TLP White: This week, Hacking Healthcare begins with another look at ransomware. Specifically, we analyze trends that emerged throughout the past year, data from the last quarter of 2020 and what it tells us about where things are headed, and why ransomware becoming less lucrative for cyber criminals may actually be harmful to the healthcare sector. We wrap up by breaking down a non-traditional cyber ‘threat’ that has the potential to harm vaccination roll-out, and why solutions may not be so easy to come by.
TLP White: This week, Hacking Healthcare begins with news that the U.S. Food and Drug Administration (FDA) looks set to appoint an Acting Director of Medical Device Cybersecurity, a significant step in ensuring medical device cybersecurity keeps pace with evolving threats. Next, we detail how two multi-national law enforcement efforts that derailed major cybercrime operations bodes well for international cooperation in 2021. Finally, we break down a GDPR compliance risk that may be overlooked by those working remotely and could open organizations up to increased risk of regulatory penalties.
TLP White: This week, Hacking Healthcare begins with a brief overview of the HIPAA Journal’s 2020 Healthcare Data Beach Report and zeros in on one particular vulnerability that the healthcare sector should look to address in 2021. Next, we update you on a German healthcare act that addresses the importance of security when it comes to IT modernization, and we consider how it might be a useful case study for appropriately crafted cybersecurity legislation going forward. Finally, another incident involving contact-tracing programs segues us into a broader discussion on remote work policies and their impact on IT security.
TLP White: This week, Hacking Healthcare takes a look at a court ruling that could impact the Department of Health and Human Services (HHS) Office of Civil Rights’ (OCR) imposition of penalties relating to HIPAA violations. Next, we briefly analyze some new data that suggests healthcare web applications are increasingly being targeted by malicious cyber actors, and we explore why a return to normalcy for healthcare cybersecurity may be a bit further down the line than we might hope. We then jump into the disturbing news that stolen documents related to COVID-19 vaccines were manipulated and leaked on the Internet and discuss their potential to stoke public mistrust. Finally, we quickly acknowledge the positives associated with HHS’ apparent decision to appoint its first ever Chief Artificial Intelligence Officer.
TLP White: This week, Hacking Healthcare attempts to outline some of what the healthcare sector can expect as the Biden administration looks to begin its term. Specifically, what does the new administration’s stance on cybersecurity mean for healthcare and who will be important figures in helping to create and implement policies that protect critical infrastructure. We wrap up with a quick breakdown of issues the healthcare sector may wish to promote during the transition.
TLP White: Welcome to 2021! This week, Hacking Healthcare begins by breaking down the United States (US) National Institute of Standards and Technology’s (NIST) newly published final guidance on securing Picture Archiving and Communication System (PACS). Next, we evaluate what the European Commission’s approval of Google’s Fitbit acquisition means for healthcare data privacy and security as technology companies continue to enter the space. Finally, we examine how Singapore’s successful digital contact-tracing effort is quickly becoming a cautionary data privacy tale.
TLP White: This week, Hacking Healthcare begins by exploring the initial fallout from the recent SolarWinds Orion hack. We specifically look to evaluate what happened, what the hack accomplished, and what healthcare organizations may wish to do to secure themselves in its wake. Then, yet another healthcare agency with connections to COVID-19 has been targeted by malicious threat actors, and we dive into the still evolving story of the European Medicines Agency (EMA) attack.
TLP White: This week, Hacking Healthcare briefly draws your attention to more great work going on at the National Institute of Standards and Technology (NIST) in the healthcare space. We then move to an analysis of the U.S. Government Accountability Office’s (GAO) new technology assessment report on AI in healthcare. It’s a comprehensive look at an emerging technology that holds considerable promise while posing significant challenges. Next, we update you on the concerning development that a sophisticated phishing campaign has been targeting the COVID-19 vaccine distribution supply chain. Finally, we wrap up with a rundown of TrickBot’s newest capability and why you might want to brush up on your awareness of this nasty piece of malware.
This week, Hacking Healthcare looks at proposed legislation from the United Kingdom (U.K.) that appears to signal the country is resolutely moving forward with the banishment of Huawei from its telecommunications infrastructure. We break down what it means for the U.K., other countries in similar positions, and users of the U.K.’s networks. Next, we briefly reiterate how the blurring of the cyber/physical divide is opening up new attack vectors that draw attention to the need for cyber-biosecurity. Lastly, we provide a quick recap of major findings from the Healthcare Information and Management Systems Society (HIMSS) 2020 Cybersecurity Survey.
This week, Hacking Healthcare looks at what the announcement of the United Kingdom’s (U.K.) National Cyber Force means for the country, for malicious cyber actors, and possibly for international cyber norms. Next, we examine Symantec’s breakdown of an enormous Chinese state-sponsored cyber campaign against Japanese-linked organizations, and we provide our thoughts on what healthcare organizations might learn from it. Finally, we recap a newly released ransomware resiliency report and highlight considerations healthcare organizations may wish to address.