Content created by Office of the Chief Information Officer (OCIO)
Threat Briefs
- June 13, 2024 – Cloud Security for the HPH
- May 16, 2024 – Business Email Compromise (BEC) & Healthcare
- April 11, 2024 – Social Engineering Targeting the HPH Sector
- February 15, 2024 – Russian Threat Actors Targeting the HPH Sector*
- January 18, 2024 - Ransomware & Healthcare*
- December 7, 2023 - Open-Source Software Risks in the Health Sector*
- November 16, 2023 - Emotet: The Enduring and Persistent Threat to the HPH*
- October 12, 2023 - Cybersecurity Incident Response Plans
- September 21, 2023 - DPRK and Chinese Cyber Crime Threats to the U.S. HPH*
- August 10, 2023 - Multi-Factor Authentication & Smishing
- July 13, 2023 - AI, Cybersecurity and the Health Sector*
- June 8, 2023 - Types of Threat Actors That Threaten Healthcare*
- April 6, 2023 - EMRs A Top Target for Cyber Threat Actors*
- March 9, 2023 - Data Exfiltration Trends in Healthcare
- February 9, 2023 - 2022 Retrospective & 2023 Look Ahead*
- January 12, 2023 - Royal & BlackCat Ransomware*
- December 8, 2022 - Automation and Hacking in Healthcare*
- November 3, 2022 - Iranian Threat Actors and Healthcare
- October 6, 2022 - Abuse of Legitimate Security Tools and the HPH
- September 22, 2022 - APT41 and Recent Activity
- September 8, 2022 - Emerging Technology and Security for the HPH
- August 18, 2022 - The Impact of Social Engineering On Healthcare
- August 4, 2022 - The OWASP Top 10
- July 21, 2022 - Web Application Attacks in Healthcare
- July 7, 2022 - Quantum Cryptography and the Health Sector
- June 16, 2022 - Strengthening Cyber Posture in Healthcare
- June 2, 2022 - The Return of Emotet
- May 19, 2022 - Major Cyber Orgs of Russian Intelligence Services
- May 5, 2022 - Ransomware Trends in Q1 2022
- April 21, 2022 - Insider Threats in Healthcare
- April 7, 2022 - Lapsus$ and the Health Sector*
- March 17, 2022 - An Analysis of the Russia-Ukraine Conflict*
- March 3, 2022 - Health Sector Cyber Security: 2021 Retrospective and 2022 Look Ahead*
- February 17, 2022 - EMR in Healthcare*
- February 3, 2022 - Lessons Learned from the HSE Attack
- January 20, 2022 - Log4j Vulnerabilities and the Health Sector
Sector Alerts
- August 16, 2024 – Grant Donation Scam Sector Alert
- July 23, 2024 – Global Technology Outage Sector Alert
- June 27, 2024 – MOVEit Sector Alert
- June 12, 2024 – PHP Programming Language Sector Alert
- June 7, 2024 – Snowflake Sector Alert
- June 4, 2024 – Baxter Welch Allyn Vulnerabilities Sector Alert
- April 18, 2024 – Updated Palo Alto Networks Firewalls
- April 12, 2024 – Palo Alto Networks Firewalls Sector Alert
- April 3, 2024 – Help Desk Social Engineering Sector Alert
- March 18, 2024 – Credential Harvesting Sector Alert
- March 12, 2024 – E-mail Bombing Sector Alert
- March 1, 2024 – Threats from Fraudulent Websites Sector Alert
- February 26, 2024 – ScreenConnect Server Vulnerabilities Sector Alert
- January 22, 2024 - Threat of Unauthorized Access to HPH Orgs Sector Alert
- November 22, 2023 - Lockbit 3.0 Exploiting Citrix Bleed Sector Alert*
- November 21, 2023 - Fortinet FortiSIEM Vulnerability Sector Alert*
- October 6, 2023 - Cisco Emergency Responder Sector Alert*
- September 29, 2023 - WS FTP Vulnerabilities Sector Alert*
