HIPAABreachCyber SecurityHealthcare ITInformation SecurityPodcast

ProactiveIT Ep 14 – What is Emotet & How Can You Stop It?

By January 24, 2020 January 31st, 2020 No Comments
Episode 14 What is Emotet How Do You Stop Phishing and HIPAA Breach Stats for 2019 IG

This is the ProactiveIT Podcast.  This Week: The latest in IT and Cyber Security news plus What is Emotet, How Do You Stop Phishing & the HIPAA Breach Stats for 2019.

This is Episode 14!  

Intro

 Hi Everyone and welcome to the Proactive IT Podcast.  Each week we talk about the latest in tech and cyber news, compliance and more.  We also bring you real world examples to learn from so that you can better protect your business and identity. 

This podcast is brought to you by Nwaj Tech – a client focused & security minded IT Consultant located in Central Connecticut.  You can find us at nwajtech.com.

QOTW: a healthcare practice is trying to save money when it comes to IT.  They want to know if they have to use GSuite or O365 or if using a free POP/IMAP account is acceptable.

Patch Tuesday Update:

Microsoft Releases January 2020 Office Updates With Crash Fixes

Firefox 72.0.1

Python 2.7 has reached EOL

Windows 7 EOL is on Patch Tuesday 1/14

 Juniper Networks Releases Security Updates

Cisco Releases Security Updates for Multiple Products

https://www.us-cert.gov/ncas/current-activity

Microsoft’s January 2020 Patch Tuesday Fixes 49 Vulnerabilities

Citrix Patches CVE-2019-19781 Flaw in Citrix ADC 11.1 and 12.0

Samba Update Available

Cyber Security News

OCR Issues Guidance to Help Ensure Equal Access to Emergency Services and the Appropriate Sharing of Medical Information Following Puerto Rico Earthquakes

New US Bill Wants to Assign State Cybersecurity Coordinators

A timeline of events surrounding the Bezos phone hack

Microsoft Leaves 250M Customer Service Records Open to the Web

December 2019 Healthcare Data Breach Report

11 Steps to Mitigate the Risk of Phishing Attacks

Critical MDhex Vulnerabilities Shake the Healthcare Sector

Hot Topics in Cyber Security and Compliance

Topic 1:  2 Options When the OCR Issues Guidance.  Listen or Pay

Topic 2:  What Is Emotet?  Increased Emotet Malware Activity

Topic 3:  Microsoft and Google just can’t agree on proposed ban on facial recognition

HIPAA Corner: Filing a Complaint

https://www.hhs.gov/hipaa/filing-a-complaint/index.html?fbclid=IwAR2WuGj8pjpmijYJo_QD5_WXheC-47sv7h_51aL4aScKRiLqxSwdM63KmgE

Breaches

https://www.hipaajournal.com/category/hipaa-breach-news/

Episode 14 What is Emotet How Do You Stop Phishing and HIPAA Breach Stats for 2019 Pin

