In response to recent malicious activity identified in a federal civilian agency’s Microsoft 365 audit logs, the Cybersecurity and Infrastructure Security Agency and FBI July 12 released guidance to help health care and other critical infrastructure organizations detect similar malicious activity and secure their cloud environments. The agencies recommend implementing audit logging and other preventive measures, reporting suspicious activity to them and contacting Microsoft for mitigation actions due to the cloud-based infrastructure affected.
“Microsoft has linked this malicious activity to a China-based threat group tracked as ‘Storm-0558,’” said John Riggi, AHA’s national advisor for cybersecurity and risk. “The revelation of this threat also coincides with the reported move by the Administration to limit Chinese companies’ access to U.S. cloud providers. This threat also demonstrates that once again no organization is immune from cyberthreats, including the federal government, and that cloud environments are not necessarily more secure than on-premises environments. It is essential that individual organizations configure cloud security controls as enumerated in the alert and closely monitor their cloud applications for anomalous behavior.”
For more information on this or other cyber and risk issues, contact Riggi at [email protected]. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.
Noncommercial use of original content on www.aha.org is granted to AHA Institutional Members, their employees and State, Regional and Metro Hospital Associations unless otherwise indicated. AHA does not claim ownership of any content, including content incorporated by permission into AHA produced materials, created by any third party and cannot grant permission to use, distribute or otherwise reproduce such third party content. To request permission to reproduce AHA content, please click here.
Leave a Reply