Healthcare Cybersecurity

SonicWall Recommends Immediate Firmware Upgrade to Fix Critical Flaws in SMA 100 Series Appliances

SonicWall has released new firmware for its Secure Mobile Access (SMA) 100 series remote access appliances that fixes 8 vulnerabilities including 2 critical and 4 high-severity flaws.

Vulnerabilities in SonicWall appliances are attractive to threat actors and have been targeted in the past in ransomware attacks. While there are currently no known cases of the latest batch of vulnerabilities being exploited in the wild, there is a high risk of these vulnerabilities being exploited if the firmware is not updated promptly. SMA 100 series appliances include the SonicWall SMA 200, 210, 400, 410, and 500v secure access gateway products, all of which are affected.

The most serious vulnerabilities are buffer overflow issues which could be exploited remotely by an unauthenticated attacker to execute code on vulnerable appliances. These are CVE-2021-20038, an unauthenticated stack-based buffer overflow vulnerability (CVSS score of 9.8), and CVE-2021-20045, which covers multiple unauthenticated file explorer heap-based and stack-based buffer overflow issues (CVSS score 9.4). A further heap-based buffer overflow vulnerability – CVE-2021-20043 – allows remote code execution, although an attacker would need to be authenticated (CVSS score 8.8).

The remaining 3 high-severity vulnerabilities are CVE-2021-20041 – an unauthenticated CPU exhaustion vulnerability (CVSS score 7.5); CVE-2021-20039 – an authenticated command injection vulnerability (CVSS score 7.2); and CVE-2021-20044 – a post-authentication remote code execution vulnerability (CVSS score 7.2).

Two medium-severity vulnerabilities have also been fixed: CVE-2021-20040 – an unauthenticated file upload path traversal vulnerability (CVSS score 6.5) and CVE-2021-20042 – an unauthenticated ‘confused deputy’ vulnerability (CVSS score 6.3).

The firmware update can be accessed at MySonicWall.com and should be applied as soon as possible to prevent exploitation. SonicWall says there are no temporary mitigations that can be implemented to prevent exploitation of the flaws.

The post SonicWall Recommends Immediate Firmware Upgrade to Fix Critical Flaws in SMA 100 Series Appliances appeared first on HIPAA Journal.

Guidance Issued for Healthcare CISOs on Identity, Interoperability, and Patient Access

The Health Information Sharing and Analysis Center (Health-ISAC) has released guidance for Chief Information Security Officers (CISOs) on adopting an identity-centric approach to enabling secure and easy access to patient data to meet the interoperability, patient access, and data sharing requirements of the 21st Century Cures Act.

New federal regulations tied to the 21st Century Cures Act call for healthcare organizations to provide patients with easy access to their healthcare data and ensure patients can easily share their electronic health information (EHI) data wherever, whenever, and with whomever they want. The failure of a healthcare organization to implement systems to support patient access and interoperability could be considered information blocking and would be subject to fines and penalties.

The new federal requirements are for healthcare providers and insurers to allow data sharing through Application Programming Interfaces (APIs) that operate on the Fast Healthcare Interoperability and Resources (FHIR) standard. Healthcare providers and insurers are required to establish APIs to allow patients to access their EHI; however, providing patients with easy access to their healthcare data has the potential to introduce security vulnerabilities.

Health-ISAC says that in order to provide easy access to patient data, multiple privacy, security, and usability challenges need to be addressed, all of which are rooted in identity. When users request access to their data, strong authentication controls must be in place to verify that the person requesting EHI is who they say they are. For many years, patient matching problems have plagued the healthcare industry, and without a national patient identifier, those problems exist to this day. Those issues must also be addressed to ensure the correct EHI is provided.  Also, if an individual wants to only share part of their EHI, it needs to be possible for a portion of the data to be easily shared.

H-ISAC Framework for Managing Identity

Health-ISAC suggests a Framework for Managing Identity (above) that covers all of those functions; however, privacy and security issues also need to be addressed. For example, if a patient wants to authorize the use of EHI on behalf of someone else that he/she cares for, such as an elderly relative or a minor child, that must be possible. It must also be possible for a patient to delegate access privileges if they are being cared for by someone else, and for appropriate authentication controls to be in place to accommodate such requests. API-level security is also required. FHIR APIs are in the public domain, so they must be secured after authorization to use is granted.

