H-ISAC Hacking Healthcare 3-17-2020

TLP WHITE: In this edition of Hacking Healthcare, we tackle three significant document releases that will affect numerous aspects of the healthcare sector. First, we dive into the final report issued by the Cyberspace Solarium Commission and recap a handful of recommendations that are likely to have the biggest impact on healthcare cybersecurity and incident response. Next, we briefly break down how the finalization of two Department of Health and Human Services (HHS) rules, the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule and the Interoperability and Patient Access Final Rule, are set to create wholesale changes to the way that healthcare data is accessed by patients.

read more…

H-ISAC Hacking Healthcare 3-11-2020

TLP White: In this edition of Hacking Healthcare, we begin by breaking down new guidance from the Department of Justice (DOJ) on the legal considerations of engaging in cyber threat intelligence activities. Next, we look at the European Union Agency for Cybersecurity’s (ENISA) 51-page report on procurement cybersecurity for hospitals that provides comprehensive guidance applicable to many organizations in the healthcare sector. Finally, we explore a Government Accountability Office (GAO) report that recommends NIST Cybersecurity Framework adoption and assessment across all critical infrastructure sectors.

read more…

H-ISAC Hacking Healthcare 3-3-2020

TLP White: In this edition of Hacking Healthcare, we begin by exploring the German Patient Data Protection Act that is under criticism for its approach to cybersecurity and privacy. Next, we briefly examine the interesting effect the United States’ naming and shaming of Chinese state hackers is having. Finally, we break down why DNS over HTTPS might come with considerable tradeoffs.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 2-25-2020

TLP White: In this edition of Hacking Healthcare, we begin by breaking down a new bill that will expand digitization of health records in the Netherlands. Next, we brief you on how the United States (US) National Institute of Standards and Technology’s (NIST) commitment to supporting their new Privacy Framework is good news for small and medium sized healthcare organizations that handle sensitive patient data. Lastly, we explore the Trump administration’s recent criticism of the European Union’s (EU) newly unveiled artificial intelligence (AI) principles, and why concerns over differences might be a little premature.

read more…

H-ISAC Hacking Healthcare 2-19-2020

TLP White: In this edition of Hacking Healthcare, we begin with a notice from the FDA looking for nominations for the Patient Engagement Advisory Committee. Next, we examine the results of a KPMG report on how artificial intelligence (“AI”) is viewed by various industries. We then brief you on a ransomware lawsuit where the plaintiffs appear to be seeking payment over alleged harm rather than actual harm. Finally, we explore how scammers and malicious actors are making use of the coronavirus to infect their victims.

read more…

Health-ISAC Hacking Healthcare 2-11-2020

TLP White: In this edition of Hacking Healthcare, we begin with an analysis of the coronavirus that tries to cut through the media sensationalism to explore a more nuanced perspective of its impacts. Next, we examine why the anonymization of data is often more marketing myth than security fact. Finally, we look at how a new suit against a university medical center fits into a larger conversation around privacy, research, and technological change in the healthcare sector.

read more…

Health-ISAC Hacking Healthcare 2-4-2020

TLP White: In this edition of Hacking Healthcare, we begin by examining a milestone in the integration of Artificial Intelligence/Machine Learning (AI/ML) into drug treatment development. Next, we brief you on new developments in Huawei’s ongoing saga to avoid a European ban and what it may mean for EU-US relations. Lastly, in continuing our coverage of the cyber insurance market, we look at what a new decision in favor of an email fraud victim might mean for the still evolving market.

read more…

H-ISAC Hacking Healthcare 1-29-2020

TLP White: In this edition of Hacking Healthcare, we begin with an Idaho National Lab researcher that is shedding light on just how little we know about the threat of ICS (Industrial Control Systems) vulnerabilities. Next, we dive a little deeper into the world of ICS vulnerabilities by briefly examining cybersecurity organization TrendMicro’s seven-month long ICS honeypot. Finally, we give you a short brief on where the UK’s healthcare sector is likely to go in a post-Brexit environment.

read more…

H-ISAC Hacking Healthcare 1-21-2020

TLP White: In this edition of Hacking Healthcare, we begin with security researchers calling for a common language for hardware vulnerabilities. Next, we briefly detail how the European Commission is prepared to take drastic steps to curb misuse of facial recognition software. Additionally, we outline how Google’s Dr. Feinberg is defending their partnership with Ascension. Finally, we quickly run through the topics that will be discussed at next week’s H-ISAC Monthly Threat Brief.

 

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 1-14-2020

TLP White: In this edition of Hacking Healthcare, we begin with a reminder that increased digitization in healthcare brings many benefits, but also requires contingency planning. Next, we briefly outline the Trump Administration’s guidance on Artificial Intelligence (“AI”) regulation. Finally, we breakdown an International Criminal Police Organization (“INTERPOL“) operation that they claim has led to a 78% drop in cryptojacking in the Association of Southeast Asian Nations (“ASEAN”) region.

 

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

Translate »