loader from loading.io

Have Your Healthcare Records Have Been Stolen?

Craig Peterson - America's Leading CyberSecurity Strategist

Release Date: 08/05/2021

Did Your Computer Have Did Your Computer Have "Intel Inside"? It Won't For long!

Craig Peterson - America's Leading CyberSecurity Strategist

Did Your Computer Have "Intel Inside"? It Won't For long! We're going to talk a little bit about shopping right now. Then we'll get into our chip crunch, and why Intel is being left on the side of the computer road. [Following is an automated transcript.] [00:00:16] There's lots of fun stuff to do. And it's kind of fun getting out of the house. Isn't it getting out, going out, going around? There's a, an outlet store close by where I live and it's kind of one of these outdoor. Outlet things. And it was fun. Just walking around, enjoying the little bit of fresh air, no matter what the weather...

info_outline
Do You Think There's Nothing You Can Do to Keep the Bad Guys Out? show art Do You Think There's Nothing You Can Do to Keep the Bad Guys Out?

Craig Peterson - America's Leading CyberSecurity Strategist

Do You Think There's Nothing You Can Do to Keep the Bad Guys Out? What a week. The FBI got hacked. Homeland security supposedly is sending out emails about hackers in your network. This is what we're going to talk about to start with today. What are these new emails, and how are they trying to con you? [Automated Transcript Follows] This is a little bit concerning. We know that the FBI's email system got hacked. And for everyone sitting there saying, well, gee, if the FBI gets hacked, there's no way my business can survive an attack. Remember that the FBI is a huge, huge target. They have so...

info_outline
Is Your Firewall Actually Protecting You? What Should You Be Doing? show art Is Your Firewall Actually Protecting You? What Should You Be Doing?

Craig Peterson - America's Leading CyberSecurity Strategist

Is Your Firewall Actually Protecting You? What Should You Be Doing? New stats are out this week. So what's the number one vector of attack against us? Our Firewalls. And they're failing. So, what's going on. And what can you do about it? [Automated transcript follows] [00:00:16] And of course, I'm always talking about cyber security, because if you ask me that is one of the biggest problems we have in business. [00:00:27] Today. Well, yeah, you got to find employees. In fact, uh, it's almost impossible to find them in the cyber security space as well. And it's been hard for years. So I try to...

info_outline
You Know How To Use Fake Email Addresses to Stay Safe? show art You Know How To Use Fake Email Addresses to Stay Safe?

Craig Peterson - America's Leading CyberSecurity Strategist

If you follow my newsletter, you probably saw what I had in the signature line the last few weeks: how to make a fake identity. Well, we're going to take it a little bit differently today and talk about how to stop spam with a fake email. [Automated transcript follows] [00:00:16] Email is something that we've had for a long time. [00:00:19] I think I've told you before I had email way back in the early eighties, late seventies, actually. So, yeah, it's been a while and I get tens of thousands of email every day, uh, sent to my domain, you know, mainstream.net. That's my company. I've had...

info_outline
How Ransomware, Trojanware, and Adware Hurt You show art How Ransomware, Trojanware, and Adware Hurt You

Craig Peterson - America's Leading CyberSecurity Strategist

How Ransomware, Trojanware, and Adware Hurt You. And Why ExpressVPN Isn't Safe to Use. Ransomware, Trojanware Adware. What's the difference between these different types of malware.? And when it comes down to our computers, which should we worry about the most and which should we worry about the most? [Automated Transcript Follows] [00:00:17] There are a lot of different types of malware that are out there and they're circulating and scaring us. [00:00:23] And I think for good reason, in many cases, ransomware of course, is the big one and it is up, up, up. It has become just so common. Now...

info_outline
How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? show art How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why?

Craig Peterson - America's Leading CyberSecurity Strategist

How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? We've got a new study out showing that North American organizations, businesses, and others, are being hit with an average of 497 cyber attacks per week, right here in the good old USA. [Following is an automated transcript] This is a study by checkpoint software technologies. Checkpoint, I used, oh my gosh. It would have been back in the nineties back then. They were one of the very first genuine firewall companies. And it was a system that I was putting in place for my friends over at troopers. I think it was New...

info_outline
What Happened With Facebook's Outage? When Will It Happen Again? show art What Happened With Facebook's Outage? When Will It Happen Again?

