Post Topic: Hacking Healthcare

TLP White

This week, Hacking Healthcare begins by examining the Federal Trade Commission’s proposed rulemaking on harmful commercial surveillance and lax data security. We briefly explain why healthcare sector members might want to engage with the FTC’s process, despite its potential completion being many years from now. Then, we break down some takeaways from a recent ransomware attack that put a French hospital out of commission, including what to make of the prevalence of healthcare sector attacks, as well as posing questions about the role of government.

TLP White

This week, Hacking Healthcare begins by examining a new Department of Homeland Security Report that tasks the Cybersecurity and Infrastructure Security Agency (CISA) with doing more to improve their cyber information sharing with private sector partners. Next, we play six degrees of separation as we show how Janet Jackson relates to cyber resiliency. No, really.

TLP White

This week, Hacking Healthcare begins by examining recent steps that the U.S. is taking to increase international cooperation around cybersecurity threat information sharing, and we discuss how that might flow down to private sector partners. Next, we cover how an attack on a managed service provider (MSP) in the U.K. has had disastrous effects on the National Health Service (NHS) and then attempt to find some useful takeaways for Health-ISAC members.

TLP White

This week, Hacking Healthcare begins by examining a new draft publication from the National Institute of Science and Technology (NIST) that is meant to help organizations comply with the HIPAA Security Rule. We briefly break down the new document’s contents and explain how Health-ISAC members can contribute to improving the draft. Then we briefly highlight the work of a new U.S. government council that is attempting to tackle the problem of an increasing amount of unaligned cybersecurity incident-reporting regimes that threaten to place a heavy burden on cyber attack victims.

TLP White

This week, Hacking Healthcare begins by examining a court case in Illinois, where an insurance provider has taken a client to court to nullify a cyber insurance policy over the client’s misrepresentation of the security controls they claimed to have had in place. Then, we briefly assess the slowly diverging legal and regulatory regimes of the U.K. and the E.U. by looking at what a new data protection reform bill and an A.I. policy paper might mean for the healthcare sector.

TLP White

This week, Hacking Healthcare begins by exploring what the Biden administration’s new Executive Order (EO), Protecting Access to Reproductive Health Care Services, may mean for entities subject to HIPAA.  Next, we briefly cover why the National Institute of Standards and Technology’s (NIST) announcement of post-quantum cryptographic algorithms will be important to the healthcare sector.

TLP White

This week, Hacking Healthcare begins by trying to untangle how an alleged hacktivist cyberattack in Iran might signal the need for healthcare to start thinking about the possibility of being the target of similar destructive attacks, albeit for different reasons. Next, we look at a Federal Bureau of Investigation (FBI) Public Service Announcement (PSA) on how cybercriminals are using emerging technology to find inventive ways of getting access to an organization’s systems.

TLP White

This week, Hacking Healthcare begins with a final call for members interested in participating in this year’s Hobby Exercise. Next, we break down what lessons can be learned from the news that an Iranian-backed threat actor’s attempted targeting of a children’s hospital was thwarted. Finally, we analyze what the response might be to the admission by the director of U.S. Cyber Command to have conducted offensive operations in support of Ukraine.

TLP White

This week, Hacking Healthcare begins with a reminder that the Health-ISAC is looking to hear from members interested in participating in this year’s Hobby Exercise. We then examine a new report from the U.S. Senate that laments the lack of data on ransomware and the government’s response to it. We evaluate the report’s findings, attempt to glean what its recommendations might mean for follow on actions from Congress, and provide our take as to why things may be looking up.