TLP White: This week, Hacking Healthcare begins by breaking down how a new technology council created by US and EU representatives may ease the risk of divergent technology standards and help to ameliorate current disagreements over data privacy and security. Next, we examine a report that breaks down the growing threat of USB-related malware in industrial environments and explain why the threat may not be going away even as organizations return to pre-pandemic operations. Finally, we assess how the private sector’s struggle with patching is increasingly leading to calls for new laws that mandate it and why that would be a troublesome solution.
TLP White: This week, Hacking Healthcare begins by breaking down President Biden’s meeting with Russian President Putin. We examine what was said and agreed to and then assess the likelihood that it will result in improvements in relations and a decrease in malicious cyber activity. Next, we jump into a recent report on the state of ransomware, specifically to the costs to businesses. Finally, we end by highlighting NIST’s newest Cybersecurity Framework profile for ransomware risk management and encourage members to evaluate how it may help them respond to the ransomware threat.
TLP White: This week, Hacking Healthcare is dedicated to aggregating and analyzing the whirlwind of recent ransomware developments in both the public and private sector. In addition to breaking down what has been happening, we cite new guidance and recommendations and provide our thoughts on how these developments have been helpful or unhelpful in addressing the ransomware issue.
TLP White: This week, Hacking Healthcare begins by examining a workforce study that shows just how significantly COVID-19 has shifted the work setting expectations and preferences of younger generations. We outline why organizations should assess how remote work alters the cybersecurity, privacy, and legal risks they face. Next, we take a look at how the changing geopolitical and technological environment may increase the potential for cyberattacks that seek to disrupt an organization by targeting personnel.
TLP White: This week, Hacking Healthcare begins with a troubling admission from the United Kingdom (UK) government that they conducted a large-scale COVID-19 tracking program to assess their citizens’ behavior following vaccination without notifying the individuals whose data was used, raising privacy and ethical concerns. We also explore a new security directive implemented in the United States (US) that is meant to enhance pipeline security following the Colonial Pipeline attack. The directive requires significant mandatory reporting and may have long term implications for other critical infrastructure sectors like healthcare.
TLP White: This week, Hacking Healthcare takes a long look at the recent cyberattacks perpetrated against the Irish Health Service Executive (HSE) and Irish Department of Health. We break down what exactly happened, why the Irish government is being lauded for its response, the impact the attack had on healthcare services, and why refusal to pay is unlikely to be a silver bullet for ransomware. Finally, we examine some new comments from US national security figures on a possible approach to a national breach notification law, and we detail two of the hurdles to the creation of such a single, federal breach notification standard.
TLP White: This week, Hacking Healthcare takes an in-depth look at two issues. First, we examine the Biden administration’s openness to COVID-19 vaccine patent waivers, which breaks with decades of policy precedent and raises interesting questions about intellectual property (IP) protections and the effect they may have on cyber espionage and attacks. We then break down some of the secondary effects of the Colonial Pipeline attack to try and draw out some useful insights.
TLP White: This week, Hacking Healthcare begins by examining a mistake that affected roughly 25% of the population of Wyoming and makes the case that organizations should ensure their security and privacy processes look to minimize the risk of employee-caused exposures. Next, we briefly cover the United States Cybersecurity and Infrastructure Security Agency’s first use of its new subpoena power to help secure critical infrastructure, and we discuss what it might mean for the agency’s relationship with the private sector. Finally, we take a look at a troubling cyberattack against a Finnish healthcare provider and consider the potential implications of cyberattacks that target mental healthcare providers.
TLP White: This week, Hacking Healthcare begins by breaking down the wildlife threat to critical infrastructure and reminding organizations to ensure they have back-up plans in place for unanticipated service outages. Next, we dive into the world of ransomware once again to highlight not just the resurgence of attacks in 2021, but also some bold and dangerous new tactical developments. Finally, we wrap up with a look at a major new report outlining a framework to combat ransomware that may provide the strategic insight needed to counter this growing threat.
TLP White: This week, Hacking Healthcare begins by exploring how North Atlantic Treaty Organization (NATO) military alliance members are strengthening their collective response to cyberattacks and disinformation operations against critical infrastructure sectors, and how such exercises are especially beneficial to the healthcare sector in less cyber capable states. Next, we break down the US Department of Justice’s (DOJ) new ransomware task force to discuss why it may or may not be effective at countering ransomware. Finally, we examine the Pulse Connect Secure vulnerability to illustrate the necessity of patching older vulnerabilities.