|
Volume 24 — Issue 21 | May 23, 2024 |
|
|
This month, a Maryland volunteer fire department lost funds for two new ambulances in a scam involving business email compromise (BEC). The computer used for a money transfer was infected with malware, allowing bad actors to clone the computer and send an email impersonating the vendor the station was working with to secure the new vehicles. County police and the U.S. Secret Service (USSS) are investigating.
In its 2023 Internet Crime Report, the Federal Bureau of Investigation (FBI) reported adjusted losses of over $2.9 billion associated with BEC complaints submitted to its Internet Crime Complaint Center (IC3) last year. The USSS estimates current global daily losses from BEC at approximately $8 million.
The FBI reported in 2022 that BEC incidents were on the rise, partly due to an increase in virtual business transactions during the COVID-19 pandemic. When receiving unusual financial or sensitive data requests via email, the Center for Internet Security recommends always verifying the identity, authenticity, and authority of the sender via non-email channels (e.g., via phone or in-person).
When suspected cybercrimes are reported within 24 to 48 hours, the chances of a positive outcome are greater. This is especially true for financial crimes. Do not hesitate to report an incident first to your bank, then to the business you have been dealing with, and then to the police. The sooner the crime is reported, the more likely it will be that funds can be recovered.
The following are resources for Emergency Services Sector (ESS) agencies that may serve as a starting point for improving your cybersecurity posture:
- Cybersecurity and Infrastructure Security Agency (CISA) – Emergency Services Sector Cybersecurity Best Practices. This fact sheet covers best practices for general cyber hygiene and social networking for ESS organizations.
- FEMA/CISA – Planning Considerations for Cyber Incidents: Guidance for Emergency Managers. This guide is intended to help state, local, tribal, and territorial (SLTT) emergency management personnel collaboratively prepare for a cyber incident and support the development of a cyber incident response plan or annex.
- CISA – Cyber Security Evaluation Tool Fact Sheet for Public Safety. This fact sheet provides an overview of the Cyber Security Evaluation Tool (CSET®), a free, stand-alone desktop application that systematically guides asset owners and operators through evaluating operational and information technology. CISA offers the CSET® download at no cost.
- CISA - Emergency Services Sector CTEP Situation Manual. CISA tabletop exercise packages (CTEPs) include cybersecurity-based scenarios that incorporate various cyber threat vectors including ransomware, insider threats, phishing, and Industrial Control System (ICS) compromise. This manual can assist emergency services agencies in examining their cybersecurity plans and capabilities. Along with this Situation Manual, CISA provides end-to-end exercise planning and conduct support, including planning meetings, document and scenario development, facilitation, and after-action report development.
- CISA’s Cyber Security Advisors (CSAs) are available for each CISA Region. CSAs can provide cyber preparedness assessments and protective resources, working group support, leadership, partnership in public-private development, and coordination and support in times of cyber threat, disruption, or attack. Contact your regional office to learn more.
- CISA - Cyber Incident Resource Guide for Governors. This guide provides information for governors and their staff on how to request federal support during or following a cyber incident. For states with mature cyber programs, this guide can validate and integrate with existing plans.
- Launched in 2022, the State and Local Cybersecurity Grant Program and Tribal Cybersecurity Grant Program are administered by CISA and the Federal Emergency Management Agency (FEMA) to help SLTT governments defend themselves against increasingly sophisticated cyber threats.
For more resources and support, see CISA’s Risk Assessments page and its Emergency Services Sector Cybersecurity Initiative page.
(Sources: CISA, FEMA, FBI, USSS, CIS, NBC 4 Washington)
|
|
|
On May 9, the Drug Enforcement Administration (DEA) announced the release of the 2024 National Drug Threat Assessment (NDTA). This annual report is DEA’s comprehensive strategic assessment of illicit drug threats and trafficking trends endangering the United States.
DEA’s top priority is reducing the supply of deadly drugs in our country and defeating the two cartels responsible for the vast majority of drug trafficking in the United States. The drug poisoning crisis remains a public safety, public health, and national security issue, which requires a new approach.
Drug-related deaths claimed 107,941 American lives in 2022, according to the Centers for Disease Control and Prevention (CDC). Fentanyl and other synthetic opioids are responsible for approximately 70% of lives lost, while methamphetamine and other synthetic stimulants are responsible for approximately 30% of deaths.
Fentanyl is the nation’s greatest and most urgent drug threat. The advent of fentanyl mixtures to include other synthetic opioids, such as nitazenes, or the veterinary sedative xylazine have increased the harms associated with fentanyl. Seizures of fentanyl, in both powder and pill form, are at record levels. Over the past two years seizures of fentanyl powder nearly doubled. Last year, 30% of the fentanyl powder seized by DEA contained xylazine.
Nearly all the methamphetamines sold in the United States today is manufactured in Mexico, and it is purer and more potent than in years past. The shift to Mexican-manufactured methamphetamine is evidenced by the dramatic decline in domestic clandestine lab seizures.
