H-ISAC Newsletter – June 2019 TLP White
LAST CHANCE! Help Make Your Voice Heard!
Take the P&S survey today and let us know your thoughts.
H-ISAC products and services survey is in the
Member Portal and
CLOSES TODAY – Tuesday, June 4.
Sharing, Exchanging and Networking were in Full Swing
At the 2019 Spring Summit
Bolstering the “Whole in One Community”
H-ISAC holds biannual summits as a means for its members to establish and reinforce the trusted connections and relationships necessary for effective information sharing between organizations.
One standout Summit highlight was the extended small group Member Round Table sessions. Participants spoke about the value of these targeted discussion sessions, commentating that the small groups spark frank discussions in a supporting environment.
For example, the Medical Device Round Table discussed the following topics during their session: SBoM Formats and Content; Medical Device Lifecycle Planning; Medical Device Authentication Standards; and Moving Away from Windows and OTS Operating Systems. This face-to-face session brought in new members to the working group and instigated important conversations to be continued in upcoming MDSISC working group meetings. Participants in the Automation and Orchestration session commented that the round tables were an excellent way for members to exchange both lessons learned and cautionary tales.
Spring Summit Presentations are now available in the Member Portal.
The link to Summit photos is also in the Member Portal.
Top 10 Health Related Cyber Events for June:
Misconfigured IT (Again) Leads to Big Health Data Breach
American Medical Collection Agency breach impacted 200,000 patients
UMC Physicians Notifies Patients of Compromised Patient Data
American Baptist Homes of the Midwest notifies patients and residents of ransomware incident
Spectrum Health Lakeland notifies patients after billing vendor breach
American Indian Health & Services, Inc. Provides Notice Of Data Security Event
Baystate Health Hit with Lawsuit after Phishing-Related Breach
Oregon Specialist Phishing Attack Causes Months-Long Data Breach
DID YOU MISS THESE RECENT
TIC WEBINARS?
Several members of the H-ISAC Threat intel Committee (TIC) conducted in depth webinars last month. Fortunately, for those who were not able to attend, these are available in the Portal.
– H-ISAC TIC Webinar: Analysis of the RobbinHood Ransomware
– H-ISAC TIC Webinar: Threat Actor Analysis – the.Joker and Fxmsp
2019 Atlantic Hurricane Season has Started
With the 2019 Atlantic hurricane Season underway it is time to think preparedness. We know that most understand the dynamics of the storms and will act as appropriate. With over 3000 fatalities, Hurricane Maria’s impact in September of 2018 on the island of Puerto Rico demonstrated that the human cost was clearly catastrophic. H-ISAC members with facilities on that stricken island performed outstanding efforts in establishing ground truth and response. Though many employees were not injured, homes and lifestyles were greatly affected by many. Kudos to those that helped in response and restoration with the cautionary tale that we need to remember the potentials for disaster…better to wish you didn’t waste the time than wish you had prepared!
– Edward Brennan: Senior Risk Analyst
H-ISAC WORKING GROUP SPOTLIGHT
—Software Security: White Paper coming Soon! —
The Software Security working group’s primary focus is the security of software and applications during all phases of the SDLC with the goal of creating products that are secure by design and resilient against all forms of attack. This includes custom development as well as integration of third-party software such COTS and open source applications or code.
The working group hopes to expand the scope of Health-ISAC by including more guidance, tools and capabilities around the threats and risks to members’ software. The first task will be to identify and define what makes resilient software and how that can be incorporated into a secure SDLC. This white paper, working title “Elements of a Software Security Practice,” will be foundational to the working group and provide a baseline for member organizations as they develop their own software security programs. Long-term goals of the working group include additional focused guidance in the form of white papers and workshops as well as vulnerability and threat intelligence for software applications.
Members interested in joining this working group, please send an email to contact@h-isac.org.
WHY USE SHARED SERVICES?
~ Lower Costs ~ Greater Efficiency ~ Improved Productivity ~
~ Best Practices Proliferation ~ Minimize Risks ~
H-ISAC member organizations already benefit through information sharing; members can also benefit from affordable access to trusted vendors for protective services.
Companies can easily standardize processes, generate opportunities for cooperation, and gain efficiencies – all at a competitive cost. Shared services leverage the delivery of essential cyber and physical threat services across the industry and represent shared accountability between the organization and customers.
Find more information on Shared Services on the H-ISAC website:
https://h-isac.org/shared-services/
SAFE-Bio-Pharma Update
ZEVA and CertiPath are jointly acquiring SAFE-BioPharma from H-ISAC. Combining the cross-industry expertise of these three entities provides a deeper recognition within the digital identity sphere, and a stronger foundation for
SAFE-BioPharma to expand its offerings. The next step for SAFE-BioPharma is a refresh and expansion of its policies and specifications, and a brand-new suite of services. With new leadership comprised of household names across the digital identity industry, SAFE-BioPharma has a bright future. H-ISAC looks forward to continuing its work with SAFE-BioPharma as an H-ISAC Shared Service.
Connect with H-ISAC
Around the Globe
at These Upcoming Events!
New York, USA—June 18-19: H-ISAC Healthcare Cybersecurity workshop, hosted by BCBS Western New York
Ireland—July 31: Healthcare Cybersecurity Workshop, hosted by ICON plc
Minnesota, USA—September 17: H-ISAC Medical Device
Security Workshop, hosted by Abbott
Switzerland—October 16-17: H-ISAC European Summit
Japan—October 24: H-ISAC Workshop
California, USA—December 3-5: H-ISAC Fall Summit
Go to our Events page
https://h-isac.org/events/