HHS on EHI, InfoSec Trends, Disclosure Protocol, NIST’s Privacy Framework

TLP White: In this edition of Hacking Healthcare, we discuss a new HHS proposed rule that seeks to improve the security of electronic health information.  We also break down a new HIMSS survey of information security professionals within various healthcare organizations and identify some emerging trends.  We then dive into a website’s knee jerk response to a security researcher who tried to notify the site of vulnerabilities in its source code.  Finally, we remind you of NIST’s rapidly progressing Privacy Framework, which the agency suggests will work in tandem with its recently published Cybersecurity Framework.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Data Breach Tidal Wave, NSA Anti-Malware Toolkit, 5G Security & Huawei

TLP White: In this edition of Hacking Healthcare, we discuss a new report containing some alarming statistics on the ever-present problem of data breaches.  We also break down a new National Security Agency reverse-engineering tool for malware that the government has made available for public use.  Finally, we explore 5G wireless network security and the United States’ effort to protect the network by banning Huawei infrastructure.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Healthcare industry Cybersecurity, Vermont Phases Out Foreign Equipment, Hospital Debt & Cyber Threat

TLP White: In this edition of Hacking Healthcare, we discuss a Senator’s request for information about the cybersecurity capabilities of health focused federal agencies and industry groups.  We also break down Vermont’s action against Russian and Chinese equipment.  Finally, we discuss a report warning lenders of the impact of cyber risk on borrowers in particularly high-risk industries.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Drupal Vulnerability, Hack Speed, Supply Chain Attacks, MHR and DNS

TLP White: In this edition of Hacking Healthcare, we draw your attention, in the unlikely event you missed it, to a new Drupal vulnerability.  We then breakdown Crowdstrike’s revelation on just how quick Russian hackers are.  Next, we summarize worrying growth in supply chain attacks.  We then discuss Australia’s contentious opt-out legislation and its impact on their “My Health Records” system.  Finally, we discuss the implications of and lessons learned from the recent widespread DNS hijacking attacks.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Equifax Breach Update, Cyber-Ready Countries, Healthcare Cybersecurity Challenges

TLP White: In this edition of Hacking Healthcare, we update you on the fall out of the Equifax data breach and summarize the leading theory on the culprit of the attack.  We then discuss a recent report ranking sixty countries on their cyber threat readiness.  Finally, we examine some alarming statistics indicating that cybersecurity challenges continue to beleaguer the healthcare industry.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC.

read more…

Facebook,Crypto, VPN App Risk

TLP White: In this edition of Hacking Healthcare, we detail the outcome of a German competition agency’s recent investigation into Facebook’ data practices.  Then, we examine Canadian crypto giant QuadrigaCX’s loss of assets and access to its digital coins.  Finally, we discuss a bipartisan effort asking the Department of Homeland Security to recognize that VPN apps could pose a national security risk.

Welcome back to Hacking Healthcare.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

HIPAA Update? Ethical hacking risk, and evolving Ransomware

TLP White – In this edition of Hacking Healthcare, we explore the potential to update one of the landmark bills in healthcare.  Then, we examine the case of a Hungarian white hat and the risks of being an ethical hacker.  Finally, we detail how ransomware is evolving, and how that change could require a rethink in policy.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Medical “Right to be forgotten,” GDPR-Ready, Clinical AI

TLP White: In this edition of Hacking Healthcare, we explore a recent ruling in a “right to be forgotten” case that has a connection to the healthcare sector. Then, we examine evidence of the cybersecurity benefits of being GDPR-ready.  Finally, we detail a report on the issues affecting integration of AI into clinical decision support that parallels other technology use cases in healthcare.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC.

read more…

New Malware Variants, Telecom Legislation, GDPR Enforcement Actions

TLP White: In this edition of Hacking Healthcare, we begin by describing two new malware variants and their methods of infiltrating protected systems.  Then, we turn, again, to U.S. legislators’ efforts to crack down on Chinese telecom giants via export control legislation.  Finally, we discuss General Data Protection Regulation (“GDPR”) enforcement actions instituted by European regulators that could result in hefty fines for companies who have violated the law.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Cyber Liability, a GDPR Violation First, HackenProof Discovers Chinese exposures

TLP White: In this edition of Hacking Healthcare, we begin by discussing a cyber liability insurer’s invocation of a not-so-obscure contractual exclusion to attempt to avoid paying out on an insured’s claim.  Then, we turn to an alleged General Data Protection Regulation (“GDPR”) violation that resulted in the first ever GDPR fine imposed by a Portuguese data authority on a hospital system.  Finally, we discuss a recent discovery made by a bug bounty and vulnerability researcher conglomerate which revealed that the resumes and personal data of over 200 million Chinese citizens had been exposed online.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…