H-ISAC Hacking Healthcare 11-17-2020

TLP White: This week, Hacking Healthcare takes a look at how security researchers found serious vulnerabilities in a contact-tracing application used in the Philippines and highlights the role of coordinated vulnerability disclosure in remediating them. Next, we ponder what PayPal’s acceptance of cryptocurrency might mean for ransomware perpetrators and victims. Finally, we revisit the issue of attacks against COVID-19 related research and why healthcare organizations should be wary about expecting attacks to wind down.

read more…

H-ISAC Hacking Healthcare 11-10-2020

TLP White: This week, Hacking Healthcare examines some new research on the behavior of consumers in different age demographics related to connected-device security habits and what it may mean for healthcare organizations deploying apps and wearables. Next, we briefly delve into a new report on how ransomware attacks with a data exfiltration element are becoming more common but also potentially less effective. Lastly, we provide a quick overview of new guidance on supply chain security for IoT that was published by the European Union Agency for Cybersecurity (ENISA)

read more…

Health-ISAC Hacking Healthcare 11-3-2020

TLP WHITE: This week, Hacking Healthcare takes a look at how industry conferences and networking sites are fertile grounds for cyberattacks. Next, we briefly explore a concerning threat advisory jointly posted by three federal government agencies on October 28th that warned of imminent cyberattacks against the healthcare sector. Finally, we wrap up with an examination of the newest cyber-related sanctions issued by the U.S. government against a Russian institute with connections to Triton malware.  Welcome back to Hacking Healthcare.

read more…

H-ISAC Hacking Healthcare 10-27-2020

TLP White: This week, Hacking Healthcare dives into a less talked about aspect of U.S.–China relations, specifically, the possible detainment of American citizens as a diplomatic reprisal. We dive into how this move could affect healthcare organizations, as well as just how likely such an action might be. Next, we examine the European Union Agency for Cybersecurity’s (ENISA) recent publication of their 2020 Threat Landscape report. The various documents that comprise this year’s report take an extensive look at the current cyber threat landscape and help to highlight some areas that healthcare should be paying attention to. Lastly, we examine an attack on a Finnish healthcare organization that’s making headlines for its perpetrator’s tactics.

read more…

H-ISAC Hacking Healthcare 10-21-2020 – Cybercrime

TLP White: This week, Hacking Healthcare continues with coverage on global cybercrime. We have a few new developments to examine before breaking down what they might mean for the healthcare sector. To begin, we try to put this year in cybercrime into perspective by delving into some recently reported statistics from an insurance firm. Next, we briefly examine the results of a major EU-US coordinated takedown of a criminal group that’s responsible for providing financial services to cybercrime gangs. Finally, we look at an interesting new report that suggests employees view stress and fatigue as the biggest factors in their ability to reduce cybercrime vulnerability, rather than a lack of training and awareness.

read more…

H-ISAC Hacking Healthcare 10-13-2020

TLP White: This week, Hacking Healthcare takes a look at how risk management is evolving with the increase of remote work. We start by revisiting the long running Huawei saga to give you an update on a new report from the United Kingdom’s Parliament that is bound to antagonize the Chinese government and potentially lead to reprisals. Next, we briefly examine the United States Cybersecurity and Infrastructure Security Agency’s (CISA) release of guidance for ransomware and telework that could be a useful comparative reference for healthcare organizations. Finally, we dig into a new report on the state of endpoint and Internet of Things (IoT) security with an eye towards how some of the more interesting findings may apply to the healthcare sector.

read more…

Health-ISAC Hacking Healthcare 10-6-2020 — Ransomware

TLP White: This week, Hacking Healthcare talks ransomware yet again. This pervasive threat continues to plague organizations across all sectors and the globe, and we believe it warrants continued attention.

We begin by exploring what cybersecurity reports from IBM and Microsoft have to say about the current state of ransomware and why new attack trends are specifically noteworthy for healthcare organizations. Next, we look at the just-released Europol report on Internet organized crime to get a sense of the European perspective on ransomware. Finally, we conclude by hopefully alleviating some concern around the recent United States Treasury Department advisory that raised an alarm for those that deal with ransomware remediation.

read more…

Hacking Healthcare 9-29-2020

TLP White: This week, Hacking Healthcare begins by exploring what to expect from the recent announcement by the U.S. Food and Drug Administration (FDA) that the agency has formally launched its Digital Health Center of Excellence. Next, we make note of an update to Health and Human Services’ (HHS) freely available Security Risk Assessment tool and why it may be a good place to start for any HIPAA covered entity looking to facilitate compliance with the Security Rule. Finally, we highlight a recent global study that shows just how serious third-party risk can be for organizations and why it is not an easy problem to solve. Please give us a minute of your time to answer a few questions about this week’s Hacking Healthcare topics. We’ll publish the results in an upcoming issue. Survey link follows the articles below. 

read more…

H-ISAC Hacking Healthcare 9-22-2020

TLP WHITE: This week, Hacking Healthcare begins by examining the news that ransomware has been cited as likely being responsible for an individual’s death. Next, we highlight some recent work conducted by the National Institute of Standards and Technology (NIST) that has resulted in a new tool to help organizations fight phishing. Lastly, we brief you on the benefits of the United States Cybersecurity and Infrastructure Security Agency’s (CISA) integration into the CVE process.  Please give us a minute of your time to answer a few questions about this week’s Hacking Healthcare topics. We’ll publish the results in an upcoming issue. Survey link follows the articles below. 

  read more…

H-ISAC Hacking Healthcare 9-15-2020

TLP White: This week, Hacking Healthcare begins by looking at an aspect of insider threats that often doesn’t receive enough attention from those in charge of organizations’ cybersecurity. Next, we assess some bleak statistics on the state of cybercrime during COVID-19 with an eye towards the lessons we might draw from them. Lastly, we update you on the state of cyber insurance by describing three significant developments that have driven organizations to purchase cyber insurance policies.

 

Please give us a minute of your time to answer a few questions about this week’s Hacking Healthcare topics. We’ll publish the results in an upcoming issue. Survey link follows the articles below. 

read more…

Translate »