TLP White: In this edition of Hacking Healthcare, we breakdown an unexpected Russian crackdown of a cybercrime ring, and why it probably doesn’t signal a sea change in domestic cyber policy. Next, we brief you on a telehealth ICU solution being rushed to the frontlines of the COVID-19 response and why emerging technologies could help with the next global health emergency. Finally, we examine a global group of cybersecurity volunteers as they attempt to bolster healthcare cybersecurity during a rush of malicious activity.
TLP White: In this edition of Hacking Healthcare, we take an in-depth look at telework. As the spread of COVID-19 has led to social distancing and other policies meant to curb infection rates, many industries are turning to telework to continue operations to the maximum extent possible. Below we outline some of the general challenges of this transition, as well as some specific difficulties the healthcare sector faces in adopting both telework and telehealth. And speaking of which, we start with an announcement from the US National Institute of Standards and Technology (NIST) on their new telehealth initiative.
TLP WHITE: In this edition of Hacking Healthcare, we tackle three significant document releases that will affect numerous aspects of the healthcare sector. First, we dive into the final report issued by the Cyberspace Solarium Commission and recap a handful of recommendations that are likely to have the biggest impact on healthcare cybersecurity and incident response. Next, we briefly break down how the finalization of two Department of Health and Human Services (HHS) rules, the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule and the Interoperability and Patient Access Final Rule, are set to create wholesale changes to the way that healthcare data is accessed by patients.
TLP White: In this edition of Hacking Healthcare, we begin by breaking down new guidance from the Department of Justice (DOJ) on the legal considerations of engaging in cyber threat intelligence activities. Next, we look at the European Union Agency for Cybersecurity’s (ENISA) 51-page report on procurement cybersecurity for hospitals that provides comprehensive guidance applicable to many organizations in the healthcare sector. Finally, we explore a Government Accountability Office (GAO) report that recommends NIST Cybersecurity Framework adoption and assessment across all critical infrastructure sectors.
TLP White: In this edition of Hacking Healthcare, we begin by exploring the German Patient Data Protection Act that is under criticism for its approach to cybersecurity and privacy. Next, we briefly examine the interesting effect the United States’ naming and shaming of Chinese state hackers is having. Finally, we break down why DNS over HTTPS might come with considerable tradeoffs.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)
TLP White: In this edition of Hacking Healthcare, we begin by breaking down a new bill that will expand digitization of health records in the Netherlands. Next, we brief you on how the United States (US) National Institute of Standards and Technology’s (NIST) commitment to supporting their new Privacy Framework is good news for small and medium sized healthcare organizations that handle sensitive patient data. Lastly, we explore the Trump administration’s recent criticism of the European Union’s (EU) newly unveiled artificial intelligence (AI) principles, and why concerns over differences might be a little premature.
TLP White: In this edition of Hacking Healthcare, we begin with a notice from the FDA looking for nominations for the Patient Engagement Advisory Committee. Next, we examine the results of a KPMG report on how artificial intelligence (“AI”) is viewed by various industries. We then brief you on a ransomware lawsuit where the plaintiffs appear to be seeking payment over alleged harm rather than actual harm. Finally, we explore how scammers and malicious actors are making use of the coronavirus to infect their victims.
TLP White: In this edition of Hacking Healthcare, we begin with an analysis of the coronavirus that tries to cut through the media sensationalism to explore a more nuanced perspective of its impacts. Next, we examine why the anonymization of data is often more marketing myth than security fact. Finally, we look at how a new suit against a university medical center fits into a larger conversation around privacy, research, and technological change in the healthcare sector.
TLP White: In this edition of Hacking Healthcare, we begin by examining a milestone in the integration of Artificial Intelligence/Machine Learning (AI/ML) into drug treatment development. Next, we brief you on new developments in Huawei’s ongoing saga to avoid a European ban and what it may mean for EU-US relations. Lastly, in continuing our coverage of the cyber insurance market, we look at what a new decision in favor of an email fraud victim might mean for the still evolving market.
TLP White: In this edition of Hacking Healthcare, we begin with an Idaho National Lab researcher that is shedding light on just how little we know about the threat of ICS (Industrial Control Systems) vulnerabilities. Next, we dive a little deeper into the world of ICS vulnerabilities by briefly examining cybersecurity organization TrendMicro’s seven-month long ICS honeypot. Finally, we give you a short brief on where the UK’s healthcare sector is likely to go in a post-Brexit environment.