InfoSec ICU

Happy Anniversary to InfoSecICU! They guys celebrated the 52nd week of shows by discussing the HITRUST CSF framework for standardizing security certifications for healthcare-related vendors. They introduce a creepy story of Airbnb hosts using IoT devices to spy on guests. Finally, they discuss research that dives into the long term impact to a company’s value […] The post HITRUST CSF, Are Your Appliances Watching You, and Steps to Quantifying Reputational Harm appeared first on MUSC...

Steve and Gerry cover Health and Human Services Office of Civil Rights (HHS OCR) briefing presented to MUSC recently and discuss the clarification it brought with it. They cover the details of the recent British Airways hacked that compromised 380,000 individuals credit card information. Given the impending Hurricane Florence, the guys refresh on Disaster Recovery […] The post OCR Presents to MUSC, British Airways Hack, and Executing DR/BC appeared first on MUSC Podcasts.

Steve and Gerry discuss the privacy ramifications of the Google MasterCard deal that recently came to light. They discuss Instagram’s decision to support two-factor authenticator apps and the issues with SMS as a 2nd factor. They finish up discussing the dependence and concerns of using your phone number as your identity and authenticator. Show Notes […] The post Google MasterCard Deal, Instagram 2-Factor, Phone Number as an Identifier appeared first on MUSC Podcasts.

Steve is fresh from Gartner Catalyst and shares his experience and lessons learned. The guys discuss a follow up story from election officials that tells the other side of the story from the recent voting village hacks at DEF CON 26. They finish up with a discussion around the damages of NotPetya a year later […] The post Gartner Catalyst, Election Hacking, and NotPetya Damages appeared first on MUSC Podcasts.

Gerry and Brandon discuss the long term effect of the recently published Augusta University Medical Center Breach. They cover behavior based analysis for malicious activity on the network and utilizing RITA, a security tool from Black Hills Security Group to assist. Finally they touch on the recently enacted NIST Small Business Cybersecurity Act. Show Notes […] The post Augusta University Breach, New Age Detection Methodologies, NIST Small Business Cybersecurity appeared first on MUSC...

Gerry is back from BlackHat and he’s ready to tackle the oft-ignored member of the Confidentiality-Integrity-Availability triad as he digs into a new attack that tampers with medical device data to disastrous effect. While in Vegas, Gerry also had the opportunity to interview Jeremiah Grossman, CEO of BitDiscovery, to talk about the unique way his […] The post Biomedical Integrity Attacks, Jeremiah Grossman Interview, and Asset Inventory Reflection appeared first on MUSC Podcasts.

Brandon is back in the co-pilot’s chair as we talk about the recent GAO report that HHS is failing to protect PHI. We also share our intrigue surrounding the PHI breach at Iowa Health Group that was actually a Business Email Compromise attack. There’s also good news for Boston Childrens’ Hospital, as the hacktivist charged […] The post HHS dissed for poor cybersecurity, Iowa Health Group 1.4M patient breach, and BCG gets satisfaction against hacktivist appeared first on MUSC Podcasts.

Gerry and Steve cover the recently released practical guidance from NIST on securely integrating mobile devices into clinical practices. They discuss then poke holes in a recent, widely distributed report discussing America’s most cyber insecure airports, and with Blackhat on the horizon they provide a preview of things to expect from the event and in […] The post NIST Securing EHR on Mobile Devices, America’s Most Cyber Insecure Airports, and Blackhat Preview appeared first on MUSC...

Gerry and Steve discuss organizations challenge of securing their supply chain, citing a recent robotics company that lost IP from major car vendors. They provide an update on the Healthcare Sector Coordinating Councils efforts on executing on the 2017 Healthcare Cybersecurity Taskforce report. They dive into Emotet malware and how it has evolved from a […] The post Supply Chain Risks, Healthcare Sector Coordinating Council, and Emotet Threat Distribution appeared first on MUSC Podcasts.

Gerry and Steve have read the indictment of Russian nationals APT28 aka “Fancy Bear” aka Unit 26165 released by the DOJ. The techniques and extent of the attacks are covered and discussed. They turn their attention to an NPR investigation into techniques health insurers are employing to determine policy premiums. Thirdly, they touch on a […] The post Russia Indictments, Insurers Exploitation of Medical Data, and Sextortion appeared first on MUSC Podcasts.