The report provides in-depth profiles of the Sinaloa and Jalisco Cartels. These are transnational criminal organizations responsible for controlling much of the clandestine drug production, transportation routes, and smuggling corridors from Mexico into the United States.
While synthetic opioids and methamphetamines are currently the most concerning threats, the report discusses trends for a range of illicit drugs, including cannabis, psychoactive substances, and illicit use of controlled prescription drugs. The report also discusses the intersection of drug trafficking and illicit finance, and the DEA’s response to the nation’s current drug threats.
Read the full report at DEA.gov.
(Source: DEA)
In last year’s May-September warm season, rates of emergency department visits for heat-related illness substantially increased across several U.S. regions compared with previous years, especially among males and adults aged 18–64 years, according to a recent report from the Centers for Disease Control and Prevention (CDC).
Heat waves are becoming more frequent, hotter and longer lasting than in previous decades. The National Oceanic and Atmospheric Administration (NOAA) is predicting above-normal temperatures across the midwestern, western and southern lower 48 states during the summer 2024 season.
Heat-related illness will continue to be a significant public health concern. Extreme heat kills more Americans than any other weather event, but heat-related illnesses are preventable. The public often lack awareness about how dangerous extreme heat can be, and effective mitigation of the risks of extreme heat requires a multi-disciplinary response, shared across multiple agencies.
The nation’s emergency management community is gearing up for this year’s warmer months. In April and May, national stakeholder groups held several information sessions related to how to address this year’s extreme heat. Recordings of these sessions and one upcoming webinar are linked below:
- FEMA’s second virtual #SummerReady Extreme Heat Summit, April 26, 2024.
-
Third Annual National Integrated Heat Health Information System (NIHHIS) National Meeting, April 16-18, 2024.
- National Weather Service (NWS) - NWS HeatRisk Tool, April 22, 2024.
- NWS- NWS Partners and Users Heat Webinar - 2024, May 13, 2024. Presenters discussed current heat-related products from the Climate Prediction Center (CPC), Weather Prediction Center (WPC), and local Weather Forecast Offices (WFOs), and detailed future initiatives related to heat.
- Resilient Cities Network - Cities on the Frontline: Addressing Extreme Heat Webinar, April 25, 2024.
- Arizona Department of Health Services, NOAA, University of Arizona, and Arizona State University’s Knowledge Exchange for Resilience (ASU KER) - Eighth Annual Arizona Heat Planning Workshop, April 15, 2024. This presentation discussed Arizona’s extreme heat preparedness efforts and the state’s Extreme Heat Preparedness Plan.
- American Public Health Association (APHA) - Building Extreme Heat Resilience Through Innovative Solutions, April 4, 2024.
- ImageTrend - How Summer Heat Impacts EMS Resources, upcoming webinar Thursday, May 30, 11 a.m. CDT.
The above information sessions can assist emergency managers, planners, and public health officials to manage emergency response resources, educate the public, locate at-risk populations, and inform public health actions during this year’s warmer months. To stay informed about extreme heat, visit FEMA’s Ready.gov/summer-ready and the NIHHIS’ Heat.gov.
(Sources: NIHHIS, FEMA, CDC, APHA, NOAA, ASU KER, Resilient Cities Network, ImageTrend)
CISA will host its 2024 Chemical Security Seminars on July 11 and 18, 2024, from 10 a.m. - 3 p.m. EDT. The seminars are fully virtual, free to attend, and open to the public.
The 2024 Seminars will feature important chemical security information for industry organizations, facility owners and operators, government officials, first responders, and law enforcement. Sessions will discuss and share the latest in chemical security best practices, including:
- Case studies of real-world scenarios, including drones and cyberattacks.
- Transnational threats to the chemical industry.
- “Wicked Problems.”
- Updates on CISA’s ChemLock program.
- Artificial intelligence.
- And more!
A preliminary agenda will be released in the coming weeks.
Learn more and register for these virtual events at CISA.gov. Please contact CISA’s Chemical Security Seminars Planning Team at chemicalsummitreg@hq.dhs.gov with any questions.
(Source: CISA)
|
|
ICS Advisory: Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems
On May 16, CISA released an Industrial Control System (ICS) Advisory for Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems. The full advisory is available on Siemens ProductCERT website.
Several products used in Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems contain buffer overflow vulnerabilities in the network communication stack. Successful exploitation of the vulnerabilities could allow an unauthenticated attacker, who gained access to the fire protection system network, to execute arbitrary code on the affected products (CVE-2024-22039) or create a denial of service condition (CVE-2024-22040, CVE-2024-22041).
Siemens has released new versions for the affected products and recommends updating to the latest versions.
(Sources: CISA, Siemens)
HC3 Threat Brief: Business Email Compromise and Healthcare
This Threat Brief from the Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) reviews the phishing hierarchy, types of business email compromise, how business email compromise works, how to spot a business email compromise attack, and steps for prevention, awareness, and reporting.
