TLP White: This week, Hacking Healthcare begins by looking at an aspect of insider threats that often doesn’t receive enough attention from those in charge of organizations’ cybersecurity. Next, we assess some bleak statistics on the state of cybercrime during COVID-19 with an eye towards the lessons we might draw from them. Lastly, we update you on the state of cyber insurance by describing three significant developments that have driven organizations to purchase cyber insurance policies.
Please give us a minute of your time to answer a few questions about this week’s Hacking Healthcare topics. We’ll publish the results in an upcoming issue. Survey link follows the articles below.
TLP White: This week, Hacking Healthcare asks readers to start thinking about cyber-physical incidents and how prepared your organization is to deal with the consequences. Next, we break down the recent announcement that China is unveiling their own global data security initiative and what might be expected as a result. Finally, we briefly examine how the Department of Homeland Security’s (DHS) new Binding Operational Directive, which requires government agencies to adopt a Vulnerability Disclosure Policy, affects the healthcare sector.
TLP White: This week, Hacking Healthcare begins with an examination of Health and Human Services’ (HHS) Office of Civil Rights’ (OCR) release of their summer cybersecurity newsletter, which makes the case that implementation of an information technology (IT) asset inventory can aid HIPAA compliance. Next, we brief you on the recent charges levied against ex-Uber Chief Security Officer (CSO) Joe Sullivan for his role in covering up a 2016 data breach and consider what the healthcare sector could do to disincentivize such behavior. Lastly, we breakdown an insider threat attack with a happy ending and consider what organizations can do to mitigate such attacks.
TLP White: This week, Hacking Healthcare is devoted to exploring the physical aspects of data security that, while sometimes easy to overlook, are no less important. This issue will examine the types of incidents members should consider, various legal and regulatory elements, the applicability of insurance, and what practical steps you can take to mitigate threats to physical data security.
TLP White: This week, Hacking Healthcare begins by exploring how healthcare organizations should consider establishing an online presence on social media and communication platforms, even if there doesn’t appear to be a business case for it. Next, we briefly detail the National Security Agency (NSA) and Federal Bureau of Investigation’s (FBI) startling public identification and attribution of Drovorub malware. Finally, we wrap up by breaking down a report detailing consumer views on data privacy and security in the Asia-Pacific region.
TLP White: This week, Hacking Healthcare begins by exploring just how significant the Trump Administration’s recent Executive Order targeting WeChat may be for those in the healthcare sector. We then conclude this issue by breaking down the recent news that China has started to block HTTPS traffic that used TLS 1.3 and ESNI, including why, how, and what it means for healthcare organizations.
Note: On the subject of TLS 1.3, we point you to a NIST workshop taking place this Thursday (August 13th) where you can learn more.
TLP White: This week, Hacking Healthcare explores the ramifications of the European Union’s decision to sanction malicious cyber actors for the first time ever, including why it may only really benefit the healthcare sector in the long-term. Following that, we brief you on an evolution in disinformation campaigns that makes trusting online sources even harder.
TLP White: This week, Hacking Healthcare explores 2020 ransomware trends, including the concerning growth of ransomware that incorporates data exfiltration and what that means for healthcare organizations. Next, we examine the charges the US government has brought against two Chinese hackers accused of a decades long cyber campaign and what the US hopes to gain from the disclosure. Lastly, we investigate the growing support for active cyber defense in Australia and what the short-term and long-term effects could be for the healthcare sector.
TLP White: This week, Hacking Healthcare explores the recent Schrems II decision that invalidated the US-EU Privacy Shield Framework and all of the uncertainty that comes with it. Next, we brief you on how the UK’s rush to implement contact tracing has run afoul of privacy regulations and ponder the effect of regulation on emergency response. Finally, wrapping up our European coverage, we break down the UK’s decision to remove Huawei from its telecommunications networks and what effects that may have on their cybersecurity.
This week, Hacking Healthcare explores the full scope of China’s intelligence gathering operations against healthcare entities in the United States and its allies in the wake of COVID-19 and outlines some practical and inexpensive ways to boost security. Next, we review how individual states are taking steps to permanently embrace telehealth changes and discuss what you can expect on telehealth from a federal standpoint. Finally, we briefly explain how a smartwatch and an accompanying healthcare related app demonstrate the security issues of not having comprehensive visibility into a product’s underlying code. Welcome back to Hacking Healthcare.