2 Minute Drill: Navigating Cyber Threats in Healthcare: The Latest Updates
Episode 1910th April 2024 • This Week Health: Newsroom • This Week Health
00:00:00 00:04:37

Transcripts

  Hey everyone. I'm Drex and this is the Two Minute Drill brought to you exclusively by our partner. Order, the Connected Asset Visibility and Security Company. If you've not had a chance yet, check 'em out at this week. health.com/order. That's ORDR this week. health.com/order On the two minute drill, we do at least three stories at least two times a week.

All part of one great community, the 2 29 Cyber and Risk community here at this week. Health, thanks for being with me. Here's some stuff you might want to know about. I hate to say I told you so, but back on March 5th, two minute drill, I talked about the situation with the cyber terrorists who had ransom to change healthcare.

Just a quick refresher, the senior partner in this cyber crime is a ransomware as a service gang called Alpha VAKA Black Cat, and the junior partner. We now believe as an organization known as Ransom Hub, working together Black Cap provided the ransomware tools to ransom hub. to stick up the folks at Change Healthcare.

Allegedly then, Change paid 22 million dollars in Bitcoin to Ransomhub. That Bitcoin was then stolen from the Ransomhub account by the senior partner in the deal, Black Cat, who apparently wanted all the money and not just the smaller cut they'd normally get for providing the tools to do the crime. So at that point, the cyber gang Ransomhub was left with no money.

But they apparently did have a ton of data they'd stolen during the crime, information on military families, and other big partners of Change Healthcare. So, what do you think happened next? Ransomware Hub has gone back to the victim, Change Healthcare, one that's clearly willing to pay and ask for more money in exchange for not selling the data they have on the dark web.

It looks like, one way or another, the Ransom Hub gang is gonna get their payday. Point being this, only you and your organization know whether or not you should pay the ransom when you get held up by cyber thugs. But know that if you do pay, odds go way up that they'll come back. Remember, they don't care about you or patients or families.

They only care about the money. Take it from somebody who knows. There's a good article in Health Leaders, written by the CEO of Scripps Health, Chris Van Gorder. Chris does a solid commentary on the challenges we face in healthcare cybersecurity. You absolutely should read this one. It's titled, Four Ways Forward in the Aftermath of the Change Healthcare Attack.

In fact, it's the kind of thing I'd consider adding to my next board presentation. Maybe just slip a copy into the board book. Thanks to Chris for being so transparent about the cyber attack there. You're setting a good example for others trying to make healthcare better. And finally, just in case you need something new to worry about, there's this thing that cybersecurity people use called the National Vulnerability Database.

It's a repository that has All the current reported vulnerabilities for hardware and software and explains the problem and gives each one a risk score. The higher the score, the more urgent it is for an organization to update or patch that system. Except that apparently it's way out of date. And apparently the problem is there's so many new vulnerabilities in our systems and they're being found and reported so quickly that it's overwhelming the resources we've counted on to build this National Vulnerability Database.

In fact, it's overwhelming the entire Common Vulnerability and Exposure, or CVE, process. They're working on it, of course, and there may be other ways around these challenges, but it's good for everyone to understand how fast and furious these new announcements about vulnerabilities are coming at your technology teams.

It's just one of a hundred fastballs being thrown at them right now. If you want to know more about this, there's a really great story in Security Week. And the great thing is you don't have to look up all these stories. I post them all at thisweekhealth. com slash news. It's a great way to start your morning or do a quick check in during the day.

Helps you stay up to date on all the industry news. Thanks again to our partner, ORDER, the exclusive sponsor of the Two Minute Drill and their latest product, ORDER AI Chasm. It's in the AWS store now. You can find the Two Minute Drill now wherever you get your podcasts. Just search for This Week Health Newsroom.

There's a collection of great shows in there you also might be interested in. And that's it for the Two Minute Drill. Thanks for listening. Stay a little paranoid. I'll see you around campus.

Chapters

Video

More from YouTube