H-ISAC Hacking Healthcare 8-18-2020

TLP White: This week, Hacking Healthcare begins by exploring how healthcare organizations should consider establishing an online presence on social media and communication platforms, even if there doesn’t appear to be a business case for it. Next, we briefly detail the National Security Agency (NSA) and Federal Bureau of Investigation’s (FBI) startling public identification and attribution of Drovorub malware. Finally, we wrap up by breaking down a report detailing consumer views on data privacy and security in the Asia-Pacific region.

(more…)

H-ISAC Hacking Healthcare 8-11-2020

TLP White: This week, Hacking Healthcare begins by exploring just how significant the Trump Administration’s recent Executive Order targeting WeChat may be for those in the healthcare sector. We then conclude this issue by breaking down the recent news that China has started to block HTTPS traffic that used TLS 1.3 and ESNI, including why, how, and what it means for healthcare organizations.

Note: On the subject of TLS 1.3, we point you to a NIST workshop taking place this Thursday (August 13th) where you can learn more.

https://www.nccoe.nist.gov/events/virtual-workshop-challenges-compliance-operations-and-security-encrypted-protocols-particular

read more…

H-ISAC Hacking Healthcare 8-4-2020

TLP White: This week, Hacking Healthcare explores the ramifications of the European Union’s decision to sanction malicious cyber actors for the first time ever, including why it may only really benefit the healthcare sector in the long-term. Following that, we brief you on an evolution in disinformation campaigns that makes trusting online sources even harder.

read more…

H-ISAC Hacking Healthcare 7-28-2020

TLP White: This week, Hacking Healthcare explores 2020 ransomware trends, including the concerning growth of ransomware that incorporates data exfiltration and what that means for healthcare organizations. Next, we examine the charges the US government has brought against two Chinese hackers accused of a decades long cyber campaign and what the US hopes to gain from the disclosure. Lastly, we investigate the growing support for active cyber defense in Australia and what the short-term and long-term effects could be for the healthcare sector.

read more…

H-ISAC Hacking Healthcare 7-21-2020

TLP White: This week, Hacking Healthcare explores the recent Schrems II decision that invalidated the US-EU Privacy Shield Framework and all of the uncertainty that comes with it. Next, we brief you on how the UK’s rush to implement contact tracing has run afoul of privacy regulations and ponder the effect of regulation on emergency response. Finally, wrapping up our European coverage, we break down the UK’s decision to remove Huawei from its telecommunications networks and what effects that may have on their cybersecurity.

read more…

H-ISAC Hacking Healthcare 7-15-2020

TLP White:

This week, Hacking Healthcare explores the full scope of China’s intelligence gathering operations against healthcare entities in the United States and its allies in the wake of COVID-19 and outlines some practical and inexpensive ways to boost security. Next, we review how individual states are taking steps to permanently embrace telehealth changes and discuss what you can expect on telehealth from a federal standpoint. Finally, we briefly explain how a smartwatch and an accompanying healthcare related app demonstrate the security issues of not having comprehensive visibility into a product’s underlying code.  Welcome back to Hacking Healthcare.

read more…

H-ISAC Hacking Healthcare 7-7-2020

TLP White: This week, Hacking Healthcare begins by providing a brief overview of how a major European law enforcement operation, made possible by cracked encryption, is likely to further fuel the long simmering encryption debate within the United States. We then wrap up by exploring the FCC’s decision to formally name Chinese firms Huawei and ZTE as national security threats and how the trickle-down effects may impact healthcare.

read more…

H-ISAC Hacking Healthcare 7-1-2020

TLP White: This week, Hacking Healthcare takes an in-depth look at one of the more unique and interesting governmental processes that has a significant influence on cybersecurity in the private sector. The Vulnerabilities Equities Process (VEP) may not be something you are familiar with, but it is important that healthcare sector entities are aware of what it is (and isn’t), its impact, and what they can and should be doing in response to it.

read more…

Health-ISAC Hacking Healthcare 6-24-2020

TLP White: This week, Hacking Healthcare revisits digital contact-tracing to keep you updated on the latest developments around the world. Additionally, we briefly remind you about the ingenuity of malicious actors by recounting how LinkedIn was weaponized to compromise European aerospace and defense firms. Lastly, we recap the alarming release of a redacted report on the Central Intelligence Agency’s (CIA) deeply regrettable cybersecurity practices.

read more…

Health-ISAC Hacking Healthcare 6-17-2020

TLP White: This week, Hacking Healthcare looks at the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) announcement of a new strategy to protect Industrial Control Systems (“ICS”) in critical infrastructure sectors from cyberattack. Next, we break down recent threat research that illustrates just how quickly misconfigured databases in cloud environments can be found and exploited by malicious actors, but why that shouldn’t dissuade healthcare organizations from implementing them. Lastly, we look at a project backed by the U.S. National Science Foundation (“NSF”) to secure patient data related to COVID-19 research and explore its implications.

read more…

Translate »