Health-ISAC Hacking Healthcare 9-14-2021

TLP White: This week, Hacking Healthcare begins by diving into a new report that highlights the growing tension and dissatisfaction between security teams, employees, and leadership when addressing remote work and cybersecurity. We pull some useful insights from the report and pose some questions that may help alleviate similar issues within your own organization. Next, we wrap up with a breakdown of a cloud misconfiguration report and make a case for the utility of harnessing the independent security researcher community.

read more…

Health-ISAC Hacking Healthcare 9-9-2021

TLP White: This week, Hacking Healthcare begins by highlighting a notice for the National Institute of Standards and Technology’s (NIST) new telehealth cybersecurity project, which is presently open for industry comment. Next, we briefly examine a new healthcare sector cybersecurity study that emphasizes how malicious actors are increasingly targeting smaller outpatient and specialty clinics. We then break down how a disgruntled ransomware affiliate leaked a ransomware playbook and what security researchers have gleaned from investigating it. Finally, we wrap up with a report on insider threats, and we put a spotlight on the need for interdepartmental collaboration to help mitigate such threats effectively.

(more…)

Health-ISAC Hacking Healthcare 9-1-2021

TLP White: This week, Hacking Healthcare begins by examining a new Chinese Data Security Law (DSL) that is set to go into effect on September 1st and contains provisions that may significantly impact how multinational organizations operate in China. Next, we provide a readout from the recent White House cybersecurity meeting with industry leaders that convened a broad swath of organizations and led to several private sector commitments that may help improve the nation’s cybersecurity. Finally, we wrap up by revisiting the cyber insurance marketplace to review what has happened over the last 18 months and provide some guidance and context for what may come next.

read more…

Health-ISAC Hacking Healthcare 8-24-21

TLP White: This week, Hacking Healthcare begins with a look at how law enforcement’s improved capabilities in tracing ransomware cryptocurrency payments, and their recent successes in degrading criminal cryptocurrency infrastructure, is incentivizing the evolution of new criminal services. Next, we highlight the importance of good cybersecurity communication by examining a recent SEC settlement against Pearson plc. Finally, we wrap up with a brief breakdown of a new healthcare sector cybersecurity report and use it as a springboard for a thought exercise.

read more…

Health-ISAC Hacking Healthcare 8-17-2021

TLP White: This week, Hacking Healthcare begins by examining an alarming report that a secret government watchlist may have been left exposed online, raising questions about how concerned companies should be over information sharing and mandatory reporting. Next, we briefly assess an ongoing lawsuit against SolarWinds that’s notable because it partially targets their CISO. Finally, we wrap up by breaking down Proofpoint’s latest CISO report to glean useful takeaways and noteworthy trends.

read more…

Health-ISAC Hacking Healthcare 8-10-2021

TLP White: This week, Hacking Healthcare begins by describing the most recent developments related to the creation of a Bureau of Cyber Statistics and what they might mean for the healthcare sector. Next, we reiterate how important it is to be aware of your cyber-physical systems, especially systems not typically associated with having a cyber component. Finally, we wrap up with a breakdown of Russia’s new cybercrime proposal in the United Nations and how it remains at odds with Western approaches.

read more…

Health-ISAC Hacking Healthcare 8-3-2021

TLP White:

This week, Hacking Healthcare begins by breaking down various aspects of the White House’s new national security memo, including why some of the “voluntary” elements of the memo may not actually end up being so voluntary. Next, we make sense of President Biden’s recent remarks that the most likely cause of a “shooting war” between the United States and a rival power would be a significant cyber incident. Finally, we examine why you should take an interest in a multi-government joint advisory that highlights the most common vulnerabilities being exploited, and we discuss what you can do about it.

read more…

Health-ISAC Hacking Healthcare 7-20-2021

TLP White: This week, Hacking Healthcare begins by providing a brief update on REvil and its apparent disappearance. Next, we break down the United States (US) government’s new one-stop-shop for ransomware information and guidance. We then highlight some troubling new vulnerability disclosure regulations coming out of China and how they may impact cybersecurity. Finally, we examine the cyber risk associated with using a Managed Service Provider (MSP) and offer some advice on how to minimize it.

read more…

Health-ISAC Hacking Healthcare 7-13-2021

TLP White: This week, Hacking Healthcare begins by examining how the Biden administration is approaching the Russian government in an effort to crack down on recent egregious cybercriminal activity. Next, we breakdown Japan’s move to counter the threat of sophisticated cyberattacks by boosting its cyber personnel and introducing new regulations on critical infrastructure sectors. Finally, we briefly touch on how unrelated cybercriminals are using the Kaseya compromise to leverage their spam malware campaign, and outline why it’s imperative that organizations maintain their security posture even in the face of major incidents.

read more…

Health-ISAC Hacking Healthcare 7-6-2021

TLP White: This week, Hacking Healthcare begins by evaluating the National Institute of Standards and Technology’s (NIST) definition of “critical software” and what that definition might mean for healthcare within the context of the cybersecurity executive order. Next, we take a look at a new US Cybersecurity & Infrastructure Security Agency (CISA) initiative for improving cybersecurity, and we assess whether focusing on bad practices is likely to make a noticeable difference. Lastly, we provide a brief update on how the Biden administration is considering tackling the scourge of ransomware, including some thoughts on offensive action, incident reporting, and the feasibility of banning of ransom payments.

read more…

Translate »