Hey everyone. I'm Drex and this is the two minute drill where I cover three hot security stories twice a week. All part of the 2 29 Project, cyber and Risk community here at this week. Health Sign Up. I'll keep you posted on all the latest webinars and podcasts and other insider info, including upcoming in-person events like our 2 29 Project City tour dinners and summits, and something new that you're gonna be excited about.

I'll tell you. As soon as I can, it's easy to stay in the know. Go to the sweet health.com/subscribe and sign up for all the latest updates, including our security and risk updates. Great to see everyone today. Here's some stuff you might wanna know about. Okay, here's a story I've been tracking for a while and it's one you might've heard about already.

If you listen to my other shows, UNH Hack the podcast or the UN Fake podcast, it's about a remote worker catfish scheme where North Korea is able to place remote workers into US companies using stolen identities and deep fake technology to pass through the interview process. It's become a pretty massive problem and it seems to continue to grow.

We're talking about more than a hundred American companies that have unknowingly hired North Korean operatives over the past couple of years. North Koreans aren't just looking for a paycheck. They're sometimes stealing source code for. Applications. They're swiping sensitive data and they're funneling millions of dollars back to North Korea to help fund their nuclear weapons program.

Well, it turns out this week the feds arrested a guy in New Jersey who was running several laptop farms. Laptop farms are basically proxy computers that are used and set up to make it look like these North Korean workers are actually sitting in someone's basement in Cleveland instead of. Where they're actually sitting, which is somewhere overseas.

The feds have in fact been in overdrive carrying out searches across 14 different states in an effort to ferret out some of these laptop farmers. They've also indicted a number of others that are involved in this North Korean catfish scheme, but that definitely does not mean that this is over. The bottom line is this is a wake up call for every healthcare organization doing remote hiring.

You might. Think that you're hiring a talented developer from Detroit, but they could be halfway around the world and have very different intentions. It's time to double check those background references and maybe ask yourself, do you really know who's on your payroll and who's using your systems?

Minnesota based medical device company monic was hit with a cyber attack last month that forced them to shut down parts of their IT infrastructure. This is a company that makes those super slick hydrophilic coatings for intravascular devices. You know, the stuff that helps catheters slide through blood vessels without causing trauma.

And as it turns out, there's not a lot of companies that are actually in this business. Well, during the attack or mods, of course, had to go old school, taking systems offline and using alternative methods to accept orders and ship products. I. From a health system perspective, that's a little scary. A critical medical device support supplier had to work around their own systems while divisive manufacturers are waiting for products, and in turn, hospitals are waiting for products and supplies.

They're still analyzing what the bad guys got their hands on, and while they say no company data has been released yet, they're still deep in the investigation stage. The reality is that a lot of these attacks aren't about data anymore. They're about the ripple effect on patient care when the supply chain gets disrupted and in what might be the weirdest twist of the week, the Hunter's International Ransomware gang just announced that they're shutting down and they're gonna offer free descriptors to all their victims.

That's right. The bad guys are having a change of heart, or more likely they're just. Feeling the heat from law enforcement. These are the same folks who went after the Fred Hutch Cancer Center several months ago, threatening to leak data from 800,000 cancer patients. They've also hit almost 300 other organizations worldwide.

Now, they're saying the free decrypts are a gesture of goodwill to help victims recover their data without paying. But here's what's probably really happening. They mentioned recent developments and increased law enforcement scrutiny in their announcement. And translated that probably means that the walls are closing in and that they're trying to rebrand as a data extortion specialist company under the new name.

World Leaks. Just know that when ransomware gangs were retire, they usually come back maybe with a new logo, but always with the same bad intentions. More on all those stories and a lot of other healthcare innovation, tech and security news at this week, health.com/news, and you can find all the security podcasts, including the ones you might've missed at this week.

health.com/on hack. That's it for today's two minute drill. Thanks for being here. Stay a little paranoid and I'll see you around campus.