Health-ISC Hacking Healthcare 4-20-2021

TLP White: This week, Hacking Healthcare begins by exploring the possible cybersecurity-related ramifications of worsening relations between the United States, Russia, and China. Then, we briefly examine the increase in cloud cyberattacks and advocate for assessing security controls. Finally, we spotlight a new set of domain name service (DNS) vulnerabilities that potentially impacts millions of internet-connected devices, including those in the healthcare sector, and look towards mitigation strategies.

read more…

Hacking Healthcare 4-13-2021

TLP White: This week, Hacking Healthcare begins by exploring the role of the United States National Cyber Director, including the role’s origins, what one in the role is expected to do, its international equivalents, and how it might impact the healthcare sector. Next, we briefly summarize the impact of a major U.S. Supreme Court decision on a dispute between Google and Oracle over APIs. Lastly, we provide an overview of the European Union Agency for Cybersecurity’s (ENISA) new online tool, which is connected to the hospital cybersecurity procurement guidelines they released last year.

read more…

Health-ISAC Hacking Healthcare 4-7-2021

TLP White: This week, Hacking Healthcare begins by examining some early conversations amongst policymakers on the topic of vaccine cards and passports, specifically drawing attention to the security and privacy concerns of such credentialing. Next, we check-in on the progress being made on a US-EU Privacy Shield replacement and make the case for tempering expectations. Finally, we conclude by breaking down a new healthcare data risk report that suggests healthcare data overexposure is a global issue.

read more…

Health-ISAC Hacking Healthcare 3-30-2021

TLP White: This week, Hacking Healthcare begins by breaking down how a fire experienced by a French cloud provider impacted millions, is a perfect example of cascading effects, and demonstrates how reliance on the cloud isn’t foolproof. Next, we dive into the Verkada breach to examine third-party risk and how security services themselves can present security and privacy risks. Finally, we look at how a well-intentioned attempt to notify a company of its data leak led to the involvement of lawyers and the frustration of proponents of ethical reporting.

read more…

Health-ISAC’s Hacking Healthcare 3-23-2021

TLP White: This week, Hacking Healthcare begins by expanding on the topic of Chinese engagement with international standards bodies to examine China’s overall digital efforts and how they may impact the healthcare sector. Next, we provide an update on how the contentious issue of “right to repair” has spread to state legislatures and has been exacerbated by COVID-19, as well as how H-ISAC members may wish to engage with it. Lastly, we round out this week’s edition with a look at Australia’s recently released ransomware report and examine the country’s approach to balancing public-private responsibility for tackling the problem.

read more…

Health-ISAC Hacking Healthcare 3-16-2021

TLP White: This week, Hacking Healthcare begins by re-examining the issue of social media misinformation and the effects it has on the public health sector. Next, in our continuing coverage of the fallout from the SolarWinds supply-chain compromise, we take a look at a proposal to create “software cleanliness ratings” to help incentivize informed software acquisition and software development best practices. Finally, we briefly cover China’s attempt to spread its influence within international standards bodies and what it could mean for healthcare.

read more…

Health-ISAC Hacking Healthcare 3-9-2021

TLP White: This week, Hacking Healthcare begins by drawing your attention to the latest publication in the H-ISAC’s own ongoing series of white papers designed to introduce CISOs to an identity-centric approach to cybersecurity. Next, we briefly examine a comprehensive report from the New York Cyber Task Force (NYCTF) that highlights the United States’ need to invest in a whole-of-nation response to plausible cyber crises. Finally, we detail concerns that Ryuk ransomware is evolving some dangerous new capabilities.

read more…

Health-ISAC Hacking Healthcare 3-2-2021

TLP White: This week, Hacking Healthcare begins with the contentious issue of mandating cyberattack disclosures in the wake of SolarWinds and considers what role ISACs and ISAOs could play in improving information sharing. Next, we briefly cover the Biden Administration’s recent supply chain Executive Order and its relation to cybersecurity in the healthcare sector. Finally, we end by examining new reports that highlight the interconnected nature of cybercriminal groups and their relationship to nation-states.

read more…

Health-ISAC Hacking Healthcare 2-23-2021

TLP White: This week, Hacking Healthcare begins by highlighting a new report that suggests healthcare organizations may not always appreciate the cybersecurity risks related to their relationships with third-party business associates. Then, we briefly examine how France has cited cyberattacks against its hospitals as an impetus for a new €1 billion initiative to improve its overall cybersecurity ecosystem.

read more…

Health-ISAC Hacking Healthcare 2-16-2021

TLP White: This week, Hacking Healthcare begins with a breakdown of some high-level findings from the Cyber Threat Intelligence League’s (CTIL) first ever Darknet Report. We analyze the report and extrapolate it into a discussion about indirect threats to the healthcare sector. Next, we examine some alarming news that a malicious entity’s remote access to a water treatment facility in Florida could have resulted in making the water toxic. Finally, we emphasize that healthcare organizations should ensure they are appropriately securing their health apps by detailing a new report that found significant vulnerabilities in a number of widely used mobile health apps and APIs.

read more…

Translate »