Today, we’re diving into a topic that might keep you up at night and might make you reconsider your relationship with your Wi-Fi router. Picture this: your internet goes down, and it’s not just a blip—it’s a full-blown blackout. We’re talking no Netflix, no Zoom meetings, and definitely no online shopping. We’ll unravel the chaos that ensues and discuss how you can keep your cool and your business running smoothly when the digital world decides to take a nap.
In this episode:
Will Your Response Plan Work Without the Internet? – Ep 463
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
Great idea! Share Help Me With HIPAA with one person this week!
Learn about offerings from the Kardon Club
and HIPAA for MSPs!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
Thanks to our donors.
405(d) Tip of the Week:
[02:23] 405(d) released the second installment of a five-part series on “Infections” that threaten patients every day. The series is based on the top five threats facing the HPH Sector outlined in the Health Industry Cybersecurity Practice (HICP)!This month’s topic: Ransomware!
This poster relays tips and information on what Ransomware is and looks like and how to mitigate the threat. It is important to know the risk that Ransomware carries and most importantly – prevention is always the best medicine.
Download, print, and share the poster in your organization to remind everyone, cybersecurity is a shared responsibility and “Cyber Safety is Patient Safety.”
Update on the screenshot saga
[08:11]Microsoft says AI feature that captures screenshots on new PCs will be off by default after backlash
Microsoft says we should all calm down. We won’t do that by default – it will be off by default.
In other scary news
[11:34]Smuggler’s Gambit: Uncovering HTML Smuggling Adversary in the Middle Tradecraft | Huntress, a new technique has been spotted in some phishing campaigns that allows an attacker to steal credentials and bypass MFA if a victim logs into a very fake but also real looking Outlook login portal. This one shows they continue to get better at hiding these things and tricking the users at the same time.
Why HICP includes connected medical devices
[18:08]2 Critical ICS Medical Advisories for Baxter products
CISA recently published 2 ICS Medical Advisories for Baxter products, including Baxter Welch Allyn
Configuration Tool and Baxter Welch Allyn Connex Spot Monitor (CSM).
Both vulnerabilities score 9 “or higher” on the “how bad is it” CVSS scale. Note, 10 is the highest score.
What does this do? The Connex Spot Monitor is used to monitor vital signs and sends the vitals directly from the bedside to the EHR. The big selling point they point out on their sales site: “This process helps reduce manual data entry to help minimize errors so clinicians can spend more time with patients.” That of course assumes it is accurate information.
One of the vulns has a patch now. But the other one will NOT have a patch available until Q3 2024. Mitigations and workarounds from the vendor and CISA are outlined in the Sector Alert.
Will Your Response Plan Work Without Internet
[21:08]Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
For 72 hours between October 25-27 more than 600,000 small office/home office (SOHO) routers are estimated to have been bricked in a cyber attack by unidentified cyber actors. The attack though was not just targeting specific devices but only devices limited to a single ISP network.
The Pumpkin Eclipse – Lumen blog article provides a lot of information along with details on what they found.
It specifically affected three router models issued by the ISP: ActionTec T3200, ActionTec T3260, and Sagemcom.
These devices had to be replaced, no amount of restore or reset would fix them. They were useless.
Why is this different than others we have heard about
Black Lotus Labs says this investigation stood out for two reasons.
1 – The attack required replacement of all affected devices. The event was unprecedented due to the number of units affected – replacement of over 600,000 devices! Something like this type of attack has only ever happened once before, with AcidRain used by Russia during their military invasion of Ukraine in Feb 2022. (BTW, a much more destructive variant of AcidRain, which is called AcidPour, has recently been uncovered this year. As one article put it, this new one has a “significantly broader range of targets”.)
2 – This campaign was confined to a particular network provider attacking two specific router models on the same provider’s network. Always before these kinds of attacks go after specific devices where the vulnerabilities exist. It doesn’t care what network they are connected to, just that they are connected. That means they wanted to shut down the internet traffic in a specific area.
Why are we just now hearing about it? There are no laws that make them tell anyone when this happens so apparently no one has told us. These researchers found it when it was happening. They have evaluated everything and feel reasonably certain that it was a deliberate act. They never included the ISPs name but (Mystery malware destroys 600,000 routers from a single ISP during 72-hour span | Ars Technica) Ars Technica points out that the particulars in the Black Lotus report match almost perfectly with those detailed in the October messages from Windstream subscribers. Windstream would not comment.
What does that mean to us?
[33:52] This part of the Ars Technica article explains more on that point:In the messages—which appeared over a few days beginning on October 25—many Windstream users blamed the ISP for the mass bricking. They said it was the result of the company pushing updates that poisoned the devices. Windstream’s Kinetic broadband service has about 1.6 million subscribers in 18 states, including Iowa, Alabama, Arkansas, Georgia, and Kentucky. For many customers, Kinetic provides an essential link to the outside world.
“We have 3 kids and both work from home,” another subscriber wrote in the same forum. “This has easily cost us $1,500+ in lost business, no tv, WiFi, hours on the phone, etc. So sad that a company can treat customers like this and not care.”
After eventually determining that the routers were permanently unusable, Windstream sent new routers to affected customers.
We all count on the internet today. It is part of everything we do. It is absolutely the core element of almost all IR/BC plans. What if everything in your area is out? If they can attack specific providers in specific areas and not only block traffic but require every connection to get new hardware what will that mean?
It is definitely time to have a brainstorming session about the potential impacts of having regional loss of internet connectivity.
We hope we’ve given you a good mix of laughs and some serious food for thought about your preparedness plans. Remember, it’s not just about having a plan—it’s about making sure it works even when your internet doesn’t. So, stay sharp, keep your contingency plans handy, and always have a backup for your backup. Until next time, may your Wi-Fi be strong and your response plans even stronger!
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