Health-ISAC suggests that healthcare organizations should adopt an identity-centric approach to data sharing to solve these issues. “The most effective way of mitigating the risk that these issues pose to organizations is through the implementation of a modern, robust, and secure identity infrastructure that can securely authenticate and authorize users and incoming requests, enforce the appropriate consent requests, and tightly govern the use of identities,” said Health-ISAC. “By design, this is exactly what the Health-ISAC framework is meant to achieve.”

Additionally, Health-ISAC strongly recommends implementing multi-factor authentication, as while this is not explicitly required by the new ONC and CMS Rules, guidance issued by the government strongly points to the use of MFA. There are risks associated with not implementing MFA due to its importance for authentication.  The HHS’ Office for Civil Rights (OCR) has fined health organizations for HIPAA violations related to inadequate authentication in the past. Health-ISAC has produced a white paper – All About Authentication – which explains the best approach for implementing MFA.

“Identity is a journey. As the healthcare industry focuses on digital adoption, identity will continue to play a foundational role. Whether your implementation of a modern identity system is driven by regulatory and compliance requirements, security and privacy concerns, or a desire to improve customer experience, a well-architected, robust digital identity solution can address all of these drivers,” concludes Health-ISAC.

The post Guidance Issued for Healthcare CISOs on Identity, Interoperability, and Patient Access appeared first on HIPAA Journal.

Biomanufacturing Sector Warned of High Risk of Tardigrade Malware Attacks

A highly sophisticated malware capable of aggressively spreading within networks is being used in targeted attacks on the biomanufacturing sector. The malware has been named Tardigrade by security researchers and initial research suggests it may be a variant of SmokeLoader – A commonly used malware loader and backdoor, although SmokeLoader and Tardigrade malware are quite distinct.

The sophisticated nature of the malware coupled with the targeted attacks on vaccine manufacturers and their partners strongly suggest the malware was developed and is being used by an Advanced Persisted Threat (APT) actor. The malware was first detected being used in attacks on the biomanufacturing sector in the spring of 2021 when an infection was discovered at a large U.S. biomanufacturing facility. The malware was identified again in an attack on a biomanufacturing firm in October 2021 and it is believed to have been used in attacks on several firms in the sector.

In contrast to SmokeLoader, which requires instructions to be sent to the malware from its command-and-control infrastructure, Tardigrade malware has far greater autonomy and can use its internal logic to make decisions about lateral movement and which files to modify. The malware has a distributed command-and-control network and uses a variety of IPs that do not correspond to a specific command-and-control node. The malware is also metamorphic, which means its code regularly changes while retaining its functionality. That means signature-based detection mechanisms are not effective at identifying and blocking Tardigrade malware.

Tardigrade malware is stealthy and can be used to gain persistent access to victims’ systems for espionage. The malware creates a tunnel for data exfiltration and has been used to prepare systems for further malicious activities such as ransomware attacks. The malware was first detected when investigating what appeared to be a ransomware attack.

An advisory about the malware was issued by the Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) due to the significant threat the malware poses to the biomanufacturing sector and their partners, with the HHS’ Health Sector Cybersecurity Coordination Center (HC3) also issuing a recent alert about the malware.

BIO-ISAC says all biomanufacturing sites and their partners should assume that they will be targets and should take steps to improve their defenses against this new malware threat. The primary method of malware delivery is believed to be phishing emails, although the malware is capable of spreading via USB drives and can propagate autonomously throughout victims’ networks.

It is important to ensure cybersecurity best practices are followed, such as closing open remote desktop protocols, updating out-of-date operating systems and software, aggressively segmenting networks, implementing multifactor authentication, and ensuring antivirus software is used on all devices that is capable of behavioral analysis.

BIO-ISAC also recommends conducting a “crown jewels” analysis, which should include assessing the impact of an attack should certain critical devices be rendered inoperable, ensuring offline backups are performed on biomanufacturing infrastructure, testing backups to ensure recovery is possible, providing phishing awareness training to the workforce, inquiring about lead times for procuring critical infrastructure components such as chromatography, endotoxin, and microbial containment systems, and accelerating the upgrade of legacy equipment.

