In this episode of the Two and a Half Minute Drill, Drex delves into the evolving drama surrounding Change Healthcare's encounter with ransomware, including the complexities of ransom payments and the treacherous landscape of ransomware as a service models. Amidst the backdrop of the Change Cyber event, two critical developments in cybersecurity went under the radar: the release of NIST’s Cybersecurity Framework Version 2.0, introducing a new focus on governance, and the Health Sector Coordinating Council's unveiling of their five-year plan. These pivotal updates offer guidance and structure for bolstering cybersecurity defenses in healthcare and beyond. Drex also contemplates the implications of ransom payments in healthcare, emphasizing the industry's vulnerability to cybercrime. Join the conversation on combating these threats and share with your network to spread awareness and fortify our collective defense.
Contributions & Community:
Become part of the conversation and help shape future episodes by contributing stories and insights. Visit thisweekhealth.com/news and click on "Become a Contributor."
Stay Connected:
Don't miss out on our upcoming episodes focused on hacking healthcare. Follow our podcast, like and share this post to spread the word, and join the new 229 cyber and risk community for more in-depth discussions and resources.
Stay Informed, Stay Secure:
Visit thisweekhealth.com/security for more information and resources to bolster your cybersecurity knowledge and defenses.
Remember, Stay a little paranoid.
Hey everyone, I'm Drexan. This is the two and a half minute drill. We do at least three security stories at least two times a week. All for one great community, the 229 Cyber and Risk Community here at This Week Health. I try to make this a mostly English, mostly non technical update. That means it's okay to share it with everyone in your organization.
Here's some stuff you might want to know about. The news from Change Healthcare appears to get more drama ish as reports start to flow that perhaps there's been a ransomware payment made to the Ransomware as a Service affiliate partner of Black Cat, a. k. a. AlfV. The cyber thugs responsible for the attack.
And to make it even more complicated, it now appears that Black Cat themselves then stole all the Bitcoin from the affiliates wallet before shutting down their own servers. Maybe as part of an exit scam. There's really no honor amongst thieves. And by the way, change has no comment on these reports.
There's a lot more about this innovative ransomware as a service model in plain English. In Friday, March 1st, two and a half minute drill. Now here's a couple of other stories that didn't get the attention they deserved while we were all distracted by the Change Cyber event and the VIVE conference last week.
First, the National Institute of Standards and Technology, or NIST, released version 2. 0 of their cybersecurity framework. Most, if not all, health systems and a number of other organizations have built their cyber programs based on the framework. It has a Whole new section on governance, which is focused on how to organize and make good decisions about security strategy.
And second, the Health Sector Coordinating Council released their five year plan. I did a first episode of Unhack the Podcast with HSCC Executive Director Greg Garcia last week prior to the release of the five year plan at Vive. Totally worth the read. Go check it out. Before I stop, let me go back to the Change Healthcare Alleged Ransomware Payment story.
I can only imagine what kind of effect this payment thing is going to have to motivate cyber thugs to attack healthcare organizations. The one thing to remember about all of this is this. To cybercrime organizations, Your organization is an ATM. They don't care about your hospital or you or patients or families.
And if that makes you mad, good. Join the club. There's so much more going on in cyber right now. I drop all of these stories here and a whole bunch more at ThisWeekHealth. com slash news. Go there and read and learn and share. And I'm headed to the HEMS conference next week. I'd love to catch up with you in person.
Drop me a note at DrexitThisWeekHealth. com and check out the 229 cyber risk community at ThisWeekHealth. com slash security. Please like and share this post, tag your friends, and that's it. for today's two and a half minute drill, mostly on time today. Stay a little paranoid. I'll see you around, Hems.