cyber halloween partyHard to believe that we are rolling out our 6th Halloween episode! This year you get to help figure out the costumes at the network office party. Can you guess what all the cyber costumes are saying?

 

 

A 5 star review is all we ask from our listeners.
1x
0:00
...
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy.

In this episode:

Cyber Halloween Party – Ep 278

Share Help Me With HIPAA with one person this week!

Thanks to our donors.  We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com.

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

HIPAA Say What!?!

[06:36] Severino’s interview with HealthcareInfoSecurity.com had some interesting points.

…..spells out critical steps healthcare organizations must take to safeguard patient information and ensure patient safety in light of the surge in ransomware and other hacking incidents.

“We’re seeing a growth of advanced persistent threats where hackers will infiltrate, usually through phishing, to get credentials and get their foot through the door in one area of a covered entity’s systems,” he says in an in-depth interview with Information Security Media Group.

Then the hackers will “attempt to learn everything they can about the access they gained to see if they can leverage that to jump to a more secure area of the system,” he says.

Given that hackers can reside on a network for months or even years, Severino says, it’s essential to have “proper audits and logs to have visibility into your system.”

He mentions that they have done a lot of patient’s right of access enforcement but the the article then says this:

He also points out that when healthcare organizations have relationships with third parties that are acting on their behalf, they must have appropriate business associate agreements “so that the chain of custody of that protected health information remains secure so that there is no weak link in the chain because there is far too much at stake.”

We will review more about his interview in a later episode including what he called a “significant uptick” in hacking breaches (which we pretty much already knew about). Today we have something special already planned.

Cyber Halloween Party

[11:23] So, I had a dream and David was in it. We are working in an office together and going to a party. Here is what happened in the dream.

Can you figure out the cyber costumes before we do? It’s a Cyber Halloween Party and the guests may not be welcome.

The office Halloween party happens sort of impromptu for 2020. Of course, it is socially distanced with an online presence because, COVID. Somehow you never got the memo but everyone else is in interesting costumes related to technology. We quickly throw together a costume by printing out signs and taping it to our shirts. I am the 1 and David is the 0.

You can hear that the party sounds coming from the break room. But, by the main door are a couple of guards with huge shields in front of them and padlocks around their neck just standing in front of the door. Not sure why they are trying to look so intimidating but we don’t want to deal with them so we go around the corner to the back door. These folks look like our first friendly party goers!

One is in all white with lines creating cells all over them. The other is wearing a huge sandwich sign that has a flashing line on it. What are they? A spreadsheet and a blank Word document. They are excited to see us and let us right into the party.

Ah, the lesson they are showing us is the reason so many cybercriminals plant things inside things like spreadsheets and documents. It is so easy to use them to get in the back door.

Wow, a lot of cool costumes here that one looks really scary. I think it is one of those Japanese Anime characters. What are they? Ryuk ransomware gang! They have been wreaking havoc on networks and businesses since late 2018. It was the first gang to target businesses and they have made a killing. That character they use for the name is pretty bad-ass and they clearly had plans from the beginning to be that too. In Q1 2020, Ryuk earned the largest ransom payouts worth $1.4 million, compared to $327,931 for Sodinokibi.

Talking about weird things, it is awkward to see a couple of folks in a wooden horse costume trying to move around the room easily. Everyone seems to give them plenty of space to go where they want though. What is that trap door looking thing on the back? It’s an easy way to allow them to potty? Oh… wait… I get it. It’s a Trojan with a back door!

Lady with a window hanging around their neck. She is crying and there is a sign which reads, “I am vulnerable”. LOL – simple but direct. A windows vulnerability!

How about that one over there dressed like a desktop hanging with the one dressed like a roach. The roach keeps moving between the guards at the front and brings more people into talk with the desktop character. What is going on with those two? I get it! It’s a bug letting people in via windows remote desktop protocol (RDP). The vulnerability lady should be hanging out with them!

Hey look there is someone just being friendly and walking around handing out candy and drinks to everyone. They seem to never run out either. It seems like as soon as they hand over one treat another one just appears in their hand. Not sure how that magic is happening but I definitely want to learn how. Wait, that is Emotet malware.

Hey Emotet just handed candy to someone that looks just like you, David! WTH? Identity thief! Now that they have candy they will be hanging around for a very long time.

What is the deal with the huge padlock covered with Depends undergarments? Locking and leaking – get it!

There are several others dressed as rodents – let’s just call them what they are: RATs.

Now, there is a really tough one to figure out, it took a while. They are dressed in a graduation cap and gown as if they just got a PhD or something. They are walking around the room following people and just tapping them over and over again. Once the person finally tells them to stop they get a blast of threats to their safety. Then, they move on to someone else after scaring the you know what out of the last target. They were an Advanced Persistent Threat!

Geez, do you see the three gathered over there. They aren’t wearing anything but numbers 404. Get it, Error 404: Costume not found!

Suddenly, this lady storms in yelling at everyone that their Amazon Prime Day order has been cancelled and to follow her to learn more. You know what she is, don’t you? Phishing email! She just doubled the number of people in the room and you can’t move anywhere.

The room is really packed. There are so many in here now we are getting locked in and can’t get out. Panic is setting in! You know I have personal space issues. We have to get out of here! We realize we aren’t at a Halloween party. We are inside the network and it has been hit with all kinds of infections – we don’t know anyone here, we just thought they were having a nice party. They are locking us down completely!

Suddenly, I wake up.

[41:02] Another Halloween episode in the books but another way to create a training class. Send out these ideas or make up your own and see who can guess the costumes and why they matter. Even better have your team event where each person becomes the threat or vulnerability.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word.  As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Special thanks to our sponsors Security First IT and Kardon.