Transcription

This is the productive it podcast this week the latest in it and cyber security news plus what is a motet? How do you stop fishing and the HIPAA breach? That’s for 2019 This is Episode 14 Hi everyone and welcome to the proactive it podcast each week we talk about the latest in tech and cyber news compliance and more. We also bring your real world examples to learn from so you can better protect your business and identity. This podcast is brought to you by new watch tech a client focused and security minded IT consultant Located in Central Connecticut, you can find us at and watch tech. com that’s NW Aj tech.com. Or let’s start with the Patch Tuesday update. Of course, we reported all the patching that occurred last week, all the patches that were released last week, I should say, I don’t know if you patch to it. If you didn’t, you should probably get on that. Last week, June, January 14, not June. That’s a Freudian slip, I guess. We had the windows seven end of life windows 2000 server, server 2008 end of life. So you’ll want to move on to a different version of Microsoft Windows if you have either of those in your environment. And of course the means the last patching update was released for the both of those systems. Juniper had an update Juniper Networks Cisco had a security update. Microsoft Office had updates. Firefox is should be updated to 72 point 0.1 Google Chrome should be updated. data to the latest version, which I believe ends in dot one through zero. Citrix there’s patches available for the Citrix vulnerability in Citrix ADC and Citrix gateway. The final one should be released today. So you should have patched they also released a scanning tool to see if you have been victimized by the vulnerability that did exist. the only the only security update that was released this week, I believe was the besides Citrix was this Samba release. So if you use Samba in your environment, you will want to update that. And yes, the latest version of Google Chrome is 79 point 0.394 5.130. And that was to also address the vulnerability that was discovered in Microsoft that we reported last week. You also had Adobe VMware last week Intel. So quite a quite a bit of updates last week. So you’ll want to take care of those ASAP and you’ll be all set with your patching. Alright, so here’s the latest and greatest in cyber security and compliance news. First up a on bleeping computer reported pretty much everywhere now. Us bill wants to assign state cyber security coordinator so they want a cyber security coordinator for every state. For us senators have introduced a bipartisan bill that will require the Department of Homeland Security to appoint cyber security effort coordinators in every state to orchestrate cyber attack response and remediation efforts and to improve coordination between federal, state and local entities. Cyber security state coordinators will have to ensure that local, state and federal entities collaborate and share resources during cyber security threat prevention and response processes according to several security state coordinator act of 2020 bill introduced by Senators Margaret Hassan john Cornyn, Robert Portman and Gary Peters on January 16. cyber attacks can be devastating for communities across our country from whence ransomware attacks that can block access to school and medical records, to separate texts that can shut down electrical grids or banking services to Bill’s sponsor senator Hassan said the bipartisan bill I introduced would take a big step forward and improving communication between the federal government, state and local localities, as well as strengthening cybersecurity preparedness and communities across the country. So we have seen multiple municipalities get hit with Cyprus with ransomware and other attacks, you know, Las Vegas, New Orleans, Louisiana as a whole multiple municipalities in California and Baltimore, on the last year, just to name a few Texas there’s been a bunch and the so this position would help coordinate the effort in making Getting that risk number one and number two, having resolution in place in the event that that occurs that a ransomware attack occurs at that level. I don’t know what that would mean for for itself health care. And there was quite a few schools. I think it was over 1000 schools last year. And there’s already been a few this year. I don’t know what that means for businesses and healthcare because it did mention health care. So though it’ll be interesting to see how they plan to coordinate that. So I don’t know maybe a new job position for some of you out there. I’m curious what a pays sounds like it would be a quite a bit of work. So something to think about Microsoft on. This also being reported everywhere. Microsoft leaves 250 million customer service records open to the web. So Microsoft left 14 years of customer support logs exposed, which works out to 250 million records to the left open on the internet for 25 days. The account info dates back as far as 2005 and as recent as December of 2019, and exposes Microsoft customers to phishing and tech scams. They left this open on cloud databases. They were Data Cloud databases, so Microsoft said it is in the process of notifying effective customers, a lot of customers to notify. The compare tech security research team said that it ran across five Elasticsearch servers that had been indexed by search engine binary edge each with an identical copy of the database contain a wealth of phishing and scam ready information in plain text, including customer email addresses IP addresses and physical locations. Descriptions of customer service claims in cases case numbers resolutions or remarks and internal notes marked confidential so that’s interesting in a note, ensure it’s everything is cyber criminal would need to amount of convincing and large scale fraud effort compared tech researcher Paul Bishop wrote in a posting on Wednesday, the data could be valuable to tech support scammers and particularly said tech support scams until a scammer contact and users and pretending to be a Microsoft support representative. These types of scams are quite prevalent. Yes, I’ve received those calls myself. And even when scammers don’t have any personal information about the targets, they often impersonate Microsoft staff. Microsoft Windows is after all the most popular operating system in the world. Now, Microsoft does say that the exposure was limited and a lot of the information was redacted. But will you know this is obviously developing so we’ll we’ll wait to see what happens with that. I will say this with the the scammers out there. Microsoft does not proactively call people. Now this means that you you might start receiving a phone call and they will have more information about your soda seem more plausible that that it is Microsoft Microsoft does not proactively call people and they’re not going to alert you to a virus on your computer. So just something to think about before you take that call and and entertain them I’ve I’ve run into several people already who have entertain these scammers and one of them within a matter of minutes. They had the the person’s social security numbers. So it’s it’s, it’s a they’re sophisticated, they get you and they will. They will steal from you. So we have an update from the OCR OCR issues guidance to help ensure equal access to emergency services in the appropriate sharing of medical information following Puerto Rico earthquakes. So you’ve probably heard there’s been numerous earthquakes in Puerto Rico all in the you know, high fives the low six on the Richter scale. Some of the citizens are sleeping outside Just because they’re afraid that house might collapse. A lot of issues, I think there’s no electricity right now. So the OCR is issued some guidance to help ensure equal access to emergency services and appropriate sharing of medical information. Following the earthquakes earthquakes in Puerto Rico, the Office of Civil Rights at the US Department of Health and Human Services remains in close coordination with federal partners to help ensure that emergency officials effectively adjust the needs of at risk populations as part of disaster response. To this end. Emergency responders and officials have consider should consider adopting as circumstances and resources allow the following practices to help make sure all segments of the community are served. Employing qualified interpreters services to assist individuals with limited English proficiency and individuals who are deaf or hard of hearing during evacuation response and recovery of activities. Making emergency messaging available in language is prevalent in the affected areas and in multiple formats such as audio large print and captioning and ensuring websites providing disaster related information are accessible, making use of multiple outlets and resources for messaging and to reach individuals with disabilities. individuals with limited English proficiency and members of diverse faith communities considering the needs of individuals with mobility impairments and individuals with assistive devices or durable medical equipment in providing transportation for evacuation, identifying publicizing accessible sheltering facilities that include accessible features such as bathing toileting, eating facilities and bedding, avoiding separating