FL Court Says Data Breach not “Personal Injury,” Senate Privacy Bill, Chinese Huawei and Healthcare Most Vulnerable Sector
Authors Note: Greetings from the H-ISAC Summit in San Antonio! I will be around all week and looking forward to meeting as many of you as I can and attending the great sessions. I welcome any and all feedback on how Hacking Healthcare can be better, so if you are here and see me, please stop and say hello.
This week we start by recapping a Florida federal court’s interpretation of an insured’s commercial general liability policy in the context of a data breach. We also discuss the Consumer Data Privacy Act of 2018, privacy legislation that has been offered up for discussion by Sen. Ron Wyden (D-OR) in the Senate. We then turn to the US government’s effort to keep its allies from using a Chinese brand of telecommunications equipment due the equipment’s cybersecurity vulnerabilities. We end by taking a deeper dive into foreign hacks on healthcare systems.
TLP White: This week we start by addressing a new cybersecurity-focused agency within the Department of Homeland Security (“DHS”). We also examine new guidelines published by the United Kingdom’s primary health authority regarding medical professionals’ use of messaging applications. We then discuss similar challenges facing both European and U.S.-based healthcare IT executives, and we end by shedding some light on the continuing problems posed by this year’s Spectre and Meltdown cyber-attacks.
TLP White: This week we start by examining FDA’s recent release of an open source app that aims to help healthcare delivery organizations better collect patient data. We also discuss NTIA’s effort to encourage software component transparency and open communication between healthcare entities. We end by shedding some light on a possible new push to pass federal privacy legislation in the United States.
TLP White: This week we start by examining the impact of the EU’s General Data Protection Regulation (GDPR) and U.S. companies’ initial responses to the law. We also discuss new vulnerabilities that have been discovered in Bluetooth-enabled devices. We end by shedding some light on ever-worsening threats of Chinese hacking and conclude that the problem has escalated in some new and alarming ways.
TLP White: Coordinated Vulnerability Disclosure (“CVD”) deep dive, with a focus on the relationship between manufacturers of software and hardware with vulnerability researchers.
TLP White: SEC investigative report examining a strain of cyber fraud, FDA’s Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook, NIST’s draft internal report regarding IoT cybersecurity and privacy risk mitigation, and MQTT flaws which have a substantial impact on IoT devices.
TLP White: Maryland library system breach, a new law in California banning weak passwords, and global supply chain risks, including the ones that you did not see coming.
TLP White: Name and shame tactics, Facebook breach and third-party apps, authentication,a new law in New Zealand permitting custom agents to search digital devices.
TLP White: FDA’s plans to advance innovation in digital health, a recently resolved bug on the Twitter platform, DHS’s effort to understand and mitigate supply chain risks and how the Middle East is integrating technology to solve healthcare challenges. Welcome back to Hacking Healthcare:
TLP White: data breach negligence claim, infected websites in search engines results and proposed data storage legislation in India.