Post Topic: Hacking Healthcare

TLP White

This week, Hacking Healthcare begins with a reminder that the Health-ISAC is looking to hear from members interested in participating in this year’s Hobby Exercise. Next, we breakdown the recent Department of Justice policy change that states they will no longer attempt to prosecute good-faith cybersecurity researchers. Finally, we wrap up with a quick breakdown of two government cyberattacks that have impacted healthcare services and discuss what warning it might serve to other smaller and less well-resourced countries.

TLP White

This week, Hacking Healthcare begins with a look at the growing regulatory and legislative efforts to address medical device cybersecurity. We will break down what the various guidance and regulations ask for or would require, what their chances are going forward, and what might be coming next. Then, we provide a preview of what to expect from the European Union’s (EU) update to its Network Information Security Directive (NIS). The updated directive appears poised to add tens of thousands of new entities to its scope and introduces controversial aspects like cyber incident reporting.

TLP White

This week, Hacking Healthcare begins with a call for participants for this year’s Hobby Exercise. Next, we examine recent statements from American officials in the intelligence and defense community that caution against underestimating the Russian cyber threat. The officials point to serious infrastructure attacks in Ukraine as evidence that critical infrastructure in the United States should keep up its guard. We then dive into two recent documents published from the Health Sector Coordinating Council (HSCC). Specifically, we evaluate what members can gain by assessing their guidance on vulnerability communications as well as guidance on responding to and recovering from cyber incidents that create extended enterprise outages.

TLP White

This week, Hacking Healthcare examines a new report from the European Union Agency for Cybersecurity (ENISA) on the state of coordinated vulnerability disclosure (CVD) within the EU. In addition to outlining the challenges to CVD policy alignment we discuss the Health-ISACs role in the CVD process. Next, we explore what appears to be coordinated sabotage of internet infrastructure in France and reiterate the importance of planning for unforeseen service outages. Finally, we cover a concerning new cybersecurity incident reporting regime coming into force in India.

TLP White

This week, Hacking Healthcare examines how a United States law enforcement agency was given legal backing to remotely access private devices to cleanse malware. This operation raises interesting legal questions as well as concerns over the potential for accidental harm. Then, we provide thoughts on how the United States government’s attempts at public-private collaboration keep falling short.

TLP White

This week, Hacking Healthcare examines Singapore’s 2018 Cybersecurity Act.  In particular, we breakdown what their “light-weight” licensing framework will mean for healthcare organizations that employ penetration testing and managed security operations centers.  We then evaluate a new legislative bill introduced in the United States Senate that would require the Department of Homeland Security (DHS) to share cybersecurity information with legislative bodies more quickly.  We take a look at how this legislation could impact the private sector organizations that share sensitive information, like technical indicators, with government entities.

TLP White

This week, Hacking Healthcare focuses on the United States and begins by breaking down a new senate bill that looks to improve healthcare cybersecurity.  We examine why the bill may not end up being as impactful as its drafters may hope despite its good intentions.  Next, we explore what a cybercrime statistics bill would and wouldn’t accomplish in helping to improve the nation’s ability to tap into comprehensive cybersecurity statistical data.