people from their sources of support, such as service animals, durable medical equipment, caregivers, medication and supplies, placing persons with disabilities and integrated shelters to the extent possible and stocking shelters with items that will help people to maintain independence such as hearing aid batteries, canes and walkers, being mindful of all segments of the nation Unity and taking reasonable steps to provide an equal opportunity to benefit from emergency response efforts will help ensure the disaster management in all areas affected by Puerto Rico. Earthquakes is successful. So that’s from the OCR. You know, HIPAA. Of course, HIPAA does apply in Puerto Rico, it is part of the United States. However, it’s a challenge with situations like this. So most importantly, is to take care of the patients take care of anybody who needs the help. It is health care, as I’ve stated in many, many occasions on many occasions, so take care of them and make sure everybody’s okay and hopefully the earthquakes they appear to have stopped. So hopefully it’ll stay that way. We have an interesting article NZD. net. This is timeline of events surrounding the basis phone hack. So if you haven’t heard, Jeff Bezos phone was compromised May of last May of 2018, actually, so almost two years ago, and sounds like he was not aware of it for a while. So we’re going to go through this. Almost impossible to believe broke yesterday that Crown Prince of Saudi Arabia Mohammed bin Salman was somehow involved in the hacking of Amazon CEO Jeff Bezos. According to reports from the guardian and financial times the Saudi royal family member, commonly referred to as MBs. Allegedly sent a booby trap video to Bezos via WhatsApp message last year. Actually, not last year, it’s may 1 of 2018. According to a report into the hack, out put together by FTI consulting the video service supposedly exploited a WhatsApp bug to download and install malware on basis phone which was an iPhone, which then proceeded to exfiltrate data from Amazon CEOs personal iPhone. So I mentioned iPhone because a lot of people still have this Common misconception. iPhones and apple in general can’t be hacked and can’t be hit with malware. And that is absolutely not true. And this is the prime example. And day later, the entire fear still seems like a bad Hollywood movie script. However, the reality is that there’s a lot of context and background to these accusations, along with a long history of enmity, and an antipathy. From the side of Saudi Prince. The baseless hack is linked to the Amazon CEO, who was the owner of The Washington Post, which is important here. The newspaper that employed Jamal Cush, Cush, Shaggy Cush, oggy, an ardent critical Saudi Arabia’s government and the Crown Prince in particular. So here’s the timeline and October 2013. Business buys Washington Post. December 2016. out of Washington based Think Tank Khashoggi makes critical remarks about Donald Trump’s is sent to the US presidency. Soon after the Saudi regime cancelled Khashoggi his column in the Hyatt newspaper and ultimately banned him from writing appearing on TV and attending conferences. Khashoggi eventually left Saudi Arabia. So you may know that Trump does have a relationship with the Saudis. So not that that comes up again, and not that this is a political podcast. It’s not. But it’s something to to know the washington post on September 2017. The Washington Post publishes Khashoggi his first column, Saudi Arabia. wasn’t always this repressive now it’s unbearable at peace highly critical of Crown Prince november of 2017. The Saudi royal guard acquires the Pegasus three spyware from NSO group and Israeli company that sells surveillance tools to governments around the world. Which to me, again, is interesting that Israel is selling to Saudi Arabia. February 7 2018, Washington Post publishes a column back Khashoggi entitled Saudi Arabia’s Crown Prince already control the nation’s media. Now he’s squeezing it even further. Another piece critical of the Saudi Crown Prince February 28 2018, Khashoggi published is another piece in The Washington Post entitled what Saudi Arabia’s Crown Prince can learn from Queen Elizabeth the Second, again criticizing the Crown Prince, March 21 2018. Washington Post owner Jeff Bezos is invited to attend a small dinner with the Crown Prince in Los Angeles. April 3 2018, Washington Post publishes another column by Khashoggi, while the Crown Prince is in the US in which Khashoggi writes replacing old tactics of tactics of intolerance with new ways of refreshing is not the answer. April 4 2018 basis attends dinner with the Crown Prince, and of course of which the exchange phone numbers that correspond to their WhatsApp accounts. May 1 2018. A message from Crown Prince account is sent to business through WhatsApp, the messages and encrypted video file. It is later established with reasonable certainty that the videos download or infects business phone with malicious code. The video message is believed to be the same as the video that included a video of a tweet following the execution of the malicious video from Investigators saw a spike of data being sent from the device a 29% jump in traffic consisting of more than six gigs of egress data meaning data that goes out. Prior to the infection Amazon CEO was an average of 430 kilobytes day egress data, phone hack basis iPhone maintain, and daily average of 101 megabytes day Ingress data for the following months, suggesting a constant state of surveillance. May 2018 the phone was Saudi human rights activists, yahoo yahoo. A Siri is affected with malicious code a series and frequent communication with Coach Shaggy, June 2018. The phone of Saudi political activists Omar, Abdul Aziz, and I’m sorry I’m saying these names I’m butchering His names is infected with malicious code via texted link on WhatsApp. Omar was in frequent communication with Khashoggi June 2018. The phone of Amnesty International official working in Saudi Arabia was targeted for infection via WhatsApp link. That was the two going to lead to an NSO group controlled website June 23 2018. two phones belong to Saudi dissident ganim alum must has muscle rear Ile de sorry, a Saudi human rights activists and popular political spheres active on YouTube are targeted via text link leading to an anisole infrastructure. October 2 2018. Khashoggi is killed by Saudi government officials, you may remember that Washington Post begins reporting on the murder of publishing every ever expanding revelations about the role of Saudi government and the conference personally. October 15th 2018, a massive online campaign against Bezos begins targeting and identifying him principally as the owner of The Washington Post. In November the top trending hashtag and Saudi Twitter is boycotting Amazon. The online campaign against Bezos escalates and continues for months, November 8 2018. A single photograph is texted to Bezos from the Crown Princes WhatsApp account, along with a sword on a caption, it is an image of a woman resembling the woman with whom Businesses having an affair months before business affair was known publicly. February 9 2019. Both Bezos publishes a medium blog post describing an attempt by the National Enquirer, to extort and blackmail him with nude photos. Business Insider connection between the national choir and the Saudi government. February 25 2019, The Daily Beast runs an op ed by lad al Baghdadi, entitled How the Saudis made Jeff Bezos public enemy number one, detailing mounting evidence that the de facto ruler of the kingdom has been trying to punish business for the fierce coverage by the newspaper The Washington Post of the murder of Saudi journalist Jamal Khashoggi March 31 20 1900s of major news outlets around the world report on the allegation that Saudi Arabia had access to business phone and obtain private data. The allegation was first published in The Daily Beast opted Gavin de Becker, and titled baseless investigation finds the Saudis obtain his private data And it’s subsequently reported by the New York Times CNN, Al Jazeera BBC Bloomberg routers and others. April 1 2019. The entire Saudi online campaign against basis stops abruptly, strongly indicating inauthentic and uncoordinated hashtags and tweets. April 25 2018 intelligence officials in Norway advise al Baghdadi obviously I warning that is being targeted that he is being targeted by the Saudis and move him from his home. intelligence sources believe the threats are connected to Al Baghdadi his work on basis. May 1 2019 al Baghdadi is advised by a source in Saudi Arabia that the Saudis have successfully target his phone. September 20 2019, Twitter suspends 5000 Saudi accounts for an inauthentic behavior, including that of an advisor to the Crown Prince sode al Qahtani October 1 2019 base so attends the first anniversary memorial for shaggy hauled outside Saudi consulate in Istanbul where he was murdered October 2 2019, the song online campaign against baseless resumes after being dormant for months specifically exciting basis attendance of the memorial event and citing and again calling for a boycott of Amazon. October 29 2019, Facebook sues the NSO NSO group in US federal court for trying to compromise. The devices have up to 1400 WhatsApp users in just two weeks. November 5 2019, US Department of Justice charges three people with