(Source: HHS HC3)
|
|
How can SLTTs defend against cyber threats?
Managing cybersecurity for any organization is no easy feat. Improving cybersecurity maturity is often even more difficult, made increasingly challenging by the eye-watering costs of cybersecurity products and solutions.
As a U.S. SLTT, however, you have a secret weapon in your cyber defense arsenal. Grants are this secret weapon. Grants from the U.S. federal government, many of which are earmarked specifically for SLTTs.
In this white paper, the Center for Internet Security® (CIS®) provides an overview of the grants available to U.S. SLTTs, discusses how you can extend the power of your grant dollars in CIS CyberMarket, and identifies some next steps to help you get started.
(Source: CIS)
ARPA-H announces program to enhance and automate cybersecurity for health care facilities
On May 20, the Advanced Research Projects Agency for Health (ARPA-H) announced the launch of the Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE) program, a cybersecurity effort that will invest more than $50 million to create tools for information technology (IT) teams to better defend the hospital environments they are tasked with securing.
Cyberattacks that hamper hospital operations can impact patient care while critical systems are down and can even lead to facility closure. A major hurdle in advancing cybersecurity tools in the health sector is the number and variety of internet-connected devices unique to each facility. While consumer products are patched regularly and rapidly, taking a critical piece of hospital infrastructure offline for updates can be very disruptive. Delayed development and deployment of software fixes can leave actively supported devices vulnerable for over a year and unsupported legacy devices vulnerable far longer.
The UPGRADE platform will enable proactive evaluation of potential vulnerabilities by probing models of digital hospital environments for weaknesses in software.
For more information on HHS’ Cybersecurity Performance Goals and HHS’ cybersecurity work, visit HHS Cybersecurity Gateway.
(Source: ARPA-H)
Wichita ransomware attack shuts down multiple services. What comes next?
Wichita finds itself tossed back in time for a couple of weeks by a cyberattack on City Hall that has upended basic ways of doing business online.
A ransomware attack on May 3 and 4 throttled many services that the city government in Wichita does online. Hackers copied files from the city’s network, and the city shut down many online services, buying time to minimize the damage and make City Hall tougher to hack in the future.
Hackers copied multiple records and threatened to release the data if the city doesn’t pay a ransom. The attack compromised payment information, police and traffic records, Social Security cards and state identification cards like driver’s licenses.
The city has not confirmed the hackers’ identity, but Russian hacking group LockBit reportedly took credit for the attack and posted a deadline for the ransom on its website. After the deadline, the website stated that the group had sold the data.
(Source: Wichita Beacon)
Following Jacksonville hospital's cyberattack, here are things to know
In the second week after suffering a ransomware attack, Ascension Health Care remained focused on safely restoring the multiple systems that were disrupted at its 140 hospitals across the country, including three in Jacksonville, as the company, the FBI and multiple cybersecurity experts investigate the cause.
At Ascension's three full-service Jacksonville hospitals, operating and emergency rooms have continued to provide care since the cyberattack. No local emergency services cases were diverted to other hospitals, a company spokesman said, but users of some systems, such as electronic records and MyChart, still experience delays.
(Source: Florida Times-Union)
Cyberattack continues to force Mich. hospitals to divert ambulances
A cyberattack against Michigan Ascension hospitals continues to cause issues, forcing it to divert some ambulances to other hospitals for certain medical issues, delaying diagnostic imaging and affecting its ability to fill prescriptions.
A spokesperson for Ascension didn’t respond to a request for comment Monday about how the attack continues to impact its operations. But the system said in a statement on May 15 that it had even switched to manual paperwork in the attack’s aftermath.
Ascension first detected unusual activity on select technology network systems on May 8. Access to systems and patient care across 15 states has been disrupted since then as the company investigates the ransomware attack.
The healthcare system has notified law enforcement and government agencies including the Federal Bureau of Investigations, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and American Hospital Association about the ransomware attack.
Ascension is also working with forensic experts from three cybersecurity firms, Mandiant, CYPFER, and Palo Alto Networks Unit 42, to investigate the attack and restore systems, they said in a system-wide update last week.
(Source: EMS1)
Superior Air-Ground Ambulance Service data breach affects 858K individuals
Superior Air-Ground Ambulance Service, a leading ambulance and EMS provider serving Illinois, Indiana, Michigan, Ohio, and Wisconsin, has confirmed that the protected health information of 858,238 patients was exposed or stolen in a cyberattack in May 2023.
Suspicious activity was identified in its IT systems in May 2023 and action was immediately taken to isolate those systems and an investigation was launched to identify the source of the activity. On June 23, 2023, it was confirmed that there had been unauthorized access to its network between May 15 and May 23, 2023, and during that time, an unauthorized actor copied files from its network.
The types of information involved varied from individual to individual and may have included name, address, date of birth, Social Security number, driver’s license or state identification number, financial account information, payment card information, patient record information, medical diagnosis or condition information, medical treatment information, and/or health insurance information.
(Source: HIPAA Journal)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
