TLP White: This week, Hacking Healthcare begins by providing a brief update on REvil and its apparent disappearance. Next, we break down the United States (US) government’s new one-stop-shop for ransomware information and guidance. We then highlight some troubling new vulnerability disclosure regulations coming out of China and how they may impact cybersecurity. Finally, we examine the cyber risk associated with using a Managed Service Provider (MSP) and offer some advice on how to minimize it.
TLP White: This week, Hacking Healthcare begins by examining how the Biden administration is approaching the Russian government in an effort to crack down on recent egregious cybercriminal activity. Next, we breakdown Japan’s move to counter the threat of sophisticated cyberattacks by boosting its cyber personnel and introducing new regulations on critical infrastructure sectors. Finally, we briefly touch on how unrelated cybercriminals are using the Kaseya compromise to leverage their spam malware campaign, and outline why it’s imperative that organizations maintain their security posture even in the face of major incidents.
TLP White: This week, Hacking Healthcare begins by evaluating the National Institute of Standards and Technology’s (NIST) definition of “critical software” and what that definition might mean for healthcare within the context of the cybersecurity executive order. Next, we take a look at a new US Cybersecurity & Infrastructure Security Agency (CISA) initiative for improving cybersecurity, and we assess whether focusing on bad practices is likely to make a noticeable difference. Lastly, we provide a brief update on how the Biden administration is considering tackling the scourge of ransomware, including some thoughts on offensive action, incident reporting, and the feasibility of banning of ransom payments.
TLP White: This week, Hacking Healthcare begins by breaking down how a new technology council created by US and EU representatives may ease the risk of divergent technology standards and help to ameliorate current disagreements over data privacy and security. Next, we examine a report that breaks down the growing threat of USB-related malware in industrial environments and explain why the threat may not be going away even as organizations return to pre-pandemic operations. Finally, we assess how the private sector’s struggle with patching is increasingly leading to calls for new laws that mandate it and why that would be a troublesome solution.
TLP White: This week, Hacking Healthcare begins by breaking down President Biden’s meeting with Russian President Putin. We examine what was said and agreed to and then assess the likelihood that it will result in improvements in relations and a decrease in malicious cyber activity. Next, we jump into a recent report on the state of ransomware, specifically to the costs to businesses. Finally, we end by highlighting NIST’s newest Cybersecurity Framework profile for ransomware risk management and encourage members to evaluate how it may help them respond to the ransomware threat.
TLP White: This week, Hacking Healthcare is dedicated to aggregating and analyzing the whirlwind of recent ransomware developments in both the public and private sector. In addition to breaking down what has been happening, we cite new guidance and recommendations and provide our thoughts on how these developments have been helpful or unhelpful in addressing the ransomware issue.
TLP White: This week, Hacking Healthcare begins by examining a workforce study that shows just how significantly COVID-19 has shifted the work setting expectations and preferences of younger generations. We outline why organizations should assess how remote work alters the cybersecurity, privacy, and legal risks they face. Next, we take a look at how the changing geopolitical and technological environment may increase the potential for cyberattacks that seek to disrupt an organization by targeting personnel.
TLP White: This week, Hacking Healthcare begins with a troubling admission from the United Kingdom (UK) government that they conducted a large-scale COVID-19 tracking program to assess their citizens’ behavior following vaccination without notifying the individuals whose data was used, raising privacy and ethical concerns. We also explore a new security directive implemented in the United States (US) that is meant to enhance pipeline security following the Colonial Pipeline attack. The directive requires significant mandatory reporting and may have long term implications for other critical infrastructure sectors like healthcare.
TLP White: This week, Hacking Healthcare takes a long look at the recent cyberattacks perpetrated against the Irish Health Service Executive (HSE) and Irish Department of Health. We break down what exactly happened, why the Irish government is being lauded for its response, the impact the attack had on healthcare services, and why refusal to pay is unlikely to be a silver bullet for ransomware. Finally, we examine some new comments from US national security figures on a possible approach to a national breach notification law, and we detail two of the hurdles to the creation of such a single, federal breach notification standard.
TLP White: This week, Hacking Healthcare takes an in-depth look at two issues. First, we examine the Biden administration’s openness to COVID-19 vaccine patent waivers, which breaks with decades of policy precedent and raises interesting questions about intellectual property (IP) protections and the effect they may have on cyber espionage and attacks. We then break down some of the secondary effects of the Colonial Pipeline attack to try and draw out some useful insights.