serving as Saudi spies inside Twitter. One of the three had left Twitter and gone to work at Amazon November 14 2013. Facebook confirms that sending a specifically crafted mp4 video file to WhatsApp user is a method for installing malicious spyware exactly as was sent to basis. So we did talk about that a few couple months ago now. December 20 2019, Twitter suspends 88,000 LinkedIn linked 28 sorry, Twitter suspends 88,000 accounts linked to the Sati spine case saying that the accounts were associated with significant state backed information Operation originating in Saudi Arabia, January 21. Two days ago, the guardian and the Financial Times published articles claiming the message that hacked his phone came from the Crown Prince his phone number, or verticals are based on a still private report but put together by FTI consulting, a company based was hired to investigate how the National Enquirer got hold of his nude photos. And then, yesterday, January 22, Saudi Arabian government denies the media reports. United Nation calls for an investigation into Saudi Arabia hacking a citizen of another country. By says motherboard leaks to full FTI consulting private investigative report. The report is available for download and there’s a link here. On the same day New York Times reporter Ben Hubbard also claimed the Saudis targeted his phone Hubbard stands to publish a book on the Crown Prince his rise to power. So this is NZD. net. I will there will of course be a link in the show notes if you want to look at the full report. There’s a lot of information there. So And then finally we have from HIPAA journal, the December 2019, healthcare data breach Report. I’m just going to highlight a few things. There were 38 healthcare data breaches of 500 or more records in December, which is an increase of 8.57% over November. However, the number of records has fallen from 607,728 to 393,189, from November to December. Now, I don’t know if that’s that’s really that important because I don’t know that that attackers have a way of knowing how many records a healthcare provider has. Maybe they do, but I don’t know that they do. It was a bad year for healthcare data breaches in 2019. The second worst year ever for healthcare data breaches in terms of number of patients impacted. So this year that we did see total in 2019 41,232,527. That is the second worst year and that outpaces the previous three years. combined. The only year that was higher was 2015 when it was 113,307,814 Records breached. Number of health breaches of 500 or more this year was 505, which is the highest year in record. Next, the next highest year was last year 2018, which was 371. Interestingly enough to 2015 had the lowest number of breaches of 500 or more but that just means that there were large breaches largest so here’s the December numbers to 10 largest breaches for December of 2019. Truman Medical Center incorporated all of these are covered entity except for one and I’ll tell you which one that is so the covered entity healthcare provider, type of breach was staffed and 114,466 were individuals were impacted. Adventist health Simi Valley was also a healthcare provider. hacking it incident 62,000 Roosevelt General Hospital hacking it incident 28,847 health care administrative partners hacking it incident 17,693 Cheyenne regional. Oh sorry healthcare administrator partners is the one that was a business associate Cheyenne Regional Medical Center healthcare provider. Hacking it incidents 17,549 s e s Group LLC was a hacking it incident 13,000 petty health pa LLC D DBA. Should be PD health sorry pllc DBA children’s choice pediatrics health hacking it incident 12,689 Sinai health center health system hacking it incident 12,578 Colorado Department of Human Services hacking it incident 12,230 Texas famous psychology associates PC unauthorized access disclosure 12,000 so that is the December roundup most of them being hacking right The incident and I would venture that a good percentage of those will be fishing. The entities that were affected by December 2019 in total, not just the top 10 and total 28 of them were to health care provider for health plans and six were business associates. So business associates need to get their act together. Causes of health care data breaches, we have one improper disposal, two of them theft. Three of them were lost 11 unauthorized access or disclosure and 21 hacking it incidents that was just for December, and the location of the breach information. One was on a laptop that was probably the stolen one to other portable electronic devices may have been stolen as well. three others I’m not sure what others would be. Seven of them were network servers, so those would probably probably be hacking or it 17 of them email and that is by far The largest number that’s going to be fishing so 17 breaches by fishing in December, seven electronic medical records for paper films and to desktop computers. And then we talk about the 2019 there were 10 HIPAA enforcement actions. West Georgia ambulance with which we’ve talked about extensively 65,000. That was a settlement kuranda Medical Center crona Medical LLC at 5000 settlement sentara hospitals 2.175 million, which was a settlement. So imagine what the original penalty was was. What the amount was Texas Department of Aging and Disability Services 1.6 million that was the actual penalty. There was no settlement there, University of Rochester Medical Center settlement for 3 million so again, imagine what the original penalty was. Jackson health center 2.154 million Civil monetary penalty, elite Dental Associates 10,000 settlement that was simply a response to a review on Yext where enough information was posted in the response to the review that it was considered pH i. So $10,000 for review response, Bayfront Health St. Petersburg, settlement rate at 5000 Medical Informatics, engineering settlement for 100,000 touchstone medical imaging $3 million settlement. So again, imagine what the original fine was $3 million was the settlement. So interesting stuff here we again we see there’s one dentist on here, there’s one ambulance service on here. I don’t see any pharmacies. However, I did see a post on Facebook group I belong to that showed picture of a Walgreens showing in the open prescription bags with patients name, name of the prescription address, things like that. And the person was able to take a picture of this. That is a HIPAA violation that wasn’t reasonable. A reasonable attempt to take care of that information was not made if it was readable by someone. In out in the open, I do have a question that was sent in healthcare practices trying to save money when it comes to it. They want to know if they have to use G Suite or office 365. Or if using a free pop I’m AP account is acceptable. So I’ve talked about this before. In order for email to be considered HIPAA compliant. It needs to be able to be encrypted. A free pop I’m app account does not it does not have that capability. For the most part. There are a few and you could also get third party encryption services. I don’t think you can do that with pop email. I don’t know that it’s possible but I’m app you could because G Suite does do it. The other thing that needs to happen for email to be HIPAA compliant, is that the provider of the email the email service provider needs to be able to sign a BA, a business associate agreement that is so it free popper I’m AP account is not going to sign a business associate agreement G Suite and office 365 will. And that would make them HIPAA compliant. So the way it works is you have it, whether its internal or an MSP, such as the large tech. And they will say, okay, we’re going to set your email up on G Suite or office 365. I have clients that use both on and the business associate. So if I’m using the watch tech as examples, why would have the business associate agreement with the health care practice, and then a business associate agreement would be need to be in place with G Suite or office 365. And if you don’t know G Suite is Google and office 365 is Microsoft. So they wouldn’t need a business associate agreement that I would keep as on the there the downstream as I’m providing a service and my Managing the service for the healthcare practice. If its internal it then it’s just a business associate agreement with G Suite office 365 in a healthcare provider, so you cannot use a popper or free a free popper I’m apt account I’ve seen healthcare practices using AOL, Hotmail, Yahoo Gmail does not that is not HIPAA compliant and I’ve seen I’ve seen law firms don’t I’ve seen law firms use it free cable, cable email accounts and you know, they don’t need to be HIPAA compliant but at the same time you you’re going to want a certain level of security you’re not going to get from using free popper I’m app accounts. So hopefully that answers that question for for the question. asker Okay, on the wash tech blog, that’s NW Aj tech.com slash blog. We have recent blog post by me 11 steps to mitigate the risk of phishing attacks. So phishing is 90% of all data breaches are our start with a phishing attack, and we see it all the time in HIPAA, healthcare. We see it all the time and law firms we see it a lot, so I wanted to go through the steps. If you read the whole article on on our website as I, as I mentioned 11 steps to mitigate the risk of phishing