Exchange Breach - How the CIO role in Security is Changing
Episode 479th March 2021 • This Week Health: Newsroom • This Week Health
00:00:00 00:06:22

Transcripts

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Today in Health it, the story is State-sponsored Hacker Infiltrates, Microsoft Exchange. I hope you already know this since it happened last week, but I took a few days off so I'm gonna cover it today and I hope you'll listen through to the so what. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week in Health IT a channel dedicated to keeping health IT staff current.

And engaged. I wanna thank our sponsor for today's Sirius Healthcare. They reached out about this time last year and said, we love what you're doing and really appreciate your mission to develop the next generation of health leaders. The rest is history, really, as they say. If you believe in our mission as they do and want to support the show, please shoot me a note.

At partner at this weekend, health it.com. Alright, here's today's story. You should already know this. As I said earlier, Microsoft has plastered this everywhere as they should. But just in case, let me cover some of the details. I'm grabbing this from a. Bloomberg article, Microsoft Corp is urging customers to download software patches.

After state-sponsored hackers based in China broke into some customer's copies of its software for email contacts and calendar using multiple previously undiscovered flaws. The attackers used the vulnerabilities to hack into exchange. Allowing them to break into email accounts and install malware to facilitate long-term access to victim environments.

Microsoft said Tuesday. Microsoft released patches for the flaws in a blog post announcing the attack. Microsoft has detected multiple zero day exploits being used to attack on premise versions of Microsoft Exchange server in limited and targeted attacks. The blog said previously undiscovered vulnerabilities are known as zero days.

And they are valuable to hackers because there are defenses against them, at least until they are discovered and patches are created. We are sharing the information with our customers and security community to emphasize the critical nature of these vulnerabilities and the importance of patching. The hackers responsible are a group assessed to be state sponsored and operating out of China according to the blog.

They typically target entities in the United States across a number of industries sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs, Chinese foreign ministry spokesman, Wang win bin, said in a regular press briefing Wednesday in Beijing, that conclusions on hacks into Microsoft servers should be based on complete evidence and avoid.

Wanton accusations. There you go. That's the details of what we are talking about. Let me go back over here and let's talk about the so what. All right, so cybersecurity was a priority topic for CEOs at the JP Morgan Healthcare Conference this year, and it is for good reason. We moved from losing people's information to outright corporate espionage and takedowns.

We used to talk about. Things that CIOs had to take care of to keep their job. It was things like uptime system performance, and security was one of those things. But the reality is that there are a lot of cases where there were security breaches and the CIOs have kept their roles and kept their jobs multiple downtimes.

ou know, when we lost data in:

You know, you fast forward to:

The attacks have changed the nature of the attacks. Have changed. They are more aggressive and they will impact not only the patient, but everyone associated with the health system, including the reputation. You know, my so what on this is it used to be enough to hire a great security person. Now it isn't.

The good CIOs will be the quarterback of security initiatives and really strategy. They will be advising the board and the leadership team. This has to be a core competency for every technology leader. The landscape has changed and your approach needs to change as well. That's all for today. If you know of someone that might benefit from our channel, please forward them a note.

They can subscribe on our website this week, health.com, or wherever you listen to podcasts. Apple, Google Overcast, Spotify, Stitcher. You get the picture. We're everywhere. We wanna thank our channel sponsors who are investing in our mission to develop the next generation of health IT leaders, VMware Hillrom, Starbridge Advisors, McAfee and Aruba Networks.

Thanks for listening. That's all for now.

Chapters

Video

More from YouTube