TLP White: In this edition of Hacking Healthcare, we discuss a new report containing some alarming statistics on the ever-present problem of data breaches. We also break down a new National Security Agency reverse-engineering tool for malware that the government has made available for public use. Finally, we explore 5G wireless network security and the United States’ effort to protect the network by banning Huawei infrastructure.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.
Welcome back to Hacking Healthcare.
Hot Links –
1. Data Breaches Increase by More Than 400%.
From our “We figured, but the numbers just make it worse” department, identity intelligence company 4IQ recently published a report stating there were 12,449 confirmed data breaches in 2018, a 424% increase in the number of breaches since 2017.[1] Although the number of breaches increased, the size of those breaches did not. The average breach in 2018 affected 216,884 individuals’ records, a number that is 4.7 times smaller than the average amount of records affected per breach in the prior year.[2] 4IQ’s report included data from public disclosures as well as data from open sources and the deep web.[3]
According to the report, the country most affected by breaches in 2018 was the United States, as more identity records were exposed in the U.S. than in any other country. The report also brought to light the increasing susceptibility of small businesses to breaches by highlighting breaches’ impact on those entities. It also detailed more well-known breaches from larger companies like Marriott, cautioning that increased publicity of such breaches can cause “breach fatigue.” Breaches have become less alarming and less surprising, the theory goes, due to the sheer number of them and the staggering amount of individual records affected by these events.
2. NSA Makes an Anti-Malware Toolkit Open Source.
A once classified tool for reverse-engineering malware has been released to the public by the National Security Agency (“NSA”).[4] Rob Joyce, a senior cybersecurity adviser at the agency, announced the release of “Ghidra” last week at the 2019 RSA Conference. The software tool allows researchers to decompile different malware variants and compare them so they can understand the variants and figure out how such programs might be hiding on networks. The NSA hopes that Ghidra will help disrupt and deter foreign hacking and provide analysts with a useful piece of technology to identify threats, figure out where they are coming from, and understand how they are changing over time.[5]
Making Ghidra open source “marks the first time that a tool of its caliber will be available for free—a major contribution in training the next generation of cybersecurity defenders.”[6] NSA is oftentimes associated with offensive cybersecurity missions through hacking foreign networks to disrupt planned attacks[7], but the release of the tool shows they also have contributions to make to the defensive cybersecurity community.
The debate on how and where the government should help defend companies in cyberspace is going to continue for the foreseeable future. From back-doors in encryption, to classified indicators, to hacking back, cybersecurity policy issues are complex and need a lot of work. Outside of all of that, the NSA has provided a valuable tool to everyone in order to hopefully raise the bar for securing the Internet.
3. Huawei Hardware and the “Race” to Secure 5G.
This week experts warned that the United States’ effort to prevent Chinese telecom company Huawei from building 5G cellular network infrastructure will not be enough to secure the network from foreign cyberattacks. While acknowledging that a ban on Huawei equipment is an important first step, some have said that “keeping Chinese hardware out does not translate into keeping Chinese-originated digital code out.”[8] A number of malicious foreign actors have caused severe disruptions and security breaches on systems that did not use Chinese equipment. Furthermore, the Internet of Things (“IoT”) provides additional points of vulnerability that 5G network defenders will have to address. As a result, although banning Huawei hardware might ameliorate some of the more obvious cyber concerns related to 5G, it is not the only step that is needed to secure the network.
Congress –
Tuesday, March 12th:
–No relevant hearings.
Wednesday, March 13th:
–Hearing to examine cybercrime, focusing on the threat to small businesses (Senate Committee on Small Business & Entrepreneurship).[9]
Thursday, March 14th:
–No relevant hearings.