Craig Peterson - America's Leading CyberSecurity Strategist

What Happened With Facebook's Outage? When Will It Happen Again? Facebook had a huge outage all of its properties. So why did it happen? How did it happen? And what's going to happen in the future? The frankly, some of this technology just isn't that stable. And I'm going to explain why right now! [Automated transcript follows] [00:00:20] I've already talked about it a little bit this morning on the show, but Facebook was. Facebook was down a lot. Facebook too was down a long time. And Mr. Zuckerberg has now lost about $7 billion because of how long it was down. And Craig Peterson joins us now...

info_outline
Could Using the Right Multi-Factor Authentication Save You? show art Could Using the Right Multi-Factor Authentication Save You?

Craig Peterson - America's Leading CyberSecurity Strategist

Could Using the Right Multi-Factor Authentication Save You? I had a good friend who, this week, had his life's work stolen from him. Yeah. And you know what caused it? It was his password. Now, you know what you're supposed to be doing? I'm going to tell you exactly what to do right now. Let's get right down to the whole problem with passwords. I'm going to tell you a little bit about my friend this week. He has been building a business for. Maybe going on 10 years now, and this business relies on advertising. Most companies do so in some way; we need to have new customers. There's always some...

info_outline
Are You Using Encrypted Email Yet? Here's How! show art Are You Using Encrypted Email Yet? Here's How!

Craig Peterson - America's Leading CyberSecurity Strategist

Are You Using Encrypted Email Yet? Here's How! Security emails aren't something that most people think much about. Yet, they're becoming more and more important as the bad guys are monitoring us more closely to steal our information, and then there are advertisers. So, do you want them to see your stuff? [Automated transcript] Email is something that's been around now for quite a while. It was undoubtedly even before the internet standards came out. Many of the systems had a version of the email. I remember some systems back in the early. The seventies, late sixties that had an email...

info_outline
Do You Know How to Identify a Fake Web Page? - Whole Show show art Do You Know How to Identify a Fake Web Page? - Whole Show

Craig Peterson - America's Leading CyberSecurity Strategist

Do You Know How to Identify a Fake Web Page? The FBI's reporting that more than 70% of all business hacks are because of our employees. They're clicking on emails, they're going to websites, what can we do? How do we know if a website is legitimate or not? [Automated transcript] [00:00:19] There's a great little article that McAfee published now, McAfee is a company that's been in the cybersecurity business for quite a while. [00:00:28] I do not use their products. I use some competing products. I have not been impressed with their products. [00:00:35] Let me tell you this particular web post...

info_outline
 
More Episodes

Have Your Healthcare Records Have Been Stolen? What can you do about it?

Craig Peterson: We're talking about ransomware and what's the Conti gang and others doing nowadays.

Hello everybody. Craig Peterson here. Thanks for joining us today. I appreciate you spending a little bit of time, and I enjoy helping bring you guys up to speed on what is happening. There's just so much of it. You wouldn't believe what I have to filter out.

[00:00:23] The Conti gang has been very successful. Still, their money started to dry up recently when people figured out if they had a decent backup, they could just go ahead and ignore the ransom demand. So instead of paying that ransom, just go ahead and restore from backup. So they had to do something different.

[00:00:47]What the Conti gang did, as well as pretty much everybody else in the ransomware business, is okay; what we're going to do now is we're going to find all of the other machines we can find on the network. Then we're even going to have real people get onto these computers remotely that they've compromised and had a poke about. See if there is patient healthcare information? Are the bank account numbers on this machine? Are there plans on what to do? Where to go? What's the business going to do next week?

[00:01:25] But mainly stuff they can sell right away. If you take credit cards, you know that the payment card industry is all over you if credit card numbers are stolen. Those are nowhere near as valuable as patient health record information. As I mentioned a little bit earlier, we're talking about 2000% more than 20 times more value to your healthcare records.

[00:01:55]Now what happens is Conti gang says, "Oh, looky. We've got patient information here. It has names, addresses, social security numbers. It has birth dates. It has diagnostic information," and then they upload it.

[00:02:11]We had something like this happened with one of our clients. It wasn't a ransomware attack; ultimately, it may have been. They came in through an unsecured VPN and that they would not let us shut down.

