This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Hey everyone. I'm Drex and this is the two minute drill where I cover three hot security stories twice a week. All part of the 229 Cyber and Risk Community here at this week. Health, today's episode is brought to you by Google. Healthcare Systems are lowering costs and boosting endpoint security with Chrome OS devices.

Paired with Chrome Enterprise, a secure browser that's trusted by billions of users. So now there's a better way for healthcare teams to work safely on the web, learn more, or schedule some time with a Google Healthcare team at this week. health.com/chromeos. By the way, I'm at the HIMSS Southern California meeting today, moderating a panel on cybersecurity in an interconnected world.

So if you're able, stop by. I would love to hang out with you. Good to see everyone today. Here's some stuff you might wanna know about. Two of the issues that we talk about regularly in 2 29 project summits are the challenges with limited resources for cybersecurity and the particular pressure on small, rural and critical access hospitals.

So the health sector coordinating council's new document called On the Edge, the Cybersecurity Health of America's healthcare providers struck a nerve when I read it. On the edge examines how small rural and resource constrained healthcare providers may or in many cases, may not be prepared to deal with ongoing cyber threats, which affect clinical care.

The report also expands on how a cyber attack of almost any kind could send many of these organizations into an unrecoverable financial crisis. The HSCC dives into the kinds of support they would recommend, and they give their strong opinion against stiffer cybersecurity regulatory requirements. In particular, there's a mention of a meaningful use like program for cybersecurity.

Many of us for years have been rooting for some kind of government funding for a meaningful protection program. You should read this whole thing and talk about it with your cyber teams and your executive peers. There's a California based medical tech company called Mossimo. They produce non-invasive products like pulse, oximeters, and remote patient monitoring platforms.

Well in an eight K filing with a security and exchange commission, Mossimo says they've had a security incident and that incident is significantly impacting their manufacturing and business operations. They're still investigating the incident. Bad guys, uh, did breach their on-premise network and, and they don't think it affected any of their cloud operations.

There's no word yet on what data was compromised, and so far no ransomware group has claimed responsibility for the attack. And finally, today, I know I've told you before how much I despise cyber thugs who break into our healthcare organizations. One of my favorite things is seeing those same cyber thugs arrested and brought to justice.

But my new second favorite thing is seeing their own infrastructure being hacked by other hackers. And following that thread, the lock bit ransomware group has been hacked. Call it Lock Bit is a ransomware as a service gang that offers an easy button for affiliates who don't wanna do the heavy lifting, but they still wanna do the ransomware crime on their dark web affiliate.

Page site hackers have now torn down those pages and replaced them with a link to a database dump, and surprised that database dump is from lock bit and it contains 60,000 Bitcoin wallet addresses and 4,400 negotiation messages between attackers and victims. The file also includes a table of admins and ransomware affiliate bad actors.

Plain text passwords. That's just, that's too bad, isn't it? We're on all those stories and a lot of other healthcare innovation, tech and security news at our news site this week, health.com/news. And you can find all our security podcasts, including the ones you might have missed at this week, health.com/on hack.

And I hope you'll sign up for the new two minute drill extra. It's my newsletter. It's native to LinkedIn, just like this show. And I'll put a quick link in the comments. It's your ticket to free access. Today's two minute drill was brought to you by Google. You can keep patients safe and reduce the burden for IT operations staff and create a better clinician experience all with one platform.

Google Chrome OS with Chrome Enterprise. Find out how by scheduling a chat today. Go to this week, cal.com/chromeos. That's it for today's two minute drill. Thanks for being here. Stay a little paranoid and I'll see you around campus.