This Week Health
2 Minute Drill: Oracle Cloud Breach Allegations & 23andMe's Bankruptcy with Drex DeFord

Subscribe to This Week Health

Share this episode

Drex covers reports of an alleged Oracle Cloud security incident affecting login infrastructure with over 6 million records at risk across 140,000 tenants (though Oracle denies any breach), and 23andMe's bankruptcy filing. Security recommendations include rotating credentials, resetting passwords for Oracle Cloud users, and downloading then deleting personal genetic data from 23andMe as a precautionary measure.

Remember, Stay a Little Paranoid 

X: This Week Health 

LinkedIn: This Week Health 

Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

Transcript

 This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Hey everyone. I'm Drex, and this is the two minute Drill where I cover three hot security stories twice a week. All part of the cyber and Risk community here at the 2 29 Project and this week, health, today's two minute drill is brought to you by Intraprise Health, a health catalyst company. It turns out you can reduce the time and effort needed for third party risk assessments by up to 50% using Intraprise Health's Blueprint Gen AI technology security compliance.

And peace of mind. Find out more@Intraprisehealth.com. Great to see you today. Here's some stuff you might wanna know about during the annual HIMSS conference. I got my first tip that maybe there was something going on at Oracle. I. First there was a text, then there was a call from a healthcare exec friend of mine, and the initial message was that there was something odd going on, but everyone was really tight-lipped about it.

I did a web search. I came up empty. Then I found some chatter on Reddit. Well, on Monday. And after a bunch of other calls on Monday, several news outlets including CISO Online and Bleeping computer and others are reporting that a threat actor has targeted the log on infrastructure of Oracle Cloud and is now allegedly holding more than 6 million records across 140,000 tenant.

Oracle denies this happens, saying that there is no breach of the Oracle Cloud, and that the credentials are not for Oracle Cloud, and that no Oracle Cloud customers have experienced any loss of data. The threat actors have reportedly asked for ransom, not only from Oracle, but from the victims across those 140,000 tenants.

Uh, so far everyone's refused to pay as far as we know, and the bad guys are now listing the stolen records online via the dark web. They're willing to trade that data for zero day exploits that they can use later, or for straight up cryptocurrency payments. To be clear, these are not medical records, but they're sensitive log on and identity components allegedly pulled from Oracle SSO tools and include things like encrypted passwords and key files and other files that are critical for authentication and access control within the Oracle Cloud environment.

Again. Not confirmed, but worrisome enough to tell you that it's probably a good idea to rotate credentials and reset passwords, especially for administrator accounts that have broader access. To the Oracle Cloud components, and don't forget about certificates. Also Clouds Stack who's done its own investigation into the claim, and all of the data has created an online tool for organizations to check to see if their Oracle Cloud instance might've been affected by the alleged breach.

There are three stories with a bunch of technical details and other defensive suggestions on the news site. That seems like it should be an effort today, but there's one more thing you should probably know about. 23 and Me has now officially filed for bankruptcy protection. This has felt like it was inevitable for a while.

I've talked about the challenges with genetic data and privacy on the two minute drill. More than a couple of times over the past few months, the CEO has now stepped down, but will remain on the board, uh, being a little paranoid. If you've ever participated in 23 and Me and that includes me, this is probably a good time to consider downloading your data and then deleting it from their website.

There's a story with instructions on how to do that exactly where you would expect it to be. On one of healthcare's fastest growing news sites this week. health.com/news. Today's two minute drill was brought to you by Intraprise Health, a health catalyst company, Intraprise Blueprint centralizes, privacy and security, and third party risk management, all on a single scalable platform helping you identify, prioritize, and address your risk across your healthcare system.

Check it out now@Intraprisehealth.com. That's it for today's two minute drill. Thanks for being here. Stay a little paranoid and I'll see you around campus.

2 Minute Drill is Sponsored By

Our Shows

Related Content

1 2 3 316
Healthcare Transformation Powered by Community

© Copyright 2024 Health Lyrics All rights reserved