Checklist 342: Cyberattacks, Moonshots, and HIPAA

BlackBerry’s Cybersecurity Solutions Block Over 1.5 Million Malware Attacks Targeting Key Industries

BlackBerry, once famous for its smartphones, has successfully transformed itself into a leader in cybersecurity solutions, shielding critical sectors from a barrage of cyberattacks. Recent data reveals that BlackBerry’s AI-powered endpoint protection system thwarted a staggering 1,578,733 malware-based cyberattacks between December 2022 and February 2023.

While BlackBerry may no longer dominate the smartphone market, it has emerged as a vital player in the realm of cybersecurity, focusing on “enterprise security solutions and operating systems for cars.”

BlackBerry maintains its prominence in the cybersecurity sphere by being widely recognized as a security leader, especially in highly regulated sectors like finance and government.

The Hacker News report highlights the industries targeted most during the mentioned three-month period, with financial institutions, healthcare services, and food retailers topping the list.

The healthcare industry faced a substantial onslaught, with 93,000 blocked attacks during the period. BlackBerry’s technology neutralized an average of 59 previously undetected malware variants per day, totaling 5,246 unique samples used against healthcare.

The article raises concerns about the growing cyber threats, emphasizing the need for proactive measures beyond BlackBerry’s efforts. Suggestions are made for organizations, and it hints at potential roles for government agencies like the Advanced Research Projects Agency for Health (ARPA-H).

In an era where cybersecurity is paramount, BlackBerry’s transformation and its pivotal role in safeguarding critical industries against cyberattacks highlight the evolving landscape of tech companies and the ever-growing need for digital security.

ARPA-H Launches Cybersecurity Initiative for Healthcare Systems

Advanced Research Projects Agency for Health (ARPA-H), a relatively unknown organization, has been working on a cybersecurity initiative for US healthcare systems.

ARPA-H, also known as the Advanced Research Projects Agency for Health, was established under the US Department of Health and Human Services just over a year ago. Their initiative to enhance cybersecurity in healthcare systems is set to conclude on Thursday, September 7, according to a report by Wired via Ars Technica.

ARPA-H’s project aimed to identify and financially support the development of cybersecurity technologies tailored for US healthcare infrastructure. They called upon researchers and technologists to submit proposals for cybersecurity tools specifically designed for healthcare systems, hospitals, clinics, and health-related devices.

ARPA-H’s objective is to find innovative and cost-effective solutions to enhance cybersecurity in the healthcare sector. The program manager, Andrew Carney, stressed the need for rapid progress in digital defense tools for healthcare, emphasizing the importance of solutions that can be adopted by medical facilities of all sizes, including those with limited IT resources or security budgets.

The initiative, also known as the Digital Health Security project or Digiheals, is not limited to conventional cybersecurity approaches. While they seek submissions related to vulnerability detection, software hardening, system patching, and security protocol development, ARPA-H is open to unconventional and novel ideas.

ARPA-H is determined to cast a wide net and encourage a variety of innovative solutions, regardless of their origin or category. They are willing to adjust their process to accommodate unique ideas, even if they do not neatly align with the project’s initial guidelines.

Despite the enormity of the challenge, ARPA-H maintains an optimistic and ambitious approach, likening their mission to a “moonshot.” They believe that solving complex problems requires bold and inventive solutions, and they are committed to making progress in healthcare cybersecurity.

ARPA-H’s initiative seeks to revolutionize cybersecurity in US healthcare systems by fostering innovation and inclusivity. While the challenges are significant, their moonshot mentality reflects a determination to find effective and accessible solutions for healthcare security.

Healthcare Data Security and HIPAA

In a recent Wired article titled “What Doctors Wish You Knew About HIPAA and Data Security,” Julie Charnet, a health care writer specializing in neuro-health, sheds light on critical issues surrounding healthcare data security and the Health Insurance Portability and Accountability Act (HIPAA). The article emphasizes that safeguarding sensitive health information largely falls on individuals.

HIPAA, enacted in 1996, was designed to establish national standards for protecting patient health information with patient consent. However, it is essential to clarify that HIPAA does not act as an invisibility cloak. It regulates how healthcare entities handle patient data but does not extend to consumer-generated data or how patients manage their medical information, such as sharing it over public Wi-Fi.

Chesapeake Regional Information System for Patients, a non-profit health information exchange in the US, highlights that consumer-generated health data remains unprotected. The federal government does not regulate the data itself, but rather its handling by covered entities like medical offices and hospitals.

However, there are exceptions. The Health app data Share with Provider HIPAA Business Associate Agreement covers data shared through Apple’s Health app with participating healthcare providers. Still, many other health-related apps and devices, like wearable trackers, are not HIPAA-regulated.

To protect health information, individuals should use the secure portals provided by healthcare providers for data storage and transmission, rather than emailing sensitive information. Additionally, individuals should exercise caution when sharing data with healthcare providers on social media platforms, as these interactions are not covered by HIPAA.

Reading privacy policies and settings, understanding data storage and sharing practices, and employing two-factor or multi-factor authentication can also enhance data protection. By taking these precautions, individuals can play an active role in securing their health information in an increasingly digital healthcare landscape.