Skip to main content

H-ISAC Newsletter – June 2019 TLP White

LAST CHANCE! Help Make Your Voice Heard! 

Take the P&S survey today and let us know your thoughts. 
H-ISAC products and services survey is in the
Member Portal and 
CLOSES TODAY – 
Tuesday, June 4.

Sharing, Exchanging and Networking were in Full Swing
At the 2019 Spring Summit
 Bolstering the “Whole in One Community”

H-ISAC holds biannual summits as a means for its members to establish and reinforce the trusted connections and relationships necessary for effective information sharing between organizations.

One standout Summit highlight was the extended small group Member Round Table sessions.  Participants spoke about the value of these targeted discussion sessions, commentating that the small groups spark frank discussions in a supporting environment.

For example, the Medical Device Round Table discussed the following topics during their session: SBoM Formats and Content; Medical Device Lifecycle Planning; Medical Device Authentication Standards; and Moving Away from Windows and OTS Operating Systems. This face-to-face session brought in new members to the working group and instigated important conversations to be continued in upcoming MDSISC working group meetings. Participants in the Automation and Orchestration session commented that the round tables were an excellent way for members to exchange both lessons learned and cautionary tales.

Spring Summit Presentations are now available in the Member Portal.
The link to Summit photos is also in the Member Portal.

Top 10 Health Related Cyber Events for June:


Misconfigured IT (Again) Leads to Big Health Data Breach

American Medical Collection Agency breach impacted 200,000 patients

UMC Physicians Notifies Patients of Compromised Patient Data

Equitas Health notifies 569 members after discovering two employee email accounts had been compromised

American Baptist Homes of the Midwest notifies patients and residents of ransomware incident

Spectrum Health Lakeland notifies patients after billing vendor breach

Madison Parish Hospital notifies 1,436 patients whose protected health information was improperly shared

American Indian Health & Services, Inc. Provides Notice Of Data Security Event

Baystate Health Hit with Lawsuit after Phishing-Related Breach

Oregon Specialist Phishing Attack Causes Months-Long Data Breach

DID YOU MISS THESE RECENT
TIC WEBINARS?

Several members of the H-ISAC Threat intel Committee (TIC) conducted in depth webinars last month. Fortunately, for those who were not able to attend, these are available in the Portal.

– H-ISAC TIC Webinar: Analysis of the RobbinHood Ransomware

– H-ISAC TIC Webinar: Threat Actor Analysis – the.Joker and Fxmsp

2019 Atlantic Hurricane Season has Started

With the 2019 Atlantic hurricane Season underway it is time to think preparedness. We know that most understand the dynamics of the storms and will act as appropriate. With over 3000 fatalities, Hurricane Maria’s impact in September of 2018 on the island of Puerto Rico demonstrated that the human cost was clearly catastrophic. H-ISAC members with facilities on that stricken island performed outstanding efforts in establishing ground truth and response. Though many employees were not injured, homes and lifestyles were greatly affected by many. Kudos to those that helped in response and restoration with the cautionary tale that we need to remember the potentials for disaster…better to wish you didn’t waste the time than wish you had prepared!

–   Edward Brennan: Senior Risk Analyst

H-ISAC WORKING GROUP SPOTLIGHT

—Software Security: White Paper coming Soon! —

The Software Security working group’s primary focus is the security of software and applications during all phases of the SDLC with the goal of creating products that are secure by design and resilient against all forms of attack.  This includes custom development as well as integration of third-party software such COTS and open source applications or code.

The working group hopes to expand the scope of Health-ISAC by including more guidance, tools and capabilities around the threats and risks to members’ software.  The first task will be to identify and define what makes resilient software and how that can be incorporated into a secure SDLC.  This white paper, working title “Elements of a Software Security Practice,” will be foundational to the working group and provide a baseline for member organizations as they develop their own software security programs.  Long-term goals of the working group include additional focused guidance in the form of white papers and workshops as well as vulnerability and threat intelligence for software applications.

 Members interested in joining this working group, please send an email to contact@h-isac.org.

WHY USE SHARED SERVICES? 

 

  ~ Lower Costs  ~  Greater Efficiency  ~  Improved Productivity  ~

  ~  Best Practices Proliferation   ~  Minimize Risks  ~


H-ISAC member organizations already benefit through information sharing; members can also benefit from affordable access to trusted vendors for protective services.

 Companies can easily standardize processes, generate opportunities for cooperation, and gain efficiencies – all at a competitive cost. Shared services leverage the delivery of essential cyber and physical threat services across the industry and represent shared accountability between the organization and customers.

Find more information on Shared Services on the H-ISAC website:
https://h-isac.org/shared-services/

SAFE-Bio-Pharma Update

ZEVA and CertiPath are jointly acquiring SAFE-BioPharma from H-ISAC. Combining the cross-industry expertise of these three entities provides a deeper recognition within the digital identity sphere, and a stronger foundation for
SAFE-BioPharma to expand its offerings. The next step for SAFE-BioPharma is a refresh and expansion of its policies and specifications, and a brand-new suite of services. With new leadership comprised of household names across the digital identity industry, SAFE-BioPharma has a bright future.  H-ISAC looks forward to continuing its work with SAFE-BioPharma as an H-ISAC Shared Service.

Connect with H-ISAC

Around the Globe

at These Upcoming Events!

New York, USA—June 18-19: H-ISAC Healthcare    Cybersecurity workshop, hosted by BCBS Western New York

Ireland—July 31: Healthcare Cybersecurity Workshop, hosted    by ICON plc

Minnesota, USA—September 17: H-ISAC Medical Device
Security Workshop, hosted by Abbott

Switzerland—October 16-17: H-ISAC European Summit

Japan—October 24: H-ISAC Workshop

California, USA—December 3-5: H-ISAC Fall Summit

 

Go to our Events page   

https://h-isac.org/events/

 

H-ISAC European Summit Registration Opens July 10

Sponsor Prospectus is available on the website

 https://h-isac.org/events/

Download

This site is registered on Toolset.com as a development site.