attacks. First is education. what I consider to be the most important step to fishing mitigation education is critical to reducing the risk of phishing attack. Many of the phishing attacks that are reported show that the employees were victimized, who were victimized had very little knowledge of how to identify a phishing attack. There are several things you can look to for to identify a phishing attack. Some of the more common indicators are poor grammar spelling, sent from a free email account, use of emotional cues to get you to do something usually fear unsolicited email like password changes or an invoice. URLs are not the real URL paypal.com versus Pete pa y pa one com website is missing images or has poor grammar employees and it should also be able to provide awareness alerting on potential attacks for example, a recent alerted clients to a new Microsoft phishing attack and what they look like strong password policies we’ve gone over this 1000 times. password policies are uppercase, lowercase numbers and special characters. The longer the better. Don’t use passwords like 12345 or password 123 or things that are you know, if you if your username is Scott Gombar don’t use Scott Gombar as a password, etc. Three MFA or two FA is just unbelievable the number of of people that are still not using MFA. And I talked to a insurance agent yesterday and he said that’s just too much work. Which is insane. But okay for anti fish. software or service. So I use iron scales. There are others out there. Five anomaly based malware protection, as I’ve talked about sporadically here and there. We’ll talk about it a little later in this episode six DNS and web filtering, again, filter out the traffic that is not healthy for you. In other words, and you can filter by categories too. But most reputable DNS filtering, software’s will now filter out suspected phishing sites as well, as a matter of fact, Google Chrome can do it now. So fishing simulation, so this is essentially you sending a phishing attack to your employees or to your clients, to see how they respond to it. And then if they do click on something that they shouldn’t have clicked on, you can then you know, you get a report and then you can educate further as needed should not be punitive. It should be purely for education. Think before you click. This is a program that I’m developing before you click on any link or attachment. Think about it. Did you ask for the email? Do you know the sender? Can you type the website address manually rather than clicking on it? Do you even shop at the store bank? at the bank? Nine verified before you click 10 have a response plan which is so important and very rarely exists. And then finally, 11 audit so you should regularly audit your email accounts. Realistically, you should audit all accounts where are they being accessed from? When are they being accessed? How are they being accessed? Some of my clients have web access disabled on top of them FA and strong passwords others have alerting setup. So I know if when they’re accessing the account, if something seems off, we question it by reaching out to the client. So you know for the business I use Office 365 I get an alert anytime I get an alert anytime that my account logs in as it This is just an example every time my account is used to access office 365 on the web, or is added to Outlook or anything like that, I get an alert, letting me know that. So that is 11 tips 11 steps to mitigate the risk of phishing attacks. Hopefully you find that helpful. Alright, last bit of news this morning. just learned about this late yesterday critical empty hex vulnerabilities shake the health care sector. So critical critical vulnerabilities have been discovered in popular medical devices from GE Healthcare that could allow attackers to alter the way they function or render them on usable a set of six security flaws have been collectively named nd hex five of them received the highest severity rating of on the common vulnerability scoring system 10 out of 10. The final one has a rating of 8.5 as per the national infrastructure advisory councils scoring scale reported by cyber MDX a healthcare cyber security company the vulnerabilities affect g care Escape, patient monitors Apex pro telemetry, server tower systems and clinical information center CIC pro systems. CIC pro systems are used to view in real time, physiological data and waveforms collected over the local network from patient monitors. So it’s kind of like managed services for medical for healthcare. They also helped manage the distributed monitors and check when the patient was admitted synchronize time and date, as well as setting alarm thresholds. interfering with this product can affect how it works allows changing the alarm settings and can lead to exposing patient health information below the list of the vulnerable system. So here’s a list of the vulnerable systems central Information Center CIC version four point x and five point x k escape Central Station CSCs versions one point x two point x Apex pro telemetry server and tower versions 4.2 and earlier Heroscape telemetry server versions 4.3 4.2 and earlier before 50 patient monitor version two point xp 650 percent Monitor versions one point x and two point x be 850 patient monitor versions one point x and two point x. The researchers found bugs when checking the use of deprecated web min versions of open port configurations that could pose a risk and G’s care escape CIC pro workstation common to all flaws is that exploiting them provides the attacker a direct path to target device and allows them to read write or upload data. The MDX vulnerability bundle credited for discovery of the MDX bugs in elide lose head of research. Oh is he lied lose head of research at cyber MDX. He says that exploitation avenues depend on the infected systems, affected systems design and configuration one of the bugs identified a CBE 2026 961 and affecting ci cc sts and Apex server consists of the exposing the private key and SSH server configuration. The same keys distributed across an entire line of products and could enable remote management of the system via an SSH connection. Allowing code execution. hard coded hard coded credentials in a Windows XP embedded XP operating system is another critical vulnerability CVE 2026 963 as it allows direct access to the device via the server message block, SMB network protocol that that has been a vulnerability for quite some time. There’s some be so the article is on bleeping computer and goes on to talk about the vulnerability there. But if you’re using any of those devices, just there are things you’re going to want to including network segmentation doesn’t look like there is a patch as of yet. You will want to you know, do whatever you can. So here you go. A company provides the following network management best practices MC and i x network, so isolated enough connectivities needed outside the MC and ix networks a router firewalls used to allow only the necessary data flows and block all other data flows. MCI x router firewall should be set up to block all incoming traffic initiated from outside the network with exceptions for new to clinical data flows. The following ports should always be blocked for traffic initiated from outside the MC and ix networks TCP port 22 for SSH, and TCP and UDP ports 137 131 39 445 for net BIOS in SMB as well as TCP ports 10,050 to 2550 150 910,001. restricted physical access to central stations telemetry servers and MCI ix networks. default passwords for web men should be changed as recommended. That’s kind of scary if you haven’t password management best practices are followed. So sounds like another case of weak passwords and poor network segmentation and of course, blocking vulnerable ports. So take care of that. If you are if you’re using any of these machines, if you’re using any machine change the default password at the very least change the default password Alright, that’s gonna do it for the news. So it’s time for hot topics. First up, this is a blog on wash tech calm. That is a course. I’m the owner of wash tech, which is a an MSP specializing and compliance type businesses. So I have this blog two options when the OCR issues guidance, listen or pay. So we just went over a few minutes ago the the breach statistics for the year and for December 2019. When we talked about the ones for the year, we talked about how some of them were settlements and some of them were just the civil penalties when typically winners have either a settlement or a penalty. It’s after the OCR comes in and offers technical guidance, technical advice. And if you don’t listen, then you are asking for trouble. So that’s what we’re talking about. And this this blog post, the OCR recently issued guidance to help ensure equal access to emergency services and appropriate sharing of medical information following Puerto Rico earthquakes. And so I start with that because it’s point out again, there’s some guidance, need to pay attention to it. And we talked about we actually talked about that guidance earlier in this episode. So this got me to thinking about all the HIPAA settlements that were agreed to after the OCR issues technical advice. I talked about the summit with West Georgia ambulance company issued on December 30 2019. On a recent episode of the productive it podcasts, so I