- September 18, 2023 - ManageEngine Vulnerability Sector Alert
- September 12, 2023 - Akira Ransomware Sector Alert
- August 4, 2023 - Rhysida Ransomware Sector Alert
- July 20, 2023 - Citrix ADC and Citrix Gateway Vulnerabilities Sector Alert
- June 16, 2023 - Critical Vulnerability in MOVEit Transfer Software Sector Alert
- June 2, 2023 - MOVEit Transfer Software Sector Alert
- May 10, 2023 - Veeam Backup & Replication Sector Alert
- April 28, 2023 - Cl0p and Lockbit New Data Breaches Sector Alert
- April 7, 2023 - DNS NXDOMAIN Attacks Sector Alert
- February 22, 2023 - Clop Allegedly Targeting Healthcare Industry Sector Alert
- January 31, 2023 - OpenEMR Sector Alert
- December 16, 2022 - Citrix ADC-Gateway Sector Alert
- October 28, 2022 - OpenSSL Critical Patch*
- September 19, 2022 - Monkeypox-Themed Phishing Campaign Sector Alert
- August 18, 2022 - Apple Zero Day Sector Alert
- August 10, 2022 - Secure Message/Evernote-Themed Phishing Campaign
- April 7, 2022 - Mailchimp Sector Alert*
Other Products
- September 13, 2024 – August 2024 Vulnerability Bulletin*
- July 9, 2024 - June 2024 Vulnerability Bulletin*
- July 2, 2024 – Vidar Malware Analyst Note
- June 26, 2024 – Seashell Blizzard Threat Actor Profile
- June 18, 2024 – Qilin/Agenda Ransomware Threat Profile
- June 13, 2024 – May 2024 Vulnerability Bulletin
- May 30, 2024 – Healthcare Sector DDoS Guide Analyst Note
- May 15, 2024 – April 2024 Vulnerability Bulletin
- April 10, 2024 – March 2024 Vulnerability Bulletin*
- April 8, 2024 – Baza(r)Call Campaigns Analyst Note
- April 5, 2024 – HC3’s Top 10 Most Active Ransomware Groups Analyst Note
- March 19, 2024 – February 2024 Vulnerability Bulletin
- February 27, 2024 – ALPHV Blackcat Joint Cybersecurity Advisory*
- February 7, 2024 – Akira Ransomware Analyst Note*
- February 5, 2024 – January 2024 Vulnerability Bulletin
- January 4, 2024 – December 2023 Vulnerability Bulletin
- December 5, 2023 - ownCloud Vulnerability White Paper
- December 4, 2023 – November 2023 Vulnerability Bulletin
- November 6, 2023 - BlackSuit Ransomware Analyst Note
- November 3, 2023 - October 2023 Vulnerability Bulletin*
- November 1, 2023 - 8Base Ransomware Analyst Note
- October 26, 2023 - AI and Phishing as a Threat to the HPH White Paper
- October 25, 2023 - SolarWinds ARM Vulnerabilities Analyst Note*
- October 23, 2023 - QR Codes and Phishing as a Threat to the HPH White Paper*
- October 18, 2023 - ServiceNow Vulnerability Analyst Note
- October 12, 2023 - NoEscape Ransomware Analyst Note
- October 5, 2023 - September 2023 Vulnerability Bulletin*
- October 4, 2023 - Securing Remote Access Software Alert*
- September 29, 2023 - LokiBot Malware Analyst Note
- September 20, 2023 - August 2023 Vulnerability Bulletin
- August 23, 2023 - July 2023 Vulnerability Bulletin*
- August 16, 2023 - China-Based Threat Actor Profiles
- July 21, 2023 - Remote Identity Management Analyst Note
- July 13, 2023 - June 2023 Vulnerability Bulletin
- June 22, 2023 - SEO Poisoning Analyst Note
- June 16, 2023 - Healthcare and Public Health Sector Cybersecurity Notification*
- June 14, 2023 - May 2023 Vulnerability Bulletin*
- June 13, 2023 - FIN11 Threat Profile*
- May 16, 2023 - April 2023 Vulnerability Bulletin
- April 17, 2023 - March 2023 Vulnerability Bulletin
