HEALTHCARE SECURITY FORUM: A HIMSS EVENT
Boston, MA, Oct. 15-16, 2018
We just published Volume 25 of the HIMSS Healthcare and Cross-Sector Cybersecurity Report. The report outlines new methods of Bluetooth attacks, digital theft and many vulnerabilities.
1. Bluetooth Attacks
This report highlights a new technique for attacking the Bluetooth pairing protocol without being detected by victim devices. If an attack is successful, the encryption key of a victim device may be revealed.
2. Phishing Attacks
Volumes of phishing emails are growing and the efficacy and impact of phishing emails are growing as well. Frequently, phishing attacks appear to come from a trusted source, such as an executive within one’s own organization. Spear-phishing emails, which are targeted phishing emails, are often quite effective. Significant breaches may occur as a result of a successful spear-phishing email attack.
3. Copy-and-Paste Malware
New malware has been discovered which monitors the Windows clipboard for cryptocurrency addresses. The malware has been found to replace the cryptocurrency addresses with alternate ones (selected by the attacker).
Just about any security professional can attest that the CISO and infosec teams are often seen as the so-called "Department of No."
As in: "No, you can't access our data from your home PC." Or, "of course you can't bring your own device into my network." The list of forbidden activities is a long one, necessarily so.
But I came away from our most recent HIMSS Healthcare Security Forum in San Francisco this past month with a pair of counter-thoughts. First, protected data and usability are beginning to transcend mutual exclusivity. Second, security really is an essential foundation for innovation.
4. Bug Bounty Programs
New malware has been discovered which monitors the Windows clipboard for cryptocurrency addresses...