COVID 19 made threat lists changeLike it or not we have to face new realities on our threat lists as we figure out our new normal in the post COVID-19 landscape. The privacy and security risks have changed just like everything else during the crisis. Threat lists used for your SRA must be updated and addressed. You do not want to be hit with data breaches and privacy breaches just as you get things back up and running, do you?

 

A 5 star review is all we ask from our listeners.
1x
0:00
...
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy.

In this episode:

Rethink Threat Lists Post COVID-19 – Ep 253

The HIPAA Boot Camp

2020 Session Dates

August 18, 19, 20

Tucker, GA

2020 Fall Session Dates

Sept 15, 16, 17

San Pedro, CA

For info go to TheHIPAABootCamp.com

Registration Form

We are currently evaluating a virtual 3 day boot camp. Let us know if you are interested.

 

Share Help Me With HIPAA with one person this week!

Thanks to our donors.  We appreciate your support!

 If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com.

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAACOVID 19 made threat lists change for 5th anniversary

Before we get started on the topic for today we would like to thank you for listening to our little podcast.  This week we celebrate the 5th anniversary of us recording our first episodes for release.  Hard to believe we are still at it!  The feedback and support we have received over the past 5 years is what keeps us at it. Thanks for the support of everyone on our teams, families, and in our community.

Rethink Threat Lists Post COVID-19

First let’s review where we were focusing concerns for threats against privacy and security of information before the proverbial stuff hit the fan.  Much of that hasn’t gone away but the motivations and methods have changed dramatically.

We had just done some episodes talking about the increasing issues with Ransomware attacks and Insider issues. If you haven’t listened to those, check them out.

Stories we never had a chance to discuss but bring up some new concerns today.  In fact, they perfectly illustrate some of the issues we must face are out there.  They were already happening before the lockdown and everything that has transpired since then has only made the situation worse.

What really went on during the shutdown

Let’s all admit that we have no idea how well any of the security and privacy controls in place held up during this crisis.  We are going to find a lot of things went well as an upside.  However, we are also going to realize that other things went really wrong, some even more wrong than others.

The use of RDP for remote access is increasing dramatically, as we discussed recently, which is certain to cause us trouble.  Trouble is a certainty the only question is how much.  Phishing and website drive-by malware have run rampant.  The only question will be how much did we block and how much got into the guts of our networks.

One indicator we can check is the HHS breach portal.  I just checked this, and we know the numbers do change but as of now, HHS lists 91 breaches on the portal reported in Jan/Feb 2020.  There are 52 for March and through April 17.  Those were the ones submitted, not when the breaches occurred. Breaches from that time  were coming in when we were shut down.  A huge chunk of them are email related.  Those breaches could have occurred at the beginning of this mess.

What are we going to find when we start looking at what happened in the data?  Do not risk avoiding looking because it will be much worse the longer it sits there without being discovered.

Personal Relationship Stress On Threat Lists

Domestic abuse cases have risen.  Divorce lawyers are getting calls and people are moving out of their homes and moving in with others.  Relationships that were strained before this, may have reached their breaking point.  We will see many cases of this kind of madness but at a much advanced level, I fear.  How many people with various computer skills were left to their own devices to stew about the people who have done them wrong.

Here is an example story of how bad things can get:

Former Orting schools IT employee charged with computer trespass, malicious mischief

MARCH 06, 2020 story

[Court filings] accuse 43-year-old Jason Irvin Rudolph of changing the password to his former wife’s work email account, deleting five years of messages and setting an auto-reply message that she no longer worked there.

There also was an online attack on the company’s server. The business lost more than $10,000 as a result.

All of the stories we have heard for years about relationship issues leading people to do things they never dreamed of doing are even more likely to occur now. If you didn’t include divorce, breakups, etc on your threat lists before, you better now.

Personal Stresses

This situation will also be exacerbated by the economic hits so many households have taken and will continue to struggle with as the economy recovers.  There is anger at each other, anger at the government, anger at the businesses, and the list goes on.  In those cases, you may have irrational and spiteful actions by those with access.

FBI: MSP Engineer Arrested In Attempt To Sell Access To Clients

February 10, 2020

Coder charged in massive CIA leak portrayed as vindictive

March 2, 2020

The threat lists we usually include address things like disgruntled employees and insiders with an agenda. Those are more important now than they have ever been before. Look at what you included on your threat lists before and make sure you are thinking about it from these perspectives.

Broader Economic Stress

But, there are many who are not angry at all; they are simply desperate to pay their bills and feed their kids.  That is where the criminals will find targets to attack with phishing, spear phishing, social engineering, and anything else they can come up with to lure them in.

Cybercrime May Be the World’s Third-Largest Economy …

4/13/2020

There is a lot of money going to the cyber criminals but guess what, they see this as an opportunity to make more money because of the other things we covered here. They also need to rebuild their economy just like everyone else.  Make no mistake, this is a fully operational economy with partnerships and reputations on the line and one of the most globally impacted industries out there.

There will be so many things to worry about as we try to sort out our return to business operations that many folks will want to skip this step. Honestly, though, it could be very damaging to any business that is trying to recover and gets hit because they haven’t prepared for these changes.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word.  As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Special thanks to our sponsors Security First IT and Kardon.