Cybersecurity and Privacy

HIMSS Healthcare and Cross-Sector Cybersecurity Report

Reports on healthcare and cross-sector cybersecurity

The HIMSS Healthcare and Cross-Sector Cybersecurity Report is a monthly report that details the latest threats facing healthcare and other critical infrastructure sectors and industries. Mitigation information is also provided whenever it is available. Information is also discussed regarding the latest cybersecurity reports and tools.

The HIMSS Healthcare and Cross-Sector Cybersecurity report is a means for sharing information and insights on the topic of healthcare cybersecurity. Healthcare cybersecurity is a rapidly moving target. Threats and vulnerabilities are plentiful. The threat and vulnerability landscape changes with the adoption and use of novel technologies and applications. Additionally, the threat and vulnerability landscape changes with existing technology, including those that are supported and legacy systems. It is vital to protect both the old and new technologies.

Because healthcare touches virtually everything, it is important to understand what is happening in other critical infrastructure sectors and industries. Each report seeks to provide the latest and most critical information from both an intra-sector and inter-sector point of view. Much can be learned from other sectors, including the threats and vulnerabilities that they are facing and lessons learned.

December 2019 Healthcare and Cross-Sector Cybersecurity Report (Vol. 32)

Volume 32 of the HIMSS Healthcare and Cross-Sector Cybersecurity Report provides an intra-sector and inter-sector perspective on what is happening in cybersecurity. While ransomware remains a significant threat, other threats may be unexpected or surprising. In this report, we highlight how two-factor authentication has been thwarted by nation state-backed actors. We also disclose significant vulnerabilities that are present in security tools and software.

The internet also continues to be plagued with weaknesses (and, we don’t just mean SMACK, FREAK, LOGJAM, SLOTH, and Triple Handshake). Researchers have disclosed a weakness in random number generation for SSL certificates. Many JavaScript packages may be (potentially) “pwned” as a result of the “open” nature of certain JavaScript package manager tools, according to recent research.

Finally, no end of year report would be complete without 2020 cybersecurity predictions. Whether you are looking for a comprehensive list of predictions from major stakeholders or looking at a bot-generated list of predictions, we highlight these in our report as well.

Volume 32 Highlights

  • Security software vulnerabilities
  • Phishing databases
  • Remote server attacks
  • Reverse engineering framework
  • Ransomware (LooCipher & Shade)
  • Emotet malware
  • Advanced Persistent Threat (APT20 group)
  • 2020 cybersecurity predictions

MD5: 12ea168f77c52daff9729e4174fb5bde
SHA-1: f849fd06b781eeba77ff3b932bf30800cd2dd583

Questions or Feedback?

Lee Kim, BS, JD, CISSP, CIPP/US, FHIMSS
Director, Privacy and Security
lkim@himss.org