UK Grant’s Huawei 5G Infrastructure, P2P IoT Vulnerability, Healthcare Legacy Systems

TLP White: In this edition of Hacking Healthcare, we discuss the UK’s recent decision to allow Huawei to construct portions of the country’s 5G network infrastructure.  We then break down a new vulnerability affecting the peer-to-peer connectivity of internet-of-things (“IoT”) devices.  Finally, we dive into healthcare organizations’ cyber-readiness and the unique challenges facing them in the form of legacy systems, strict regulatory requirements, and a lack of network segmentation.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

GDPR Fine in UK, Nation-State IP Hijack, Brazilian Hackers, NIST on IoT

TLP White: In this edition of Hacking Healthcare, we discuss a UK regulator’s decision to fine a pregnancy and parenting support club for sharing users’ data without informed consent and running afoul of the GDPR.  We also break down a new nation-state attack that allows hackers to access user login credentials and online account information.  We then dive into Brazilian cyber criminals’ focus on and interest in infiltrating the country’s electronic banking system.  Finally, we remind you of NIST’s continued interest in IoT and the agency’s upcoming efforts to advance cryptography standards for connected devices.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

European Cybersecurity Framework, Triton Malware, Irresponsible Vulnerability Disclosure, VPN Security

TLP White: In this edition of Hacking Healthcare, we discuss the difficulty of implementing one-size-fits-all cybersecurity policy in Europe. We also break down the troubling re-occurrence of Triton malware on critical infrastructure. We then dive into the chaos caused by an irresponsible vulnerability disclosure. Finally, we explore the recent revelation of insecurity in enterprise VPN applications.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Data Breach Penalty Senate Bill, CT & MRI Manipulation Vulnerability, Amazon’s Alexa Health Data

TLP White: In this edition of Hacking Healthcare, we discuss a bill introduced in the Senate last week that seeks to enable criminal penalties for corporate executives following a data breach. We also break down a new malware variant developed by Israeli researchers to highlight the damage malicious code can wreak on healthcare systems and patient diagnoses. We then dive into Amazon Alexa, and its foray into healthcare information.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

States Filling Federal Healthcare Cybersecurity Gap, UK Questions 5G, Marsh’s Cyber Catalyst Program

TLP White: In this edition of Hacking Healthcare, we discuss the lack of a federal cybersecurity standard and how states have stepped in to try to fill the gaps.  We also break down the United Kingdom’s recent criticism of Huawei devices and hardware.  We then dive into a new designation for cybersecurity products and services to help businesses navigate the vast and varied offerings available in the marketplace.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Phish Impersonating CDC, White House Launches AI.com, IoT Malware, Phone as ID?

TLP White: In this edition of Hacking Healthcare, we discuss a new malware-carrying phishing campaign that attempts to impersonate the Centers for Disease Control and Prevention.  We also break down the White House’s recent launch of AI.com, a central repository for all artificial intelligence initiatives and policies at the federal agency level.  We then dive into a resurgent IoT malware botnet that has worked its way into some enterprise networks.  Finally, we explore the efficacy and security risks of using phone numbers for identity authentication purposes.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

HHS on EHI, InfoSec Trends, Disclosure Protocol, NIST’s Privacy Framework

TLP White: In this edition of Hacking Healthcare, we discuss a new HHS proposed rule that seeks to improve the security of electronic health information.  We also break down a new HIMSS survey of information security professionals within various healthcare organizations and identify some emerging trends.  We then dive into a website’s knee jerk response to a security researcher who tried to notify the site of vulnerabilities in its source code.  Finally, we remind you of NIST’s rapidly progressing Privacy Framework, which the agency suggests will work in tandem with its recently published Cybersecurity Framework.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Data Breach Tidal Wave, NSA Anti-Malware Toolkit, 5G Security & Huawei

TLP White: In this edition of Hacking Healthcare, we discuss a new report containing some alarming statistics on the ever-present problem of data breaches.  We also break down a new National Security Agency reverse-engineering tool for malware that the government has made available for public use.  Finally, we explore 5G wireless network security and the United States’ effort to protect the network by banning Huawei infrastructure.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Healthcare industry Cybersecurity, Vermont Phases Out Foreign Equipment, Hospital Debt & Cyber Threat

TLP White: In this edition of Hacking Healthcare, we discuss a Senator’s request for information about the cybersecurity capabilities of health focused federal agencies and industry groups.  We also break down Vermont’s action against Russian and Chinese equipment.  Finally, we discuss a report warning lenders of the impact of cyber risk on borrowers in particularly high-risk industries.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Drupal Vulnerability, Hack Speed, Supply Chain Attacks, MHR and DNS

TLP White: In this edition of Hacking Healthcare, we draw your attention, in the unlikely event you missed it, to a new Drupal vulnerability.  We then breakdown Crowdstrike’s revelation on just how quick Russian hackers are.  Next, we summarize worrying growth in supply chain attacks.  We then discuss Australia’s contentious opt-out legislation and its impact on their “My Health Records” system.  Finally, we discuss the implications of and lessons learned from the recent widespread DNS hijacking attacks.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…