There is so much happening in the cyber world today that we couldn’t decide on just one topic to cover in this episode. So, we will be jumping around and covering a lot of different cyber topics, hence the title of the podcast, Cyber Sqwerl. So, listen fast folks… we’ve got a lot to cover.
In this episode:
Cyber Sqwerl – Ep 314
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
Just for fun and games, we ran across this site when checking to make sure “Cyber Sqwerls” wouldn’t come up as some nefarious or elicit site in a search.
This is a site by a group, called Cyber Squirrel 1, that was tracking how animals disrupt critical infrastructure versus hacking attacks. The last stats published by this group were from 2019, but as of then, the squirrels were winning.
HIPAA Say What!?!
[06:44] We’ve said many times before that Amazon Alexa does not go in patient areas. And now we have a case where healthcare workers are filing a lawsuit against Amazon because Alexa is violating HIPAA. They are alleging that their Alexa devices are recording their protected conversations. So, this will be an interesting one to watch.If you want to read more about the lawsuit, here are a couple links:
Healthcare workers sue Amazon for allegedly recording PHI: 5 things to know
Lawsuit filed by Healthcare Workers Against Amazon Alexa for Allegedly Violating HIPAA
Cyber Sqwerl
[13:47] So, here’s an option to fund your retirement plan… the federal government is offering a $10 million reward if you have information on a state sponsored hacker disrupting critical infrastructure. So, for those who want to go out and be a spy, try it.REvil disappears?
[16:26] REvil, the hacking gang that has been wreaking havoc recently with the Kaseya ransomware attack and JBS meat processing plant, seems to have just disappeared in the middle of negotiations with all those people who were hit during the Kaseya attack. Poof. Gone. And now everyone that was trying to negotiate with them are left in a lurch. What are they going to do now?Well, for those of you whose incident response plan for ransomware is to just pay the ransom, it might not be an option for you. And guess what? These hacking gangs are well funded businesses who have a business continuity plan. They also know how to run a network and secure it from people like them. Odds are they disappeared because someone was getting close to finding them. But, I’m sure they will pop up again under a new name.
PACS
[20:04] HHS recently put out an HC3 sector alert regarding PACS systems. The alert lists devices with known vulnerabilities according to the Department of Homeland Security. There is a big list of PACS systems in their alert. There’s so many things that can go wrong with this… like malware hiding behind images that can alter the images and even block the images. So, if you use or secure a PACS, make sure it’s not on the list. And if it is, create a plan to deal with it. And listen to our previous podcasts on PACs systems. We’ve done a few.
Remember, all connected devices, whether medical devices or like Alexa (which is, yes, a connected device) should be on your risk assessments. And you should have a plan to protect it.
CISA MSP Guidance
[23:28] Last week we talked about the Kaseya ransomware attack on MSPs. Well, CISA has already released a mitigation and hardening guidance for MSPs and small and medium sized businesses. It’s a short, two page guide with great information for MSPs or just IT people in general. It talks about what the threats are and how to think about them and then goes on to give their recommendations on how to mitigate these threats.This is not guidance specifically targeted to healthcare. It is guidance for MSPs and small and medium sized businesses. Yet, all of these things are a part of HIPAA requirements. So, as we like to say, HIPAA for everybody!
CISA Insights: Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses
SONIC Wall
[27:39] If you are a user of Sonicwall devices, like firewalls or routers, you need to pay attention to this. Or consult with your MSP or IT vendor to find out if your office uses Sonicwall devices. Because Sonicwall has been made aware of an “imminent ransomware campaign” on some of their devices using stolen credentials. This should be addressed immediately.SonicWall warns of ‘imminent ransomware campaign’ targeting its EOL equipment
We actually recommend that you go to your IT or MSP vendor and find out what the end of life is on my hardware and even for some of your software, like your off Microsoft Office versions, your Windows versions, your PCs, firewalls and other network devices. That way you will know when you should expect to have to purchase new PCs or firewalls and it can be included in your budgets.
No need for endpoint security?
[32:47] Microsoft has a new service that will essentially let businesses put the PCs in the cloud so their users can access “their PC” in a browser. But in the article (link below), they say that “employees don’t need to navigate VPNs or worry about security on personal devices.”Uh… let’s just say that this is not something we would recommend… the foregoing of endpoint security software, that is.
So the way this would work is that you will use a PC to connect to a link in a browser that provides you a Windows desktop with all your applications you need to do your daily work. Fine. But the key point here is you are using a PC to do this. It needs security software. This is a topic that David goes on a rant about and lists a number of reasons why you should NOT go without endpoint security software. So, listen to this part of the podcast to hear him get all fired up!
If David’s rant wasn’t enough to convince you, here is an article about a Windows print spooler vulnerability that needs to be patched now! For all Windows PCs. This is still an issue on a PC that you are using to access “your PC desktop in the cloud.”
Yeah, no! Don’t go without endpoint security on your PCs, folks. You are sure to regret it.
We covered a lot of cyber related topics in this episode. Amazon Alexa is being sued. REvil disappeared. More PACS systems are vulnerable to attacks. CISA released new guidance for MSPs and small and medium sized businesses. There is an imminent threat related to some of SonicWalls firewall devices. And Microsoft doesn’t think you need endpoint security anymore if you use their new “PC in the cloud” service. Suffice to say, never be too confident when it comes to cybersecurity! Any time you think that you can assume that you have it covered, that’s the moment you know you’re wrong.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