- April 6, 2023 - Q1 2023 Healthcare Cybersecurity Bulletin
- April 5, 2023 - KillNet Analyst Note*
- March 23, 2023 - HPH Mobile Device Security Checklist
- March 15, 2023 - Black Basta Threat Profile
- March 13, 2023 - February 2023 Vulnerability Bulletin
- February 24, 2023 - MedusaLocker Ransomware Analyst Note
- February 13, 2023 - Healthcare Sector DDoS Guide Analyst Note
- February 6, 2023 - January 2023 Vulnerability Bulletin
- January 30, 2023 - KillNet Analyst Note
- January 19, 2023 - December 2022 Vulnerability Bulletin
- January 18, 2023 - 2022 Q4 Healthcare Cybersecurity Bulletin*
- January 17, 2023 - AI for Malware Development Analyst Note
- January 4, 2023 - Clop Ransomware Analyst Note
- December 22, 2022 - KillNet Analyst Note
- December 12, 2022 - LockBit 3.0 Analyst Note
- December 12, 2022 - BlackCat Analyst Note
- December 8, 2022 - November 2022 Vulnerability Bulletin
- December 7, 2022 - Royal Ransomware Analyst Note
- December 2, 2022 - Cuba Ransomware Alert
- November 21, 2022 - Lorenz Ransomware Analyst Note
- November 14, 2022 - October 2022 Vulnerability Bulletin
- November 9, 2022 - Venus Ransomware Analyst Note
- October 25, 2022 - September 2022 Vulnerability Bulletin
- September 30, 2022 - Microsoft Exchange Zero-Day Alert
- September 6, 2022 - August 2022 Vulnerability Bulletin
- August 29, 2022 - Evil Corp Threat Profile
- August 24, 2022 - Karakurt Threat Profile Analyst Note
- August 19, 2022 - Vishing Attacks on the HPH Sector Analyst Note
- August 15, 2022 - July 2022 Vulnerability Bulletin
- August 9, 2022 - Cloud Security Analyst Note
- August 9, 2022 - OSINT How-To Analyst Note
- August 4, 2022 - Internet of Things Security Analyst Note
- July 13, 2022 - June 2022 Vulnerability Bulletin
- June 8, 2022 - May 2022 Vulnerability Bulletin
- May 6, 2022 - April 2022 Vulnerability Report
- April 27, 2022 - 2021 Top Exploited Vulnerabilities Alert
- April 26, 2022 - Russia Threats to Critical Infrastructure Alert
- April 26, 2022 - BlackCat ALPHV IOCs Alert
- April 18, 2022 - Hive Ransomware Analyst Note
- April 13, 2022 - Aethon TUG Home Base Server Alert
- April 6, 2022 - Philips Vue PACS Alert Update B*
- April 5, 2022 - March 2022 Vulnerability Bulletin*
- March 30, 2022 - UPS Attack Mitigation Alert
- March 25, 2022 - AA22-083A Alert
- March 22, 2022 - Health-ISAC and HC3 Joint Threat Bulletin on Potential Russian Cyberattacks*
- March 18, 2022 - February 2022 Vulnerability Bulletin
- March 16, 2022 - Russian Cyber Actors Gain Access by Exploiting Default MFA Protocols and “PrintNightmare” Vulnerability
- March 10, 2022 - Conti Update
- March 8, 2022 - PTC Axeda agent and Axeda Desktop Server Vulnerabilities Alert
- March 1, 2022 - The Russia-Ukraine Cyber Conflict
- February 28, 2022 - Destructive Malware Targeting Ukraine Alert
- February 25, 2022 - Hermetic Wiper Malware
- February 23, 2022 - Preparing for Foreign Influence Operations Targeting Critical Infrastructure*
- February 14, 2022 - 2021 CISA Shields Up Alert
- February 9, 2022 - 2021 Global Ransomware Trends Alert
- February 7, 2022 - LockBit 2.0 IOCs Alert
- February 4, 2022 - January 2022 Vulnerability Bulletin
- January 28, 2022 - Reduced Threat Posed by BlackMatter Analyst Note
- January 21, 2022 - 2021 Q4 HC3 Healthcare Cybersecurity Bulletin
