TLP White: This week, Hacking Healthcare is dedicated to aggregating and analyzing the whirlwind of recent ransomware developments in both the public and private sector. In addition to breaking down what has been happening, we cite new guidance and recommendations and provide our thoughts on how these developments have been helpful or unhelpful in addressing the ransomware issue.
TLP White: This week, Hacking Healthcare begins by examining a workforce study that shows just how significantly COVID-19 has shifted the work setting expectations and preferences of younger generations. We outline why organizations should assess how remote work alters the cybersecurity, privacy, and legal risks they face. Next, we take a look at how the changing geopolitical and technological environment may increase the potential for cyberattacks that seek to disrupt an organization by targeting personnel.
TLP White: This week, Hacking Healthcare begins with a troubling admission from the United Kingdom (UK) government that they conducted a large-scale COVID-19 tracking program to assess their citizens’ behavior following vaccination without notifying the individuals whose data was used, raising privacy and ethical concerns. We also explore a new security directive implemented in the United States (US) that is meant to enhance pipeline security following the Colonial Pipeline attack. The directive requires significant mandatory reporting and may have long term implications for other critical infrastructure sectors like healthcare.
TLP White: This week, Hacking Healthcare takes a long look at the recent cyberattacks perpetrated against the Irish Health Service Executive (HSE) and Irish Department of Health. We break down what exactly happened, why the Irish government is being lauded for its response, the impact the attack had on healthcare services, and why refusal to pay is unlikely to be a silver bullet for ransomware. Finally, we examine some new comments from US national security figures on a possible approach to a national breach notification law, and we detail two of the hurdles to the creation of such a single, federal breach notification standard.
TLP White: This week, Hacking Healthcare takes an in-depth look at two issues. First, we examine the Biden administration’s openness to COVID-19 vaccine patent waivers, which breaks with decades of policy precedent and raises interesting questions about intellectual property (IP) protections and the effect they may have on cyber espionage and attacks. We then break down some of the secondary effects of the Colonial Pipeline attack to try and draw out some useful insights.
TLP White: This week, Hacking Healthcare begins by examining a mistake that affected roughly 25% of the population of Wyoming and makes the case that organizations should ensure their security and privacy processes look to minimize the risk of employee-caused exposures. Next, we briefly cover the United States Cybersecurity and Infrastructure Security Agency’s first use of its new subpoena power to help secure critical infrastructure, and we discuss what it might mean for the agency’s relationship with the private sector. Finally, we take a look at a troubling cyberattack against a Finnish healthcare provider and consider the potential implications of cyberattacks that target mental healthcare providers.
TLP White: This week, Hacking Healthcare begins by breaking down the wildlife threat to critical infrastructure and reminding organizations to ensure they have back-up plans in place for unanticipated service outages. Next, we dive into the world of ransomware once again to highlight not just the resurgence of attacks in 2021, but also some bold and dangerous new tactical developments. Finally, we wrap up with a look at a major new report outlining a framework to combat ransomware that may provide the strategic insight needed to counter this growing threat.
TLP White: This week, Hacking Healthcare begins by exploring how North Atlantic Treaty Organization (NATO) military alliance members are strengthening their collective response to cyberattacks and disinformation operations against critical infrastructure sectors, and how such exercises are especially beneficial to the healthcare sector in less cyber capable states. Next, we break down the US Department of Justice’s (DOJ) new ransomware task force to discuss why it may or may not be effective at countering ransomware. Finally, we examine the Pulse Connect Secure vulnerability to illustrate the necessity of patching older vulnerabilities.
TLP White: This week, Hacking Healthcare begins by exploring the possible cybersecurity-related ramifications of worsening relations between the United States, Russia, and China. Then, we briefly examine the increase in cloud cyberattacks and advocate for assessing security controls. Finally, we spotlight a new set of domain name service (DNS) vulnerabilities that potentially impacts millions of internet-connected devices, including those in the healthcare sector, and look towards mitigation strategies.
TLP White: This week, Hacking Healthcare begins by exploring the role of the United States National Cyber Director, including the role’s origins, what one in the role is expected to do, its international equivalents, and how it might impact the healthcare sector. Next, we briefly summarize the impact of a major U.S. Supreme Court decision on a dispute between Google and Oracle over APIs. Lastly, we provide an overview of the European Union Agency for Cybersecurity’s (ENISA) new online tool, which is connected to the hospital cybersecurity procurement guidelines they released last year.