Health-ISAC Hacking Healthcare 6-24-2020

TLP White: This week, Hacking Healthcare revisits digital contact-tracing to keep you updated on the latest developments around the world. Additionally, we briefly remind you about the ingenuity of malicious actors by recounting how LinkedIn was weaponized to compromise European aerospace and defense firms. Lastly, we recap the alarming release of a redacted report on the Central Intelligence Agency’s (CIA) deeply regrettable cybersecurity practices.

read more…

Health-ISAC Hacking Healthcare 6-17-2020

TLP White: This week, Hacking Healthcare looks at the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) announcement of a new strategy to protect Industrial Control Systems (“ICS”) in critical infrastructure sectors from cyberattack. Next, we break down recent threat research that illustrates just how quickly misconfigured databases in cloud environments can be found and exploited by malicious actors, but why that shouldn’t dissuade healthcare organizations from implementing them. Lastly, we look at a project backed by the U.S. National Science Foundation (“NSF”) to secure patient data related to COVID-19 research and explore its implications.

read more…

H-ISAC Hacking Healthcare 6-10-2020

TLP White: This week, Hacking Healthcare delivers an update on the progress various countries are making on digital contact-tracing and outlines the important role healthcare organizations play in advancing discussion on the topic. Next, we explore growing public and private support for permanently easing rules and regulations that impede telehealth services. Lastly, we brief you on a new federal bill that would create a national research cloud for artificial intelligence and how the bill could benefit the healthcare sector.

read more…

H-ISAC Hacking Healthcare 6-2-2020

TLP White: This week, Hacking Healthcare takes a deeper look at international norms. Specifically, we will explain what international norms are, how they apply to cybersecurity and the healthcare sector, and why it is important for healthcare organizations to understand them.

read more…

H-ISAC Hacking Healthcare 5-27-2020

TLP White: This week, Hacking Healthcare begins by updating you on the ongoing saga of contact tracing efforts, including how Europe is set to be a testbed for Apple and Google’s digital approach. Next, we explore how a South Korean telecommunications company is harnessing AI to help augment local healthcare organizations. Finally, we look at what a recent U.N. working group report on malicious cyber activity against healthcare and other critical infrastructure sectors might mean.


Welcome back to Hacking Healthcare.


As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)


1. Apple and Google’s Contact Tracing Effort Begins Roll Out.

Last Wednesday, the first component of Apple and Google’s contact tracing partnership found its way onto Android and iOS operating systems. The component, “exposure notifications,” is the first step in helping health authorities develop mobile applications that will inform individuals when they may have been exposed to COVID-19.[1]

Mobile phone users whose devices operate the latest version of either iOS or Android can now find an opt-in function within their phone’s settings which will allow them to connect to healthcare applications that make use of the technology. It is important to note that this technical addition to both mobile operating systems is just a framework. It will now be up to state and local governments and healthcare institutions to implement the technology with their own applications.

In some countries, this may not take long. Switzerland has already claimed to have launched the first application incorporating Apple and Google’s component. According to the BBC, “Members of the Swiss army, hospital workers and civil servants can now install the SwissCovid app ahead of a planned wider rollout.”[2] Another European country, Latvia, claims they will not be far behind in deploying their own version.[3] Many other European countries have publicly committed to adopting Apple and Google’s approach and it is expected that this will allow easier integration and interoperability.[4] It will be worth watching how these efforts develop and what lessons may be learned for subsequent adopters.

Analysis & Action

*H-ISAC Membership Required*



2. South Korean Telecom Taps AI to Assist COVID-19 Response.

In another example of emerging technologies being harnessed for healthcare purposes, it was reported last week that South Korean telecommunications company, SK Telecom, has employed its artificial intelligence (“AI”) calling platform for COVID-19 check-ins. The service is currently active for 1,500 residents, with plans for expansion dependent upon agreements with local government entities.[5]

The platform is intended to help ease the burden on local health authorities during the COVID-19 response by automating part of the resource intensive task of monitoring individuals placed in mandatory quarantine. The AI, named Nugu, will call the needed individuals twice daily to ascertain their health status through a series of questions.[6] The data that is collected from the responses will then be sent to the relevant health authorities. If successful, the platform should be able to deliver needed health data faster while easing the number of trained professionals needed to carry out the time intensive procedures.

Analysis & Action

*H-ISAC Membership Required*



3. United Nations Working Group Tackles Healthcare Cyberattacks.

Last week, the United Nations (“U.N.”) Open Ended Working Group (“OEWG”) working on information communications technology (“ICT”) security released a report proposal aimed at providing guidance on implementing norms to combat malicious cyber activity against healthcare services and facilities. The report proposal appears to stem from the noted increase in cyber-attacks targeting healthcare sectors of various countries as a result of COVID-19 and could be a step towards greater U.N. action.

While the actual text more broadly applies to critical infrastructure of all kinds and notes the influx of all types of COVID-19 related malicious cyber activity, healthcare is specifically called out. The report notes that all countries consider the healthcare sector to be critical infrastructure, making it an ideal example.[7] As for the text, the proposal states that:

  • – A State should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public.[8]
  • – States should take appropriate measures to protect their critical infrastructure from ICT threats, taking into account General Assembly resolution 58/199 on the creation of a global culture of cybersecurity and the protection of critical infrastructures, and other relevant resolutions.[9]

As of its publication, Australia, Estonia, Japan, the Czech Republic, Kazakhstan, and the United States have signed on as supporters, but more are welcome and seem likely to endorse it.