- January 11, 2022 - Russian Sponsored Threats Alert
- January 10, 2022 - December 2021 Vulnerability Bulletin
- January 6, 2022 - Mespinoza-GOLD BURLAP-Cyborg Spider Analyst Note
Archive of Resources
- December 21, 2021 - Log4j Scanner Alert
- December 15, 2021 - November 2021 Vulnerability Bulletin*
- December 13, 2021 - Hillrom Welch Allyn Cardiology Products Vulnerability Alert
- November 23, 2021 - BIO-ISAC Tardigrade Malware Alert*
- November 17, 2021 - October 2021 Vulnerability Bulletin
- November 17, 2021 - CISA/FBI/ACSC/NCSC Iranians Fortinet Exchange Alert
- November 12, 2021 - Forescout Nucleus TCPIP Alert*
- October 28, 2021 - Threat Actor Orange Targets US HPH Entities Analyst Note*
- October 26, 2021 - 2021 Q3 Healthcare Cybersecurity Bulletin*
- October 19, 2021 - Joint CISA/NSA/FBI BlackMatter Ransomware Alert*
- October 15, 2021 - September 2021 Vulnerability Bulletin*
- October 13, 2021 - Q3 2021 HPH Ransomware Trends Analyst Note*
- October 7, 2021 - Medtronic Alert*
- October 6, 2021 - Two Factor Authorization*
- October 1, 2021 - Hardening Remote Access VPN Alert*
- September 30, 2021 - Conti Ransomware Alert*
- September 28, 2021 - New Azure AD Brute-Force Alert
- September 23, 2021 - BrakTooth Analyst Note*
- September 7, 2021 - August 2021 Vulnerability Bulletin*
- September 2, 2021 - Phishing Analyst Note*
- September 1, 2021 - Holiday Ransomware Alert*
- August 25, 2021 - IOCs Associated with Hive Ransomware Alert*
- August 24, 2021 - OnePercent Group Ransomware Alert*
- August 18, 2021 - July Vulnerability Bulletin*
- August 18, 2021 - BlackBerry QNX RTOS Alert*
- August 6, 2021 - Lazio Ransomware Attack Analyst Note*
- July 29, 2021 - Top Routinely Exploited Vulnerabilities for 2020 and 2021
- July 28, 2021 - Geutebrück G-Cam E2 Series Camera Vulnerabilities Alert
- July 22, 2021 - Exploitation of Pulse Connect Secure Vulnerabilities*
- July 15, 2021 - PrintNightmare Vulnerability Update 1*
- July 8, 2021 - Phobos Ransomware Analyst Note*
- July 6, 2021 - PrintNightmare Vulnerability*
- June 11, 2021 - May 2021 Vulnerability Bulletin*
- May 25, 2021 - Conti Ransomware Analyst Note*
- May 11, 2021 - April 2021 Vulnerability Bulletin*
- April 26, 2021 - API Security for the HPH*
- April 21, 2021 - Pulse Secure Vulnerabilities Analyst Note*
- April 15, 2021 - NAME WRECK Analyst Note*
- April 13, 2021 - Vishing Analyst Note*
- March 23, 2021 - CL0P Analyst Note*
- March 12, 2021 - New Ryuk Variant Analyst Note*
- March 8, 2021 - February 2021 HPH Cybersecurity Vulnerability Bulletin*
- March 8, 2021 - Microsoft Exchange Server Detection Analyst Note*
- March 3, 2021 - Microsoft Exchange Server Analyst Note*
- February 23, 2021 - Accellion Analyst Note*
- February 12, 2021 - HC3 January 2021 HPH Vulnerability Bulletin*
- January 12, 2021 - December 2020 Vulnerability Bulletin*
- January 4, 2021 - TCP-IP Stack Analyst Note
- December 17, 2021 - Log4j Update Sector Alert*
- December 10, 2021 - Log4j Sector Alert
- November 16, 2021 - Intel BIOS Vulnerabilities Sector Alert*
- November 12, 2021 - ManageEngine APT27 Sector Alert*
- October 8, 2021 - Medusa TangleBot Malware Sector Alert*
- September 22, 2021 - VMware Vulnerabilities Sector Alert*
- August 27, 2021 - Pulse Secure Vulnerabilities*
