New CISA Act, UK’s CommonTime, Spectre/ Meltdown

Posted by: Julia Annaloro      Date: November 20, 2018

TLP White: This week we start by addressing a new cybersecurity-focused agency within the Department of Homeland Security (“DHS”).  We also examine new guidelines published by the United Kingdom’s primary health authority regarding medical professionals’ use of messaging applications.  We then discuss similar challenges facing both European and U.S.-based healthcare IT executives, and we end by shedding some light on the continuing problems posed by this year’s Spectre and Meltdown cyber-attacks.

Continue reading “New CISA Act, UK’s CommonTime, Spectre/ Meltdown”

FDA’s Open Source Code App, NTIA on SBoM, Federal Privacy?

Posted by: Julia Annaloro      Date: November 14, 2018

TLP White: This week we start by examining FDA’s recent release of an open source app that aims to help healthcare delivery organizations better collect patient data.  We also discuss NTIA’s effort to encourage software component transparency and open communication between healthcare entities.  We end by shedding some light on a possible new push to pass federal privacy legislation in the United States.

Continue reading “FDA’s Open Source Code App, NTIA on SBoM, Federal Privacy?”

GDPR’s U.S. Impact, Bluetooth, Chinese hacking threats

Posted by: Julia Annaloro      Date: November 06, 2018

TLP White: This week we start by examining the impact of the EU’s General Data Protection Regulation (GDPR) and U.S. companies’ initial responses to the law.  We also discuss new vulnerabilities that have been discovered in Bluetooth-enabled devices.  We end by shedding some light on ever-worsening threats of Chinese hacking and conclude that the problem has escalated in some new and alarming ways.

Continue reading “GDPR’s U.S. Impact, Bluetooth, Chinese hacking threats”

Coordinated Vulnerability Disclosure (CVD) Deep Dive

Posted by: Julia Annaloro      Date: October 30, 2018

TLP White:  Coordinated Vulnerability Disclosure (“CVD”) deep dive,  with a focus on the relationship between manufacturers of software and hardware with vulnerability researchers. 

 

 

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC. Read full blog below:

Hacking Healthcare 10.30.2018 TLP White (3)

SEC on Cyber Fraud, FDA’s MD playbook, IoT, MQTT

Posted by: Julia Annaloro      Date: October 23, 2018

TLP White: SEC investigative report examining a strain of cyber fraud, FDA’s Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook, NIST’s draft internal report regarding IoT cybersecurity and privacy risk mitigation, and MQTT flaws which have a substantial impact on IoT devices.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC. Read full blog below:
Hacking Healthcare 10.23.2018 TLP White

Maryland library breach, Weak Passwords Banned in Cali, Global Supply Chain Risk

Posted by: Julia Annaloro      Date: October 15, 2018

TLP White: Maryland library system breach, a new law in California banning weak passwords, and global supply chain risks, including the ones that you did not see coming.

 

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC. Read full blog below:
Hacking Healthcare 10.16.2018 TLP White

Name and Shame, Facebook 3rd Parties, NZ Digital Device Search

Posted by: Julia Annaloro      Date: October 09, 2018

TLP White: Name and shame tactics, Facebook breach and third-party apps, authentication,a new law in New Zealand permitting custom agents to search digital devices.

 

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC. Read full blog below:

Hacking Healthcare 10.9.18 White

FDA on Digital Health, Twitter Bug Resolved, DHS on Supply Chain, Mid East Tech

Posted by: Julia Annaloro      Date: October 02, 2018

TLP White: FDA’s plans to advance innovation in digital health, a recently resolved bug on the Twitter platform, DHS’s effort to understand and mitigate supply chain risks and how the Middle East is integrating technology to solve healthcare challenges.  Welcome back to Hacking Healthcare:

 

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC. Read full blog below:

Hacking Healthcare 10.2.2018 TLP White

Data Breach Negligence Claim, Infected Websites, Data Storage Legislation

Posted by: Julia Annaloro      Date: September 25, 2018

TLP White: data breach negligence claim, infected websites in search engines results and proposed data storage legislation in India.
 
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC. Read full blog below:
Hacking Healthcare 9.25.2018 TLP White

Apple “ECG” watch, OIG on FDA MD cybersecurity

Posted by: Julia Annaloro      Date: September 18, 2018

TLP White: We start with discussion around the Apple watch’s new features and what it means to healthcare. We also look at the OIG’s recommendations for the FDA when reviewing medical devices before they hit the market. We conclude by shedding some light on how using AI to create synthetic brain cancer scans actually preserves privacy. Welcome back to Hacking Healthcare.

Authors note: In recognition of the H-ISAC’s increased focus on international healthcare, we will be adding additional information regarding policy and legislative hearings from around the world. We welcome any feedback on how to make this as useful as possible.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC. Read full blog below:

Hacking Healthcare 9.18.2018 TLP White