This Week Health

Don't forget to subscribe!

December 16, 2024: In 2024’s Final UnHack (the Podcast) Drex takes us through the year in a flash, highlighting everything from the Change Healthcare incident, Wizard Spider, and 23andMe data mishaps. 

Remember to stay a little paranoid, and we’ll see you in 2025.

Key Points:

Subscribe: This Week Health

Twitter: This Week Health

LinkedIn: Week Health

Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

Transcript

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

[:

Powered by the CrowdStrike Security Cloud and world class AI, the CrowdStrike Falcon platform leverages real time indicators of attack, threat intelligence, insights on evolving adversary tradecraft, and enriched telemetry from across the enterprise to deliver hyper accurate detections, automated protection, and remediation.

All this, and elite threat hunting and prioritized awareness of vulnerabilities. CrowdStrike. Unified platform, one agent, complete protection.

Welcome to the year end:

So buckle up, this should be fun. It's a year's worth of news in just a few minutes. Here's some you might want to know about on Unhack the Podcast.

Turns out:

Third parties, turns out, were involved in about 40 percent of the breaches reported, totaling about two thirds of all the records breached.

my signal and text messages [:

But I also know that a lot of you disconnected from change health care to protect your organizations. And that action undoubtedly disrupted a bunch of business and clinical operations in your organizations. There's more news coming out slowly from OptumChange on what systems were affected, but you should probably expect that they won't want to put a lot into writing until they have this figured out.

So more to come on that story for sure.

from the affiliate's wallet [:

Maybe as part of an exit scam. There's really no honor amongst thieves. And by the way, Change has no comment on these reports.

And finally, Florida Governor Ron DeSantis signed legislation last week prohibiting people under the age of 14 from having social media accounts. An attempt to one up Florida, the state of Colorado has just introduced a law that would ban anyone over the age of 50 from Facebook. If they fall for any of those hoax copy and paste scams, like the one where you copy and paste some text and it resets your system and you get all your friends back, or the one where you declare copyright ownership of your photographs so that Mark Zuckerberg can't steal them, stop doing that.

y, that last part's the only [:

Warnings have been issued by the Health Sector Cyber Coordination Center about a social engineering campaign that targets IT help desks. Cyber criminals are leveraging stolen data they've purchased from the dark web to pose as legitimate healthcare organization employees. The stolen info allows them to answer the questions, the challenge questions.

that helpdesk asks as part of the process to reset passwords or enroll a new device for multi factor authentication. Once that's done, the criminal has access to the user's account, can do all kinds of nasty stuff like divert your payroll check to a different account, and a whole lot of other potential damage to the organization itself.

ut in the past couple of two [:

org.

And finally, researchers at Cornell University were able to build a project team of GPT 4 bots to autonomously hack websites and networks. They optimized the LLM agents, subdividing their work with one of the agents acting as the project manager, while others did more specialized or complex tasks. When a task became too complicated, the project manager was able to spawn additional agents on its own.

Using real world zero day vulnerabilities as part of the test, the new collection of agents was 4. 5 times more efficient at building an exploit for a zero day than any one GPT working alone. So, we got that going for us.

getting calls, including me, [:

8. 5 million of them. Nearly any industry running a modern Windows machine and CrowdStrike was affected.

There's a story in the Wall Street Journal about the prisoner hostage swap last week with the Russians. Interestingly, there were two Russians that were not part of the swap last week. They're still held in U. S. facilities. Now stick with me. The rest of this story is all going to come together. So as an interesting and kind of nerdy aside, ransomware group named Wizard Spider.

om them being categorized as [:

Well, one of those Russian prisoners. One of those prisoners not involved in the swap last week was convicted of developing that piece of ransomware, TrickBot, and that tool has been used extensively against U. S. hospitals and other businesses. By the way, the other Russian not included in the exchange was convicted of Bitcoin laundering, which is obviously the preferred tough to trace currency that's used by cyber thugs all over the world.

When Microsoft and Google announced they were giving away free stuff back in June as part of a cyber assistance program they'd been working on with the government, I know a lot of us were skeptical. Turns out, as of today, less than a quarter of all rural hospitals have taken advantage of the program.

en. I've not heard of an end [:

It's not a stuff problem I think we need to solve for. It's a human resource shortage problem that's actually holding up the show for many of these small hospitals. So my advice to the partners involved, offer a bunch of free services. Permanently, and I think you'll get some very thankful takers.

ity and Accountability Act of:HIPAA was written into law in:

and the associated regulations. The new proposed rule, and again, that'll be published for comment soon, will hopefully make the security rule easier to understand and interpret, hopefully.

Way back in:Actually, I'm way more Irish [:

I'd given up a lot of privacy for a little information, probably not the smartest thing I've ever done, but I've done some pretty dumb stuff. So anyhow, two of the stories at thisweekhealth. com slash news are about problems at 23andMe and a similar British company called Atlas Biomed. It appears both are navigating some tough sailing from a business perspective.

t path financially. Over the [:

23andMe is worth just 2 percent of what it once was. But again, it's the sensitivity of the data that is the big concern for most of us and what happens to that data when times are tough for these kinds of companies.

Okay, today's episode is all about one problem, but there's a bunch of different stories from a bunch of different sources on it, and the story is one that I've talked about before, too. Salt Typhoon. Chinese hackers now appear to be in at least eight U. S. telecommunication carriers, and there seems to be no great way to get them out.

text and phone conversations [:

But again, the scope of the attack is still very much a mystery. And since Nobody's been able to get these thugs out of their networks and everything's connected to everything else. And apparently now we're understanding that this problem has been going on for a couple of years. I'm hoping this isn't one of those things where to get rid of the bedbugs we have to burn the whole house down.

In the words of Fast Company writer Sam Becker, if you've ever wondered what it's like to be sucked into the plot of a Tom Clancy novel, Millions of Americans are getting a taste of it this week. Who knows when and if this ever gets resolved. It's a good time to do the right thing regardless when it comes to encryption.

This is obviously a developing story and I'll keep you posted.

ou liked it. We'll be back in:

Contributors

Thank You to Our Show Partners

Our Shows

Related Content

1 2 3 299
Healthcare Transformation Powered by Community

© Copyright 2024 Health Lyrics All rights reserved