H-ISAC Hacking Healthcare 1-21-2020

TLP White: In this edition of Hacking Healthcare, we begin with security researchers calling for a common language for hardware vulnerabilities. Next, we briefly detail how the European Commission is prepared to take drastic steps to curb misuse of facial recognition software. Additionally, we outline how Google’s Dr. Feinberg is defending their partnership with Ascension. Finally, we quickly run through the topics that will be discussed at next week’s H-ISAC Monthly Threat Brief.

 

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 1-14-2020

TLP White: In this edition of Hacking Healthcare, we begin with a reminder that increased digitization in healthcare brings many benefits, but also requires contingency planning. Next, we briefly outline the Trump Administration’s guidance on Artificial Intelligence (“AI”) regulation. Finally, we breakdown an International Criminal Police Organization (“INTERPOL“) operation that they claim has led to a 78% drop in cryptojacking in the Association of Southeast Asian Nations (“ASEAN”) region.

 

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare Blog 1-7-2020

TLP White: In this edition of Hacking Healthcare, we begin the new year with a brief explanation of the increased nation state threat stemming from the killing of Iranian Gen. Soleimani. We then briefly review Mastercard’s most recent cybersecurity acquisition and what it might mean for them and their franchisees. Finally, we delve into Russia’s announcement that they have successfully tested their own “internal internet”.

read more…

H-ISAC Hacking Healthcare 12-17-19

TLP White: In this edition of Hacking Healthcare, we begin with a warning about the use of emotion-detecting technologies and a call for their regulation. Next, we detail how the U.S. National Institute of Standards and Technology (“NIST”) is helping further biometric research. Finally, we briefly explain India’s proposed data privacy and data protection bill that mixes elements of the General Data Protection Regulation (“GDPR”) with a healthy dose of government exemptions.

read more…

H-ISAC Hacking Healthcare 12-10-19

TLP White: In this edition of Hacking Healthcare, we spotlight the Food and Drug Administration’s request for nominations to their Medical Devices Advisory Committee. Next, we brief you on Sen. Booker and Sen. Wyden’s mission to combat bias in healthcare algorithms. Additionally, we highlight a new indictment against Russian hackers and why it matters despite the unlikeliness of there ever being a trial. Finally, we give you the lowdown on an expected cloud security advisory from the National Security Agency’s Cybersecurity Directorate.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 12-3-19

TLP White: In this edition of Hacking Healthcare, we give you an update on yet another case of cyber insurance falling short of covering an expected cost. We then explore the possibility of Iran creating a “white list” for foreign websites. Finally, we discuss the potential impact of China stepping up intellectual property protections and cracking down on IP theft.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 11-26-19

TLP White: In this edition of Hacking Healthcare, we brief you on yet another wide-ranging ransomware attack that was exacerbated by environmental factors. Additionally, we examine a new Russian law that would require Russian software to be pre-installed on products. Finally, we explain what to expect from the Cyberspace Solarium Commission, a congressionally-mandated task force charged with reviewing U.S. cyber strategy and recommending policy changes.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 11-19-19

TLP White: In this edition of Hacking Healthcare, we take a look at the recent news concerning Google’s project Nightingale. Then, keeping with big IT and healthcare, we examine Apple’s latest foray into healthcare research. Finally, we remind ourselves that the threat is real.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 11-13-19

TLP White: In this edition of Hacking Healthcare, we explore insider threats and the various ways they can negatively impact organizations. First, we analyze how the convergence of geopolitics and insider threats have led GitLab to consider banning individuals of certain nationalities from critical positions. Next, we brief you on how an insider threat at Trend Micro led to tailored scam attacks against their customers. Finally, we examine the case of two Twitter employees charged with spying for the Saudi Arabian government.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 11-6-19

TLP White: In this edition of Hacking Healthcare, we lead off by providing you with a few important announcements from the National Institute of Standards and Technology (“NIST”).  We then discuss the use of a critical hospital technology and how it has led to public web-streaming of sensitive healthcare information. Next, we fill you in on the rise of attacks against managed service providers, and we explore what that means for small businesses and government entities. We then explore how a group of 15 technology companies are challenging a key assumption of the talent shortage in the cybersecurity workforce. Finally, we give you a brief update on how Norsk Hydro’s cyber insurance payout is fueling skepticism in the cyber insurance market.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…