This Week Health

Don't forget to subscribe!

In this episode of the Two Minute Drill, Drex delves into the recent cyber attacks on Change Healthcare, revealing the tactics of ransomware gangs like Alpha VAKA Black Cat and Ransom Hub. With a ransom of $22 million in Bitcoin and stolen sensitive data at stake, the episode explores the harsh realities of cyber extortion in the healthcare sector. Drex also highlights the outdated National Vulnerability Database and its implications for cybersecurity. Featuring insights from Scripps Health's CEO, Chris Van Gorder, and useful resources for staying updated on cybersecurity trends, this episode is a must-listen for anyone concerned with healthcare security.

Contributions & Community:

Become part of the conversation and help shape future episodes by contributing stories and insights. Visit thisweekhealth.com/news and click on "Become a Contributor."

Stay Connected:

Don't miss out on our upcoming episodes focused on hacking healthcare. Follow our podcast, like and share this post to spread the word, and join the new 229 cyber and risk community for more in-depth discussions and resources.

Stay Informed, Stay Secure:

Visit thisweekhealth.com/security for more information and resources to bolster your cybersecurity knowledge and defenses.

Remember, Stay a little paranoid.

Transcript

  Hey everyone. I'm Drex and this is the Two Minute Drill brought to you exclusively by our partner. Order, the Connected Asset Visibility and Security Company. If you've not had a chance yet, check 'em out at this week. health.com/order. That's ORDR this week. health.com/order On the two minute drill, we do at least three stories at least two times a week.

All part of one great community, the 2 29 Cyber and Risk community here at this week. Health, thanks for being with me. Here's some stuff you might want to know about. I hate to say I told you so, but back on March 5th, two minute drill, I talked about the situation with the cyber terrorists who had ransom to change healthcare.

Just a quick refresher, the senior partner in this cyber crime is a ransomware as a service gang called Alpha VAKA Black Cat, and the junior partner. We now believe as an organization known as Ransom Hub, working together Black Cap provided the ransomware tools to ransom hub. to stick up the folks at Change Healthcare.

Allegedly then, Change paid 22 million dollars in Bitcoin to Ransomhub. That Bitcoin was then stolen from the Ransomhub account by the senior partner in the deal, Black Cat, who apparently wanted all the money and not just the smaller cut they'd normally get for providing the tools to do the crime. So at that point, the cyber gang Ransomhub was left with no money.

But they apparently did have a ton of data they'd stolen during the crime, information on military families, and other big partners of Change Healthcare. So, what do you think happened next? Ransomware Hub has gone back to the victim, Change Healthcare, one that's clearly willing to pay and ask for more money in exchange for not selling the data they have on the dark web.

It looks like, one way or another, the Ransom Hub gang is gonna get their payday. Point being this, only you and your organization know whether or not you should pay the ransom when you get held up by cyber thugs. But know that if you do pay, odds go way up that they'll come back. Remember, they don't care about you or patients or families.

They only care about the money. Take it from somebody who knows. There's a good article in Health Leaders, written by the CEO of Scripps Health, Chris Van Gorder. Chris does a solid commentary on the challenges we face in healthcare cybersecurity. You absolutely should read this one. It's titled, Four Ways Forward in the Aftermath of the Change Healthcare Attack.

In fact, it's the kind of thing I'd consider adding to my next board presentation. Maybe just slip a copy into the board book. Thanks to Chris for being so transparent about the cyber attack there. You're setting a good example for others trying to make healthcare better. And finally, just in case you need something new to worry about, there's this thing that cybersecurity people use called the National Vulnerability Database.

It's a repository that has All the current reported vulnerabilities for hardware and software and explains the problem and gives each one a risk score. The higher the score, the more urgent it is for an organization to update or patch that system. Except that apparently it's way out of date. And apparently the problem is there's so many new vulnerabilities in our systems and they're being found and reported so quickly that it's overwhelming the resources we've counted on to build this National Vulnerability Database.

In fact, it's overwhelming the entire Common Vulnerability and Exposure, or CVE, process. They're working on it, of course, and there may be other ways around these challenges, but it's good for everyone to understand how fast and furious these new announcements about vulnerabilities are coming at your technology teams.

It's just one of a hundred fastballs being thrown at them right now. If you want to know more about this, there's a really great story in Security Week. And the great thing is you don't have to look up all these stories. I post them all at thisweekhealth. com slash news. It's a great way to start your morning or do a quick check in during the day.

Helps you stay up to date on all the industry news. Thanks again to our partner, ORDER, the exclusive sponsor of the Two Minute Drill and their latest product, ORDER AI Chasm. It's in the AWS store now. You can find the Two Minute Drill now wherever you get your podcasts. Just search for This Week Health Newsroom.

There's a collection of great shows in there you also might be interested in. And that's it for the Two Minute Drill. Thanks for listening. Stay a little paranoid. I'll see you around campus.

2 Minute Drill is Sponsored By

Our Shows

Today In Health IT with Bill Russell

Related Content

1 2 3 277
Healthcare Transformation Powered by Community

© Copyright 2024 Health Lyrics All rights reserved