[00:02:25]We told them to shut it down, and they didn't. In come the bad guys, they actually were coming up via Mexico in this case. Although I doubt they were located in Mexico. 

They took that VPN connection; they used it to get on to the computer and found something interesting. So they started to exfiltrate the data. In other words, Take that data and send it out.

[00:02:52] That's precisely what the Conti gang and others are doing now.

[00:02:55]We noticed, wait a minute, this is all automatic. Why is data going out from this host at that speed to this address at this time of day? It wasn't a typical pattern. So our hardware-software that's sitting there in their network automatically shut it down hard.

[00:03:19]They were able to exfiltrate just a tad bit of data, and then it was stopped instantly.

[00:03:26] The Conti gang gets your data, and then they try and say pay up from an extortion standpoint. Instead of just holding your data ransom, they're extorting you. Saying, if you do not pay us, we will release this data.

[00:03:45]The Conti ransomware gang has its own website out there. It's called a leak site. There are many of them out there.

[00:03:53]I'm not going to give you the URL; it's right there. There's their logo. Conti gang has a logo, and it says Conti news. It's talking about how you can make your payments to them and what data was released and that this person paid up, but it was too late. We don't have the data anymore, which means it was released and too bad. So sad.

[00:04:18] I wouldn't want to be you.

[00:04:19] Here's another ransomware gang, the Avedon ransomware gang. So again, they had stolen personal information. They had health information, and they had the ransom side and the extortion side built into it. This was about an attack on the Capitol medical center in Olympia, Washington.

[00:04:42]They have leaked some of it they're threatening to reveal even more. If Washington Olympia capital medical center doesn't pay up.

[00:04:52] First of all, ransomware results in data exfiltration 70% of the time now. In other words, 70% of the time, your data is stolen before the file encryption. 

Pretty bad. Pretty bad.

[00:05:08]Things can get particularly harmful because these ransomware attacks are a growing concern. They're disrupting patient care and healthcare, right?

[00:05:17] Disabling critical systems because they have been even holding ransom some of the diagnostic equipment.

[00:05:25] MRI machines that were connected to the network were running Windows. So who would use Windows in the machine that's healthcare critical?

[00:05:36] Obviously interrupt revenue flow, and they had to now go get involved with real expensive remedies. So it really puts him in a horrible spot, very bad.

[00:05:47]We've had almost double the number of healthcare institutions attacked this year versus last year.

[00:05:53] I'm not going to go through all of these things here. I explained the difference between some of these real sites and fake sites and how you can get access to it.

[00:06:04]By the way, if you're interested, I did record this. I'd be glad to send it out to just let me know; just email [email protected], and I can send you some of this healthcare stuff, the slide deck, or whatever you might like.

[00:06:16]Phishing campaigns, way up. You probably heard about that. I gave some examples of that emailing patient information without encrypting it.

[00:06:25] Wireless infusion pumps that are, of course, compromised because they're running an operating system that hasn't been patched. Usually Windows. Think of that there are Windows in that infusion pump, but it could be a version of Linux. It's not fixed. It's crazy. Vital sign equipment. Oh my gosh.

[00:06:46]We're also seeing that this patient health information being stolen now is being used to create fake insurance claims.

[00:06:55]I was talking about how much this is worth, and it's worth a lot while this is one of the reasons it's worth a lot, your personal, private patient health information.

[00:07:08] If you have a diagnosis and that diagnosis has been stolen, and then they can file a health insurance claim. Yeah. You see where I'm going with your information, as though you received some treatment or some care for the diagnosis in your healthcare records. It's just that simple.

[00:07:33] Average cost of a data breach right now, by the way, if you are a regular business, it's $158 per record for non-healthcare, and it's $408 per record.

[00:07:47] If you are in healthcare at all. That's a doctor's office. That's not just hospitals; it's anybody. And by the way, mobile breaches are massive 43% of healthcare organizations who reported a mobile breach said the mobile breach caused long lasting repercussions.

[00:08:09] Now, think about this. If you're a patient. How well are your records protected? I can tell you based on what I've seen and talked with healthcare people, seeing statistics. They're not protected very well at all.

[00:08:25]People will start going to jail over this. People in the healthcare industry, that is.