With the national crisis still in play, cybersecurity is essential to operating businesses which are now online more than ever before. Small businesses without any apps before are going online to survive. Telehealth, remote learning, telework are all standard right now. With so much going on we are trying to keep our eye on cyber stories to prepare ourselves and our clients for what is happening out there. Today let’s discuss 3 cyber stories we are watching right now.
In this episode:
3 Cyber stories we are watching – Ep 250
2020 Session Dates
August 18, 19, 20
2020 Fall Session Dates
Sept 15, 16, 17
San Pedro, CA
For info go to TheHIPAABootCamp.com
Share Help Me With HIPAA with one other person this week!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com.
Yep, San Pedro is our kind of place. As my friend’s sign says: in the South we don’t hide our crazy, we bring it out on the front porch and serve cocktails.
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
A question came that is interesting in this whole COV thing.
Last week, 2 of our providers were exposed to the Covid-19 virus and took the test and self quarantined.
We had to reschedule their patients and we told the patients that they were quarantined due to an exposure to the virus. We gave no other details.
Is this a HIPAA violation? I said no but our owner and another provider said it was definitely a HIPAA violation.
Who is correct?
This is fact specific as most HIPAA questions. Who is treating the providers? If you are treating the providers then you are responsible for meeting HIPAA obligations for their care.
3 Cyber stories we are watching
Products like Zoom have become household names overnight it seems during this pandemic. We have been using it for years but apparently this national stay-at-home month has made it explode. That is both good and bad. We have a couple of topics on Zoom to cover plus some news on the scams we see and some interesting findings from a FireEye ransomware study.
“Zoombombing” adds more Zoom privacy and security issues.
- Be wary of links
- Adjust the screen share options immediately
- Use Waiting Rooms
- Create a webinar instead of a meeting
- Remember that everything is being recorded
Scams and Attacks
Plenty of COVID phishing happening
FBI: Cybercrime Gang Mailing ‘BadUSB’ Devices to Targets – Malicious USB Devices Accompanied by Fake Gift Cards to Entice Would-Be Victims
Never underestimate the power of a weaponized tchotchke, especially when paired with a free teddy bear and gift card.
FBI Private Industry Notification:
Kwampirs Malware Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries, including Healthcare Sector
Particularly bad news in this one.
This one goes back for several years. In a 2018 article they calculated that 40% of their attacks were on healthcare.
Within the healthcare sector, Kwampirs malware was found installed on a wide variety of systems, including X-Ray and MRI machines, as well as machines used to assist patients in completing consent forms. However, rather than stealing information stored upon these systems, it is suggested that attackers are mostly interested in learning about the devices themselves.
News in Feb about the damage in 2019. I knew it was bad but wow.
That averages $141k per attack – that they know about! In 2018 it was $46,800 per attack.
Among the most targeted were state and local government entities, critical infrastructure organizations, and entities in the healthcare sector.
Mandiant Intelligence examined dozens of ransomware incident response investigations from 2017 to 2019. Through this research, we identified a number of common characteristics in initial intrusion vectors, dwell time, and time of day of ransomware deployment. We also noted threat actor innovations in tactics to maximize profits
- They get a foothold and lurk for a while doing reconnaissance
- They roll out their attacks at night or on the weekend most of the time
- RDP still a vector but phishing and drive-by-downloads the most likely way they get in
Drive-by-downloads, weak and unprotected Remote Desktop Protocol (RDP) services, and phishing with a malicious link or attachment were the most common initial infection vectors in the ransomware attacks in FireEye’s study. RDP attacks, where threat actors log in remotely to a system on a target environment via the RDP protocol, were especially common in 2017, but they appear to have declined somewhat in popularity since then.
Over the same period, phishing, in particular, and drive-by-downloads have gained in popularity as a way for attackers to try and get an initial foothold on a target network, FireEye said.
There is a lot to deal with these days. We can’t fix the big things. Let’s all worry about the things we can do something about for now. The scary things are out there aimed at your systems and your data. We will watch these cyber stories and update you as we do our best to help us all cope.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!