Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
SecTor
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
7/14/2020
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Get Cutting-Edge Healthcare Cybersecurity Insights at Black Hat USA

Bad actors are on the lookout for ways to attack healthcare organizations, so it's important for cybersecurity pros to stay informed about the latest trends and threats in the industry.

The business of healthcare presents a wealth of opportunities for bad actors to exploit, so it's important for cybersecurity professionals to stay on top of the latest trends and threats in the industry.

That's why Black Hat organizers are highlighting a few Briefings scheduled to take place during next month's virtual Black Hat USA event. Each offers a fresh perspective on the challenges of keeping the healthcare industry secure from threats both from within and without, as well as some practical insights you can apply to your own work.

Ransomware, data breaches, and hacks have long plagued the healthcare industry; in some cases, this has led to medical practices shutting down, leaving patients unable to get their medical records. The guidance provided to many providers has not specifically addressed what organizations need to do to protect their patients and themselves; worse, it has left many smaller healthcare providers vulnerable to "snake oil" vendors peddling costly risk assessments that provide no lasting solutions.

Stopping Snake Oil with Smaller Healthcare Providers: Addressing Security with Actionable Plans and Maximum Value is a Briefing aimed at addressing these problems with practical, actionable guidance from a healthcare CISO about what to do and what tools to use.

Black Hat USA attendees can get more perspective on the issue by checking out Healthscare — An Insider's Biopsy of Healthcare Application Security, a Briefing designed to highlight vulnerabilities and design issues within healthcare security solutions.

Expect a thorough dissection of numerous clinical systems, including radiology reading, electronic medical record downtime, patient entertainment, pharmacy distribution, nurse communication, clinical documentation, and temperature monitoring systems. While the prognosis isn't great, attendees can look forward to a frank breakdown of the situation and some helpful insights from a seasoned infosec director in the healthcare industry.

Carrying Our Insecurities with Us: The Risks of Implanted Medical Devices in Secure Spaces explores the problem of allowing increasingly smart implanted medical devices (IMDs) in secure spaces. The number of IMDs in use in the United States has been steadily increasing as new technologies emerge and improve. Attend this Black Hat USA Briefing for an expert rundown of why they threaten the security of protected data, as well as a series of technical and policy mitigations for these devices that balance the constraints of medical necessity and security.

For more details on these cutting-edge Briefings and many more, check out the Black Hat USA Briefings schedule.

Register now for this year's fully virtual Black Hat USA, still scheduled to take place August 1–6, and get more information about the event on the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35499
PUBLISHED: 2021-10-26
The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim...
CVE-2021-41182
PUBLISHED: 2021-10-26
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now t...
CVE-2021-41183
PUBLISHED: 2021-10-26
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now al...
CVE-2021-41184
PUBLISHED: 2021-10-26
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a...
CVE-2021-41185
PUBLISHED: 2021-10-26
Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users may...