- August 19, 2021 - Fortinet Sector Alert*
- August 3, 2021 - PwnedPiper Impact on Healthcare*
- July 30, 2021 - HiveNightmare/SeriousSAM Potential HPH Impact Sector Alert
- July 9, 2021 - Phillips Vue PACS Sector Alert*
- June 29, 2021 - PACS Vulnerabilities Sector Alert*
- June 4, 2021 - Vulnerabilities Reported by MesaLabs for AmegaView*
- May 28, 2021 - New Phishing Campaign Launched by SOLARWINDS Attackers*
- May 12, 2021 - CISCO Sector Alert*
- May 6, 2021 - EXIM Sector Alert*
- April 22, 2021 - SonicWall Sector Alert*
- December 2, 2021 - FIN12 as a Threat to Healthcare*
- November 18, 2021 - Zero-Day Attacks
- November 4, 2021 - Cobalt Strike*
- October 21, 2021 - Hive Ransomware*
- October 7, 2021 - Blockchain for Healthcare*
- September 23, 2021 - LockBit Ransomware*
- September 2, 2021 - Demystifying BlackMatter*
- August 19, 2021 - REvil Update*
- August 5, 2021 - Qbot/QakBot Ransomware*
- July 8, 2021 - Conti Ransomware*
- June 17, 2021 - The Evolution of Cyber Hunt Processes*
- June 3, 2021 - Ransomware Trends 2021*
- May 20, 2021 - API for the HPH*
- May 06, 2021 - China's 14th FYP and the HPH*
- April 22, 2021 - Cyber Supply Chain Risk Management*
- April 8, 2021 - Ryuk Variants*
- March 25, 2021 - DPRK Cyber Espionage*
- March 18, 2021 - HPH Cyberthreats to Biotechnology*
- March 11, 2021 - 2021 HPH Cybersecurity Forecast*
- March 4, 2021 - DNS Tunneling*
- February 25, 2021 - Securing SSL/TLS in Healthcare*
- February 18, 2021 - 2020 HPH Cybersecurity Retrospective*
- February 11, 2021 - Threat Posed by Bulk Email Services*
- February 4, 2021 -Threats in Healthcare Cloud Computing*
- January 28, 2021 - ATTACK for Emotet*
- January 21, 2021 - Laying a Strong Cyber Foundation for the HPH*
- January 14, 2021 - HPH Distributed Attack Vectors TLP WHITE*
- December 10, 2020 - Evasive Methods Against Healthcare*
- November 12, 2020 - Trickbot and Ryuk*
- November 5, 2020 - SMB Vulnerabilities in Healthcare*
- October 29, 2020 - QakBot*
- October 22, 2020 - Using Honeypots for Network Intrusion Detection*
- October 15, 2020 - Unix/Mac/Linux OS Malware*
- October 8, 2020 - True Fighter RDP*
- October 1, 2020 - Zero Trust*
- September 24, 2020 - Netwalker*
- September 17, 2020 - Malspam*
- September 3, 2020 - CIS Controls in HPH*
- August 27, 2020 - Pulse Secure VPN*
- August 20, 2020 - 5G Security for Healthcare*
- August 13, 2020 - COVID-19 Cyber Threats (Update)*
- August 6, 2020 - Cybersecurity Maturity Models*
- July 23, 2020 - Dark Web and Cybercrime*
- July 23, 2020 - HPH-Sector Cyber Threat Actor Modeling with Mitre ATT&CK*
- July 9, 2020 - Business Email Compromise in the Health Sector*
- June 9, 2020 - APT and Cybercriminal Targeting of HCS*
- June 4, 2020 - Social Media Attacks*
- May 21, 2020 - Web Shell Malware:Threats and Mitigations*
- May 14, 2020 - COVID-19 Related Nation-State and Cyber Criminal Targeting of the Healthcare Sector*
- May 7, 2020 - Quantitative Risk Management for Healthcare Cybersecurity*
- April 30, 2020 - Threat Modeling for Mobile Health Systems*
- April 23, 2020 - COVID-19 Cyber Threats*
- April 16, 2020 - AZORult Malware*
- April 9, 2020 - Access Control on Health Information Systems*
- April 2, 2020 - 2019 Threats Posed to Healthcare Sector by Use of Third-Party Services*