have it linked there. I believe it was last week’s episode. They had to pay 65,000 for an incident in 2013, so almost seven years ago, and so they just now paid the and they just now paid a fine for that. The incident was initiated was laptop that went missing allegedly fell off the back of an ambulance, which also means that there was no encryption on that laptop now being 2013 Okay, you know wasn’t as encryption wasn’t talked about as much at that point it is now so there’s no excuse for it today and it’s still happening. The laptop was not encrypted, which does violate HIPAA, the OCR came in to do an investigation and discovered a lot of HIPAA compliance issues, the OCR issues, technical advice. technical advice essentially means here’s what you need to do to correct the HIPAA compliance issues we have found. The ambulance company ignored them when the OCR should follow it up and discovered that the technical advice was ignored. They took further action. This action eventually turned into a $65,000 settlement. And it took a two year corrective action plan, which will cost more than the $65,000 settlement. The initial fine was probably a lot more than the final settlement. So the corrective action plan means the OCR is now going to oversee and make sure that you meet certain landmarks and say, You know you accomplish this on a certain date you accomplish this in 30 days you accomplish this in 60 days, and if you don’t, then you’re looking at more problems. hhs just wants to ensure patient privacy and access is Protected Health and Human Services. OCR has stated on several occasions that it’s not about the fines. If it was, it would be easy to just find healthcare practices and business associates. There are numerous instances of the OCR supplying a healthcare practice with technical support. And that’s the end of it. If you are provided technical support from the OCR it pays to listen really, really does. It really is all about patient care. are you protecting? It really is all about patient care. are you protecting their health information and sensitive data? are you providing access to the health information in a reasonable manner when requested? What is technical support from the OCR? technical support from the OCR is not like technical support from IIT. What they’re really doing is telling you how to fix your HIPAA compliance issues. For example, Case of the ambulance company they uncovered that the laptop was not encrypted. When they investigated further, they also discovered access controls are not in place, and reasonable. Reasonable security was not being utilized to protect bhi, and there was no real HIPAA compliance program in place. The OCR advised the ambulance company what they needed to do to resolve these issues was Georgia emulous essentially ignored the advice. In doing so they became negligent that ended up costing a small business of 64 employees $65,000 plus two years of OCR monitoring them to ensure they put a HIPAA compliance program in place. guidance and technical support from OCR should be taken seriously the OCR and I think a lot and I think a lot of like, I will give you information advice you need, it’s up to you to act on it. I provide technical advice all the time. Honestly, it gets ignored probably 80% of the time, and sometimes it ends up costing the business owner a lot more in the long run. Also, your main objective is to make sure patient care includes protecting patient information. making it accessible to the patient when they want it. You have you may have heard of the CIA triad. No, it’s not a special ops group and the CIA stands for confidentiality integrity availability. What this means is patients healthcare information should remain confidential. the integrity of that information should be protected and it should be made available to the patient when needed. The OCR just wants to ensure the CIA triad is followed by healthcare providers and business associates. They just want to make sure patients are cared for it is called patient care. After all, if they provide guidance or assistance in any manner, whether it’s a web page, official letter audit or email, you should take it very seriously. And next step would cost you significantly more if you don’t. And at the end of the day, it’s all about patient care, whether you are a healthcare practice or a business that supports them. So that’s that’s my soapbox for the week. And you know, it’s important because often You know, especially you know, a lot of health care practices won’t ignore you. But you talk about the outline healthcare type practices like dentists, chiropractors, ambulance services, pharmacies, and they’re not paying attention to the advice that’s being. It’s freely available on the internet. So it’s it can get pretty ugly. Next up, we going we’re going to talk about email tech. And the reason I’m going to talk about email tech, there’s a sista alert about increased the motet malware activity. I’ll read that first though. So Cisco is aware of a recent increase in targeted email tip malware attacks, you must set as a sophisticated Trojan that commonly functions as a downloaded or dropper of other malware. He will tip primarily spreads via malicious email attachments, and attempts to proof proliferate within a network by brute forcing user credentials and writing to share drives is successful and attacker you could use an email 10 infection to obtain sensitive information such an attack could result in proprietary inflammation and financial loss as well as disruption to our operations and harm to reputation. So sister recommends users and administrator adhere to the following best practices to defend against the email tab. So here’s the best practices that they recommend. Block email attachments commonly associated with malware like DLL in deoxy. Block email attachments that cannot be scanned by antivirus such as zip files, implement Group Policy Object and firewall rules, implemented antivirus program and a formalized patch management process and I would recommend a an antivirus program that uses anomaly based signatures anomaly based, not signature based anomaly based protection, implement filters at the email gateway and block suspicious IP addresses at the firewall. Adhere to principle of least privilege. Again, this is this that is key because I see it all the time when we see when we see the HIPAA breaches that involve employees stealing information and It’s always more supposed to have access implemented domain based Message Authentication reporting and conformance validation system. This is more commonly referred to demark. You probably have heard of demark. Man, I didn’t even know the full acronym, but it’s demark segment and segregate networks and functions limit unnecessary lateral communications. So those that’s the advice but what is email to? So I’m borrowing this from Malwarebytes. Malwarebytes is of course, a anti malware software that you can use to help protect your machines. So, let’s talk about email. Email tat malware. You may have heard about emails hitting the news What is it ancient Egyptian King, your teenage sister’s favorite emo band? were afraid not. That you must have banking Trojan was first identified by security researchers. In 2014. Email tech was originally designed as a beta malware that attempted to sneak onto your computer and steal sensitive and private information. So we’ve, we’ve heard of some of these already. Later versions of the software saw the addition of spamming and malware delivery services, including other banking Trojan email to use this functionality that helps the software evade detection by some anti malware products. Email, Tet uses warm like capabilities to help spread to other connected computers. And this is why I say anomaly based anti malware because signature based depends on you make sure that your malware is up to date and that anti malware is up to date. And that that software is providing an update for anomaly basis saying hey, this is not normal. We need to we need to stop this before it does any damage. This helps the in distribution of our dysfunctioning functionality has led to DHS Department of Homeland Security to conclude that emoto is one of the most costly and destructive malware affecting government and private sectors, individuals and organizations and costing upwards A $1 million per incident to clean up. So what is it email Ted is a Trojan that is primarily spread through spam emails. Mail spam, the infection may arrive, either via malicious script, macro enabled document files or malicious link and will tell emails may contain familiar branding designed to look into a legitimate email. Email tip may try to persuade users to click the malicious files by using tempting language about your invoice payment details, or possibly an upcoming shipment from well known parcel companies. So we’ve talked about this before. These are phishing attempts. And they’re using fear or emotional responses hopefully to get you to click through email Ted has gone through a few iterations early versions arrived as malicious JavaScript file. Later versions evolved to use macro enabled documents. To retrieve the virus payload from command and control centers CNC servers run by the attackers he will set us as a non Number of tricks to try and prevent detection and analysis notably human said knows if