Drex covers in-depth look at the ongoing ransomware attack on Kettering Health, attributed to the Interlock gang known for double extortion tactics - stealing data before encrypting systems. The health system demonstrates exemplary crisis communication while maintaining operations and warning patients about related scams. Next, the Scattered Spider cybercriminal group shifts focus to European retail, using social engineering tactics and freelancer networks to target help desks and employees for credential theft. Finally, a massive data scraping incident exposes 1.2 billion Facebook records on dark web marketplaces, including names, emails, birthdays, and phone numbers. Essential updates for healthcare security professionals navigating today's threat landscape.
Remember, Stay a Little Paranoid
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Hey everyone. I'm Drex and this is the two minute drill where I cover three hot security stories twice a week. All part of the 2 29 Project. Cyber and Risk community here at this week. Health, uh, you can join that community.. I'll keep you posted on the latest webinars and podcasts and other inside baseball stuff.
Plus I'll let you know where we'll be as Sarah and Bill and I barnstorm the country on our 2 29 Project City tour dinners and summits and so it's easy to stay in the know. Just go to this week, health.com/security and click on the join the community button to sign up. Today's episode is brought to you by Google.
Health Systems are lowering cost and boosting endpoint security with Chrome OS devices paired with Chrome Enterprise, A secure browser that's trusted by billions of users. So now there's a better way for healthcare teams to work safely on the web. Learn more or schedule some time with the Google Healthcare team at this week, health.com/chromeos.
Good to see everyone today. Here's some stuff you might want to know about. First thing up today. Let me give you a quick update on the ransomware event that's happening at Kettering Health. So first, if you want the latest, go to kettering health.org and bravo on the way. They've been super transparent about everything that's happening there.
They're posting regular updates. And if you want lessen on how to handle communications with the public in the middle of a crisis, it seems like it's gonna be a pretty solid example. Uh, the hospital remains open. The eds are apparently accepting patients, uh, teams are working on downtime procedures, the investigation on the cyber incidents and high gear.
They're doing everything they can to bring their systems back online. I'm sure it looks like the dirt bags attacking Kettering. Are a cyber gang that go by the name interlock. And if that turns out to be true, they have a history of double extortion, meaning they first steal data and then they encrypt the files with ransomware.
So even if the health, if the health system finds a way to overcome the ransomware, they're still faced with interlock, making a second ransom demand to delete the data that may have stolen. Interlock was behind several recent ransomware events, including DaVita and Brockton, uh, neighborhood Health Center in Massachusetts and Texas Tech, university Health Science Center, and several others about 16.
Uh, as far as we can count as a side note. I think this is a pro move by leader by the leadership team at Kettering. As a side note, the health system has sent a message to all their patients, alerting them to a scam that may be tied to this event. The scammers are calling patients and telling them they need to make credit card payments for outstanding medical bills.
Kettering says that in the near term, they've announced this to the public. They'll stop making any phone calls about arranging any payments over the phone. Here's something I know at least some of you know cyber thugs who carry the spider moniker as an identifier. Those names are given to cyber criminals by good guy cyber investigators who are constantly analyzing those gangs to understand their tactics.
Spiders are not directly nation state sponsored. They often work together or they operate like a bunch of high tech corporations. They're in the hacking business purely for the money that's their primary motivator. Well, one of those gangs scattered spider are now on a bit of a tear across Europe and it, it may g be just a matter of time before they start victimizing US organizations again, I.
Cyber analysts say that scattered spider typically focuses on one region at a time, and they may rotate through various industries. They seem to connect the dots moving from one organization to the next. And right now they're mostly focused on European retail. They also work with freelancers. Using kind of a bounty system to call help desks or your employees directly social engineer them and try to get their access credentials.
So it may be a good time to reengage your security partners for an update on scattered spiders tactics. And the final story today, if you're still using Facebook, it's being reported. A massive 1.2 billion records have been scraped from that platform. Somebody figured out how to manipulate one of Facebook's APIs and bam, just like that, your data's for sale, again, on dark web data leak sites.
This isn't the first time this has happened to Facebook, so some of the data included in those 1.2 billion records may be old. But it still includes info like name, and email address, and birthday and phone number. You get it. So keep your head on a swivel. More on all those stories and a lot of other healthcare innovation, tech and security news at our news site this week.
health.com/news. Today's two minute drill was brought to you by Google. You can keep your patient data safe and reduce the burden on IT operations staff and create a better clinician experience all with one platform. Google Chrome OS with Chrome Enterprise. Find out how by scheduling a chat today. Go to this week, health.com/chrome os.
That's it for today's two minute drill. Thanks for being here. I'll see you tomorrow on the two minute drill. Extra. It's gonna be right here. Stay a little paranoid and I'll see you around campus.