SEC on Cyber Fraud, FDA’s MD playbook, IoT, MQTT

TLP White: SEC investigative report examining a strain of cyber fraud, FDA’s Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook, NIST’s draft internal report regarding IoT cybersecurity and privacy risk mitigation, and MQTT flaws which have a substantial impact on IoT devices.

read more…

Apple “ECG” watch, OIG on FDA MD cybersecurity

TLP White: We start with discussion around the Apple watch’s new features and what it means to healthcare. We also look at the OIG’s recommendations for the FDA when reviewing medical devices before they hit the market. We conclude by shedding some light on how using AI to create synthetic brain cancer scans actually preserves privacy. Welcome back to Hacking Healthcare.

Authors note: In recognition of the H-ISAC’s increased focus on international healthcare, we will be adding additional information regarding policy and legislative hearings from around the world. We welcome any feedback on how to make this as useful as possible. read more…

Australia’s Consumer Data Right, NIST, Encryption

TLP White: Welcome back to Hacking Healthcare:

We start with a look at Australia and the development of a Consumer Data Right.  We also discuss NIST’s plans to create a privacy framework.  We conclude by shedding some light on what went down at the 2018 Five Country Ministerial.


Hot Links –
  1. Australian Consumer Data Right.

    The GDPR isn’t the only international privacy regime for organizations to consider.  Australia’s proposed Consumer Data Right (“CDR”) is poised to come into effect on July 1, 2019, introducing an additional layer of international complexity to privacy compliance.

read more…

Compelled Decryption, Mirai “Sora”, Apache Struts

TLP White: Louisiana decryption case and potential repercussions of compelled decryption in the healthcare industry, a resurgence of the Mirai malware, the Apache Struts vulnerability and the multi-stakeholder coordinated vulnerability disclosure process.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC. Read full blog below:

read more…