H-ISAC Hacking Healthcare 5-27-2020
TLP White: This week, Hacking Healthcare begins by updating you on the ongoing saga of contact tracing efforts, including how Europe is set to be a testbed for Apple and Google’s digital approach. Next, we explore how a South Korean telecommunications company is harnessing AI to help augment local healthcare organizations. Finally, we look at what a recent U.N. working group report on malicious cyber activity against healthcare and other critical infrastructure sectors might mean.
Welcome back to Hacking Healthcare.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)
1. Apple and Google’s Contact Tracing Effort Begins Roll Out.
Last Wednesday, the first component of Apple and Google’s contact tracing partnership found its way onto Android and iOS operating systems. The component, “exposure notifications,” is the first step in helping health authorities develop mobile applications that will inform individuals when they may have been exposed to COVID-19.[1]
Mobile phone users whose devices operate the latest version of either iOS or Android can now find an opt-in function within their phone’s settings which will allow them to connect to healthcare applications that make use of the technology. It is important to note that this technical addition to both mobile operating systems is just a framework. It will now be up to state and local governments and healthcare institutions to implement the technology with their own applications.
In some countries, this may not take long. Switzerland has already claimed to have launched the first application incorporating Apple and Google’s component. According to the BBC, “Members of the Swiss army, hospital workers and civil servants can now install the SwissCovid app ahead of a planned wider rollout.”[2] Another European country, Latvia, claims they will not be far behind in deploying their own version.[3] Many other European countries have publicly committed to adopting Apple and Google’s approach and it is expected that this will allow easier integration and interoperability.[4] It will be worth watching how these efforts develop and what lessons may be learned for subsequent adopters.
Analysis & Action
*H-ISAC Membership Required*
2. South Korean Telecom Taps AI to Assist COVID-19 Response.
In another example of emerging technologies being harnessed for healthcare purposes, it was reported last week that South Korean telecommunications company, SK Telecom, has employed its artificial intelligence (“AI”) calling platform for COVID-19 check-ins. The service is currently active for 1,500 residents, with plans for expansion dependent upon agreements with local government entities.[5]
The platform is intended to help ease the burden on local health authorities during the COVID-19 response by automating part of the resource intensive task of monitoring individuals placed in mandatory quarantine. The AI, named Nugu, will call the needed individuals twice daily to ascertain their health status through a series of questions.[6] The data that is collected from the responses will then be sent to the relevant health authorities. If successful, the platform should be able to deliver needed health data faster while easing the number of trained professionals needed to carry out the time intensive procedures.
Analysis & Action
*H-ISAC Membership Required*
3. United Nations Working Group Tackles Healthcare Cyberattacks.
Last week, the United Nations (“U.N.”) Open Ended Working Group (“OEWG”) working on information communications technology (“ICT”) security released a report proposal aimed at providing guidance on implementing norms to combat malicious cyber activity against healthcare services and facilities. The report proposal appears to stem from the noted increase in cyber-attacks targeting healthcare sectors of various countries as a result of COVID-19 and could be a step towards greater U.N. action.
While the actual text more broadly applies to critical infrastructure of all kinds and notes the influx of all types of COVID-19 related malicious cyber activity, healthcare is specifically called out. The report notes that all countries consider the healthcare sector to be critical infrastructure, making it an ideal example.[7] As for the text, the proposal states that:
- – A State should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public.[8]
- – States should take appropriate measures to protect their critical infrastructure from ICT threats, taking into account General Assembly resolution 58/199 on the creation of a global culture of cybersecurity and the protection of critical infrastructures, and other relevant resolutions.[9]
As of its publication, Australia, Estonia, Japan, the Czech Republic, Kazakhstan, and the United States have signed on as supporters, but more are welcome and seem likely to endorse it.
Analysis & Action
*H-ISAC Membership Required*
Congress –
Tuesday, May 26th:
– No relevant hearings
Wednesday, May 27th:
– No relevant hearings
Thursday, May 28th:
– House – Committee on Education and Labor – Subcommittee on Workforce Protections: “Examining the Federal Government’s Actions to Protect Workers from COVID-19.”
