H-ISAC Hacking Healthcare 12-3-19

TLP White: In this edition of Hacking Healthcare, we give you an update on yet another case of cyber insurance falling short of covering an expected cost. We then explore the possibility of Iran creating a “white list” for foreign websites. Finally, we discuss the potential impact of China stepping up intellectual property protections and cracking down on IP theft.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 11-26-19

TLP White: In this edition of Hacking Healthcare, we brief you on yet another wide-ranging ransomware attack that was exacerbated by environmental factors. Additionally, we examine a new Russian law that would require Russian software to be pre-installed on products. Finally, we explain what to expect from the Cyberspace Solarium Commission, a congressionally-mandated task force charged with reviewing U.S. cyber strategy and recommending policy changes.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 11-19-19

TLP White: In this edition of Hacking Healthcare, we take a look at the recent news concerning Google’s project Nightingale. Then, keeping with big IT and healthcare, we examine Apple’s latest foray into healthcare research. Finally, we remind ourselves that the threat is real.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 11-13-19

TLP White: In this edition of Hacking Healthcare, we explore insider threats and the various ways they can negatively impact organizations. First, we analyze how the convergence of geopolitics and insider threats have led GitLab to consider banning individuals of certain nationalities from critical positions. Next, we brief you on how an insider threat at Trend Micro led to tailored scam attacks against their customers. Finally, we examine the case of two Twitter employees charged with spying for the Saudi Arabian government.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 11-6-19

TLP White: In this edition of Hacking Healthcare, we lead off by providing you with a few important announcements from the National Institute of Standards and Technology (“NIST”).  We then discuss the use of a critical hospital technology and how it has led to public web-streaming of sensitive healthcare information. Next, we fill you in on the rise of attacks against managed service providers, and we explore what that means for small businesses and government entities. We then explore how a group of 15 technology companies are challenging a key assumption of the talent shortage in the cybersecurity workforce. Finally, we give you a brief update on how Norsk Hydro’s cyber insurance payout is fueling skepticism in the cyber insurance market.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 10-29-19

TLP White: In this edition of Hacking Healthcare we breakdown the United Kingdom’s National Cyber Security Centre’s annual review. Next, we examine the Department of Homeland Security’s push for U.S. federal agencies to implement vulnerability disclosure programs. Finally, we lament the discovery of another set of unsecured medical databases and what you should do when it comes to securing sensitive data in the cloud.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 10-22-19 Geopolitics Issue

TLP White: We’ve dedicated this edition of Hacking Healthcare to giving you a primer on some of the impacts geopolitical tensions can have on healthcare organizations, particularly in relation to technology and cybersecurity considerations. By outlining how geopolitics can lead to sanctions, impact third-party dependencies, create unanticipated competition, and increase the likelihood of cyberattacks and IP theft, we hope you will be better positioned to prepare and respond going forward.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 10-15-19

TLP White: In this edition of Hacking Healthcare, we begin by exploring major proposed changes to the Domain Name System—an Internet mainstay that maps IP addresses to website names. Next, we explore the possibility of the Department of Homeland Security gaining new subpoena powers. Finally, we wrap up with a quick briefing of the U.S. Food and Drug Administration’s Cybersecurity Bill of Materials and its potential shortcomings.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare blog 10-8-19

TLP White: In this edition of Hacking Healthcare, we begin by reviewing the troubling news that 10 hospitals were impacted by ransomware last week. Next, we briefly explore why ransomware, despite constant presence in news headlines, is not as well understood as might be hoped. Finally, we examine a survey that strongly ties an organization’s cybersecurity maturity to favorable valuations in mergers and acquisitions.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…

H-ISAC Hacking Healthcare 10-1-19

TLP White: In this edition of Hacking Healthcare we begin by catching up with the latest effort to establish global cyber norms. Next, we look at another high profile company whose woefully inadequate cybersecurity processes have landed it in hot water. Finally, we explore the implications of a recent D.C. circuit court opinion on data breach victims seeking redress.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

read more…