it’s running inside a virtual machine and will lay dormant if it detects sandbox environment, which is a tool cyber security researchers used to observe malware within a safe controlled space. So interesting. You Mattel also use a CNC service to receive updates. This works in the same way as the operating system updates on your PC and can happen seamlessly and without any outward signs. This allows the attackers to install update versions of the software install additional malware, such as other banking Trojans, or to act as a dumping ground for stolen information such as financial credentials, usernames and passwords and email addresses. So interesting, interesting to point out there that they do update. If you have some DNS filtering going on, you may detect that updating. The primary distribution method for emo Ted is through mouse fam as we mentioned earlier, motet ransacked your contacts list and sends itself to your friends. So you may have gotten friends from sorry friends, female coworkers, clients, anybody in your contact list. So you may have gotten an email from someone and said, Hey, this doesn’t look right. And I’ve talked about this in a episode of the product of cyber security daily where a client of mine did get an email like that, but he question it because I’ve I’ve taught him to question it. And you know, the person do that the sender did say, Yes, I have malware, didn’t say malware, so I’m paraphrasing. I have you know, I have my emails being compromised, and it’s spreading. Since these emails are coming from your hijacked email account, the emails look less like spam and and the recipients feeling safer, more inclined to click bad URLs and download infected files, question everything. Think before you click. The connected network is present email test birds using a list of common passwords guessing its way onto other connected systems and brute force attack. So notice that common password stop using password 123 is password if the password is to all important human resources server is simply password then it’s likely you will tell will find its way there. Researchers initially thought you will also spread using the eternal blue double pulsar vulnerabilities which were responsible for wanna cry and not Pecha attacks. We know now that isn’t the case. What led researchers to this conclusion was the fact that trick bot, which is another banking Trojan it children often spread by email to makes use of the eternal blue exploit to spread itself across a given network. It was tricked but not even what’s taken advantage of the eternal blue double posts our vulnerabilities and then it goes on to talk about the history and who does it target so everyone is a target emulator. And how can you protect yourself from even set keep your computer endpoints up to date with the latest patches for Microsoft Windows trick bot is often delivered as a secondary, motet payload and we know we know trick by relies on the windows, eternal blue vulnerability to do its dirty work. So patched up vulnerability before the cyber criminals can take advantage of it. Don’t download suspicious attachments, or click a shady looking link you will get can’t get the initial foothold on your system or network. If you avoid the suspect emails take the time to educate your users on how to spot mouse Pam, educate yourself and your users on creating a strong password while you’re at it use two factor or multi factor authentication and how and you can protect yourself and your users from email set with a robust cybersecurity program that includes multi layered protection. And then of course, there’s an advertisement for Malwarebytes Malwarebytes is a good program so if you are in the market, or don’t trust the software you’re using, then Malwarebytes is the best bet is not the best I wouldn’t say the best bet they’re good bet. How can I remove email tech so if you suspect email has been is on your computer you need to disconnect from network immediately. You need to disconnect from the internet and easily once isolated Suit patch and clean the infected system. Realistically once you have a malicious content on your computer, it’s almost impossible to remove it. While Windows is running, you are going to either one of two things you can do you can do a clean install you one of three things you could do a clean install, you can restore from a backup, or you can the problem with restoring from a backup as you may not know if it was that was on your system at that point. So clean install, restore your files, or scanning from another device. So in other words, Windows isn’t booted up you use another device to scan which is usually the method I use. Clean installs is a last ditch effort. And last bit of hot topic here Microsoft and Google just can’t agree on proposed ban on facial recognition. Google CEO Sundar Pichai has expressed support for years proposed temporary ban on facial recognition but my sauce top lawyer Brett Smith has question against using a meat cleaver for what should be a surgical operation. The two tech execs on Monday responded to the European Commission’s proposal to ban the use of facial recognition and public spaces for three to five years or until sufficient risk assessment and risk management frameworks can be developed. beside them Monday wrote that there were real concerns about the potential negative consequences of AI from defects to nefarious uses of facial recognition and argued for sensible regulation that got the right balance between opportunities of AI and its potential harms, which I think is a good thing. Speaking at a conference in Brussels on Monday for shy said it was important for governments to tackle regulatory questions over facial recognition, and more broadly, ai soon, sooner rather than later and that the bank can be immediate, but maybe there’s a waiting period before we really think about how it can be used. The Shire argues that you can adapt existing legislation such as the GDPR to manage the risks of AI and facial recognition technology. He also said regulation should be used to backup AI principles such as those outlined by Google last year in which a committed not to release AI that could harm people. accountability is an important part of our AI principles. We want our systems to be accountable and explainable and we test it for safety. Besides told to Think Tank Google, which organized the conference. I think inevitably doing the that we assume it will involve human agency humans to review it. And we specifically mentioned, we want the system to be accountable to society at large and I think regulation should play a role in that as well. European Commission acknowledges in his proposal that a temporary ban official recognition would be a far reaching measure that might hamper the development and uptake of this technology, therefore would prefer to use existing regulatory instruments available under GDPR. So I don’t know how you can that’s going to be tough to do under GDPR. And my opinion, Microsoft vice president and chief legal counsel Brad Smith has previously call for regulation on the use of facial recognition. However yesterday he cautioned against the European Commission is temporary Ben Smith said facial recognition was useful for NGOs to find missing children routers reported, which is a good point. I’m really reluctant to say that let’s stop people from using technology in a way that will reunite families, when it can help them do it. He said, The second thing I would say is you you don’t be in it if you actually believe there’s a reasonable, reasonable alternative that will enable us to say, address this problem with a scalpel instead of a meat cleaver. Smith has previously argued that facial recognition laws should require tech companies to provide transparent documentation that explains the capabilities and limitations of their facial recognition tech. He aired his opinions on the technology in December 2018 and a week of employee protest that gets Microsoft’s work developing facial recognition technology for US Immigration and Customs Enforcement, which you know, is this this a different topic altogether? Is his point of finding a kidnapped child is what is a real Good point. While Smith opposes the ECS proposed temporary ban on facial recognition, his other views on regulating the technology aren’t that different. European Commission has proposed voluntary labeling requirements on public authorities that use the technology as well as mandatory risk basis requirements for its use in healthcare and transport and predictive policy. policing. Sorry, Smith says call for the Rachel Smith has called for legislation that mandates impact assessments for using the technology and notifying the public when facial recognition is in use in a requirement for people to give consent to their technologies use when it entering premises is also called for laws restricting use of facial recognition when monitoring people of interest in public spaces, and that this use of technology would only be available with a court order or allowed with a court order. The White House earlier this month called on Europe to avoid heavy handed innovation killing models. And to consider a similar approach to the US is which discourages federal agencies from taking regulatory actions that hamper AI innovation and growth. So it’s pretty interesting that