State Breach Notification Laws, Info Sharing…

Posted by: Julia Annaloro      Date: May 22, 2018

TLP White

 

As promised, this week we primarily focus on a roundup of state breach notification laws and related federal proposals.  To do so, we begin with the MyFitnessPal breach to set the stage.  We also discuss a new approach to improving information sharing between the private sector and the government and conclude with one last GDPR reminder before the highly anticipated EU regulation goes into effect on the 25th.  Welcome back to Hacking Healthcare:
 
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of NH-ISAC.

Read full blog below:

Hacking-Healthcare-5.22.2018-TLP-White-1

Hack-Back Veto, NIST, DHS Cyber, MS 365, Vendor Bans

Posted by: Julia Annaloro      Date: May 15, 2018

TLP White

We start with a Governor’s veto of a bill that would have criminalized unauthorized computer access and permitted companies to engage in hack-back activity.  We then highlight a recently issued NIST request for input on improving the cybersecurity of healthcare imaging systems and discuss a new report that claims the DHS plans to take on new initiatives to curb systemic cyber risk and supply chain threats. We also address a new zero-day vulnerability discovered in Microsoft Office 365 and conclude with a discussion about the effect a US government’s ban on vendors would have on businesses.  Welcome back to Hacking Healthcare:

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of NH-ISAC.

Read full blog below:

Hacking Healthcare 5.15.2018 TLP White

 

Vulnerability Response, AI, Wi-Fi & MD, IoT & ICS

Posted by: Julia Annaloro      Date: May 09, 2018

TLP White

 

We start with a new vulnerability discovered in a multinational energy company’s software and then address a Wi-Fi flaw associated with medical devices.  We also discuss the impact voice assistant devices are having on doctors and shed some light on Artificial Intelligence in healthcare.  We conclude with a discussion on Microsoft’s new approach to IoT and ICS Devices.  Welcome back to Hacking Healthcare:

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of NH-ISAC.

Read full blog below:

Hacking Healthcare 5.8.2018 TLP White

Privacy Bill, Vulnerability Input, Amazon Echo, HPH SCC

Posted by: Julia Annaloro      Date: May 01, 2018

TLP White

We start this week with news coming out of Congress, including a new privacy bill in the Senate and then we’ll discuss a recent House Committee announcement asking for the public’s input on ways to reduce cybersecurity vulnerabilities.  We then shed some light on a medical transportation service breach and focus on a new report discussing a privacy issue surrounding the Amazon Echo.  We also address a major change at the Healthcare and Public Health Sector Coordinating Council and conclude with a discussion about supply chain cybersecurity threats.  Welcome back to Hacking Healthcare:

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of NH-ISAC.

Read full blog below:

Hacking Healthcare 5.1.2018 TLP White

FDA MD Plan, NIST Updates, Hybrid Cloud, ICANN

Posted by: Julia Annaloro      Date: April 24, 2018

TLP White

FDA recently released a new medical device plan which includes cybersecurity and the NIST updated its well-known Cybersecurity Framework.  We then focus on the use of hybrid cloud systems and shed some light on Facebook’s new attempt at privacy in the wake of Cambridge Analytica.  We also address some activity going on at ICANN and conclude with a discussion on a recent state AG settlement regarding a health data privacy breach.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of NH-ISAC.

Read full blog below:

Hacking Healthcare 4.24.2018 TLP White

Facebook, Notification Exceptions, SamSam

Posted by: Julia Annaloro      Date: April 17, 2018

TLP White
A brief summary of Mark Zuckerberg’s testimony from last week’s congressional hearings and consider how the policies discussed would impact healthcare data practices, a healthcare exception to a state’s breach notification law, how the SamSam ransomware impacts the healthcare industry, Verizon’s recently released Data Breach Report, the latest threats to healthcare and a discussion about new data security guidance the HHS is considering for researchers.  As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of NH-ISAC.

Read full blog below:

Hacking Healthcare 4.17.2018 TLP White

GDPR, Blockchain, Data Breach, Medical Device

Posted by: Julia Annaloro      Date: April 10, 2018

TLP White

A GDPR update; a new healthcare Blockchain alliance program; a data breach lawsuit filed against CVS and a FinTech company; a discussion about a new medical device security startup and a quick update regarding Alabama’s Breach Notification Law.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of NH-ISAC. Read full blog below:

Hacking Healthcare 4.10.2018 TLP White

Cyber Contingency Plans, Vendor Contracts

Posted by: Julia Annaloro      Date: April 03, 2018

A recent HHS announcement discussing the importance of creating a contingency plan to recover from cyberattacks and then address a recent FTC announcement urging the use of vendor contracts to reduce cybersecurity risks; a continuation of last week’s discussion about breach notification legislation; a brief analysis of TLS 1.3 and a discussion about a major mobile fitness application breach.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of NH-ISAC.
Read full blog below:

Hacking Healthcare 4.3.2018 TLP White

NIST, Breach Notification, Facebook, Google Search

Posted by: Julia Annaloro      Date: March 27, 2018

TLP White
How the NIST Cybersecurity Framework can continue to improve the healthcare industry’s cyber detection methods; a new state breach notification bill; the recent Facebook “breach;” and a new problem surrounding Google’s search suggestions.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of NH-ISAC.
Read full blog below:

Newsletter_NH-ISAC 3.27.2018_TLP White

NH-ISAC Partnership, SEC, Data Breach Ruling

Posted by: Julia Annaloro      Date: March 20, 2018

TLP White
A new NH-ISAC partnership; Security Exchange Commission’s latest guidance on data breach disclosures; recent healthcare breaches, including an update on the CareFirst case, and the latest Amazon team up.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of NH-ISAC.
Read full blog below:

HackingHealthcare Public TLP White Newsletter 3.20.2018