TLP White: This week, Hacking Healthcare begins by exploring just how significant the Trump Administration’s recent Executive Order targeting WeChat may be for those in the healthcare sector. We then conclude this issue by breaking down the recent news that China has started to block HTTPS traffic that used TLS 1.3 and ESNI, including why, how, and what it means for healthcare organizations.

Note: On the subject of TLS 1.3, we point you to a NIST workshop taking place this Thursday (August 13th) where you can learn more.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

Welcome back to Hacking Healthcare.



Presidential Executive Order Targets WeChat.

On August 6th, 2020, President Trump signed an Executive Order “Addressing the Threat Posed by WeChat.”[i] Citing authority granted by the International Emergency Economic Powers Act, the National Emergencies Act, and Section 301 of Title 3 to the United States Code, President Trump expanded upon his earlier Executive Orders that looked to curb the influence of Chinese technology products and services within the United States.

The President expressed the threat posed by mobile applications such as TikTok and WeChat in stark terms, claiming they threaten US national security, foreign policy interests, and the economy. In describing WeChat, the Executive Order condemns the application of “automatically [capturing] vast swaths of information from… users,” in ways that “allow the Chinese Communist Party access to Americans’ personal and proprietary information.”[ii] Additionally, the Executive Order posits that WeChat “censors content that the Chinese Communist Party deems politically sensitive and may also be used for disinformation campaigns” to benefit the Chinese government.[iii]

The Executive Order goes on to detail the scope and content of the prohibited actions, which include “[a]ny transaction that is related to WeChat by any person, or with respect to any property, subject to the jurisdiction of the United States, with Tencent Holdings Ltd. Shenzhen, China, or any subsidiary of that entity, as identified by the Secretary of Commerce.”[iv] The broadly worded Executive Order leaves a good deal of uncertainty as to exactly how it will be enforced if it is deemed to be legal.

Chinese tech companies are aware of the hostility and suspicion centered on them in foreign markets, and the US will not be the last country to raise potential security and privacy concerns surrounding their offerings. Tencent, WeChat’s parent company, is said to be “reviewing the executive order to get a full understanding.”[v]

Action & Analysis
** Membership required**


China Updates Great Fire Wall to Block TLS 1.3 and ESNI.

Since sometime around the end of July, the Great Firewall (“GFW”), the Chinese state’s national Internet censorship apparatus, has been updated to block encrypted HTTPS traffic making use of TLS 1.3 and Encrypted Server Name Indication (“ESNI”). HTTPS traffic making use of older protocols has been unaffected, and it is speculated that the change has everything to do with how TLS 1.3 and ESNI conflict with the Chinese government’s insistence on strict control over the data coming into China and what information Chinese citizens can access.

Recent reports state that “the Chinese government is currently dropping all HTTPS traffic where TLS 1.3 and ESNI are used, and temporarily banning the IP addresses involved in the connection.”[vi] As of last week, a number of workarounds had been reported on both the client side and server side, however, how long these will remain viable is anyone’s guess.[vii]

A team from the University of Maryland submitted a blog post last week that detailed their primary findings related to the GFW update. These findings include:[viii]

  • The GFW blocks ESNI connections by dropping packets from client to server.
  • The blocking can be triggered bidirectionally.
  • The 0xffce extension is necessary to trigger the blocking.
  • The blocking can happen on all ports from 1 to 65535.
  • Once the GFW blocks a connection, it will continue blocking all traffic associated with the 3-tuples of (srcIP, dstIP, dstPort) for 120 or 180 seconds.

Action and Analysis
** Membership required**





Tuesday, August 11th:

– No relevant hearings


Wednesday, August 12th:

– No relevant hearings


Thursday, August 13th:

– No relevant hearings




International Hearings/Meetings


– No relevant hearings



EU –



Conferences, Webinars, and Summits

— H-ISAC European Council Webinar Series – Webinar (8/14/2020)

— Securing Hospitals – How Compliance and Cybersecurity Align by IntSights – Webinar (8/19/2020)

— H-ISAC Monthly Member Threat Briefing – Webinar (8/25/2020)


–Healthcare Cybersecurity Forum – Southeast – Nashville, TN (9/9/2020)

— ENISA Trust Services Forum – CA Day 2020 – Schloßplatz Berlin, Germany (9/22/2020)

–Healthcare Cybersecurity Forum – Northeast – Boston, MA (9/22/2020)

–H-ISAC Cyber Threat Intel Training – Titusville, FL (9/22/2020)

–H-ISAC Security Workshop – Virtual (9/23/2020)

–Summit on Security & Third Party Risk – National Harbor, MD (9/28/2020-9/30/2020)

–H-ISAC Monthly Member Threat Briefing – Webinar (9/29/2020)

— The MedTech Conference – Virtual (10/5/2020)

— Healthcare Cybersecurity Forum – Houston, TX (10/8/2020)

— NCHICA AMC Security & Privacy Conference – Durham, North Carolina (10/21/2020-10/22/2020)

— 2020 H-ISAC European Summit – Santpoort-Noord, Netherlands (10/20/2020-10/22/2020)

–CYSEC 2020 – Dubrovnik, Croatia (10/27/2020 – 10/28/2020)

–Healthcare Cybersecurity Forum – Pacific Northwest – Seattle, WA (10/28/2020)

–H-ISAC Security Workshop – Seattle, WA – (10/29/2020)

–Healthcare Cybersecurity Forum – California – Los Angeles, CA (11/12/2020)

–H-ISAC Security Workshop – Paris, France (11/18/2020)

–H-ISAC Fall Summit – Phoenix, AZ (11/30/2020-12/4/2020)

— H-ISAC Security Workshop – Prague, Czech Republic (12/8/2020)

— 2021 APAC Summit – Singapore (3/23/2021-3/25/2021)



Sundries –

Flaws in Qualcomm chips could allow snooping, Check Point finds

Interpol Report: COVID-19 Impact on Ransomware, Threats, Healthcare Cybersecurity

Researchers Create New Framework to Evaluate User Security Awareness




Contact us: follow @HealthISAC, and










Translate »