Today: A CISO Goes to Jail
Episode 2117th October 2022 • This Week Health: Newsroom • This Week Health
00:00:00 00:09:54


Today in health, it. A CSO. Goes to jail. My name is bill Russell. I'm a former CIO for a 16 hospital system and creator of this week health, a set of channels dedicated to keeping health it staff current. And engaged. We want to thank our show sponsors who are investing in developing the next generation of health leaders.

Gordian dynamics, Quill health Taos site nuance, Canon medical, and current health. Check them out at this week. Health. Dot com slash today. If you're a sponsor and you're saying, boy, I want to be a part of that. Go ahead and send a note to partner at this week. We are opening up our sponsorships again. We only do it once a year, so we only talk about it once a year.

And we bring on, , sponsors in January, all new set of sponsors or same set of sponsors. If they renew. So that's, what's going on there. , you may hear the crickets in the background. I am still without internet. In fact, I got a note today. From. Comcast. And they said that the, , internet at my house will likely

For an additional week. So we will see how that plays out. It's kind of hard to do my job without the Regardless. My job is not nearly as hard as the former chief security officer. Of Uber who was convicted of federal charges for covering up a data breach involving millions. Of Uber user records. All right. So a federal jury found Joseph Sullivan, guilty of obstruction of the federal trade commission. And miss.

h an attempted coverup of the:

, by the us attorney. And special , following a four week trial before. , a judge technology companies in order to district of California collect and store vast amounts of data. From users said us attorney Hines. We expect those companies to protect that data and alert customers. And appropriate authorities when such data is stolen by hackers Sullivan.

Affirmatively worked. To hide the date of breach from the federal trade commission. And took steps to prevent the hackers from being caught. We will not tolerate concealment of important information from the public by corporate executives, more interested in protecting their reputation. And that of their employers.

Then in protecting users. Where such conduct violates the federal law. It will be prosecuted. The message in today's guilty verdict is clear companies, storing their customer datas, have a responsibility to protect that data. And do the right thing. When breaches occur said FBI, special agent in charge trip, the FBI and our government partners will not allow road technology, company executives to put American consumers personal information at risk.

cks of Uber databases, one in:

program and practices in May,:

And information regarding Uber's broader data security programs and practices, the evidence at trial demonstrated that Sullivan and his new role as CSO played a central role in Uber's response to the FTC. Specifically Sullivan, supervised Uber's responses. To the FTC questions participated in a presentation to the FTC.

In March of:


tly after learning the Of the:

That they can't let this get out, instructed them that the information needed to be tightly controlled and that the story. Outside of the security group was to be that this investigation does not exist. Sullivan then arranged to pay off the hackers in exchange for them signing a nondisclosure agreement in which the hackers promise not to reveal the hack to anyone.

llars in Bitcoin in December,:

How does a chief information security officer pay? A hundred thousand dollars in Bitcoin. Did they have that level of authority? Two. , make that kind of payment. There's very few people in our health system who had that kind of authority that they could execute a hundred thousand dollar. , wire transfer or especially a Bitcoin payment.

Um, without the CFO, seeing it. So I think the thing that's interesting here to me, there's a couple of things. One is. Um, this is agregious. And every now and then I pull up an agregious story. This is an egregious And one that, , you know, this person should be prosecuted and Uber should be penalized to the full extent.

That they are able to be penalized. This is just a poor behavior in any security professional would tell you it's just horrific behavior. My only question is. Are we getting everybody. The chief information security officer clearly played a role. , how did a hundred thousand dollars in Bitcoin go outside of Uber?

Seems like something I would investigate and try to understand. Um, at least the, , financial practices of Uber, do they, are they normally paying people in Bitcoin? Is that a common practice? Can this person just write a check for a hundred thousand dollars and go into Expensify and expense that a hundred thousand

, you know, expenditure, I, it, it, Something's not right. Um, It just seems like. There there's more at play here, but regardless.

This will become a story. I believe that people will talk about in terms of how do you properly respond. To a hack, no matter what. Information is lost the. Proper way to respond to these things has been spelled out pretty clearly. Bye. The federal agencies that we were to disclose the information to them as quickly as we possibly can, that we were to follow protocol in terms of securing.

, the network and the information that we can, and then cooperating at every turn with the. , investigation. And obviously then letting the users know within the statutory timelines that they need to be told. So the, so what on this is, use your head. , and don't. Get sideways. With the regulation. If the regulation is there for a reason.

And you need to know the regulations. You need to follow the regulations. I don't want anyone who listens to this show. To end up in jail. Seems like a Well, hopefully I'll have my internet back by Monday, makes these shows a lot easier and it will make the recordings I had to cancel this week a little easier.

Um, we will see what happens. That's all for today. If you know someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week. Or wherever you listen to podcasts, apple, Google, overcast, Spotify, Stitcher. You get the picture. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders.

Courtney and dynamics Quill health A site nuance, Canon medical. And 📍 current health, check them out at this week. Health. Dot com slash today. Thanks for listening. That's all for now.



More from YouTube