Analysis & Action

*H-ISAC Membership Required*





Tuesday, May 26th:

– No relevant hearings


Wednesday, May 27th:

– No relevant hearings


Thursday, May 28th:

–  House – Committee on Education and Labor – Subcommittee on Workforce Protections:  “Examining the Federal Government’s Actions to Protect Workers from COVID-19.”



International Hearings/Meetings


– No relevant hearings



EU –


Thursday, May 28th:

– European Parliament – Committee on Environment, Public Health, Food Safety




Conferences, Webinars, and Summits

— H-ISAC Virtual Security Workshop:  Securing Medical Device Infrastructure on a Shoestring Budget – Webinar (5/27/2020)

–Shared Solution Webinar: Managed Threat Detection for the Rest of Us – Webinar (5/28/2020)

H-ISAC Shared Solutions: Adapting Your Third-Party Program to Rapidly Changing Times (TLP White) – Webinar (6/2/2020)

–Identity for the CISO – Becoming ‘Identity-Centric’ – Webinar (6/3/2020)

— An H-ISAC Framework for CISOs to Manage Identity – Webinar (6/10/2020)

— Life as a CISO by Axonius

–AAMI Exchange – New Orleans, LA (6/12/2020-6/15/2020)

H-ISAC Monthly Member Threat Briefing – Webinar (6/30/2020)

–Healthcare Cybersecurity Forum – Mid-Atlantic – Philadelphia, PA (7/17/2020)

–Healthcare Cybersecurity Forum – Rocky Mountain – Denver, CO (7/20/2020)

–Healthcare Cybersecurity Forum – Southeast – Nashville, TN (9/9/2020)

–H-ISAC Security Workshop – Greenwood Village, CO (9/16/2020)

–Healthcare Cybersecurity Forum – Northeast – Boston, MA (9/22/2020)

–H-ISAC Cyber Threat Intel Training – Titusville, FL (9/22/2020)

–H-ISAC Security Workshop – Forchheim, Germany

–Summit on Security & Third Party Risk – National Harbor, MD (9/28/2020-9/30/2020)

–Healthcare Cybersecurity Forum – Texas – Houston, TX (10/8/2020)

–CYSEC 2020 – Dubrovnik, Croatia (10/27/2020 – 10/28/2020)

–H-ISAC Security Workshop – Mounds View, MN (10/27/2020)

–Healthcare Cybersecurity Forum – Pacific Northwest – Seattle, WA (10/28/2020)

–H-ISAC Security Workshop – Seattle, WA – (10/29/2020)

–Healthcare Cybersecurity Forum – California – Los Angeles, CA (11/12/2020)

–H-ISAC Security Workshop – Paris, France (11/18/2020)




Sundries –


–HSCC Shares Guide to Protecting Healthcare Trade Secrets, Research

–Coronavirus: NHS app paves the way for ‘immunity passports’


Contact us: follow @HealthISAC, and email at










H-ISAC Hacking Healthcare 5-19-2020

TLP White: This week, Hacking Healthcare begins by examining what to expect from two federal agencies formally naming China as a culprit in ongoing cyber espionage against healthcare organizations. Next, we highlight new research that emphasizes just how important identity is to organizational cybersecurity and what H-ISAC is doing to help members interested in taking an identity-centric approach to cybersecurity. Lastly, we briefly examine why it’s not so easy to counter the COVID-19 social media misinformation that may be harming mitigation and response efforts.

Reminder: H-ISAC Monthly Threat Brief: H-ISAC members are encouraged to join this month’s Threat Brief Webinar on May 26th at 12:00pm EST. Topics include adversaries targeting healthcare, Ransomware as a Service, mitigating threats to healthcare workers, RDP vulnerabilities, and the upcoming FTC review of the Health Breach Notification rule. The webinar is free for H-ISAC members and details are sent out on the members’ list server.

read more…

H-ISAC Hacking Healthcare 5-13-2020

TLP White: This week, Hacking Healthcare takes an extended look at digital contact tracing. We begin with an overview of contact tracing and its digital development. Next, we briefly outline some of the political, technical, logistical and legal impediments and considerations of digital contact tracing efforts. We then provide an update on where the United States (U.S.) and other countries are in their efforts to implement digital contact tracing programs. Finally, we wrap-up with some thoughts on what it all means.

read more…

H-ISAC Hacking Healthcare 5-6-2020

TLP White: In this edition of Hacking Healthcare, we begin by examining how COVID-19 led the United Kingdom’s (UK) National Health Service (NHS) to give the country’s intelligence and security agency emergency powers over its networks. We then brief you on a recent letter from Congressional lawmakers and discuss its illustration of the unique challenge of implementing digital contact tracing in the United States. Finally, we take a brief look at why foreign intelligence services are targeting parts of the healthcare sector, and when it might be expected to stop.

read more…

H-ISAC Hacking Healthcare 4-28-2020

TLP White: In this edition of Hacking Healthcare, we begin with a discussion of the H-ISAC’s media kit on medical device security and coordinated vulnerability disclosure and how it will help educate media partners and the general public on those critical issues. Next, we briefly explore the potential security and privacy concerns related to Facebook’s pop-up COVID-19 surveys. Finally, we try and decipher the puzzling and threatening press release that the U.S. State Department issued to an unspecified cyber actor earlier this month.

read more…

H-ISAC Hacking Healthcare 4-21-2020

TLP White


In this edition of Hacking Healthcare, we explore how COVID-19 is impacting coordinated vulnerability disclosure and why the healthcare sector may be significantly affected. Next, we highlight the newest example of a nation-state using COVID-19 to further geopolitical goals, and we discuss how those efforts may be undermining COVID-19 response efforts. Lastly, we break down insights a group of experts at Oxford may have on the viability and effectiveness of contact tracing apps.

read more…

Translate »