International Hearings/Meetings –
– No relevant hearings
EU –
Thursday, May 28th:
– European Parliament – Committee on Environment, Public Health, Food Safety
Conferences, Webinars, and Summits –
— H-ISAC Virtual Security Workshop: Securing Medical Device Infrastructure on a Shoestring Budget – Webinar (5/27/2020)
https://h-isac.org/hisacevents/nz-virtual-workshop/
–Shared Solution Webinar: Managed Threat Detection for the Rest of Us – Webinar (5/28/2020)
https://h-isac.org/hisacevents/managed-threat-detection-for-the-rest-of-us/
H-ISAC Shared Solutions: Adapting Your Third-Party Program to Rapidly Changing Times (TLP White) – Webinar (6/2/2020)
–Identity for the CISO – Becoming ‘Identity-Centric’ – Webinar (6/3/2020)
https://h-isac.org/hisacevents/identity-for-the-ciso/
— An H-ISAC Framework for CISOs to Manage Identity – Webinar (6/10/2020)
https://h-isac.org/hisacevents/framework-for-cisos-to-manage-identity/
— Life as a CISO by Axonius
https://h-isac.org/hisacevents/life-as-a-ciso-axonius/
–AAMI Exchange – New Orleans, LA (6/12/2020-6/15/2020)
https://h-isac.org/hisacevents/aami-exchange/
H-ISAC Monthly Member Threat Briefing – Webinar (6/30/2020)
https://h-isac.org/hisacevents/h-isac-monthly-member-threat-briefing-9/
–Healthcare Cybersecurity Forum – Mid-Atlantic – Philadelphia, PA (7/17/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/426497
–Healthcare Cybersecurity Forum – Rocky Mountain – Denver, CO (7/20/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/426499
–Healthcare Cybersecurity Forum – Southeast – Nashville, TN (9/9/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/426517
–H-ISAC Security Workshop – Greenwood Village, CO (9/16/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-greenwood-villiage-co/
–Healthcare Cybersecurity Forum – Northeast – Boston, MA (9/22/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/427126
–H-ISAC Cyber Threat Intel Training – Titusville, FL (9/22/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-titusville-fl/
–H-ISAC Security Workshop – Forchheim, Germany
https://h-isac.org/hisacevents/h-isac-security-workshop-forchheim-germany/
–Summit on Security & Third Party Risk – National Harbor, MD (9/28/2020-9/30/2020)
GRF Summit on Security & Third Party Risk Digital Series
–Healthcare Cybersecurity Forum – Texas – Houston, TX (10/8/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/428840
–CYSEC 2020 – Dubrovnik, Croatia (10/27/2020 – 10/28/2020)
https://h-isac.org/hisacevents/cysec-2020-croatia/
–H-ISAC Security Workshop – Mounds View, MN (10/27/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-buffalo-ny/
–Healthcare Cybersecurity Forum – Pacific Northwest – Seattle, WA (10/28/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/428886
–H-ISAC Security Workshop – Seattle, WA – (10/29/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-seattle-wa-2/
–Healthcare Cybersecurity Forum – California – Los Angeles, CA (11/12/2020)
–H-ISAC Security Workshop – Paris, France (11/18/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-paris-france/
Sundries –
–HSCC Shares Guide to Protecting Healthcare Trade Secrets, Research
https://healthsectorcouncil.org/hic-pic/
–Coronavirus: NHS app paves the way for ‘immunity passports’
https://www.bbc.com/news/technology-52807414
Contact us: follow @HealthISAC, and email at contact@h-isac.org
[1] https://www.mobihealthnews.com/news/apple-googles-contact-tracing-api-goes-live
[2] https://www.bbc.com/news/technology-52807635
[3] https://www.reuters.com/article/us-health-coronavirus-tech-latvia/latvia-to-launch-google-apple-friendly-coronavirus-contact-tracing-app-idUSKBN23118I
[4] https://www.reuters.com/article/us-health-coronavirus-tech-latvia/latvia-to-launch-google-apple-friendly-coronavirus-contact-tracing-app-idUSKBN23118I
[5] https://www.zdnet.com/article/sk-telecom-deploys-ai-voice-call-to-assist-covid-19-quarantine/
[6] https://www.zdnet.com/article/sk-telecom-deploys-ai-voice-call-to-assist-covid-19-quarantine/
[7] https://unoda-web.s3.amazonaws.com/wp-content/uploads/200311-Pre-Draft-OEWG-ICT.pdf
[8] https://unoda-web.s3.amazonaws.com/wp-content/uploads/200311-Pre-Draft-OEWG-ICT.pdf
[9] https://unoda-web.s3.amazonaws.com/wp-content/uploads/200311-Pre-Draft-OEWG-ICT.pdf
- Related Resources & News
- Leveraging ISO 81001-5-1 Amid Medical Device Procurement
- Mitigating risk as healthcare supply chain attacks prevail
- Enhancing Cybersecurity in Rural Hospitals
- Health-ISAC Hacking Healthcare 11-15-2024
- Cyber Incident Response: Playbook for Medical Product Makers
- Feds Warn of Godzilla Webshell Threats to Health Sector
- Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs
- Health-ISAC Hacking Healthcare 11-7-2024
- Protecting the Healthcare Supply Chain Against Russian Ransomware Attacks
- All hospitals should be concerned about cyberattacks. Here’s why