Security keeps coming up in my feed. Has this changed the role of the CIO in Healthcare?
FTA
Microsoft Corp. is urging customers to download software patches after state-sponsored hackers based in China broke into some customers’ copies of its software for email, contacts and calendar using multiple previously undiscovered flaws.
The attackers used the vulnerabilities to hack into Microsoft Exchange Server, allowing them to break into email accounts and install malware to “facilitate long-term access to victim environments,” Microsoft said Tuesday.
Microsoft released patches for the flaws in a blog post announcing the attack. “Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks,” the blog said.
------
The Cyber landscape has shifted from losing peoples information to outright corporate espionage and take downs.
Has this impacted the Healthcare CIOs role in security?
https://www.bloomberg.com/news/articles/2021-03-02/microsoft-says-china-linked-group-targets-exchange-email?srnd=technology-vp
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Today in Health it, the story is State-sponsored Hacker Infiltrates, Microsoft Exchange. I hope you already know this since it happened last week, but I took a few days off so I'm gonna cover it today and I hope you'll listen through to the so what. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week in Health IT a channel dedicated to keeping health IT staff current.
And engaged. I wanna thank our sponsor for today's Sirius Healthcare. They reached out about this time last year and said, we love what you're doing and really appreciate your mission to develop the next generation of health leaders. The rest is history, really, as they say. If you believe in our mission as they do and want to support the show, please shoot me a note.
At partner at this weekend, health it.com. Alright, here's today's story. You should already know this. As I said earlier, Microsoft has plastered this everywhere as they should. But just in case, let me cover some of the details. I'm grabbing this from a. Bloomberg article, Microsoft Corp is urging customers to download software patches.
After state-sponsored hackers based in China broke into some customer's copies of its software for email contacts and calendar using multiple previously undiscovered flaws. The attackers used the vulnerabilities to hack into exchange. Allowing them to break into email accounts and install malware to facilitate long-term access to victim environments.
Microsoft said Tuesday. Microsoft released patches for the flaws in a blog post announcing the attack. Microsoft has detected multiple zero day exploits being used to attack on premise versions of Microsoft Exchange server in limited and targeted attacks. The blog said previously undiscovered vulnerabilities are known as zero days.
And they are valuable to hackers because there are defenses against them, at least until they are discovered and patches are created. We are sharing the information with our customers and security community to emphasize the critical nature of these vulnerabilities and the importance of patching. The hackers responsible are a group assessed to be state sponsored and operating out of China according to the blog.
They typically target entities in the United States across a number of industries sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs, Chinese foreign ministry spokesman, Wang win bin, said in a regular press briefing Wednesday in Beijing, that conclusions on hacks into Microsoft servers should be based on complete evidence and avoid.
Wanton accusations. There you go. That's the details of what we are talking about. Let me go back over here and let's talk about the so what. All right, so cybersecurity was a priority topic for CEOs at the JP Morgan Healthcare Conference this year, and it is for good reason. We moved from losing people's information to outright corporate espionage and takedowns.
We used to talk about. Things that CIOs had to take care of to keep their job. It was things like uptime system performance, and security was one of those things. But the reality is that there are a lot of cases where there were security breaches and the CIOs have kept their roles and kept their jobs multiple downtimes.
Lead to a lack of confidence and often leads to dismissal. Why is that? Why is there a difference? Well, I, I think it's 'cause downtimes were felt by the staff. The staff has a voice and the louder it gets, the harder it is to protect the leadership that is supposed to be responsible for that. I. You know, when we lost data in 2020, the outcry was from the patients, and quite frankly, it wasn't loud or sustained, and it didn't lead to much of a financial impact on these health systems.
I know that's a little crass, but I I, I believe it's true. You know, you fast forward to 2021 and look at the cybersecurity landscape, and hospitals have been ransomed. They've lost years of medical images. Employee data has been published to the dark web. Pfizer is part of a misinformation campaign that's going on right now around the vaccine.
The attacks have changed the nature of the attacks. Have changed. They are more aggressive and they will impact not only the patient, but everyone associated with the health system, including the reputation. You know, my so what on this is it used to be enough to hire a great security person. Now it isn't.
The good CIOs will be the quarterback of security initiatives and really strategy. They will be advising the board and the leadership team. This has to be a core competency for every technology leader. The landscape has changed and your approach needs to change as well. That's all for today. If you know of someone that might benefit from our channel, please forward them a note.
They can subscribe on our website this week, health.com, or wherever you listen to podcasts. Apple, Google Overcast, Spotify, Stitcher. You get the picture. We're everywhere. We wanna thank our channel sponsors who are investing in our mission to develop the next generation of health IT leaders, VMware Hillrom, Starbridge Advisors, McAfee and Aruba Networks.
Thanks for listening. That's all for now.