Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
August 1-6, 2020
Las Vegas, NV, USA
Black Hat Asia
September 29 - October 2, 2020
Singapore
Black Hat Europe
December 7-10, 2020
Virtual Event
7/14/2020
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Get Cutting-Edge Healthcare Cybersecurity Insights at Black Hat USA

Bad actors are on the lookout for ways to attack healthcare organizations, so it's important for cybersecurity pros to stay informed about the latest trends and threats in the industry.

The business of healthcare presents a wealth of opportunities for bad actors to exploit, so it's important for cybersecurity professionals to stay on top of the latest trends and threats in the industry.

That's why Black Hat organizers are highlighting a few Briefings scheduled to take place during next month's virtual Black Hat USA event. Each offers a fresh perspective on the challenges of keeping the healthcare industry secure from threats both from within and without, as well as some practical insights you can apply to your own work.

Ransomware, data breaches, and hacks have long plagued the healthcare industry; in some cases, this has led to medical practices shutting down, leaving patients unable to get their medical records. The guidance provided to many providers has not specifically addressed what organizations need to do to protect their patients and themselves; worse, it has left many smaller healthcare providers vulnerable to "snake oil" vendors peddling costly risk assessments that provide no lasting solutions.

Stopping Snake Oil with Smaller Healthcare Providers: Addressing Security with Actionable Plans and Maximum Value is a Briefing aimed at addressing these problems with practical, actionable guidance from a healthcare CISO about what to do and what tools to use.

Black Hat USA attendees can get more perspective on the issue by checking out Healthscare — An Insider's Biopsy of Healthcare Application Security, a Briefing designed to highlight vulnerabilities and design issues within healthcare security solutions.

Expect a thorough dissection of numerous clinical systems, including radiology reading, electronic medical record downtime, patient entertainment, pharmacy distribution, nurse communication, clinical documentation, and temperature monitoring systems. While the prognosis isn't great, attendees can look forward to a frank breakdown of the situation and some helpful insights from a seasoned infosec director in the healthcare industry.

Carrying Our Insecurities with Us: The Risks of Implanted Medical Devices in Secure Spaces explores the problem of allowing increasingly smart implanted medical devices (IMDs) in secure spaces. The number of IMDs in use in the United States has been steadily increasing as new technologies emerge and improve. Attend this Black Hat USA Briefing for an expert rundown of why they threaten the security of protected data, as well as a series of technical and policy mitigations for these devices that balance the constraints of medical necessity and security.

For more details on these cutting-edge Briefings and many more, check out the Black Hat USA Briefings schedule.

Register now for this year's fully virtual Black Hat USA, still scheduled to take place August 1–6, and get more information about the event on the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27605
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."
CVE-2020-27606
PUBLISHED: 2020-10-21
BigBlueButton before 2.2.8 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2020-27607
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or tr...
CVE-2020-27608
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
CVE-2020-27609
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.