Have Your Healthcare Records Have Been Stolen? What can you do about it?

Craig Peterson: We're talking about ransomware and what's the Conti gang and others doing nowadays.

Hello everybody. Craig Peterson here. Thanks for joining us today. I appreciate you spending a little bit of time, and I enjoy helping bring you guys up to speed on what is happening. There's just so much of it. You wouldn't believe what I have to filter out.

[00:00:23] The Conti gang has been very successful. Still, their money started to dry up recently when people figured out if they had a decent backup, they could just go ahead and ignore the ransom demand. So instead of paying that ransom, just go ahead and restore from backup. So they had to do something different.

[00:00:47]What the Conti gang did, as well as pretty much everybody else in the ransomware business, is okay; what we're going to do now is we're going to find all of the other machines we can find on the network. Then we're even going to have real people get onto these computers remotely that they've compromised and had a poke about. See if there is patient healthcare information? Are the bank account numbers on this machine? Are there plans on what to do? Where to go? What's the business going to do next week?

[00:01:25] But mainly stuff they can sell right away. If you take credit cards, you know that the payment card industry is all over you if credit card numbers are stolen. Those are nowhere near as valuable as patient health record information. As I mentioned a little bit earlier, we're talking about 2000% more than 20 times more value to your healthcare records.

[00:01:55]Now what happens is Conti gang says, "Oh, looky. We've got patient information here. It has names, addresses, social security numbers. It has birth dates. It has diagnostic information," and then they upload it.

[00:02:11]We had something like this happened with one of our clients. It wasn't a ransomware attack; ultimately, it may have been. They came in through an unsecured VPN and that they would not let us shut down.

[00:02:25]We told them to shut it down, and they didn't. In come the bad guys, they actually were coming up via Mexico in this case. Although I doubt they were located in Mexico. 

They took that VPN connection; they used it to get on to the computer and found something interesting. So they started to exfiltrate the data. In other words, Take that data and send it out.

[00:02:52] That's precisely what the Conti gang and others are doing now.

[00:02:55]We noticed, wait a minute, this is all automatic. Why is data going out from this host at that speed to this address at this time of day? It wasn't a typical pattern. So our hardware-software that's sitting there in their network automatically shut it down hard.

[00:03:19]They were able to exfiltrate just a tad bit of data, and then it was stopped instantly.

[00:03:26] The Conti gang gets your data, and then they try and say pay up from an extortion standpoint. Instead of just holding your data ransom, they're extorting you. Saying, if you do not pay us, we will release this data.

[00:03:45]The Conti ransomware gang has its own website out there. It's called a leak site. There are many of them out there.

[00:03:53]I'm not going to give you the URL; it's right there. There's their logo. Conti gang has a logo, and it says Conti news. It's talking about how you can make your payments to them and what data was released and that this person paid up, but it was too late. We don't have the data anymore, which means it was released and too bad. So sad.

[00:04:18] I wouldn't want to be you.

[00:04:19] Here's another ransomware gang, the Avedon ransomware gang. So again, they had stolen personal information. They had health information, and they had the ransom side and the extortion side built into it. This was about an attack on the Capitol medical center in Olympia, Washington.

[00:04:42]They have leaked some of it they're threatening to reveal even more. If Washington Olympia capital medical center doesn't pay up.

[00:04:52] First of all, ransomware results in data exfiltration 70% of the time now. In other words, 70% of the time, your data is stolen before the file encryption. 

Pretty bad. Pretty bad.

[00:05:08]Things can get particularly harmful because these ransomware attacks are a growing concern. They're disrupting patient care and healthcare, right?

[00:05:17] Disabling critical systems because they have been even holding ransom some of the diagnostic equipment.

[00:05:25] MRI machines that were connected to the network were running Windows. So who would use Windows in the machine that's healthcare critical?

[00:05:36] Obviously interrupt revenue flow, and they had to now go get involved with real expensive remedies. So it really puts him in a horrible spot, very bad.

[00:05:47]We've had almost double the number of healthcare institutions attacked this year versus last year.

[00:05:53] I'm not going to go through all of these things here. I explained the difference between some of these real sites and fake sites and how you can get access to it.

[00:06:04]By the way, if you're interested, I did record this. I'd be glad to send it out to just let me know; just email [email protected], and I can send you some of this healthcare stuff, the slide deck, or whatever you might like.

[00:06:16]Phishing campaigns, way up. You probably heard about that. I gave some examples of that emailing patient information without encrypting it.

[00:06:25] Wireless infusion pumps that are, of course, compromised because they're running an operating system that hasn't been patched. Usually Windows. Think of that there are Windows in that infusion pump, but it could be a version of Linux. It's not fixed. It's crazy. Vital sign equipment. Oh my gosh.

[00:06:46]We're also seeing that this patient health information being stolen now is being used to create fake insurance claims.

[00:06:55]I was talking about how much this is worth, and it's worth a lot while this is one of the reasons it's worth a lot, your personal, private patient health information.

[00:07:08] If you have a diagnosis and that diagnosis has been stolen, and then they can file a health insurance claim. Yeah. You see where I'm going with your information, as though you received some treatment or some care for the diagnosis in your healthcare records. It's just that simple.

[00:07:33] Average cost of a data breach right now, by the way, if you are a regular business, it's $158 per record for non-healthcare, and it's $408 per record.

[00:07:47] If you are in healthcare at all. That's a doctor's office. That's not just hospitals; it's anybody. And by the way, mobile breaches are massive 43% of healthcare organizations who reported a mobile breach said the mobile breach caused long lasting repercussions.

[00:08:09] Now, think about this. If you're a patient. How well are your records protected? I can tell you based on what I've seen and talked with healthcare people, seeing statistics. They're not protected very well at all.

[00:08:25]People will start going to jail over this. People in the healthcare industry, that is.