This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Hey everyone. I'm Drex. This is the two minute drill where I cover three hot security stories twice a week. All part of the 2 29 Project. Cyber and Risk Community. Here at this week Health by the way, you can get all the past episodes if you've missed one at this week. health.com/unh Hack. Today's episode is brought to you by Google.

Healthcare Systems are lowering cost and boosting endpoint security with Chrome OS devices paired with Chrome Enterprise, the secure browser that's trusted by billions of users. So now there's a better way for healthcare teams to work safely on the web, learn more, or schedule some time with the Google Healthcare team at this week, health.com/chromeos.

Good to see everyone today. Here's some stuff you might wanna know about. I. The FBI's annual Internet Crime Complaints Center report was just released. There's a lot of good info inside that thing. There were 67 new ransomware variants last year, and ransomware complaints to the FBI rose by 9% over the previous year and more than 4,800 organizations deemed as critical infrastructure.

That's US Healthcare folks. Were affected by cyber events last year, mostly data theft and ransomware attacks. You can and should read the full report. It's available on the FBI website and we have the story on our news site. I'm headed to Boston for the 2 29 Project CISO Summit this week, and one of the topics that will undoubtedly be discussed is third party risk management.

There's a really good open letter. It's totally worth your time. Published by JP Morgan Chase's ciso. It's focused on third party suppliers and the supply chain vulnerabilities that he believes are weakening the global economy. It's all the things that we're all thinking. You probably should take a look.

While he mostly focuses his comments on software as a service, it's a great commentary on almost everything we use, including a lot of AI tools. And in the spirit of plagiarism is the most sincere form of flattery. I kind of wanna steal the text and send it to my own third party partners and I, I don't really think he would mind, and I've already sent him a note asking permission.

Today's last story, in case you didn't know products like this existed, they do. There's a company called Work Composer. It has a contract with about 200,000 companies worldwide. Work composer captures screenshots from employees computers every three minutes or so. It's an employee surveillance app meant to help the boss stay on top of your productivity.

Well, now it's being reported that 21 million of those screenshots have been discovered on an unsecured. Amazon S3 bucket. The images include confidential information for both the companies involved and their employees. It's unknown how many companies were impacted in the leak. There's so many things we could talk about with this one, but.

I'll limit it to just one possible quick lesson. From a security perspective, make sure that your cloud storage and apps are buttoned up. Misconfigured, cloud operations like that open S3 bucket are one of the largest sources of breaches today. You can read that story in a bunch of others on healthcare, renovation, and tech and security at the industry's fastest growing news site this week.

health.com/news. Today's episode was brought to you by Google. You can keep patient data safe and reduce the burden for IT operations staff, and create a better clinician experience all with one platform. Google Chrome OS with Chrome Enterprise. Find out how by scheduling a chat today. Go to this week, cal.com/chromeos.

That's it for today's two minute drill. Thanks for being here. Stay a little paranoid and I'll see you around campus.