TLP White: This week, Hacking Healthcare begins by examining what to expect from two federal agencies formally naming China as a culprit in ongoing cyber espionage against healthcare organizations. Next, we highlight new research that emphasizes just how important identity is to organizational cybersecurity and what H-ISAC is doing to help members interested in taking an identity-centric approach to cybersecurity. Lastly, we briefly examine why it’s not so easy to counter the COVID-19 social media misinformation that may be harming mitigation and response efforts.
Reminder: H-ISAC Monthly Threat Brief: H-ISAC members are encouraged to join this month’s Threat Brief Webinar on May 26th at 12:00pm EST. Topics include adversaries targeting healthcare, Ransomware as a Service, mitigating threats to healthcare workers, RDP vulnerabilities, and the upcoming FTC review of the Health Breach Notification rule. The webinar is free for H-ISAC members and details are sent out on the members’ list server.
TLP White: This week, Hacking Healthcare takes an extended look at digital contact tracing. We begin with an overview of contact tracing and its digital development. Next, we briefly outline some of the political, technical, logistical and legal impediments and considerations of digital contact tracing efforts. We then provide an update on where the United States (U.S.) and other countries are in their efforts to implement digital contact tracing programs. Finally, we wrap-up with some thoughts on what it all means.
TLP White: In this edition of Hacking Healthcare, we begin by examining how COVID-19 led the United Kingdom’s (UK) National Health Service (NHS) to give the country’s intelligence and security agency emergency powers over its networks. We then brief you on a recent letter from Congressional lawmakers and discuss its illustration of the unique challenge of implementing digital contact tracing in the United States. Finally, we take a brief look at why foreign intelligence services are targeting parts of the healthcare sector, and when it might be expected to stop.
TLP White: In this edition of Hacking Healthcare, we begin with a discussion of the H-ISAC’s media kit on medical device security and coordinated vulnerability disclosure and how it will help educate media partners and the general public on those critical issues. Next, we briefly explore the potential security and privacy concerns related to Facebook’s pop-up COVID-19 surveys. Finally, we try and decipher the puzzling and threatening press release that the U.S. State Department issued to an unspecified cyber actor earlier this month.
In this edition of Hacking Healthcare, we explore how COVID-19 is impacting coordinated vulnerability disclosure and why the healthcare sector may be significantly affected. Next, we highlight the newest example of a nation-state using COVID-19 to further geopolitical goals, and we discuss how those efforts may be undermining COVID-19 response efforts. Lastly, we break down insights a group of experts at Oxford may have on the viability and effectiveness of contact tracing apps.
In this edition of Hacking Healthcare, we explore how the rise of telehealth in the wake of COVID-19 has created opportunities to showcase both its many benefits and new privacy and security vulnerabilities. Additionally, in a follow-up to last week, we dive into how a major COVID-19 contact-tracing partnership between Google and Apple impacts the privacy debate.
In this edition of Hacking Healthcare, we take a longer look at the various ways the public and private sector are turning to tech and data-driven solutions to mitigate COVID-19’s health and economic impacts, as well as contemplating the privacy issues that go along with them.
TLP White: In this edition of Hacking Healthcare, we breakdown an unexpected Russian crackdown of a cybercrime ring, and why it probably doesn’t signal a sea change in domestic cyber policy. Next, we brief you on a telehealth ICU solution being rushed to the frontlines of the COVID-19 response and why emerging technologies could help with the next global health emergency. Finally, we examine a global group of cybersecurity volunteers as they attempt to bolster healthcare cybersecurity during a rush of malicious activity.
TLP White: In this edition of Hacking Healthcare, we take an in-depth look at telework. As the spread of COVID-19 has led to social distancing and other policies meant to curb infection rates, many industries are turning to telework to continue operations to the maximum extent possible. Below we outline some of the general challenges of this transition, as well as some specific difficulties the healthcare sector faces in adopting both telework and telehealth. And speaking of which, we start with an announcement from the US National Institute of Standards and Technology (NIST) on their new telehealth initiative.
TLP WHITE: In this edition of Hacking Healthcare, we tackle three significant document releases that will affect numerous aspects of the healthcare sector. First, we dive into the final report issued by the Cyberspace Solarium Commission and recap a handful of recommendations that are likely to have the biggest impact on healthcare cybersecurity and incident response. Next, we briefly break down how the finalization of two Department of Health and Human Services (HHS) rules, the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule and the Interoperability and Patient Access Final Rule, are set to create wholesale changes to the way that healthcare data is accessed by patients.