This Week Health

Don't forget to subscribe!

In this episode of the 2 Minute Drill, Drex highlights crucial cybersecurity updates impacting the healthcare sector. Key points include a social engineering campaign targeting IT help desks, suggestions from the HIPAA Journal for updating security processes, insights from the HISAC annual report on resiliency, and notable cybersecurity incidents, including a foiled attempt to insert a backdoor into widely-used compression software. Sponsored by ORDR, this episode is a must-listen for staying informed on healthcare IT risks and defenses.

Contributions & Community:

Become part of the conversation and help shape future episodes by contributing stories and insights. Visit thisweekhealth.com/news and click on "Become a Contributor."

Stay Connected:

Don't miss out on our upcoming episodes focused on hacking healthcare. Follow our podcast, like and share this post to spread the word, and join the new 229 cyber and risk community for more in-depth discussions and resources.

Stay Informed, Stay Secure:

Visit thisweekhealth.com/security for more information and resources to bolster your cybersecurity knowledge and defenses.

Remember, Stay a little paranoid.

Transcript

  Hey everyone, I'm Drex, and this is The Two Minute Drill, brought to you exclusively by our partner Order, the connected asset visibility and security company. Check out their latest product, Order Chasm, in the AWS store now. On The Two Minute Drill, we do at least three stories, at least two times a week, all part of one great community, the 229 Cyber and Risk community here at This Week Health.

Thanks for being with me today. Here's some stuff you might want to know about. Warnings have been issued by the Health Sector Cyber Coordination Center about a social engineering campaign that targets IT help desks. Cyber criminals are leveraging stolen data they've purchased from the dark web to pose as legitimate healthcare organization employees.

The stolen info allows them to answer the questions, the challenge questions. that helpdesk asks as part of the process to reset passwords or enroll a new device for multi factor authentication. Once that's done, the criminal has access to the user's account, can do all kinds of nasty stuff like divert your payroll check to a different account, and a whole lot of other potential damage to the organization itself.

If you haven't updated your help desk processes for password resets or new MFA registration, now's a good time. And there are some good suggestions in the article I've posted from the HIPAA Journal. The Health Information Sharing and Analysis Center, or HISAC, has published its annual report. And it's a doozy in a good way.

The HISAC report's theme is resiliency, and I love that word. It's a critical point I've made in most of the presentations I've done over the last couple of years. So grab a copy of the report. It's easy to read, and if your organization hasn't already joined the HISAC, you should. They have great board members, and they do amazing work.

There's a bunch of stories with a fairly technical flavor that I can't get into here, but from a headline perspective, Microsoft is having problems with the Department of Homeland Security, or security failures involving both the Russians and the Chinese. That's a story worth reading in the record. And there's a pretty interesting story, a detective mystery kind of read in Wired Magazine about an increasingly common hacking technique where the bad guy hides malicious code inside a legitimate program.

In this case, it's a hacker that goes by the name of Jai Tan, and the story is about the long game he played to add a backdoor to a utility, a compression program called XLUtils. Now, he didn't get away with it. See, the utility is open source code, and that's the kind of computer code that's often used by lots of companies all over the world inside their products.

Products companies sell as commercial software, and has this kind of open source code running inside. In other words, we kind of dodged a bullet. If it hadn't been caught, these backdoors could be running in millions of computers all over the internet today. There's also several stories about cyber incidents or updates on recent incidents at healthcare organizations across the country.

You can find all these stories and a bunch more at ThisWeekHealth. com slash news. That's a great way to start your morning or do a quick check in during the day to stay up to date on all the latest HIT news. Thanks again to our partner ORDR, the exclusive sponsor of the 2 Minute Drill. Find out all the good stuff they're doing at thisweekhealth.

com slash ORDR. That's O R D R, thisweekhealth. com slash ORDR. And that's it for the 2 Minute Drill. Thanks for listening. Stay a little paranoid. I'll see you around campus.

2 Minute Drill is Sponsored By

Our Shows

Today In Health IT with Bill Russell

Related Content

1 2 3 277
Healthcare Transformation Powered by Community

© Copyright 2024 Health Lyrics All rights reserved