TLP White: This week, Hacking Healthcare continues with coverage on global cybercrime. We have a few new developments to examine before breaking down what they might mean for the healthcare sector. To begin, we try to put this year in cybercrime into perspective by delving into some recently reported statistics from an insurance firm. Next, we briefly examine the results of a major EU-US coordinated takedown of a criminal group that’s responsible for providing financial services to cybercrime gangs. Finally, we look at an interesting new report that suggests employees view stress and fatigue as the biggest factors in their ability to reduce cybercrime vulnerability, rather than a lack of training and awareness.
TLP White: This week, Hacking Healthcare takes a look at how risk management is evolving with the increase of remote work. We start by revisiting the long running Huawei saga to give you an update on a new report from the United Kingdom’s Parliament that is bound to antagonize the Chinese government and potentially lead to reprisals. Next, we briefly examine the United States Cybersecurity and Infrastructure Security Agency’s (CISA) release of guidance for ransomware and telework that could be a useful comparative reference for healthcare organizations. Finally, we dig into a new report on the state of endpoint and Internet of Things (IoT) security with an eye towards how some of the more interesting findings may apply to the healthcare sector.
TLP White: This week, Hacking Healthcare talks ransomware yet again. This pervasive threat continues to plague organizations across all sectors and the globe, and we believe it warrants continued attention.
We begin by exploring what cybersecurity reports from IBM and Microsoft have to say about the current state of ransomware and why new attack trends are specifically noteworthy for healthcare organizations. Next, we look at the just-released Europol report on Internet organized crime to get a sense of the European perspective on ransomware. Finally, we conclude by hopefully alleviating some concern around the recent United States Treasury Department advisory that raised an alarm for those that deal with ransomware remediation.
TLP White: This week, Hacking Healthcare begins by exploring what to expect from the recent announcement by the U.S. Food and Drug Administration (FDA) that the agency has formally launched its Digital Health Center of Excellence. Next, we make note of an update to Health and Human Services’ (HHS) freely available Security Risk Assessment tool and why it may be a good place to start for any HIPAA covered entity looking to facilitate compliance with the Security Rule. Finally, we highlight a recent global study that shows just how serious third-party risk can be for organizations and why it is not an easy problem to solve. Please give us a minute of your time to answer a few questions about this week’s Hacking Healthcare topics. We’ll publish the results in an upcoming issue. Survey link follows the articles below.
TLP WHITE: This week, Hacking Healthcare begins by examining the news that ransomware has been cited as likely being responsible for an individual’s death. Next, we highlight some recent work conducted by the National Institute of Standards and Technology (NIST) that has resulted in a new tool to help organizations fight phishing. Lastly, we brief you on the benefits of the United States Cybersecurity and Infrastructure Security Agency’s (CISA) integration into the CVE process. Please give us a minute of your time to answer a few questions about this week’s Hacking Healthcare topics. We’ll publish the results in an upcoming issue. Survey link follows the articles below.
TLP White: This week, Hacking Healthcare begins by looking at an aspect of insider threats that often doesn’t receive enough attention from those in charge of organizations’ cybersecurity. Next, we assess some bleak statistics on the state of cybercrime during COVID-19 with an eye towards the lessons we might draw from them. Lastly, we update you on the state of cyber insurance by describing three significant developments that have driven organizations to purchase cyber insurance policies.
Please give us a minute of your time to answer a few questions about this week’s Hacking Healthcare topics. We’ll publish the results in an upcoming issue. Survey link follows the articles below.
TLP White: This week, Hacking Healthcare asks readers to start thinking about cyber-physical incidents and how prepared your organization is to deal with the consequences. Next, we break down the recent announcement that China is unveiling their own global data security initiative and what might be expected as a result. Finally, we briefly examine how the Department of Homeland Security’s (DHS) new Binding Operational Directive, which requires government agencies to adopt a Vulnerability Disclosure Policy, affects the healthcare sector.
TLP White: This week, Hacking Healthcare begins with an examination of Health and Human Services’ (HHS) Office of Civil Rights’ (OCR) release of their summer cybersecurity newsletter, which makes the case that implementation of an information technology (IT) asset inventory can aid HIPAA compliance. Next, we brief you on the recent charges levied against ex-Uber Chief Security Officer (CSO) Joe Sullivan for his role in covering up a 2016 data breach and consider what the healthcare sector could do to disincentivize such behavior. Lastly, we breakdown an insider threat attack with a happy ending and consider what organizations can do to mitigate such attacks.
TLP White: This week, Hacking Healthcare is devoted to exploring the physical aspects of data security that, while sometimes easy to overlook, are no less important. This issue will examine the types of incidents members should consider, various legal and regulatory elements, the applicability of insurance, and what practical steps you can take to mitigate threats to physical data security.
TLP White: This week, Hacking Healthcare begins by exploring how healthcare organizations should consider establishing an online presence on social media and communication platforms, even if there doesn’t appear to be a business case for it. Next, we briefly detail the National Security Agency (NSA) and Federal Bureau of Investigation’s (FBI) startling public identification and attribution of Drovorub malware. Finally, we wrap up by breaking down a report detailing consumer views on data privacy and security in the Asia-Pacific region.