NIST Projects, HHS Cyber Guide, Australia EWN Hacked

TLP White
This week we start with a discussion of two National Institute of Standards and Technology (“NIST”) projects that directly address cybersecurity weaknesses in existing healthcare processes. We then turn to a new four volume Department of Health and Human Services (“HHS”) publication that serves as a voluntary, best practices guide for healthcare entities of all sizes to use to improve their organizational approaches to cybersecurity. We end by describing a recent hack into an Australian early warning network system, emphasizing the need for increased protection of vulnerable communication networks everywhere.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Cybersecurity and Privacy 2019 updates from U.S., E.U., Australia and India.

TLP White: In this New Year edition of Hacking Healthcare, we look ahead to a number of regulatory shifts on the horizon for international cybersecurity and data privacy.  Specifically, we examine the approaches Australia, India, the European Union (“EU”), and the United States (“US”) have signaled they will take to cybersecurity and privacy in 2019.  We summarize these countries’ proposed frameworks, map the rapidly changing cybersecurity and privacy landscape, distill some themes and recurring issues, and predict trends and outcomes for the New Year.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Iranian Phishing Technique, China Implicated in Hack, Law Updates

TLP White

 

This week we start by looking at a phishing technique used by Iranian hackers to circumvent two-factor SMS authentication protections.  We then turn to the Marriott data breach and regulators’ claims that China is to blame for the hack, and we discuss a recent Pennsylvania case that could have lasting implications on employers’ efforts to protect employee data.  We end by adding some color to last week’s summary of Australia’s Assistance and Access law, a piece of legislation that allows government agencies to access previously unreachable digital communications in order to assist law enforcement efforts.

read more…

Apple Watch 4, Crypto Crackdown, Multi-state HIPAA Lawsuit

TLP White: This week we start by discussing a new software update from Apple that allows some smart watch owners to undergo electrocardiogram scans and heart rate monitoring at the touch of a button.  We then turn to the Department of Treasury’s effort to crack down on hackers by prohibiting ransomware payments to particular cryptocurrency addresses.  We’ll look at Australia, who decided they know best about encryption, and we will end by taking a deeper dive into a health information data incident that has caused a number of states to join forces by bringing a HIPAA lawsuit against the breached company.

read more…

International Anti-Botnet Guide, British e-Prescription, Encryption Law,

TLP White: This week we start by discussing the not entirely far-fetched proposition that bots have First Amendment rights.  We also consider a new private sector guide for fighting botnets that aims to shore up technology companies’ cybersecurity protections.  We then turn to the British government’s push to move prescription services online by funding NHS trusts’ e-prescription implementation.  We end by returning, again, to the issue of encryption and its potential to interfere with legitimate law enforcement efforts.

read more…

FL Court Says Data Breach not “Personal Injury,” Senate Privacy Bill, Chinese Huawei and Healthcare Most Vulnerable Sector

TLP White

Authors Note: Greetings from the H-ISAC Summit in San Antonio! I will be around all week and looking forward to meeting as many of you as I can and attending the great sessions. I welcome any and all feedback on how Hacking Healthcare can be better, so if you are here and see me, please stop and say hello.

 

This week we start by recapping a Florida federal court’s interpretation of an insured’s commercial general liability policy in the context of a data breach.  We also discuss the Consumer Data Privacy Act of 2018, privacy legislation that has been offered up for discussion by Sen. Ron Wyden (D-OR) in the Senate.  We then turn to the US government’s effort to keep its allies from using a Chinese brand of telecommunications equipment due the equipment’s cybersecurity vulnerabilities.  We end by taking a deeper dive into foreign hacks on healthcare systems.

read more…

CISA, UK’s NHS on PHI messaging, More Spectre Meltdown

TLP White: This week we start by addressing a new cybersecurity-focused agency within the Department of Homeland Security (“DHS”).  We also examine new guidelines published by the United Kingdom’s primary health authority regarding medical professionals’ use of messaging applications.  We then discuss similar challenges facing both European and U.S.-based healthcare IT executives, and we end by shedding some light on the continuing problems posed by this year’s Spectre and Meltdown cyber-attacks.

(more…)

FDA’s Open Source App, NTIA on SBoMs and National Privacy?

TLP White: This week we start by examining FDA’s recent release of an open source app that aims to help healthcare delivery organizations better collect patient data.  We also discuss NTIA’s effort to encourage software component transparency and open communication between healthcare entities.  We end by shedding some light on a possible new push to pass federal privacy legislation in the United States.

read more…

GDPR’s U.S. Impact, Bluetooth, Chinese hacking threats

TLP White: This week we start by examining the impact of the EU’s General Data Protection Regulation (GDPR) and U.S. companies’ initial responses to the law.  We also discuss new vulnerabilities that have been discovered in Bluetooth-enabled devices.  We end by shedding some light on ever-worsening threats of Chinese hacking and conclude that the problem has escalated in some new and alarming ways.

read more…