TLP White: In this edition of Hacking Healthcare, we update you on the fall out of the Equifax data breach and summarize the leading theory on the culprit of the attack.  We then discuss a recent report ranking sixty countries on their cyber threat readiness.  Finally, we examine some alarming statistics indicating that cybersecurity challenges continue to beleaguer the healthcare industry.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC.

Welcome back to Hacking Healthcare.

Hot Links –
1. Theories Emerge About Stolen Data from Equifax Breach.

Equifax suffered a data breach in September 2017 that exposed the personal and financial information of approximately 143 million American consumers.[1]  However, the breach has not yet coincided with a higher level of fraudulent activity on most customers’ accounts.  A number of experts are now hypothesizing that the data was stolen by a nation-state for spying purposes instead of by criminals looking to extort funds from consumers.[2]  Nations would be interested in the data, the theory goes, to identify potential assets and recruit spies from the United States.

The Equifax hack has raised many questions about the power of credit bureaus and the data they maintain.  It also sheds light on hackers’ potential motivations for executing an attack.  National governments, as well as individual rogue actors and coordinated hacking groups, could be the source of a given cybersecurity incident.  Business organizations stand to benefit from defined cybersecurity processes that work to identify the originators of attacks and include law enforcement officials in investigative efforts where necessary.

 

2. Report Examines Countries’ Cyber Threat Readiness.

A recently published report grading nations’ cybersecurity health found Japan to be the most “cyber secure” nation in the world.[3]  The United States ranked fifth in the list of sixty countries, preceded by Canada, France, and Denmark.  The report examined specific factors like the prevalence of malware-infected devices and malware attacks, percentage of telnet attacks (by originating nation), and the percentage of crypto-miner attacks.  It also based its rankings on more general factors such as whether countries were “the best prepared” for cyber-attacks and whether they had the “most up-to-date legislation” on cybersecurity.[4]

The report reveals there is a large gap between the most cyber-ready nations and the least.  However, for all countries examined, there is considerable room for improvement.  As cyber threats continue to evolve and new points of attack are discovered, countries must remain committed to critically evaluating infrastructure and advancing legislation to enable better cyber threat preparedness.

3. Cyber Attacks on Healthcare Providers Increase.

From our “So Yeah, We Know That” department, we note that while the healthcare industry continues to increase focus on securing its systems against cyber threats, efforts to infiltrate those systems are on the rise.  In particular, email-based attacks on healthcare organizations have increased by 473% over the past two years.[5]  The majority of such attacks have employed spoofing tactics—using misleading or fraudulent email headers to obscure the real source of a malicious or infected email message.[6]  These attacks range in levels of complexity; some are sophisticated enough to target particularly susceptible users at particularly susceptible times.  Others are more discernible, but in either case, one accidental click can cause a cybersecurity breakdown.

Some experts have warned that “hospitals and other healthcare providers must practice better cybersecurity hygiene” to minimize these ever-growing threats.[7]  This would involve conducting regular audits of systems and practices to identify areas for cybersecurity improvement.  Healthcare organizations should also train their employees about how they should handle suspicious emails and institute a designated process for reviewing potentially malicious messages.  A multi-factor, segmented approach to cyber protection is the best way to secure systems against email spoofing campaigns.

 

Congress

 Tuesday, February 19th:

No relevant hearings.

Wednesday, February 20th:

No relevant hearings.

Thursday, February 21st:

No relevant hearings.

 

International Hearings/Meetings

             EU – No relevant hearings.

 

Conferences, Webinars, and Summits

–Applying An Intelligence Fusion Framework to Healthcare Security Ops – Webinar (2/19/19)

https://h-isac.org/hisacevents/trustar-navigator-2019/

— H-ISAC Radio member-to-member discussion on Software Security – via link on member list server and in Member Portal (2/25/19) 12N ET

–H-ISAC Member Meet-Up at RSA Conference – TBD (3/6/19)

<https://h-isac.org/events/>

–FIRST Symposium 2019 – London, UK (3/18/19-3/20/19)

<https://nhisac.org/events/nhisac-events/first-symposium-2019/>

–HEALTH IT Summit (Midwest) – Cleveland, OH (3/19/19-3/20/19)

<https://h-isac.org/hisacevents/health-it-summit-cleveland-2019/>

–National Association of Rural Health Clinics Spring Institute – San Antonio, TX (3/20/19-3/22/19)

<https://h-isac.org/hisacevents/national-assoc-of-rural-health-clinics-spring-institute/>

–InfoSec World 2019 – Lake Buena Vista, FL (4/1/19-4/3/19)

<https://infosecworld.misti.com/>

–HSCC Joint Cybersecurity Working Group – San Diego, CA (4/3/19– 4/4/19)
<https://h-isac.org/hisacevents/hscc-joint-cybersecurity-working-group/>

–H-ISAC Israel Showcase & Innovation – Tel Aviv, Israel (4/8/19-4/13/19)