Further information on the Tardigrade malware threat is available from BIO-ISAC and HC3.

The post Biomanufacturing Sector Warned of High Risk of Tardigrade Malware Attacks appeared first on HIPAA Journal.

APT Actor Exploiting Zoho ManageEngine ServiceDesk Plus to Deliver Webshells

An APT actor that was targeting a vulnerability in the enterprise password management and single sign-on solution Zoho ManageEngine ADSelfService Plus has started exploiting another critical vulnerability in a different Zoho product, the IT helpdesk and asset management solution Zoho ManageEngine ServiceDesk Plus.

The APT group had been exploiting a critical vulnerability in ManageEngine ADSelfService Plus tracked as CVE-2021-40539, which affects Zoho ManageEngine ADSelfService Plus version 6113 and prior, and is a REST API authentication bypass that can be exploited to allow remote code execution.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory on December 2, 2021, about a different vulnerability being exploited by the APT actor. The vulnerability, CVE-2021-44077, affects all versions of Zoho ManageEngine ServiceDesk Plus prior to version 11306, ServiceDesk Plus MSP prior to version 10530, and SupportCenter Plus prior to version 11014. The vulnerability is related to RestAPI URLs in a servlet and ImportTechnicians in the Struts configuration. Successful exploitation of the flaw will allow remote code execution.

The alert warns that APT actors and other threat groups are believed to be exploiting the vulnerability to upload executable files and place webshells on vulnerable systems. The webshells allow a range of different post-exploitation activities such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files.

Zoho released a security advisory and patch to correct the CVE-2021-44077 flaw on September 16, 2021, with a further alert issued on November 22, 2021, warning that the vulnerability was being exploited in the wild. The first know exploits of the vulnerability were used in late October 2021, prior to any proof-of-concept exploit being publicly released, indicating the exploit for the vulnerability was developed by the APT actor.

According to Palo Alto Networks, the APT actor has conducted three campaigns this year, first exploiting the CVE-2021-40539 in attacks on US ports and defense firms, the second exploited the same vulnerability on targets in a range of different sectors, including healthcare, with the latest campaign exploiting the CVE-2021-44077 vulnerability in attacks on the healthcare, education, technology, defense, finance, and entertainment sectors.

In the latest campaign, the APT actor exploits the flaw by sending two requests to the REST API, one uploads an executable file and the second launches the payload. The flaw can be exploited without authentication on vulnerable ServiceDesk servers and has been exploited to deliver a variant of the Godzilla webshell that is different from the variant used in the first two campaigns.

Palo Alto Networks has found evidence that suggests the attack may be conducted by the Chinese nation-state APT group tracked as APT 27/Emissary Panda, although the evidence is not sufficient to attribute the attacks to that group. The attacks have mostly been conducted in the United States, with a small number of attacks conducted on targets in India, Turkey, Russia, and the UK.

The FBI and CISA have shared technical details of the attacks, indicators of compromise, network indicators, and YARA rules in the security Alert AA21-336A.

The post APT Actor Exploiting Zoho ManageEngine ServiceDesk Plus to Deliver Webshells appeared first on HIPAA Journal.

APT Actor Exploiting Zoho ManageEngine ServiceDesk Plus to Deliver Webshells

An APT actor that was targeting a vulnerability in the enterprise password management and single sign-on solution Zoho ManageEngine ADSelfService Plus has started exploiting another critical vulnerability in a different Zoho product, the IT helpdesk and asset management solution Zoho ManageEngine ServiceDesk Plus.

The APT group had been exploiting a critical vulnerability in ManageEngine ADSelfService Plus tracked as CVE-2021-40539, which affects Zoho ManageEngine ADSelfService Plus version 6113 and prior, and is a REST API authentication bypass that can be exploited to allow remote code execution.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory on December 2, 2021, about a different vulnerability being exploited by the APT actor. The vulnerability, CVE-2021-44077, affects all versions of Zoho ManageEngine ServiceDesk Plus prior to version 11306, ServiceDesk Plus MSP prior to version 10530, and SupportCenter Plus prior to version 11014. The vulnerability is related to RestAPI URLs in a servlet and ImportTechnicians in the Struts configuration. Successful exploitation of the flaw will allow remote code execution.

