You know how people say “it’ll never happen to me”? Well, today we are covering six news stories that chances are will affect you either directly or indirectly in some way. We’ve got yet another story of a practice that doesn’t have a response plan, stories about hardware and software that are vulnerable or were hacked and even a story on how you can make a quick $10m.
In this episode:
6 News Stories – Ep 409
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
Great idea! Share Help Me With HIPAA with one person this week!
Learn about offerings from the Kardon Club
and HIPAA for MSPs!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
Thanks to our donors.
HIPAA Say What!?!
[01:48] BAs don’t do partial HIPAA. They do HIPAA that applies to them, just like CEs do the parts of HIPAA that apply to them. Not all parts apply to all CEs if they don’t do that work. BAs are the same way.6 News Stories
[06:23] Please have a response plan
Patients concerned after local allergy clinic closes its doors because of alleged data breach – It appears that the Oklahoma Institute of Allergy Asthma and Immunology experienced a cyber event which prevented them from accessing EHR records and have no ability to communicate with patients or treat them. It is unclear if the office is closed permanently.
Here are other related articles:
Oklahoma allergy clinic stepping up after competitor closes
Patients angered after Oklahoma allergy clinic blames cyberattack for shutdown
Every business should have a response plan. Part of that plan should include how you will communicate with patients, staff, media, etc regarding an incident. Everyone needs to do their part for cybersecurity because it will affect you if your practice or business has a cyber incident. Even the allergy clinic that is stepping up and helping the patients that have been abandoned are impacted by the Oklahoma Institute of Allergy Asthma and Immunology cyber incident.
[23:17] Next Gen Breach
NextGen Healthcare says hackers accessed personal data of more than 1 million patients | TechCrunch – Between March 29, 2023 and April 14, 2023 malicious hackers gained access to the NextGen cloud EHR cloud system. Those with on-prem NextGen EHR systems were not affected. For those who think that by having a cloud solution, you don’t have to worry about anything, you’d be wrong. Your patients aren’t going to care what solution you use if you can treat them because you can’t access the EHR.
[26:43] Smart Home Security Issues:
Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs
In the absence of a fix, users of Wemo Mini Smart Plug V2 are recommended to avoid exposing them directly to the internet and ensure that appropriate segmentation measures are implemented if they have been deployed in sensitive networks. “It appears that this vulnerability could be triggered via the Cloud interface (meaning, without a direct connection to the device),” the researchers cautioned.
Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica
The main purpose of the malware appears to relay traffic between an infected target and the attackers’ command and control servers in a way that obscures the origins and destinations of the communication. With further analysis, Check Point Research eventually discovered that the control infrastructure was operated by hackers tied to Mustang Panda, an advanced persistent threat actor that both the Avast and ESET security firms say works on behalf of the Chinese government.
[35:00] Think LastPass was bad – look what happened at KeePass
KeePass Exploit Allows Attackers to Recover Master Passwords from Memory – In the article, KeePass states that the “password database is not intended to be secure against an attacker who has that level of access to the local PC.” That’s not good because basically it’s saying that if you have a “high” level of access to the PC (presumably) that you will be able to see the passwords in plain text. Hackers typically gain access and take over the entire PC.
The good news is that this vulnerability seems to have been found before being used, but the fix isn’t out yet.
[40:25] Want to make $10m?
MIKHAIL PAVLOVICH MATVEEV — FBI – Find this guy and turn him in. He is involved in a massive amount of Russian based ransomware and malware attacks. The internet will be a lot safer if he is put out of business, well at least for a little while.
All of these stories have the potential to impact us all in some way. Regardless of what business you are in, everyone should have a response plan to address critical events that happen. Winging it or creating a plan on the fly is not a good solution. And it can impact not only you or your business, but other and other businesses in the community. Understanding what is happening in the world around you and learning from others’ mistakes can help you prepare to not be the same kind of victim. We are all a part of the cybersecurity team.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
