Equifax Breach Update, Cyber-Ready Countries, Healthcare Cybersecurity Challenges

TLP White: In this edition of Hacking Healthcare, we update you on the fall out of the Equifax data breach and summarize the leading theory on the culprit of the attack.  We then discuss a recent report ranking sixty countries on their cyber threat readiness.  Finally, we examine some alarming statistics indicating that cybersecurity challenges continue to beleaguer the healthcare industry.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC.

read more…

Facebook,Crypto, VPN App Risk

TLP White: In this edition of Hacking Healthcare, we detail the outcome of a German competition agency’s recent investigation into Facebook’ data practices.  Then, we examine Canadian crypto giant QuadrigaCX’s loss of assets and access to its digital coins.  Finally, we discuss a bipartisan effort asking the Department of Homeland Security to recognize that VPN apps could pose a national security risk.

Welcome back to Hacking Healthcare.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

HIPAA Update? Ethical hacking risk, and evolving Ransomware

TLP White – In this edition of Hacking Healthcare, we explore the potential to update one of the landmark bills in healthcare.  Then, we examine the case of a Hungarian white hat and the risks of being an ethical hacker.  Finally, we detail how ransomware is evolving, and how that change could require a rethink in policy.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Medical “Right to be forgotten,” GDPR-Ready, Clinical AI

TLP White: In this edition of Hacking Healthcare, we explore a recent ruling in a “right to be forgotten” case that has a connection to the healthcare sector. Then, we examine evidence of the cybersecurity benefits of being GDPR-ready.  Finally, we detail a report on the issues affecting integration of AI into clinical decision support that parallels other technology use cases in healthcare.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC.

read more…

New Malware Variants, Telecom Legislation, GDPR Enforcement Actions

TLP White: In this edition of Hacking Healthcare, we begin by describing two new malware variants and their methods of infiltrating protected systems.  Then, we turn, again, to U.S. legislators’ efforts to crack down on Chinese telecom giants via export control legislation.  Finally, we discuss General Data Protection Regulation (“GDPR”) enforcement actions instituted by European regulators that could result in hefty fines for companies who have violated the law.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Cyber Liability, a GDPR Violation First, HackenProof Discovers Chinese exposures

TLP White: In this edition of Hacking Healthcare, we begin by discussing a cyber liability insurer’s invocation of a not-so-obscure contractual exclusion to attempt to avoid paying out on an insured’s claim.  Then, we turn to an alleged General Data Protection Regulation (“GDPR”) violation that resulted in the first ever GDPR fine imposed by a Portuguese data authority on a hospital system.  Finally, we discuss a recent discovery made by a bug bounty and vulnerability researcher conglomerate which revealed that the resumes and personal data of over 200 million Chinese citizens had been exposed online.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

NIST Projects, HHS Cyber Guide, Australia EWN Hacked

TLP White
This week we start with a discussion of two National Institute of Standards and Technology (“NIST”) projects that directly address cybersecurity weaknesses in existing healthcare processes. We then turn to a new four volume Department of Health and Human Services (“HHS”) publication that serves as a voluntary, best practices guide for healthcare entities of all sizes to use to improve their organizational approaches to cybersecurity. We end by describing a recent hack into an Australian early warning network system, emphasizing the need for increased protection of vulnerable communication networks everywhere.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Cybersecurity and Privacy 2019 updates from U.S., E.U., Australia and India.

TLP White: In this New Year edition of Hacking Healthcare, we look ahead to a number of regulatory shifts on the horizon for international cybersecurity and data privacy.  Specifically, we examine the approaches Australia, India, the European Union (“EU”), and the United States (“US”) have signaled they will take to cybersecurity and privacy in 2019.  We summarize these countries’ proposed frameworks, map the rapidly changing cybersecurity and privacy landscape, distill some themes and recurring issues, and predict trends and outcomes for the New Year.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog.

read more…

Iranian Phishing Technique, China Implicated in Hack, Law Updates

TLP White

 

This week we start by looking at a phishing technique used by Iranian hackers to circumvent two-factor SMS authentication protections.  We then turn to the Marriott data breach and regulators’ claims that China is to blame for the hack, and we discuss a recent Pennsylvania case that could have lasting implications on employers’ efforts to protect employee data.  We end by adding some color to last week’s summary of Australia’s Assistance and Access law, a piece of legislation that allows government agencies to access previously unreachable digital communications in order to assist law enforcement efforts.

read more…

Apple Watch 4, Crypto Crackdown, Multi-state HIPAA Lawsuit

TLP White: This week we start by discussing a new software update from Apple that allows some smart watch owners to undergo electrocardiogram scans and heart rate monitoring at the touch of a button.  We then turn to the Department of Treasury’s effort to crack down on hackers by prohibiting ransomware payments to particular cryptocurrency addresses.  We’ll look at Australia, who decided they know best about encryption, and we will end by taking a deeper dive into a health information data incident that has caused a number of states to join forces by bringing a HIPAA lawsuit against the breached company.

read more…