The alert warns that APT actors and other threat groups are believed to be exploiting the vulnerability to upload executable files and place webshells on vulnerable systems. The webshells allow a range of different post-exploitation activities such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files.

Zoho released a security advisory and patch to correct the CVE-2021-44077 flaw on September 16, 2021, with a further alert issued on November 22, 2021, warning that the vulnerability was being exploited in the wild. The first know exploits of the vulnerability were used in late October 2021, prior to any proof-of-concept exploit being publicly released, indicating the exploit for the vulnerability was developed by the APT actor.

According to Palo Alto Networks, the APT actor has conducted three campaigns this year, first exploiting the CVE-2021-40539 in attacks on US ports and defense firms, the second exploited the same vulnerability on targets in a range of different sectors, including healthcare, with the latest campaign exploiting the CVE-2021-44077 vulnerability in attacks on the healthcare, education, technology, defense, finance, and entertainment sectors.

In the latest campaign, the APT actor exploits the flaw by sending two requests to the REST API, one uploads an executable file and the second launches the payload. The flaw can be exploited without authentication on vulnerable ServiceDesk servers and has been exploited to deliver a variant of the Godzilla webshell that is different from the variant used in the first two campaigns.

Palo Alto Networks has found evidence that suggests the attack may be conducted by the Chinese nation-state APT group tracked as APT 27/Emissary Panda, although the evidence is not sufficient to attribute the attacks to that group. The attacks have mostly been conducted in the United States, with a small number of attacks conducted on targets in India, Turkey, Russia, and the UK.

The FBI and CISA have shared technical details of the attacks, indicators of compromise, network indicators, and YARA rules in the security Alert AA21-336A.

The post APT Actor Exploiting Zoho ManageEngine ServiceDesk Plus to Deliver Webshells appeared first on HIPAA Journal.

HHS Launches 405(d) Program Website Providing Resources to Help Mitigate Healthcare Cybersecurity Threats

The Department of Health and Human Services has launched a new website that offers advice and resources to help the healthcare and public health sector mitigate cybersecurity threats.

The website was created as part of the HHS 405(d) Aligning Health Care Industry Security Approaches Program, which was established in response to the Cybersecurity Act of 2015. The Cybersecurity Act of 2015 called for the HHS to establish the program and a Task Group to enhance cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based, and industry-led cybersecurity guidelines, practices, methodologies, procedures and processes that healthcare organizations can use.

More than 150 individuals from industry and the federal government have collaborated under the program and provided insights into how best to mitigate cyberthreats. The new website supports the motto, Cyber Safety is Patient Safety, and provides videos and other educational material to raise awareness of pertinent threats along with vetted cybersecurity resources to drive behavioral change and move toward consistency in mitigating key threats to healthcare organizations. Through the website, organizations in the HPH sector can subscribe to a bi-monthly 405(d) newsletter and will have easy access to threat-specific products to support cybersecurity awareness and training efforts.

“The new 405(d) Program website is a step forward for HHS to help build cybersecurity resiliency across the Healthcare and Public Health Sector. This is also an exciting moment for the HHS Office of the Chief Information Officer in our ongoing partnership with industry,” said Christopher Bollerer, HHS Acting Chief Information Security Officer.

“This website is the first of its kind! It’s a unique space where the healthcare industry can access vetted cybersecurity practices specific to the HPH sector on a federal government website,” said Erik Decker, 405(d) Task Group Industry co-lead. “I think it’s a great resource for the HPH sector to turn to and will surely be a go-to site for organizations that want to better protect their patients and facilities from the latest cybersecurity threats.”

The post HHS Launches 405(d) Program Website Providing Resources to Help Mitigate Healthcare Cybersecurity Threats appeared first on HIPAA Journal.

CISA Publishes Mobile Device Cybersecurity Checklist for Organizations

The Cybersecurity and Infrastructure Security Agency (CISA) has published new guidance for enterprises to help them secure mobile devices and safely access enterprise resources using mobile devices.

