Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat Asia
May 4-7, 2021
Virtual Event
Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
Black Hat Europe
November 8-11, 2021
Virtual Event
7/14/2020
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Get Cutting-Edge Healthcare Cybersecurity Insights at Black Hat USA

Bad actors are on the lookout for ways to attack healthcare organizations, so it's important for cybersecurity pros to stay informed about the latest trends and threats in the industry.

The business of healthcare presents a wealth of opportunities for bad actors to exploit, so it's important for cybersecurity professionals to stay on top of the latest trends and threats in the industry.

That's why Black Hat organizers are highlighting a few Briefings scheduled to take place during next month's virtual Black Hat USA event. Each offers a fresh perspective on the challenges of keeping the healthcare industry secure from threats both from within and without, as well as some practical insights you can apply to your own work.

Ransomware, data breaches, and hacks have long plagued the healthcare industry; in some cases, this has led to medical practices shutting down, leaving patients unable to get their medical records. The guidance provided to many providers has not specifically addressed what organizations need to do to protect their patients and themselves; worse, it has left many smaller healthcare providers vulnerable to "snake oil" vendors peddling costly risk assessments that provide no lasting solutions.

Stopping Snake Oil with Smaller Healthcare Providers: Addressing Security with Actionable Plans and Maximum Value is a Briefing aimed at addressing these problems with practical, actionable guidance from a healthcare CISO about what to do and what tools to use.

Black Hat USA attendees can get more perspective on the issue by checking out Healthscare — An Insider's Biopsy of Healthcare Application Security, a Briefing designed to highlight vulnerabilities and design issues within healthcare security solutions.

Expect a thorough dissection of numerous clinical systems, including radiology reading, electronic medical record downtime, patient entertainment, pharmacy distribution, nurse communication, clinical documentation, and temperature monitoring systems. While the prognosis isn't great, attendees can look forward to a frank breakdown of the situation and some helpful insights from a seasoned infosec director in the healthcare industry.

Carrying Our Insecurities with Us: The Risks of Implanted Medical Devices in Secure Spaces explores the problem of allowing increasingly smart implanted medical devices (IMDs) in secure spaces. The number of IMDs in use in the United States has been steadily increasing as new technologies emerge and improve. Attend this Black Hat USA Briefing for an expert rundown of why they threaten the security of protected data, as well as a series of technical and policy mitigations for these devices that balance the constraints of medical necessity and security.

For more details on these cutting-edge Briefings and many more, check out the Black Hat USA Briefings schedule.

Register now for this year's fully virtual Black Hat USA, still scheduled to take place August 1–6, and get more information about the event on the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31607
PUBLISHED: 2021-04-23
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function...
CVE-2021-31597
PUBLISHED: 2021-04-23
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
CVE-2021-2296
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2297
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2298
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...