International Hearings/Meetings –
EU –
—European Parliament – Meeting of the Committee on Environment, Public Health and Food Safety[10]
Conferences, Webinars, and Summits –
–DMARC Demystified for Members: H-ISAC Radio – Webinar (3/18/19)
<https://h-isac.org/hisacevents/dmarc-step-by-step/>
–FIRST Symposium 2019 – London, UK (3/18/19-3/20/19)
<https://nhisac.org/events/nhisac-events/first-symposium-2019/>
–Managing the Response to Healthcare Cyber Incidents: Creating a Collaborative Approach with Emergency Management – Webinar (3/18/2019)
<https://h-isac.org/hisacevents/managing-the-response-to-healthcare-cyber-incidents-creating-a-collaborative-approach-with-emergency-management/>
–HEALTH IT Summit (Midwest) – Cleveland, OH (3/19/19-3/20/19)
<https://h-isac.org/hisacevents/health-it-summit-cleveland-2019/>
–National Association of Rural Health Clinics Spring Institute – San Antonio, TX (3/20/19-3/22/19)
<https://h-isac.org/hisacevents/national-assoc-of-rural-health-clinics-spring-institute/>
–Networking Dinner with Philips and Vailmail – Boston, MA (3/8/2019)
–InfoSec World 2019 – Lake Buena Vista, FL (4/1/19-4/3/19)
<https://infosecworld.misti.com/>
–HSCC Joint Cybersecurity Working Group – San Diego, CA (4/3/19– 4/4/19)
<https://h-isac.org/hisacevents/hscc-joint-cybersecurity-working-group/>
–H-ISAC CYBER RX – IOMT Executive Symposium – Munich, Germany (4/15/2019–4/16/2019)
<https://h-isac.org/hisacevents/cyberrx-iomt-executive-symposium/>
–HEALTH IT Summit (Southern California) – San Diego, CA (4/23/19-4/24/19)
<https://h-isac.org/hisacevents/health-it-summit-southern-california-2019/>
–Peer Sharing ICS Security Workshop – Singapore (4/24/2019)
<https://event.boozallen.com/ICSWorkshopSingapore>
–H-ISAC Cybersecurity Workshop – Huntsville, AL (4/25/19)
<https://h-isac.org/hisacevents/h-isac-workshop-huntsville/>
–2019 NH-ISAC Spring Summit – Ponte Vedra Beach, FL (5/13/19-5/17/19) <https://www.marriott.com/hotels/travel/jaxsw-sawgrass-marriott-golf-resort-and-spa/>
–HEALTH IT Summit (Florida) – Wesley Chapel, FL (5/21/19-5/22/19)
<https://h-isac.org/hisacevents/health-it-summit-florida-2019/>
–HEALTH IT Summit (Southeast) – Nashville, TN (6/13/19-6/14/19)
<https://h-isac.org/hisacevents/health-it-summit-southeast-2019/>
–CybSec and Blockchain Health – London, UK (7/11/19-7/12/19)
<https://h-isac.org/hisacevents/cybsec-and-blockchain-health/>
–HEALTH IT Summit (Rocky Mountain) – Denver, CO (7/15/19-7/16/19)
<https://h-isac.org/hisacevents/health-it-summit-rocky-mountain/>
–HEALTH IT Summit (Northeast) – Boston, MA (10/3/19-10/4/19)
<https://h-isac.org/hisacevents/health-it-summit-northeast/>
–2019 NH-ISAC Fall Summit – San Diego, CA (12/2/19-2/6/19)
<https://www.loewshotels.com/coronado-bay-resort>
Sundries –
–MACHINE LEARNING CAN USE TWEETS TO SPOT CRITICAL SECURITY FLAWS
<https://www.wired.com/story/machine-learning-tweets-critical-security-flaws/>
–The struggle with simplifying the government’s cybersecurity efforts
<https://www.cyberscoop.com/rsa-public-sector-2019-government-cybersecurity/>
–Why CISOs must get better at connecting to the rest of the company
<https://www.cyberscoop.com/devops-security-cloud-cisos-rsa/>
–IBM interns find 19 vulnerabilities in corporate check-in systems
<https://www.cyberscoop.com/ibm-interns-find-19-vulnerabilities-corporate-check-systems/>
–VA to Pilot Health Records System in March 2020
<https://www.nextgov.com/it-modernization/2019/03/va-pilot-health-records-system-march-2020/155349/>
–White House Establishes National Quantum Coordination Office
–Negotiating with infrastructure cyberterrorists
<http://news.mit.edu/2019/cyber-negotiations-cyberterrorists-0305>
–FTC Issue PSA on Social Security Number Scams
<https://www.bleepingcomputer.com/news/security/ftc-issue-psa-on-social-security-number-scams/>
–China’s “democracy” includes mandatory apps, mass chat surveillance
–Facebook’s pivot is bigger than privacy
–What healthcare CIOs say they’re focused on for 2019
https://www.healthcareitnews.com/news/what-healthcare-cios-say-theyre-focused-2019
–Researcher: The West Isn’t Ready for the Coming Wave of Chinese Misinformation
–China’s AVs will think and drive differently
–Google researchers uncover two zero-days affecting Chrome, Windows
<https://www.cyberscoop.com/google-researchers-uncover-two-zero-days-affecting-chrome-windows/>
Contact us: follow @HealthISAC, and email at contact@h-isac.org
[1] https://s3-us-west-2.amazonaws.com/4iqwebcdn/4iQ+Identity+Breach+Report+2019b.pdf
[2] https://www.bleepingcomputer.com/news/security/12-449-data-breaches-confirmed-in-2018-a-424-percent-increase-over-the-previous-year/
[3] https://www.prnewswire.com/news-releases/4iq-2019-identity-breach-report-discovers-the-long-tail-of-small-breaches-data-shows-424-percent-increase-in-new-breaches-in-2018-300807117.html
[4] https://www.nsa.gov/resources/everyone/ghidra/
[5] https://www.cyberscoop.com/ghidra-nsa-tool-public/
[6] https://www.wired.com/story/nsa-ghidra-open-source-tool/
[7] https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html?utm_term=.c7e96ed1d582
[8] https://www.lawfareblog.com/keeping-huawei-hardware-out-us-not-enough-secure-5g
[9] https://www.sbc.senate.gov/public/index.cfm/hearings?ID=2244D0B2-41A2-469C-8650-7856E534138B
[10] http://www.europarl.europa.eu/committees/en/envi/home.html