FL Court Says Data Breach not “Personal Injury,” Senate Privacy Bill, Chinese Huawei and Healthcare Most Vulnerable Sector

TLP White

Authors Note: Greetings from the H-ISAC Summit in San Antonio! I will be around all week and looking forward to meeting as many of you as I can and attending the great sessions. I welcome any and all feedback on how Hacking Healthcare can be better, so if you are here and see me, please stop and say hello.


This week we start by recapping a Florida federal court’s interpretation of an insured’s commercial general liability policy in the context of a data breach.  We also discuss the Consumer Data Privacy Act of 2018, privacy legislation that has been offered up for discussion by Sen. Ron Wyden (D-OR) in the Senate.  We then turn to the US government’s effort to keep its allies from using a Chinese brand of telecommunications equipment due the equipment’s cybersecurity vulnerabilities.  We end by taking a deeper dive into foreign hacks on healthcare systems.

read more…

CISA, UK’s NHS on PHI messaging, More Spectre Meltdown

TLP White: This week we start by addressing a new cybersecurity-focused agency within the Department of Homeland Security (“DHS”).  We also examine new guidelines published by the United Kingdom’s primary health authority regarding medical professionals’ use of messaging applications.  We then discuss similar challenges facing both European and U.S.-based healthcare IT executives, and we end by shedding some light on the continuing problems posed by this year’s Spectre and Meltdown cyber-attacks.


FDA’s Open Source App, NTIA on SBoMs and National Privacy?

TLP White: This week we start by examining FDA’s recent release of an open source app that aims to help healthcare delivery organizations better collect patient data.  We also discuss NTIA’s effort to encourage software component transparency and open communication between healthcare entities.  We end by shedding some light on a possible new push to pass federal privacy legislation in the United States.

read more…

GDPR’s U.S. Impact, Bluetooth, Chinese hacking threats

TLP White: This week we start by examining the impact of the EU’s General Data Protection Regulation (GDPR) and U.S. companies’ initial responses to the law.  We also discuss new vulnerabilities that have been discovered in Bluetooth-enabled devices.  We end by shedding some light on ever-worsening threats of Chinese hacking and conclude that the problem has escalated in some new and alarming ways.

read more…

SEC on Cyber Fraud, FDA’s MD playbook, IoT, MQTT

TLP White: SEC investigative report examining a strain of cyber fraud, FDA’s Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook, NIST’s draft internal report regarding IoT cybersecurity and privacy risk mitigation, and MQTT flaws which have a substantial impact on IoT devices.

read more…