- March 26, 2020 - Securely Teleworking in Healthcare*
- March 19, 2020 - Multifactor Authentication*
- March 19, 2020 - NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management*
- March 19, 2020 - Wearable Device Security*
- March 19, 2020 - Wearable Device Security and SweynTooth Vulnerabilities*
- March 5, 2020 - Incident Response*
- February 28, 2020 - "SweynTooth" Devices in the Medical Environment*
- February 20, 2020 - PyXie Remote Access Trojan (RAT)*
- February 20, 2020 - Botnet Threat to the Healthcare Industry*
- February 13, 2020 - Electronic Health Record Systems*
- February 6, 2020 - A.I. Application and Security Implications in the Healthcare Industry*
- January 30, 2020 - Ryuk Update*
- January 9, 2020 - Trickbot*
- December 19, 2019 - Emotet Update*
- December 12, 2019 - Maze Ransomware*
- December 5, 2019 - BlueKeep Update*
- November 14, 2019 - Physical Access Control*
- October 24, 2019 - APT41*
- September 12, 2019 - Blockchain Application in the Healthcare Industry*
- September 4, 2019 - Sodinokibi: Aggressive Ransomware Impacting HPH Sector*
- August 1, 2019 - 5G Security Implications for the Healthcare Enterprise*
- July 11, 2019 - Medical Device Image Tampering*
- May 9, 2019 - Credential Stuffing*
- April 25, 2019 - Free Web Scanning Resources*
- December 16, 2020 - Sector Alert COVID Phishing TLP WHITE*
- October 2, 2020 - Bazarloader*
- September 8, 2020 - Maldoc Information Stealer*
- August 27, 2020 - Agent Tesla Phishing*
- August 21, 2020 - Thales Vulnerability*
- August 13, 2020 - XenMobile Sector Alert*
- July 21, 2020 - SharePoint CVE-2020-1147*
- May 19, 2020 - Cybersecurity Vulnerabilities Of Interest to the Health Sector*
- April 16, 2020 - Fake Online Coronavirus Map Delivers Well-known Malware*
- April 16, 2020 - Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data*
- April 15, 2020 - VMWare Directory Service Critical Vulnerability*
- March 26, 2020 - APT41 Citrix and Zoho Attacks on Healthcare*
- December 9, 2020 - November Monthly Cybersecurity Vulnerability Bulletin*
- November 17, 2020 - SDBBot Analyst Note*
- November 16, 2020 - Cl0p Ransomware*
- October 1, 2020 - September Monthly Cybersecurity Vulnerability Bulletin*
- July 20, 2020 - July Vulnerability Bulletin*
- June 16, 2020 - Dridex Malware - a Growing Threat to the HPH Sector*
- June 16, 2020 - Formbook Malware Phishing Campaigns*
- June 16, 2020 - LokiBot Malware Threat to Healthcare*
- June 16, 2020 - Pony/Fareit Malware: A Growing Threat to the Healthcare and Public Health Sector*
- June 16, 2020 - Remcos RAT*
- June 16, 2020 - Remote Access Trojan "Agent Tesla" Targets Organizations with COVID-themed Phishing Attacks*
- June 16, 2020 - Remote Access Trojan Nanocore Poses Risk to HPH Sector*
- June 16, 2020 - Ursnlf Malware*
- May 12, 2020 - Mobile Browser Hijacker Attempts to Social Engineer Users to Install a Potentially Unwanted Program (PUP)*
- April 3, 2020 - COVID-19 VTC Exploitation*
- February 3, 2020 - Coronavirus Themed E-mail Phishing*
- April 12, 2019 - A Cost Analysis of Healthcare Sector Data Breaches*
*This content is in the process of Section 508 review. If you need immediate assistance accessing this content, please submit a request to HC3@hhs.gov. Content will be updated pending the outcome of the Section 508 review.