In the hospital setting, there is no tolerance for poor hygiene. Frequently washing your hands and using hand sanitizer can drastically decrease the chances of contamination, the spread of disease, and infection rates. It’s just as important to commit to cyber hygiene to slow down attackers who are looking to infect your mission-critical systems. In… Read More
Accessing Clear Text Administrative Passwords In our last blog post, we showed how pen testers can use misconfigurations within Active Directory group management to escalate privileges. However, that technique is heavily dependent on having access to privileged or misconfigured accounts in the first place. This week, we discuss another finding that we frequently take advantage of… Read More
It’s a late Saturday morning and Joe Hacker (aka WF4EAK in underground hacking circles) fires up the software-defined radio(SDR) he bought online for $20 to listen in on the local hospital paging traffic. After all, he is trying to make a few extra bucks to buy a new Xbox, and selling healthcare information on the black… Read More
In the latest Delta Risk white paper, which follows our Cyber Security Primer for Healthcare white paper, we take a deeper look at the specific legal obligations that healthcare providers must meet, and how you can build a healthcare cyber security program to meet and exceed compliance responsibilities. Under the Health Insurance Portability Act (HIPAA) and the… Read More
Earlier this year, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued guidance indicating that, under most circumstances, a ransomware attack constitutes a reportable HIPAA breach. During a ransomware attack, protected electronic health information (ePHI) is considered breached because an unauthorized individual has control of the information. In their… Read More