This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

  Hey everyone, I'm Drex and this is The Two Minute Drill, where we do at least three stories, at least two times a week, all part of one great community, the 229 Cyber and Risk Community here at This Week Health. Ordr is the exclusive sponsor of The Two Minute Drill. Their latest product, PASM, is available now in the AWS Marketplace.

It's a great way to find and eliminate blind spots. Learn more at ThisWeekHealth. com slash Ordr, that's O R D R, ThisWeekHealth. com slash Ordr. By the way, you can find the two minute drill wherever you get your podcasts. Just search for This Week Health Newsroom. There's a bundle of great shows in that channel.

Give those a listen too. Thanks for joining me today. Here's some stuff you might want to know about. A couple of weeks ago I talked about a ransomware attack on a third party provider company that provides pathology services for hospitals and clinics in and around London, England. That crisis continues to unfold with the National Health Service now confirming that 1, 100 surgeries have been postponed as a result, 200 of those related to cancer treatments, 64 organs have also been diverted away from the affected hospitals, those organs.

have been used by other NHS trust facilities. The company Synovus has refused to pay the ransom and the cyberthugs, as a result, have now released a handful of files they claim belong to the victim organization. Also because of the crisis, London Hospitals issued an urgent call for typ o blood donations since they can't consistently and reliably match a patient's blood currently.

As the story unfolds, we'll keep you updated at ThisWeekHealth. com slash news. If your organization uses any security software from Kaspersky Labs, you should know that the U. S. Department of Commerce has announced a ban because of security concerns, citing the risk posed by the Russian government's influence on the company.

The ban takes effect on July 20th, and the Department of Commerce says no more updates will be allowed from Kaspersky after September 29th. I'm honestly a little surprised that some health systems still run this stuff, if you're one of those. This is a good reason to make the switch. HHS and the FBI have issued a joint alert about a phishing scheme that's used to steal log on credentials and then divert automated clearing house payments to the cyber thug's own bank account.

The bad guys are using hospital employee personal data purchased from the dark web to convince IT service desk staff to reset passwords and re register MFA capabilities. to a new device. Then, once they're in the network, the bad guys work their way into payment applications, changing forms in those systems.

So that legit payments are sent to the thieves own bank account. So once again, it's time to look at the procedures you use to allow password resets and MFA re registration. Once a bad guy gets away with something like this, copycats come out of the woodwork to take advantage of a proven business plan.

Thanks as always to our partner Ordr, the exclusive sponsor of the Two Minute Drill. Ordr can help with security hygiene by identifying assets with vulnerabilities, or missing critical security controls, or out of date software. Check out thisweekhealth. com slash Ordr for more information. And that's it for today's two minute drill.

I appreciate you being here. Stay a little paranoid. I'll see you around campus.