Trump Executive Order Targeting Huawei and Industry Reactions, ASUS Updates Attacked (again)

TLP White: In this edition of Hacking Healthcare, we examine the Trump Executive Order targeting Huawei.  We then break down some early industry reactions to that Executive Order.  Finally, we dive into an unfortunate reprise of the ASUS update system hacks.

Authors Note: Congrats to everyone on the H-ISAC team for another highly successful Spring Summit. It was great to meet some of you there and to able to speak on Thursday to a great group. We look forward to seeing you next time. As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

AI-Aided Cancer Detection, Asia-Pacific Cyber Trend, Major Anti-Virus Companies Breached, Anthem Breach Update

TLP White: In this edition of Hacking Healthcare, we examine a potentially revolutionary development in AI-aided cancer detection technology.  We then break down a concerning cybersecurity trend in the Asia-Pacific region. We also explore the startling revelation that several major antivirus companies have been breached. Finally, we consider a new update regarding accountability in the Anthem breach.

read more…

Russia’s Internet Sovereignty Law, Supply Chain Attacks, a Spectre / Meltdown Silver Lining

TLP White: In this edition of Hacking Healthcare, we examine the implications of Russia’s new internet sovereignty law.  We then break down a worrying trend in supply chain attacks.  Finally, we dive into how Spectre and Meltdown have changed the way industry approaches hardware vulnerabilities and disclosures.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

UK Grant’s Huawei 5G Infrastructure, P2P IoT Vulnerability, Healthcare Legacy Systems

TLP White: In this edition of Hacking Healthcare, we discuss the UK’s recent decision to allow Huawei to construct portions of the country’s 5G network infrastructure.  We then break down a new vulnerability affecting the peer-to-peer connectivity of internet-of-things (“IoT”) devices.  Finally, we dive into healthcare organizations’ cyber-readiness and the unique challenges facing them in the form of legacy systems, strict regulatory requirements, and a lack of network segmentation.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

GDPR Fine in UK, Nation-State IP Hijack, Brazilian Hackers, NIST on IoT

TLP White: In this edition of Hacking Healthcare, we discuss a UK regulator’s decision to fine a pregnancy and parenting support club for sharing users’ data without informed consent and running afoul of the GDPR.  We also break down a new nation-state attack that allows hackers to access user login credentials and online account information.  We then dive into Brazilian cyber criminals’ focus on and interest in infiltrating the country’s electronic banking system.  Finally, we remind you of NIST’s continued interest in IoT and the agency’s upcoming efforts to advance cryptography standards for connected devices.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

European Cybersecurity Framework, Triton Malware, Irresponsible Vulnerability Disclosure, VPN Security

TLP White: In this edition of Hacking Healthcare, we discuss the difficulty of implementing one-size-fits-all cybersecurity policy in Europe. We also break down the troubling re-occurrence of Triton malware on critical infrastructure. We then dive into the chaos caused by an irresponsible vulnerability disclosure. Finally, we explore the recent revelation of insecurity in enterprise VPN applications.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Data Breach Penalty Senate Bill, CT & MRI Manipulation Vulnerability, Amazon’s Alexa Health Data

TLP White: In this edition of Hacking Healthcare, we discuss a bill introduced in the Senate last week that seeks to enable criminal penalties for corporate executives following a data breach. We also break down a new malware variant developed by Israeli researchers to highlight the damage malicious code can wreak on healthcare systems and patient diagnoses. We then dive into Amazon Alexa, and its foray into healthcare information.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

States Filling Federal Healthcare Cybersecurity Gap, UK Questions 5G, Marsh’s Cyber Catalyst Program

TLP White: In this edition of Hacking Healthcare, we discuss the lack of a federal cybersecurity standard and how states have stepped in to try to fill the gaps.  We also break down the United Kingdom’s recent criticism of Huawei devices and hardware.  We then dive into a new designation for cybersecurity products and services to help businesses navigate the vast and varied offerings available in the marketplace.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Phish Impersonating CDC, White House Launches AI.com, IoT Malware, Phone as ID?

TLP White: In this edition of Hacking Healthcare, we discuss a new malware-carrying phishing campaign that attempts to impersonate the Centers for Disease Control and Prevention.  We also break down the White House’s recent launch of AI.com, a central repository for all artificial intelligence initiatives and policies at the federal agency level.  We then dive into a resurgent IoT malware botnet that has worked its way into some enterprise networks.  Finally, we explore the efficacy and security risks of using phone numbers for identity authentication purposes.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

HHS on EHI, InfoSec Trends, Disclosure Protocol, NIST’s Privacy Framework

TLP White: In this edition of Hacking Healthcare, we discuss a new HHS proposed rule that seeks to improve the security of electronic health information.  We also break down a new HIMSS survey of information security professionals within various healthcare organizations and identify some emerging trends.  We then dive into a website’s knee jerk response to a security researcher who tried to notify the site of vulnerabilities in its source code.  Finally, we remind you of NIST’s rapidly progressing Privacy Framework, which the agency suggests will work in tandem with its recently published Cybersecurity Framework.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…