.st0{fill:#FFFFFF;}

We are under attack! – Ep 328 

 October 29, 2021

By  Donna Grindle

cyber attackIt’s time for our annual Halloween episode! This year we will tell you a scary, true story of how our two companies were actively targeted and attacked by a cybercriminal. Hear what happened and how our teams reacted to the cyber attack.

A 5 star review is all we ask from our listeners.
1x
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy

In this episode:

We are under attack! – Ep 328

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

Great idea! Share Help Me With HIPAA with one person this week!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!


Big Announcements!

[06:23] We have a couple BIG announcements for everyone! Listen to us talk about what we have in store for 2022, including:

  • Dates for our next The HIPAA Boot Camp, which will be virtual – Feb 2, 2022 (We will be updating the website and accepting registrations soon!)
  • In person “symposium” in Sep 2022 – kinda like our The HIPAA Boot Camp on steroids
  • Kardon Club membership opportunity for your one stop place to get healthcare, privacy and security information. Included for HIPAA for MSPs members as well. To learn more about
  • New MSP accreditation opportunity

We are under attack!

[17:26] It all started on a Monday morning at the beginning of September. Strange things started happening.

It seemed normal-ish, at first.

Both of our teams were receiving suspicious messages and requests:

Kardon

  • Email from “Brent” requesting a meeting to get advice on a touchy situation that would require an NDA be signed. “Brent” sort of checked out, but not really.
  • LinkedIn connection notifications about messages from Donna’s brother
  • Text messages about changing your Google password
  • Emails to the team that look like they are from Donna asking if the credit card bill had been sent to our bookkeeper, Kim.

Kardon is under attack. Team is locking things down tighter. Checking passwords. Making the bookkeeper change her passwords. Stress was building everywhere trying to figure out where it was coming from and how information like this was getting out there.

SFIT

  • Email to a technician about a company interested in bringing in a new IT company and wanting to know about our services
  • Admin assistant received a phone call about interest in our services from a law firm, who requires an NDA.
  • My team got an email from me requesting an employee assessment meeting that I did not send
  • My admin assistant got an email from me asking about our COVID19 protocol and requesting a spreadsheet of the everyone’s name, email addresses and phone numbers
  • Smishing attacks started coming in to my teams cell phones
  • Social media connections

SFIT is under attack. Team is researching where things are coming from using reverse DNS and other tools.

It’s the podcast!

Someone is after both of us and our companies. It must be tied to the podcast. Who did we piss off?

We are talking with a medical device developer out of Russia. Brent even mentioned being a podcast listener. All of these things are running through our heads as possible explanations. Overall, the Kardon team decides it’s David’s fault. He mouths off during many podcast episodes about hacker groups and now they are attacking us! LOL

What had happened was…

[39:04] David and I had a call with William Price of CyberX to discuss what had been happening. You remember William. We had him on the podcast in early September, Social Engineering Tricks with William Price – Ep 320. We discussed how he uses his social engineering tricks to successfully penetrate a company’s defenses and get access to their most critical information.

Our discussion was very fruitful because he told us exactly how our teams handled being under attack. Yes, we had hired him to attack our companies as a test. And to William’s credit, he would only agree to do this if he could attack not only our teams, but us too. The whole experience was very telling.

Responses from our teams ranged from outright anger to simply “Well damn”.

At one point Karla even said last year for Cybersecurity Awareness Month you did that phishing test on us. Are you doing that again? I answered “Yes, I did do that last year. This is more than just a phishing test, though, isn’t it?” She agreed and that was the end of that discussion. It never came back around again.

I would ask how do these attackers know this or how do they know that? No one noticed I wasn’t freaking out or yelling at anyone. I told them I had asked David to have his team look into what was going on. Christa didn’t like how long it was taking and submitted her own tickets to get a Dark Web Scan done.

But overall, we were thrilled by how our teams responded. They immediately started asking questions and evaluating things. They went on high alert and were trying to protect our companies. They didn’t fall for anything that asked for credentials and that’s ultimately what they were after by building up a rapport and all. The only thing that got out was information that was mostly public available anyway

This whole experience makes us see the importance of the work that William does when he does these kinds of attacks on companies. And we’re always talking about phishing campaigns and testing your users. This is some next level stuff. There was a lot of good that came out of this for us for sure.

So, in the end, everybody on both teams felt positive about this experience because they learned how it feels. They learned what to look for and they knew we were under a targeted attack. We highly recommend thinking about paying someone like William’s company, CyberX, to social engineer your teams. He did an amazing job testing our teams and we learned a lot from this experience. Bottom line, when you see something, you need to say something. Don’t just think it’s only you receiving these kinds of “requests”. Throw it out there for the entire team, because it could be a coordinated effort.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Special thanks to our sponsors Security First IT and Kardon.

HelpMeWithHIPAA.com Is A
Collaborative Project

Created & Sponsored By: