2 Minute Drill: Cyber Threats in Healthcare: Staying Ahead of the Game
Episode 188th April 2024 • This Week Health: Newsroom • This Week Health
00:00:00 00:03:39

Transcripts

  Hey everyone, I'm Drex, and this is The Two Minute Drill, brought to you exclusively by our partner Order, the connected asset visibility and security company. Check out their latest product, Order Chasm, in the AWS store now. On The Two Minute Drill, we do at least three stories, at least two times a week, all part of one great community, the 229 Cyber and Risk community here at This Week Health.

Thanks for being with me today. Here's some stuff you might want to know about. Warnings have been issued by the Health Sector Cyber Coordination Center about a social engineering campaign that targets IT help desks. Cyber criminals are leveraging stolen data they've purchased from the dark web to pose as legitimate healthcare organization employees.

The stolen info allows them to answer the questions, the challenge questions. that helpdesk asks as part of the process to reset passwords or enroll a new device for multi factor authentication. Once that's done, the criminal has access to the user's account, can do all kinds of nasty stuff like divert your payroll check to a different account, and a whole lot of other potential damage to the organization itself.

If you haven't updated your help desk processes for password resets or new MFA registration, now's a good time. And there are some good suggestions in the article I've posted from the HIPAA Journal. The Health Information Sharing and Analysis Center, or HISAC, has published its annual report. And it's a doozy in a good way.

The HISAC report's theme is resiliency, and I love that word. It's a critical point I've made in most of the presentations I've done over the last couple of years. So grab a copy of the report. It's easy to read, and if your organization hasn't already joined the HISAC, you should. They have great board members, and they do amazing work.

There's a bunch of stories with a fairly technical flavor that I can't get into here, but from a headline perspective, Microsoft is having problems with the Department of Homeland Security, or security failures involving both the Russians and the Chinese. That's a story worth reading in the record. And there's a pretty interesting story, a detective mystery kind of read in Wired Magazine about an increasingly common hacking technique where the bad guy hides malicious code inside a legitimate program.

In this case, it's a hacker that goes by the name of Jai Tan, and the story is about the long game he played to add a backdoor to a utility, a compression program called XLUtils. Now, he didn't get away with it. See, the utility is open source code, and that's the kind of computer code that's often used by lots of companies all over the world inside their products.

Products companies sell as commercial software, and has this kind of open source code running inside. In other words, we kind of dodged a bullet. If it hadn't been caught, these backdoors could be running in millions of computers all over the internet today. There's also several stories about cyber incidents or updates on recent incidents at healthcare organizations across the country.

You can find all these stories and a bunch more at ThisWeekHealth. com slash news. That's a great way to start your morning or do a quick check in during the day to stay up to date on all the latest HIT news. Thanks again to our partner ORDR, the exclusive sponsor of the 2 Minute Drill. Find out all the good stuff they're doing at thisweekhealth.

com slash ORDR. That's O R D R, thisweekhealth. com slash ORDR. And that's it for the 2 Minute Drill. Thanks for listening. Stay a little paranoid. I'll see you around campus.

Chapters

Video

More from YouTube