Drex dives into Microsofts newest released patches for 79 vulnerabilities in Windows, including fixes for a significant flaw affecting Windows 10. Drex also highlights a major data exposure incident involving Confidant Health, where 5.3 terabytes of patient data were leaked due to a misconfigured server. Lastly, he introduces CISA's new breach reporting portal designed to enhance collaboration and incident management.
Remember, Stay a little paranoid.
Subscribe: https://www.thisweekhealth.com/subscribe/
Linkedin: https://www.linkedin.com/company/ThisWeekHealth
Twitter: https://twitter.com/thisweekhealth
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer - https://www.alexslemonade.org/mypage/3173454
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Hey everyone, I'm Drex and this is the Two Minute Drill, where I do three quick stories twice a week, all part of one great community, the 229 Cyber and Risk Community here at This Week Health. Today's drill is brought to you by Fortified Health Security. No matter where you're at in your cybersecurity journey, Fortified can help you improve your security posture through their 24 7 threat defense services, as or advisory solutions delivered through Central Command, a first of its kind platform that simplifies cybersecurity management and provides the visibility you need to mature your program.
Learn more at fortifiedhealthsecurity. com. Thanks for joining me today. Here's some stuff you might want to know about. If you read one cyber article today, it should be the Krabs on security article about how Microsoft just released updates for 79 security vulnerabilities in Windows operating systems, including flaws that were already showing up in active attacks.
They've also corrected a bug that caused some Windows 10 machines to remain dangerously unpatched against actively exploited vulnerabilities for the past several months. There's some technical detail, all the CVE references are included, and for good measure, they also banged the drum again on Microsoft Recall.
Remember that new AI feature that's part of Microsoft Copilot that constantly takes screenshots of your work so that you can more easily recall your previous work? Well, all the stuff you thought you knew about how Microsoft Recall works, that's probably not true. What you think, you know, go read this article.
It's on thisweekhealth. com slash news and the, Oh crap. We didn't mean to do that. Category today is a story on hack read about a healthcare AI company. And I'm unsure if it's pronounced. confidant health or confidant health. Through a non password protected misconfigured server, about 5. 3 terabytes of patient data was exposed.
The company provides a wide range of mental health and addiction treatment services, including alcohol rehab and, uh, Opioid Withdrawal Management and Telehealth Addiction Recovery. Uh, they have an app that has over 100, 000 downloads. The exposed data includes mental health assessments and medical records and audio and video recordings and more.
Of course, they've fixed the problem now. It's unsure if the database was managed by them or by a third party and nobody seems to know for sure how long the data involved was exposed without protections. This is the point at which I probably say all the buzzwords like third party risk management program and strong cyber contract language with your telehealth partners.
And since I'm not sure if this was something that was in the cloud or in an on premise data center, let me also talk about how often cloud instances are accidentally misconfigured and exposed, and how sometimes the absolutely brilliant folks Who are great at managing your on premise servers sometimes have a lot to learn as your organization embraces the cloud.
So, you know, trust, but verify, uh, there are some really great tools that constantly monitor for indicators of misconfiguration in the cloud. And now might be a good time to think about adding that kind of a tool to your Batman utility belt. The last headline today is a quick one. CISA has now launched its breach reporting portal.
The portal is voluntary for now and it provides the ability to save and update incident reports and share reports with colleagues and have discussions with CISA. The idea behind the portal is collaboration and information sharing. Love that. CISA says that they and other government partners can bring to bear resources to aid in response and recovery, but If they don't know about an incident, they can't really help.
You can take a look at the new portal at myservices. cisa. gov. And as always, all the details on all these stories are available at thisweekhealth. com slash news. Thanks again to our two minute drill sponsor, healthcare cyber partner, Fortified Health Security with a 98 percent client retention rate and three consecutive best in class awards.
Fortified's exclusive focus on healthcare cybersecurity makes them the go to partner for healthcare organizations wanting to strengthen their security posture. Find out more at fortifiedhealthsecurity. com. That's it for today's two minute drill. Thanks for being here. Stay a little paranoid. I'll see you around campus.