The Enterprise Mobility Management (EMM) system checklist has been created to help businesses implement best practices to mitigate vulnerabilities and block threats that could compromise mobile devices and the enterprise networks to which they connect. The steps outlined in the checklist are easy for enterprises to implement and can greatly improve mobile device security and allow mobile devices to be safely used to access business networks.

CISA recommends a security-focused approach to mobile device management. When selecting mobile devices that meet enterprise requirements, an assessment should be performed to identify potential supply chain risks. The Mobile Device Management (MDM) system should be configured to update automatically to ensure it is always running the latest version of the software and patches are applied automatically to fix known vulnerabilities.

A policy should be implemented for trusting devices, with access to enterprise resources denied if the device does not have the latest patch level, has not been configured to enterprise standards, is jailbroken or rooted, and if the device is not continuously monitored by the EMM.

Strong authentication controls need to be implemented, including strong passwords/PINs, with PINs consisting of a minimum of 6 digits. Wherever possible, face or fingerprint recognition should be enabled. Two-factor authentication should be implemented for enterprise networks that require a password/passphrase plus one additional method of authentication such as an SMS message, rotating passcode, or biometric input.

CISA recommends practicing good app security, including only downloading apps from trusted app stores, isolating enterprise applications, minimizing PII stored in apps, disabling sensitive permissions, restricting OS/app synchronization, and vetting enterprise-developed applications.

Network communications should be protected by disabling unnecessary network radios (Bluetooth, NFC, Wi-Fi, GPS) when not in use, disabling user certificates, and only using secure communication apps and protocols such as a VPN for connecting to the enterprise network.

Mobile devices should be protected at all times. A Mobile Threat Defense (MTD) system should guard against malicious software that can compromise apps and operating systems and detect improper configurations. Devices should only be charged using trusted chargers and cables, and the lost device function should be enabled to ensure the devices are wiped after a certain number of incorrect login attempts (10 for example). It is also important to protect critical enterprise systems and prevent them from being accessed using mobile devices due to the risk of transferring malware.

The CISA mobile device cybersecurity checklist for organizations can be downloaded here.

The post CISA Publishes Mobile Device Cybersecurity Checklist for Organizations appeared first on HIPAA Journal.

Increased Risk of Cyber and Ransomware Attacks Over Thanksgiving Weekend

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned organizations in the United States about the increased risk of cyberattacks over Thanksgiving weekend.

Cyber threat actors are often at their most active during holidays and weekends, as there are likely to be fewer IT and security employees available to detect attempts to breach networks. Recent attacks have demonstrated holiday weekends are prime time for cyber threat actors, with Las Vegas Cancer Center one of the most recent victims of such an attack on the Labor Day weekend.

The warning applies to all organizations and businesses, but especially critical infrastructure firms. Cyber actors around the world may choose Thanksgiving weekend to conduct attacks to disrupt critical infrastructure and conduct ransomware attacks.

CISA and the FBI are urging all entities to take steps to ensure risk is effectively mitigated ahead of the holiday weekend to help prevent them from becoming the next victim of a costly cyberattack.

Steps that should be taken immediately include a review of current cybersecurity measures and to ensure cybersecurity best practices are being followed. Multi-factor authentication should be activated on all remote and administrative accounts, default passwords should be changed, and strong passwords set on all accounts, with steps taken to ensure passwords are not reused elsewhere.

Remote Desktop Protocol (RDP) is commonly targeted by threat actors, as are other remote access services. It is important to ensure that RDP and remote access services are secured, and connections are monitored. If remote access is not required, these services should be disabled.

Phishing is commonly used to gain access to networks. It is important to remind employees to exercise caution with email, never to click on suspicious links in messages, or to open attachments in unsolicited emails. Phishing scams often spoof trusted entities such as charities, well-known brands, vendors, and work colleagues and phishing campaigns are conducted in large numbers at this time of year targeting holiday season shoppers, especially in the run-up to Black Friday and Cyber Monday.  Over the next couple of days, it is wise to conduct exercises to raise awareness of security risks.

All staff members will likely want to have time off over Thanksgiving weekend, but it is important to identify IT security employees who can be available to surge into action should a security incident or ransomware attack occur. Prompt action can greatly reduce the severity and cost of a cyberattack.

