2 Minute Drill: Blood Supplier Attack, Delta vs. CrowdStrike, and Cyber Burnout with Drex DeFord
Episode 516th August 2024 • This Week Health: Newsroom • This Week Health
00:00:00 00:04:35

Transcripts

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

  Hey everyone, I'm Drex, and this is the Two Minute Drill, where I do three stories twice a week, all part of one great community, the 229 Cyber and RISC community, here at This Week Health. Today's drill is brought to you by Fortified Health Security. No matter where you're at in your security journey, Fortified can help you improve your security posture.

Through their 24 7 threat defense services, Fortified or advisory solutions delivered through Central Command, a first of its kind platform that simplifies cybersecurity management and provides the visibility you need to mature your program. Learn more at FortifiedHealthSecurity. com. Thanks for joining me today.

Here's some stuff you might want to know about. If you're not from the Southeast, you may not have heard much about the ransomware attack on OneBlood, a nonprofit blood center that serves Florida, Georgia, Alabama, and the Carolinas. The attack disrupted clinical operations at 250 hospitals, and in some cases drove organizations to suspend surgeries and even use expired blood products for some emergencies.

It sounds like they're making progress now in recovering their systems. A similar ransomware attack recently disrupted a London based blood supplier, Synovus, resulting in a massive disruption to care across the UK's National Health Service. Both are examples of third party vendors that are a critical cog in a very interconnected healthcare supply chain.

It's almost like the bad guys are intentionally probing our healthcare system to find individual weak points that, once taken out, cause a cascading impact to healthcare delivery. That's how military operators think, just saying. As you might guess, third party risk, supply chain, and business continuity were all topics for extensive conversation at last week's 229 Cyber Summit, which just so happened to be in Florida.

Speaking of supply chain risk, there's a great article at ThisWeekHealth. com slash news describing the back and forth between CrowdStrike and Delta Air Lines. Delta claims the CrowdStrike incident cost them half a billion dollars or more, and they're suing to recover that cost, making some very public statements in the past week, including hiring a very high profile lawyer to conduct a lawsuit.

CrowdStrike has now returned FHIR, saying Delta created a misleading narrative, and that CrowdStrike will respond aggressively to any litigation, requesting Delta preserve all records documenting its response to the outage, including other IT problems it's had over the past five years. Most airlines were back up and running within a few days, but Delta's outage lasted significantly longer.

I'm betting there were other non CrowdStrike factors contributing to the extended Delta outage. I can only guess as to what those were, and I hope Delta will eventually be as transparent as CrowdStrike has when it comes to explaining any additional complicating factors they might have encountered.

Finally, there's an article in Dark Reading that describes overworked and burned out cyber professionals deciding that there may be a better way to make a living, cybercrime. What often starts out as a side hustle to make a few extra bucks has increasingly become an attractive way to make a living.

Dark web advertisements for cybercrime services. And yes, there's actually job boards with well written ads for specific, great paying roles in cybercrime. Those advertisements are growing like this one looking for a software developer paying 300 an hour. Gartner predicts by next year, up to 25 percent of cyber pros may leave their roles due to the stress involved, which puts even more pressure on the folks that remain.

So CIOs and COOs and CEOs and other execs, if you're not spending a little time checking on your teams, the ones that are keeping you safe, Thanks again to our two minute drill partner, Healthcare Cyber Partner, Fortified Health Security. With a 98 percent client retention rate and three consecutive best in class awards, Fortified's exclusive focus on healthcare cybersecurity makes them the go to partner for healthcare organizations wanting to strengthen their security posture.

Find out more at fortifiedhealthsecurity. com. I'm off to Black Hat for the next couple of days. I'll report back once I return, assuming I make it back. That's it for today's Two Minute Drill. Thanks for being here. Stay a little paranoid. I'll see you around campus.

Chapters

Video

More from YouTube