<https://www.regonline.com/registration/Checkin.aspx?EventID=2551847>

–H-ISAC CYBER RX – IOMT Executive Symposium – Munich, Germany (4/15/2019–4/16/2019)

<https://h-isac.org/hisacevents/cyberrx-iomt-executive-symposium/>

–HEALTH IT Summit (Southern California) – San Diego, CA (4/23/19-4/24/19)

<https://h-isac.org/hisacevents/health-it-summit-southern-california-2019/>

–H-ISAC Cybersecurity Workshop – Huntsville, AL (4/25/19)

<https://h-isac.org/hisacevents/h-isac-workshop-huntsville/>

–2019 NH-ISAC Spring Summit – Ponte Vedra Beach, FL (5/13/19-5/17/19) <https://www.marriott.com/hotels/travel/jaxsw-sawgrass-marriott-golf-resort-and-spa/>

–HEALTH IT Summit (Florida) – Wesley Chapel, FL (5/21/19-5/22/19)

<https://h-isac.org/hisacevents/health-it-summit-florida-2019/>

–HEALTH IT Summit (Southeast) – Nashville, TN (6/13/19-6/14/19)

<https://h-isac.org/hisacevents/health-it-summit-southeast-2019/>

–CybSec and Blockchain Health – London, UK (7/11/19-7/12/19)

<https://h-isac.org/hisacevents/cybsec-and-blockchain-health/>

–HEALTH IT Summit (Rocky Mountain) – Denver, CO (7/15/19-7/16/19)

<https://h-isac.org/hisacevents/health-it-summit-rocky-mountain/>

–HEALTH IT Summit (Northeast) – Boston, MA (10/3/19-10/4/19)

<https://h-isac.org/hisacevents/health-it-summit-northeast/>

–2019 NH-ISAC Fall Summit – San Diego, CA (12/2/19-2/6/19)

<https://www.loewshotels.com/coronado-bay-resort>

 

Sundries –

–Right country, wrong group? Researchers say it wasn’t APT10 that hacked Norwegian software firm

<https://www.cyberscoop.com/apt10-apt31-recorded-future-rapid7-china/>

–Two hackers charged for DDoS attacks, threats to LAX

<https://www.cyberscoop.com/apophis-squad-hackers-lax-ddos/>

–6 Reasons to Be Wary of Encryption in Your Enterprise

<https://www.darkreading.com/operations/6-reasons-to-be-wary-of-encryption-in-your-enterprise/d/d-id/1333821>

–Up to 100,000 Reported Affected in Landmark White Data Breach

<https://www.darkreading.com/threat-intelligence/up-to-100000-reported-affected-in-landmark-white-data-breach/d/d-id/1333859>

–A new Congress means a new opportunity for consumer privacy protections

<https://techcrunch.com/2019/02/13/a-new-congress-means-a-new-opportunity-for-consumer-privacy-protections/>

–Microsoft patches 0-day vulnerabilities in IE and Exchange

<https://arstechnica.com/information-technology/2019/02/microsoft-patches-zero-day-vulnerabilities-in-ie-and-exchange/>

–Researchers found a way to hack those ubiquitous electric scooters

<https://www.cyberscoop.com/scooter-hack-zimperium-bluetooth-bird-spin/>

–What Happens If Russia Cuts Itself Off From The Internet

<https://www.wired.com/story/russia-internet-disconnect-what-happens/>

AI in healthcare: Big ethical questions still need answers

<https://www.healthcareitnews.com/news/ai-healthcare-big-ethical-questions-still-need-answers>

Georgia voting irregularities raise more troubling questions about the state’s elections

<https://www.politico.com/story/2019/02/12/georgia-voting-states-elections-1162134>

House Democrats continue their election security push

<https://www.axios.com/house-democrats-hearings-election-security-4e8fc2b4-3922-4436-bffa-dc39962a06ce.html>

Scammers Are Filing Fake Trademarks to Steal High-Value Instagram Accounts

<https://motherboard.vice.com/en_us/article/zma3w4/scammers-fake-trademarks-steal-instagram-accounts>

 

Contact us: follow @HealthISAC, and email at contact@h-isac.org

[1] https://www.ftc.gov/equifax-data-breach

[2] https://www.cnbc.com/2019/02/13/equifax-mystery-where-is-the-data.html?utm_source=newsletter&utm_medium=email&utm_campaign=sendto_newslettertest&stream=top#_ga=2.220117724.417827462.1550079848-1702043774.1548882470

[3] https://www.infosecurity-magazine.com/news/algeria-ranked-least-cybersecure/

[4] https://www.comparitech.com/blog/vpn-privacy/cybersecurity-by-country/

[5] https://www.hipaajournal.com/healthcare-email-fraud-attacks-have-increased-473-in-2-years/

[6] https://healthitsecurity.com/news/email-fraud-attacks-on-healthcare-jumped-473-since-2017

[7] https://techcrunch.com/2018/08/09/the-healthcare-industry-is-in-a-world-of-cybersecurity-hurt/