Author Archives: MS-ISAC

Cyber Attacks: In the Healthcare Sector

As the healthcare sector continues to offer life critical services while working to improve treatment and patient care with new technologies, criminals and cyber threat actors look to exploit the vulnerabilities that are coupled with these changes. The following blog series will explore one MS-ISAC analyst’s thoughts on today’s sources of frustration for healthcare IT and cybersecurity specialists.

This entry was posted in Healthcare on February 08, 2017 by MS-ISAC

2017: New Year’s Resolutions for a CISO

By the Intel & Analysis Working Group (I&AWG) 

Year after year on January 1st we start fresh by taking time to reevaluate our lives; we determine where we are and think about where we'd eventually like to be at year’s end. This recurring tradition usually involves creating a list of resolutions that will be used as a guide to help navigate our way through another 365 days of living a happier, healthier, and more efficient lives.

This entry was posted in CISO on January 20, 2017 by MS-ISAC

End-of-Support Software Report List

10/1/2016 to 6/30/2017 

The importance of updating software before its End-of-Life (EOL) and End-of-Support (EOS) should not be taken lightly or ignored. EOL occurs when the software is retired, although the vendor/manufacture can (and generally does) continue to support the software until the EOS date. EOS occurs when software updates, patches, and other forms of support are no longer offered, resulting in software becoming prone to future security vulnerabilities. Vendors and manufacturers often use these terms interchangeably, although different vendors and manufacturers may have slightly different definitions for EOL and EOS. For this reason, it is important to check with the individual vendor/manufacturer. 

This entry was posted in End-of-Support / End-of-Life Report on November 30, 2016 by MS-ISAC

Cyber Extortion: An Industry Hot Topic

By Chris Cooley, Cyber Intelligence Analyst 

Some traditional cybercriminals have seemingly left the art of stealing credit cards and personally identifiable information (PII) for a simpler tactic – cyber extortion – where they use threats to demand victims’ money rather than steal it. While highly discussed, cyber extortion continues to gain traction as a multi-million dollar criminal industry. Over the last year state and local governments, along with law enforcement and health care organizations, have not evaded its path.

on November 23, 2016 by MS-ISAC

Evolving Tactics of Tech Support Scams

Written by: Emily Cranston, Senior Cyber Intelligence Analyst & Curt Beall, MS-ISAC Intel Unit Intern 

Tech support scams have been around for years: you answer the phone and the person on the other end claims to be working with a well-known tech company. They try to convince you that your computer is sending out error messages, attacking another computer, or infected with viruses. Malicious actors use this scam to cold-call victims, gain access to victims’ computers, install malware, steal information, or receive payment for fraudulent services. 

on October 18, 2016 by MS-ISAC

Ransomware: In the Healthcare Sector


It is hard to ignore the recent increase in reporting of hospitals victimized by ransomware. Ransomware has become such an issue that the MS-ISAC, along with our partners at the National Health Information Sharing and Analysis Center (NH-ISAC) and Financial Services Information Sharing and Analysis Center (FS-ISAC), teamed up to host trainings around the country on how to defend against it.

This entry was posted in ransomware on October 10, 2016 by MS-ISAC

Insider Threats: In the Healthcare Sector

Insider Threat

Organizations are often too preoccupied with defending the integrity of their company and network from external threats to address the very real and dangerous risk that may lie within their own organization - insiders. The insider poses a threat because the legitimate access they have or had to proprietary systems discounts them from facing traditional cybersecurity defenses, such as intrusion detection devices or physical security.

This entry was posted in Insider Threat on October 10, 2016 by MS-ISAC

Business Email Compromise: In the Healthcare Sector

Business Email Compromise / Fraud Scams

Referred to as the “Billion Dollar Scam” by the Federal Bureau of Investigation (FBI), Business Email Compromise (BEC) scammers use a spoofed email or compromised account to trick employees into initiating a money transfer to an alternate (fraudulent) account. The scammers almost always pretend to be a person of power within the organization, such as the CEO or CFO.

This entry was posted in email compromise on October 10, 2016 by MS-ISAC

DDos Attacks: In the Healthcare Sector

DDoS Attacks

Distributed denial of service (DDoS) attacks are a popular tactic, technique, and procedure (TTP) used by hacktivists and cybercriminals to overwhelm a network to the point of inoperability. This can pose a serious problem for healthcare providers who need access to the network to provide proper patient care or need access to the Internet to send and receive emails, prescriptions, records, and information.

This entry was posted in DDos Attacks on October 10, 2016 by MS-ISAC

Data breaches: In the Healthcare Sector

Data breaches

It seems that every day another hospital is in the news as the victim of a data breach. The routine is familiar - individuals receive notification by (e)mail of the breach, paired reassuringly with two free years of credit and identity monitoring. (One might wonder - Is there even anyone left who isn’t being monitored?) According to the Ponemon Institute and Verizon Data Breach Investigations Report, the health industry experiences more data breaches than any other sector.[i] There may be some potential for bias in this claim, due to the well-defined, legally mandated reporting requirements of the Health Insurance Portability and Accountability Act (HIPPA), which makes it more likely healthcare breaches will be reported compared to breaches in other sectors. 

This entry was posted in data breach on October 10, 2016 by MS-ISAC