H-ISAC Hacking Healthcare 1-26-2021

TLP White: This week, Hacking Healthcare begins with a brief overview of the HIPAA Journal’s 2020 Healthcare Data Beach Report and zeros in on one particular vulnerability that the healthcare sector should look to address in 2021. Next, we update you on a German healthcare act that addresses the importance of security when it comes to IT modernization, and we consider how it might be a useful case study for appropriately crafted cybersecurity legislation going forward. Finally, another incident involving contact-tracing programs segues us into a broader discussion on remote work policies and their impact on IT security.

read more…

H-ISAC Hacking Healthcare 1-19-2021

TLP White: This week, Hacking Healthcare takes a look at a court ruling that could impact the Department of Health and Human Services (HHS) Office of Civil Rights’ (OCR) imposition of penalties relating to HIPAA violations. Next, we briefly analyze some new data that suggests healthcare web applications are increasingly being targeted by malicious cyber actors, and we explore why a return to normalcy for healthcare cybersecurity may be a bit further down the line than we might hope. We then jump into the disturbing news that stolen documents related to COVID-19 vaccines were manipulated and leaked on the Internet and discuss their potential to stoke public mistrust. Finally, we quickly acknowledge the positives associated with HHS’ apparent decision to appoint its first ever Chief Artificial Intelligence Officer.

read more…

H-ISAC Hacking Healthcare 1-12-2021

TLP White: This week, Hacking Healthcare attempts to outline some of what the healthcare sector can expect as the Biden administration looks to begin its term. Specifically, what does the new administration’s stance on cybersecurity mean for healthcare and who will be important figures in helping to create and implement policies that protect critical infrastructure. We wrap up with a quick breakdown of issues the healthcare sector may wish to promote during the transition.

read more…

H-ISAC Hacking Healthcare 1-5-2021

TLP White: Welcome to 2021! This week, Hacking Healthcare begins by breaking down the United States (US) National Institute of Standards and Technology’s (NIST) newly published final guidance on securing Picture Archiving and Communication System (PACS). Next, we evaluate what the European Commission’s approval of Google’s Fitbit acquisition means for healthcare data privacy and security as technology companies continue to enter the space. Finally, we examine how Singapore’s successful digital contact-tracing effort is quickly becoming a cautionary data privacy tale.

read more…

H-ISAC Hacking Healthcare 12-15-2020

TLP White: This week, Hacking Healthcare begins by exploring the initial fallout from the recent SolarWinds Orion hack. We specifically look to evaluate what happened, what the hack accomplished, and what healthcare organizations may wish to do to secure themselves in its wake. Then, yet another healthcare agency with connections to COVID-19 has been targeted by malicious threat actors, and we dive into the still evolving story of the European Medicines Agency (EMA) attack.

read more…

H-ISAC Hacking Healthcare 12-8-2020

TLP White: This week, Hacking Healthcare briefly draws your attention to more great work going on at the National Institute of Standards and Technology (NIST) in the healthcare space. We then move to an analysis of the U.S. Government Accountability Office’s (GAO) new technology assessment report on AI in healthcare. It’s a comprehensive look at an emerging technology that holds considerable promise while posing significant challenges. Next, we update you on the concerning development that a sophisticated phishing campaign has been targeting the COVID-19 vaccine distribution supply chain. Finally, we wrap up with a rundown of TrickBot’s newest capability and why you might want to brush up on your awareness of this nasty piece of malware.

read more…

H-ISAC Hacking Healthcare 12-1-2020

TLP White

 

This week, Hacking Healthcare looks at proposed legislation from the United Kingdom (U.K.) that appears to signal the country is resolutely moving forward with the banishment of Huawei from its telecommunications infrastructure. We break down what it means for the U.K., other countries in similar positions, and users of the U.K.’s networks. Next, we briefly reiterate how the blurring of the cyber/physical divide is opening up new attack vectors that draw attention to the need for cyber-biosecurity. Lastly, we provide a quick recap of major findings from the Healthcare Information and Management Systems Society (HIMSS) 2020 Cybersecurity Survey.

read more…

H-ISAC Hacking Healthcare 11-24-2020

TLP White

 

This week, Hacking Healthcare looks at what the announcement of the United Kingdom’s (U.K.) National Cyber Force means for the country, for malicious cyber actors, and possibly for international cyber norms. Next, we examine Symantec’s breakdown of an enormous Chinese state-sponsored cyber campaign against Japanese-linked organizations, and we provide our thoughts on what healthcare organizations might learn from it. Finally, we recap a newly released ransomware resiliency report and highlight considerations healthcare organizations may wish to address.

read more…

H-ISAC Hacking Healthcare 11-17-2020

TLP White: This week, Hacking Healthcare takes a look at how security researchers found serious vulnerabilities in a contact-tracing application used in the Philippines and highlights the role of coordinated vulnerability disclosure in remediating them. Next, we ponder what PayPal’s acceptance of cryptocurrency might mean for ransomware perpetrators and victims. Finally, we revisit the issue of attacks against COVID-19 related research and why healthcare organizations should be wary about expecting attacks to wind down.

read more…

H-ISAC Hacking Healthcare 11-10-2020

TLP White: This week, Hacking Healthcare examines some new research on the behavior of consumers in different age demographics related to connected-device security habits and what it may mean for healthcare organizations deploying apps and wearables. Next, we briefly delve into a new report on how ransomware attacks with a data exfiltration element are becoming more common but also potentially less effective. Lastly, we provide a quick overview of new guidance on supply chain security for IoT that was published by the European Union Agency for Cybersecurity (ENISA)

read more…

Translate »