It is also recommended to review and update incident response and communication plans to ensure they will be effective in the event of a cyberattack. This month, CISA issued new cybersecurity incident and vulnerability response playbooks to help federal civilian executive branch (FCEB) agencies with operational procedures for planning and conducting cybersecurity incident and vulnerability response activities; however, they can be used by all businesses for developing cybersecurity incident and vulnerability response plans.

Mitigations and cybersecurity best practices that can be adopted to reduce risk are detailed in the previously released CISA alert – Ransomware Awareness for Holidays and Weekends.

The post Increased Risk of Cyber and Ransomware Attacks Over Thanksgiving Weekend appeared first on HIPAA Journal.

HHS Warns Healthcare Sector About Risk of Zero-day Attacks

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a threat brief warning the healthcare and public health sector about an increase in financially motivated zero-day attacks, outlining mitigation tactics that should be adopted to reduce risk to a low and acceptable level.

A zero-day attack leverages a vulnerability for which a patch has yet to be released. The vulnerabilities are referred to as zero-day, as the developer has had no time to release a patch to correct the flaw.

Zero-day attacks are those where a threat actor has exploited a zero-day vulnerability using a weaponized exploit for the flaw. Zero-day vulnerabilities are exploited in attacks on all industry sectors and are not only a problem for the healthcare industry.  For instance, in 2010, exploits were developed for four zero-day vulnerabilities in the “Stuxnet” attack on the Iranian nuclear program, which caused Iranian centrifuges to self-destruct to disrupt Iran’s nuclear program.

More recently in 2017, a zero-day vulnerability was exploited to deliver the Dridex banking Trojan. While it would normally be necessary for an individual to take additional actions after opening a malicious email attachment for malware to be downloaded, by including an exploit for a zero-day vulnerability the threat actors were able to install the Dridex banking Trojan if an individual simply opened an infected email attachment. A zero-day vulnerability was also exploited this year in the 2021 SonicWall ransomware attacks. The vulnerability was identified by the UNC2447 threat group and was exploited to deliver FiveHands ransomware.

The very nature of zero-day vulnerabilities means it is not possible to eliminate risk entirely, as software developers need to develop patches to fix the vulnerabilities, but strategies can be adopted to reduce the potential for zero-day vulnerabilities to be exploited.

The number of detected exploits for zero-day vulnerabilities more than doubled between 2019 and 2021. This is, in part, due to the high value of exploits for zero-day flaws. The price paid for working exploits rose by more than 1,150% between 2018 and 2021. While the market for zero-day exploits was limited to a handful of groups with deep pockets, there are now many threat actors with considerable resources that are willing to pay as they know they can make their money back many times over by using the exploits in their attacks. Now, an exploit for a zero-day vulnerability could be worth more than $1 million.

Zero-day attacks specifically conducted against the healthcare sector are a very real possibility. In August this year, a zero-day vulnerability dubbed PwnedPiper was identified in the pneumatic tube systems used in hospitals to transport biological samples and medications. The vulnerability was identified in the control panel, which would allow unsigned firmware updates to be applied. An attacker could exploit the flaw and take control of the system and deploy ransomware.

In August 2020, four zero-day vulnerabilities were identified that exposed OpenClinic patients’ test results. Unauthenticated attackers could successfully request files containing sensitive documents from the medical test directory, including medical test results.

The best defense against zero-day vulnerabilities is to patch promptly, but patching is often slow, especially in healthcare. In 2019, a survey conducted by the Ponemon Institute revealed the average time to apply, test, and deploy a patch for a zero-day vulnerability was 97 days after the patch was released.

The advice of HC3 is to “patch early, patch often, patch completely.” HC3 provides up-to-date information on actively exploited zero-days and the available patches to fix zero-day flaws. HC3 also suggests implementing a web-application firewall to review incoming traffic and filter out malicious input, as this can prevent threat actors from gaining access to vulnerable systems. It is also recommended to use runtime application self-protection (RASP) agents, which sit inside applications’ runtime and can detect anomalous behavior. Segmenting networks is also strongly recommended.

The TLP: WHITE Zero-Day Threat Brief is available for download on this link.

The post HHS Warns Healthcare Sector About Risk of Zero-day Attacks appeared first on HIPAA Journal.