Gerry and Brandon dig into a recent lawsuit of a cyber insurance company suing a security provider for gross negligence of protecting the insurer’s client systems and what this may mean for the industry going forward. They investigate Californias new privacy law and how it relates to individuals and the healthcare industry. They finish up […] The post Security Provider Being Sued for Effectiveness, California’s New “GDPR-esque” Law, and More Wearable Security Concerns appeared first on MUSC...

Gerry’s on holiday and Security Architect Matt Jones joins the podcast to discuss the recent Magic Unicorn revelation that has forensics experts in a tizzy. We also dive into an interview with Elizabeth Snead, an expert on phishing campaigns, as she gives us insight into interesting types of phishes and what you can do to […] The post Magic Unicorns, Exactis Data Breach, and an Interview with Phishing Expert Elizabeth Snead appeared first on MUSC Podcasts.

It’s all HIPAA this week, and you’d be surprised at the meat on this bone! Steve and Gerry discuss the recent massive OCR fine to a Texas healthcare provider and how the poor understanding of HIPAA requirements and policies are leading to individuals violating HIPAA with the best of intentions. Finally, the guys cover the […] The post HIPAA Breaches, Fines, and Legislation appeared first on MUSC Podcasts.

Gerry and Steve discuss a recently released security research showing geo-location data leakage from unexpected sources. They provide a list of tried and true defense-in-depth techniques for non-corporate networks. They wrap-up with a discussion on the practical application of security in corporate settings to get end-user buy-in. Show Notes Resources: Location data leak on Google […] The post Google Location Data Leaks, Defense-in-Depth on the Homefront, and Practicality in a Security...

Gerry and Steve discuss Microsofts Red Team and how its mission to beat the bad guys to finding vulnerabilities in Windows OS. They give their thoughts on a recently released research paper on the seven properties of highly secure devices and what the impact for IoT devices in general could be. They wrap up discussing […] The post Microsoft Red Team, 7 Properties of Highly Secure Devices, and Azure Sphere appeared first on MUSC Podcasts.

In a special edition of InfoSecICU, its tool time! Brandon and Gerry discuss their experiences and lessons learned with a bevy of security related software tools that you may utilize in your organization. NSM as a philosophy is covered, followed by SysMon. The guys round out discussing approaches and appropriateness of malware analysis tool sets. […] The post Tool Time! NSM, SysMon and Malware Analysis Tools appeared first on MUSC Podcasts.

Brandon and Gerry discuss the recent NH-ISAC Summit in Sawgrass and a keynote talk regarding cyberwar and civilian collateral damages. They discuss, technically, the recently published research on VPNFilter and finish discussing some additional Amazon Alexa mishaps. Show Notes Resources: NH-ISAC Summit https://nhisac.org/summits/2018-spring-summit/ VPNFilter https://blog.talosintelligence.com/2018/05/VPNFilter.html...

Steve and Gerry discuss recently published research of two attacks that can be use to compromise the Amazon Echo digital assistant device, and the implications for digital assistants in general going forward. Multi-factor authentication (MFA) is great, but not bulletproof. Steve and Gerry discuss attack vectors and what organizations should be thinking of when implementing […] The post Digital Assistant Attacks, MFA Attacks, and JavaScript for Excel Concerns appeared first on MUSC...

Steve and Gerry discuss the use cases and privacy implications of a new website that provides aggregated access to the Internet’s live streaming web cams. A major attack on email encryption and the argument security professionals are having about it is covered. They finish with thoughts on the recently released trove of published evidence from […] The post Aggregated Live Internet Web Cams, EFail, Russian Facebook Ads Evidence appeared first on MUSC Podcasts.

Steve and Gerry discuss a serious, but often overlooked issue of children identity theft and fraud. They shed light on how organized crimes are making substantial financial investments to improve phishing attacks. They round out discussing privacy concerns with individuals DNA and how it can be used to solve cold cases. Show Notes Resources: Children […] The post DNA Privacy Considerations, Children Identity Fraud, and Organized Criminals Phishing Attacks appeared first on MUSC Podcasts.