2 Minute Drill: LockBit Takedown and Cybersecurity Urgencies: Navigating New Threats
Episode 822nd February 2024 • This Week Health: Newsroom • This Week Health
00:00:00 00:03:46

Transcripts

  Hey everyone, I'm Drex, and this is the two and a half minute drill. We do at least three security stories at least two times a week, all part of one great community, the 229 Cyber and Risk Community here at This Week Health. I try to make this a mostly English, mostly non technical update, and sometimes that means I have to take a minute to explain some of the terms I use, but that also means it's okay to share it with everyone in your organization.

Here's some stuff you might want to know about. A couple of days ago, there were virtual parades and cyber pros around the world were celebrating the takedown of the LockBit King, a pack of cyber thugs with a ransomware affiliate model called Ransomware as a Service that lowered the barrier to entry for bad guys who wanted to get into the cybercriming business.

In a fast and easy way, LockBit was responsible for a significant number of ransomware events around the world, including many healthcare organizations. Authorities say they acquired so much information in the takedown that it's going to take them a long time to analyze everything they were able to put their hands on, which also happens to be a large number of decryption keys.

But about the time everybody got home from the LockBit takedown after parties, my signal and text messages started to blow up with news of the cyber event going on with Optum and Change Healthcare. To their credit, they announced that once they became aware of the outside threat, they disconnected their systems.

But I also know that a lot of you disconnected from Change Healthcare to protect your organizations. And that action undoubtedly disrupted a bunch of business and clinical operations in your organizations. There's More news coming out slowly from OptumChange on what systems were affected, but you should probably expect that they won't want to put a lot into writing until they have this figured out.

So more to come on that story for sure. And by the way, my gut tells me you'll get a lot of pressure from your business leaders in the organization to reconnect to change sooner than you feel comfortable given the situation. So if you're not already talking about what your levels of acceptable risk are before you reconnect, you should probably start that conversation now to get ahead of the organizational politics.

The third story, oh no, there's another story. Yeah, there's another story. This one's about a product called ConnectWise, which is a piece of software that's used by managed IT providers to do real time technical support for systems that might be inside your healthcare organization or any one of a million other small businesses.

The flaw that was found is very high risk. It's a super high risk vulnerability, apparently. It's so high risk that one cyber executive said, Quote, I can't sugarcoat it, this is bad. So bad, we might be on the cusp of a ransomware free for all. The takeaway here is that it's probably time to poll all your third party partners about whether or not they use ConnectWise and their patch status and what they're doing to inspect their third party partners for ConnectWise.

Everything is connected to everything else these days, and that's good. So it's been an interesting couple of days. To say the least, I dropped these stories and a whole bunch more at ThisWeekHealth. com slash news. Go there and read, learn, and share. Uh, I'm headed to Vive in L. A. next week. I'd love to catch up with you.

Drop me a note at DrexitThisWeekHealth. com and check out the 229 cyber risk community at ThisWeekHealth. com slash security. Please like and share this post and tag your friends. And that's it for today's two and a half minute drill. Stay a little paranoid. And I'll see you around VIVE.

Chapters

Video

More from YouTube