is on Zd net, you can go read it there. It’ll be interesting to see where that goes. I don’t know how the GDPR can manage that. It would be tough to to oversee and manage any potential violations of GDPR. I understand what both sides are saying. I don’t know that you could slow it down at this point. It’s it’s kind of gotten kind of starting to grow on its own. It’s grown it’s grown legs and moving on its own. So a little scary because you go watch Terminator and you say, okay, we’re not that far off. But at the same time, it there are positive uses part of positive use cases. For AI, especially in cameras around the world. Is it an invasion of privacy? Probably. Are we do we have any privacy anymore? I’m not so sure when we see all these breaches. You know, Microsoft breaches. Google breach healthcare breaches, everybody gets breached. It’s hard to say there’s any privacy anymore. So, food for thought, and we’re going to move on to our HIPAA education piece. Bye for HIPAA education. This week we’re going to talk about filing a complaint this will be quick this week. If you believe that a HIPAA covered entity or business associate violated your or someone else’s health information, privacy rights or committed another violation of the privacy, security or Breach Notification rules, you may file a complaint with the Office of Civil Rights. The OCR can investigate complaints against covered entities, health plans, health care clearing houses, or health care providers that conduct certain transactions electronically and their business associates. So as an example, I am a business associate. So if you believe that I violated HIPAA, you could file a complaint you prefer filed a complaint online this I’m reading this from hhs.gov, by the way, so you could file a complaint online, you could just search for on Google search for filing a HIPAA complaint and you’ll see the link there to file a complaint online. The complaint process, anyone can file a complaint. It needs to be filed in writing email, fax, or via the OCR complaint portal, named the covered entity or business associate involved. You know, you may if you if it’s a covered entity, you may not know who the business associates are, and it may very well be the business associates fault of if there is a breach, but and you know, the example would be I don’t remember who it was now, but there was a breach few weeks ago where mailings went out with the information in in the clear window rather than the address. It was social security numbers. So, you know, that’s a breach, but that was done by a third party that was sending the mailing out building a company It wasn’t done by the healthcare provider. So you may not know that you filed the breach, you filed the complaint. And then they research it be filed within 180 days of when you knew that the act or emission complaint or have occurred. OCR may extend the 180 day period if you could show good cause. So in other words, if you weren’t aware, initially after six months and you found out at seven months, then they would probably extend it. HIPAA prohibits retaliation. So this is important there was a case. Well, I’ll get to that in a moment. under HIPAA, an entity cannot retaliate against you for filing a complaint, you should notify OCR immediately in the event of retaliatory action. So that’s, that’s important file Health Information Privacy complaint online, and there’s a link to it. And then if you want to do it in any other manner, all the links are there. And what information you need to include is there. What I was going to say before it wasn’t exactly applicable, but there was you need to be careful about filing a complaint because if you’re filing a complaint just to get somebody in trouble, you know, maybe you had a bad visit with a doctor and you just want to follow HIPAA complaint and say, you know, they’re not doing their job, you know that they leaked my information, whatever it is. You should not do that because there was a case in Georgia, I believe was Georgia where man did that with turns out it was the person he did to complain about was his ex girlfriend, I believe and turns out they so they investigated and they determined that the he was lying. And he is looking at some time now. What can you expect? So how does the OCR investigator Health Information Privacy and Security compliant? OCR carefully reviews all Health Information Privacy and Security complaints. Under the law, OCR only may take action on complaints if your rights were violated by a covered entity or business associate your file complaint within 180 days of the violation. And then what happens after the investigation at the end of the session? allegation OCR issued a letter describing the resolution of the investigation. If OCR determines that a covered entity or business associate may not have complied with the HIPAA rules, that entity or business associate must voluntary comply with the HIPAA rules take corrective action agreed to a settlement. So like I said earlier, if they’re issued guidance by OCR and that, you know, that’s their get out of jail free card, follow the guidance, they should follow that guidance and if they don’t, then they’re looking at a settlement and corrective action plan. Alright, last up on the docket. It was a quiet week for HIPAA breach notifications there was only to a phishing attack reported by Adventist health Sonora in California has discovered an unauthorized Individuals gain access to the email account of a hospital associated and potentially viewed patient information. email account breach was detected by Adventist health centers information security team on September 30. immediate action has was taken to secure the compromised office 365 account. Not sure whether that it was office 365 I don’t have to take shots at Microsoft but that tells me you did not have multi factor authentication turned on and an investigation was launched to determine the extent of the breach the investigation confirm that access to Office 365 account was gained following response to a phishing email and then it was isolated incident no other email accounts or systems were affected. The purpose of the attack appears to have been to redirect invoice payments and to fraud hospital and its vendors rather than obtains sensitive patient information. This is and this is under increased as well. So we need to be aware of that too. They don’t usually target hospitals, it’s usually municipalities, things like that. According to Adventist health Sonora content Review of affected account revealed on October 14 2019 at the account contain the protected health information of 2653 patients. Two types of information exposed including names, dates of birth, medical record numbers, health insurance information, hospital account numbers and medical information related to the care provided at the hospital. No evidence was uncovered to suggest any patient information was acquired by the attacker. But on an abundance of caution effective patients have been notified and offered complimentary identity theft protection services for 12 months because we’ve never heard that response before. And then finally Great Plains health has recovered 80% of systems impacted by November 20 19th ransomware attack. Great Plains health in North Platte, Nebraska experienced a ransomware attack in November 2019, which saw its network encrypted The decision was taken not to pay the ransom and instead to restore systems from backups, which was a smart decision has been a time consuming and pasting a process but hospital officials have announced that processes now. 80% completed restoration of systems has priority was prioritized with the most important patient systems are stored First, it took two weeks for critical patient systems to be recovered. members of staff worked around the clock to ensure systems were restored in the shortest possible timeframe. Throughout the attack and recovery process. Patients continue to receive medical services and no patients were turned away or redirected to other healthcare facilities. Hospital officials have now announced that all major IT systems have now been brought back online and the ransomware tech is no longer having an impact on any kind of patient care only archives now needs to be restored, which contain information rarely used by the hospital. So no generic out of an abundance of caution response there, and it doesn’t say how many people were impacted. So that’ll be we’ll see where that goes. I’m sure we’ll hear more about that in the future. The good thing is they decided not to pay the ransom, which is great for two reasons. Primarily one if you pay you make yourself a bigger target, going forward. And two. If you pay, there’s no well really three reasons to if you pay, there’s no guarantee you’ll get your your files, decrypted. And three, the only way we’re going to stop the scourge of ransomware is by making it not profitable to the attacker. So once they realize they’re not going to get money, they’re going to stop. And I don’t there is no other way at this point. So that’s going to do it for this episode of the productive it podcast. hope it was useful hope it was helpful to you. But until next week, stay secure and enjoy your weekend, everyone.

Transcribed by https://otter.ai

Scott Gombar

Author Scott Gombar

More posts by Scott Gombar

Leave a Reply