2 Minute Drill: Insider Threats in Healthcare: Employee Recruitment Schemes with Drex DeFord
Apple Podcasts
Questions Answered in This Episode
- How are cyber criminals actively recruiting your employees with financial offers?
- Why do 93% of organizations struggle detecting insider threats versus external attackers?
- What makes skilled admins and engineers your most dangerous insider threat category?
- Can your organization detect an insider attack before serious harm occurs?
- Why do hackers prefer recruiting employees over attempting to breach your systems?
About This Episode
Drex examines the growing insider threat landscape in healthcare cybersecurity. The episode covers CrowdStrike's recent insider incident where screenshots were leaked to cybercriminals, new research showing 93% of organizations struggle to detect insider threats, and the Geisinger Health/Nuance $5 million settlement over improper data access. Drex also reveals how ransomware groups like Medusa are directly recruiting healthcare employees with financial incentives, highlighting that insider threats aren't just malicious employees—they're also your people being actively targeted through phishing and recruitment offers.
Remember, Stay a Little Paranoid
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer
Transcript
Hey everyone. I'm Drexon. This is the two minute drill where I cover some of the hottest security stories in healthcare, all part of the 2 29 project, cyber and risk community here at this week. Health. It's good to see you today. Here's some stuff you might want to know about. In fact, today, let's talk about insider threat stories. CrowdStrike confirmed that a trusted insider took screenshots of internal systems, dashboards, and single sign-on links, and passed them to cyber criminals. No access, no source code. Just enough material that hackers were able to falsely claim that they had breached the CrowdStrike Systems. Cyber Thugs tried to pay $25,000 for access to CrowdStrike systems. But in the end, all the data and all the systems are secure. The offender's been terminated, and law enforcement is now involved also today, a new insider risk report says that 93% of organizations say insiders are as hard or harder to detect than external attackers, and only one in four field confident that they can stop an insider attack before some kind of serious harm actually happens. And another new analysis says that skilled insiders, admins, engineers, analysts, they represent the most dangerous threat categories because they know the systems and they know the processes, and they know the guardrails, and they don't need to break in. They're already inside. Here's some proof of the problem. It turns out that Geisinger Health and Nuance have reached a $5 million settlement over a Nuance Insider who allegedly had continued access to data for days after they had been terminated by nuance. Investigators say that the data accessed included names and addresses and dates of birth and medical record numbers, and blah, blah, blah. Okay. Okay. Just one more example. There's a documented case now where ransomware groups, including Medusa, directly approached employees at BBC offering life-changing money in exchange for valid credentials or MFA approvals. The story includes screenshots of the messages that were going back and forth, and it's not the only case like this. They talk about some others too. It's a good reminder that cyber thugs don't need to hack in if somebody will just open the door for 'em. So when it's all said and done, insider threats aren't just malicious employees. They're employees that are being targeted. Your people are getting phishing emails and they're getting recruitment offers. You might wanna talk about this in your next all hands. That's it for today's two minute drill. Thanks for being here, and I hope you have an amazing Thanksgiving. Stay a little paranoid and I'll see you around campus.
