulnerabilities and potential cyberattacks stemming from the intensifying Russia-Ukraine conflict remain top-of-mind concerns for healthcare cybersecurity teams. Here are five recent notes from federal agencies:
- The Cybersecurity and Infrastructure Security Agency said "every organization in the U.S. is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety" in a Jan. 18 report. The report reminded organizations that malware used in recent attacks against Ukrainian government websites has been deployed in the past to damage critical U.S. infrastructure. The Department of Homeland Security issued a similar warning Jan. 23, saying that Russia may unleash a cyberattack against the U.S. as Russia's conflict with Ukraine intensifies.
- CISA gave tips to reduce the likelihood of a cyberattack, quickly detect intrusions, ensure healthcare providers can effectively respond to cyberattacks and maximize resilience to them. The tips can be found here.
- The HHS Health Sector Cybersecurity Coordination Center said "health sector adversaries are actively leveraging" Log4j vulnerabilities in a threat brief issued Jan. 20. Log4j is a highly utilized piece of open-source code, and exploitation of its vulnerabilities can lead to data exfiltration and ransomware. The brief said state-sponsored hackers are believed to be taking advantage of the flaws, including actors from Russia, China, Iran, North Korea and Turkey.
- The center said cybercriminal groups, specifically those leveraging ransomware, are also taking advantage of Log4j vulnerabilities. The brief identified the ransomware Conti as a "prolific threat to the health sector."
- The brief instructed healthcare providers to download the latest version of Log4 and monitor Apache's site and vendors for additional vulnerabilities and updates. More guidance can be found here.