In this episode of the 2-Minute Drill, host Drex covers significant cybersecurity events, including a major security breach impacting millions and the sentencing of a Russian official for corruption linked to cybercrime activities. Discover tips and resources for enhancing your cybersecurity from CISA, and learn about Change Healthcare's data breach implications.
Contributions & Community:
Become part of the conversation and help shape future episodes by contributing stories and insights. Visit thisweekhealth.com/news and click on "Become a Contributor."
Stay Connected:
Don't miss out on our upcoming episodes focused on hacking healthcare. Follow our podcast, like and share this post to spread the word, and join the new 229 cyber and risk community for more in-depth discussions and resources.
Stay Informed, Stay Secure:
Visit thisweekhealth.com/security for more information and resources to bolster your cybersecurity knowledge and defenses.
Remember, Stay a little paranoid.
Hey everyone. I'm Drex and this is the Two Minute Drill brought to you exclusively by our partner. Order the Connected Asset Visibility and Security Company order brings nearly instant visibility to everything on your network with minimal setup time from your team. Find out more at this week, health.com/order.
That's O rdr this week. health.com/order On the two minute drill, we do at least three stories at least two times a week. All part of one right community. The 2 29 Cyber and Risk community here. at This Week Health. I try to keep the discussion mostly non technical and mostly plain English so it's easy to share with your peers.
Uh, thanks for being with me today. Here's some stuff you might want to know about. This is my shocked face because the Russians have sentenced a division head of the Federal Security Service to nearly nine years in a penal colony for accepting nearly two million dollars in bribes to overlook the activities of cybercrime groups doing business in Russia.
In his role as the roof, this Russian official acted as a well placed corrupt law enforcement leader who was able to help the hackers avoid attention from authorities. Or, when necessary, run interference with authorities in the event of their arrest. Ironically, the whole thing fell apart when a group of cyber thugs who specialized in selling stolen credit card numbers were arrested, and the corrupt cop couldn't get the charges dropped, and the thugs ratted him out.
Couldn't happen to a nicer bunch of guys, I'm sure. And of course, it would not be a two minute drill if I didn't talk about change healthcare. United Healthcare Group admits that data for a substantial portion of the American population was likely compromised in the attack on change, meaning this breach notice will likely become the largest ever reported in U.
S. history, with tens of millions of people affected. The HHS Office of Civil Rights has issued a new Frequently Asked Questions, FAQ document, noting that it has not yet received breach reports from Change Healthcare, and as covered entities, healthcare organizations still have their own reporting responsibilities.
So go ahead and read that. You can find that story and the stories that have links to the FAQ at thisweekhealth. com. That's where I post all these stories and a whole bunch more. It's a nice way to start your day because look, it's not always bad news. Okay. Sometimes there's some good news too. Like this story from CyberScoop about a new program that'll be launched by the end of the year, creating automated vulnerability warnings to organizations that are running software.
That has been exploited by ransomware gangs. CISA, and as an aside, I realized yesterday, they really love security. They love it so much. They put it in their name twice. CISA, the Cyber Security and Infrastructure Security Agency, has a pilot running now. And I'm told that in order to get the automated alerts that are part of the new program, you'll need to sign up for CISA's free cyber hygiene scanning tool.
There's about 7, 000 organizations who've signed up for the pilot. That's it. You should go take a look. And actually there's a lot of free stuff you can get from CISA. I spent some time yesterday with one of the regional CISA reps at the health sector coordinating council meeting. And if you haven't connected with your local CISA regional cyber advisor, you should get on that.
Now, nothing's perfect. ultimately really free. I mean, we all pay taxes, but there's a lot they can do to help you. That's no charge to you. Go to sysa. gov and click on the free cyber services button at the top of the page. And that's it for the Two Minute Drill. Thanks again to our partner, Order, the exclusive sponsor of the Two Minute Drill.
You can see them at RSA in May, where you can check out Order AI Chasm for yourself. I appreciate you giving me a little bit of your time today. Stay a little paranoid. I'll see you around campus.