H-ISAC Hacking Healthcare 7-9-19

Adversarial #phishing kits, #BGP internet infrastructure and ransomware infecting cities and towns of all sizes.

 

TLP White: In this edition of Hacking Healthcare, we discuss the growth of Phishing-as-a-Service.  We then check in on how decades old internet infrastructure is fueling security concerns and internet outages. Finally, we examine the worrying trend of ransomware infecting cities in towns across the United States, and what that might mean for the future.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

 

Welcome back to Hacking Healthcare.

read more…

H-ISAC Hacking Healthcare Blog 7-2-19

#ENISA’s upcoming #EU #cybersecurity certification framework, Iranian APT intensifies, #NIST #IoT report.

TLP White: In this edition of Hacking Healthcare, we discuss the European Union’s new official cybersecurity agency and their plans for a cyber certification scheme.  We then check in on Iranian cyber escalation. Finally, we examine NIST’s new guidance on IoT security and how it should inform medical device development and implementation.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare blog 6-25-19

HHS on Health IT, Hospital Spam Calls, Cybersecurity Workforce Guide for Healthcare Sector, and European Council’s Cybersecurity Agenda

**UPDATE NOTE**

 

Quick update following one of our recent stories: As a result of recent sensationalized media reporting on responsible vulnerability disclosure by medical device manufacturers, the Health-ISAC Medical Device Security Information Sharing Council (MDSISC) will develop a media kit for members and press.  The whitepaper will explain the coordinated vulnerability disclosure process and how the ICS-CERT advisories are a good thing.  The kit can be used to educate the press so they report accurately when a MDM discloses responsibly and encourage H-ISAC members to be transparent by publishing notices on their website and to be ready to respond with a reactionary press statement if needed.

 

H-ISAC is currently seeking volunteers interested in working on a small group of both MDMs and HDOs to assist with the development of this media response kit.  Please send an email to contact@h-isac.org with your intent to participate.

 

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare blog 6-18-19

“Hack Back” Bill, EU Agency for Cybersecurity and Coordinated Vulnerability Disclosure and the Media

TLP White: In this edition of Hacking Healthcare, we discuss a bill that would allow companies to hack their hackers back in order to protect networks and systems.  We then describe European Union privacy regulator ENISA’s new permanent mandate and cybersecurity certification standards.  Finally, we consider the stories the media tells us about medical device security and whether those popular tropes help to encourage good cybersecurity practices, such as CVD.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare blog 6-11-19

TLP White: In this edition of Hacking Healthcare, we discuss the long-accepted organizational security practice of periodic password expiration.  We then describe the Department of Health and Human Service’s new efforts to collaborate with other agencies and operationalize information sharing efforts to find new security solutions.  Finally, we consider Russia and Iran’s plans to build a closed Internet, allegedly with the goal of enhancing cybersecurity.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare blog 6-5-19

TLP White: In this edition of Hacking Healthcare, we examine a New York data breach bill that could have substantive effects for healthcare organizations.  We then discuss NATO’s recent signaling that it will not rule out the use of offensive cybersecurity measures to protect member nations’ sensitive data.  Finally, we discuss China’s response to the Huawei ban in the context of lessons companies in the healthcare industry can learn.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

Hacking Healthcare 5-28-19

TLP White: In this edition of Hacking Healthcare, we examine the Georgia Supreme Court’s recent refusal to hold a state government agency liable for a data breach.  We then discuss a United Kingdom (“UK”) Supreme Court decision allowing judicial review of government agency security choices.  Finally, we discuss new artificial intelligence standards developed by the Organisation for Economic Co-operation and Development (“OECD”). 

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Trump Executive Order Targeting Huawei and Industry Reactions, ASUS Updates Attacked (again)

TLP White: In this edition of Hacking Healthcare, we examine the Trump Executive Order targeting Huawei.  We then break down some early industry reactions to that Executive Order.  Finally, we dive into an unfortunate reprise of the ASUS update system hacks.

Authors Note: Congrats to everyone on the H-ISAC team for another highly successful Spring Summit. It was great to meet some of you there and to able to speak on Thursday to a great group. We look forward to seeing you next time. As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

AI-Aided Cancer Detection, Asia-Pacific Cyber Trend, Major Anti-Virus Companies Breached, Anthem Breach Update

TLP White: In this edition of Hacking Healthcare, we examine a potentially revolutionary development in AI-aided cancer detection technology.  We then break down a concerning cybersecurity trend in the Asia-Pacific region. We also explore the startling revelation that several major antivirus companies have been breached. Finally, we consider a new update regarding accountability in the Anthem breach.

read more…

Russia’s Internet Sovereignty Law, Supply Chain Attacks, a Spectre / Meltdown Silver Lining

TLP White: In this edition of Hacking Healthcare, we examine the implications of Russia’s new internet sovereignty law.  We then break down a worrying trend in supply chain attacks.  Finally, we dive into how Spectre and Meltdown have changed the way industry approaches hardware vulnerabilities and disclosures.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…