This is the ProactiveIT Podcast. This Week: The latest in IT and Cyber Security news plus The New Normal, February HIPAA Roundup and Law Firms Get Ready.
This is Episode 22!
Hi Everyone and welcome to the Proactive IT Podcast. Each week we talk about the latest in tech and cyber news, compliance and more. We also bring you real-world examples to learn from so that you can better protect your business and identity.
This podcast is brought to you by Nwaj Tech – a client-focused & security-minded IT Consultant located in Central Connecticut. You can find us at nwajtech.com.
Thanks for listening to this podcast. Show us some love on Apple or Google Podcasts. Subscribe and leave us some positive feedback. What are you waiting for?
Also, go join the Get HIPAA Compliance Facebook Group. Search for Get HIPAA Compliance
Patch Tuesday Update:
Google Chrome 80.0.3987.149
Microsoft March 2020 Patch Tuesday Fixes 115 Vulnerabilities
Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw
Microsoft Releases Out-of-Band Security Updates for SMB RCE Vulnerability
VMware Releases Security Updates for Multiple Products
Updates from Google, Adobe, Drupal, and Cisco
Apple Releases Security Updates (New)
Adobe Releases Security Update for Creative Cloud Desktop Application (New)
Cyber Security News
This is the proactive IT podcast this week the latest 19 cybersecurity news plus the new normal February HIPAA, roundup and law firms Get ready. This is Episode 22. Hi everyone and welcome to the productive it podcast. Each week we talk about the latest in tech and cyber news compliance and more. We also bring your real world examples to learn from so that you can better protect your business and your identity. This podcast is brought to you by new wash tech a client focused and security minded IT consultant located in Central Connecticut You can find us at and watch tech comm that’s NWA j tech.com. Right? If you could leave us a review, share this podcast. Like it, give it five stars, whatever you want to do on your podcast platform of choice, we would greatly appreciate it we really just trying to reach people with important information so they can protect themselves out there in the wonderful world of technology. Also, if you’re in a HIPAA compliant business, whether it’s a business associate or a covered entity, go to Facebook in the search type in get HIPAA compliance and join that group because you will learn stuff and stuff is important and HIPAA isn’t it. It helps you protect your your healthcare, practice business, whatever it is you do better going forward in a healthcare world, one that is very litigious, and one that is very cool, to be honest with you. So join the group and learn. I don’t have A Question of the week this week. So I’m gonna take this opportunity to reiterate something. The relaxation of the HIPAA rules around telehealth doesn’t apply to all the HIPAA rules because I’m seeing it a lot on social media. And even questions being asked of me and I shared this information last week in an Instagram TV post, so I’m going to share it again. The rules the relaxation of the rules only apply to telehealth and it only applied to being able to provide telehealth services to patients via applications like FaceTime or Facebook Messenger. They do not apply to any other area of HIPAA. And they also just stipulate that if you’re going to do this, you need to let the patient know that it is a less secure method of communication and you cannot use things like Facebook Live When we go live out to the public, so Facebook Live tik tok, things like that. You can use FaceTime, you can use facebook, facebook Messenger, you can use duo, you can use apps like that, that are one to one and don’t have an audience. And this is temporary. So eventually they will pull this back and eventually you will have to use a an application that is approved by the IRS and even now you still have to get approval by the insurance company. So if the insurance company says no, then you cannot do it. Eventually they will pull it back and you will have to use an application that will assign a business associate agreement or has the appropriate levels of encryption and so forth. And so there are a few applications out there. The one that I usually recommend is is zoom for telehealth. But as of right now, as of the moment of this recording, you can you Use and will probably last for a few months anyway. You can use Facebook lie on, sorry. Freudian slip, I guess I don’t know Facebook Messenger, FaceTime duo, Whatsapp applications that are one to one communication apps for a video. You can use zoom, but you don’t have to get the telehealth version. You know, there are other applications like that out there. So just want to make that clear. Because that, you know, I guess that could be the question of the week. I have been asked on several occasions already in the last since I shared that last week. So just in just over a week, but nine days now. I’ve seen it all over Facebook and LinkedIn. You can it doesn’t they’re not relaxing all of the HIPAA rules. They’re only only relaxing the rules around telehealth. So I hope that clarifies that for some people. For Patch Tuesday updates, we have the The only update I saw this week was Apple released some security updates. So let me tell you about that. And I don’t think that’s actually true. I think Adobe released an update to but Apple released security updates for iCloud for Windows 7.18 iCloud for Windows 10.9. iTunes 12 point 10.5 for Windows, which I’m not sure why anybody’s using iTunes still iOS 13.4 and iPad os 13.4. Safari 13.1 watch os 6.2 TV os 13.4 Mac OS Catalina 10 point 15.4 security update 2020 dot 00 to Mojave and security update 2020 dot 00 to High Sierra and Xcode 11.4. So if you have any of those products, which if you’re using Apple, you probably have all of them. You should apply the updates right away and I just want to verify for you that there’s no other yes there was. That’s right. Now remember, there was, um, actually there’s a couple of other updates, there’s Adobe did release a security update for the Creative Cloud desktop application. So if you’re using Creative Cloud, you’ll want to address that because it is an update with a vulnerability. And windows did Microsoft did release an update for Windows Defender because of an issue where it was not scanning everything. And I’ll talk about that in a few moments. So that’s going to do it for your Patch Tuesday update. And that’s going to do it for this portion of the show. All right, it was a busy news week for cybersecurity. A lot of it centers around Kovac 19. And I had a conversation earlier yesterday. Talking About the extreme increase in fishing activity around cobit 19 there is a proliferation of cobit 19 phishing attacks ransomware attacks, espionage, hacking just all over the place right now. So it’s really important that business owners educate their employees or have your it educated employees and remain vigilant around anything around cobit 19. So I’m gonna say it one more time here. If you didn’t ask for the email, if it is unsolicited, around kovat 19. Do not click and do not download anything. Think before you click. If you are told about a website that has a vaccine or a cure, do not go to it. There are no vaccines or cures yet. And if you want more information about it, then go to the CDC website which is cdc.gov go to HHS website which is hhs.gov Or go to, to whose website a World Health Organization website, you need to, we need to realize that people are playing on our fears. And that’s how phishing works. It always plays on an emotion and going to take advantage of people going forward. And right now kovat 19 is the way to do that. So, let’s jump into the news. First up, speaking of HHS, HHS gov.gov open redirect used by coronavirus phishing to spread malware. And hhs. gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims. systems with the help of coronavirus themed phishing emails. Open redirects are web addresses that automatically redirect users between a source website and a target site and a regular use by malicious actors to send their targets to efficient landing pages, or to deliver malware payloads under the guise of a legitimate service. So I’m hoping They fix this by now but as of last check, no they did not. hhs. gov is the website of the US Department of Health and Human Services which makes this specific open redirect the perfect tool to learn in potential victims. The open redirect is HTTP HTTPS. slash slash DC is hhs.gov slash cis slash login. Question mark service equals malicious URL and gateway equals true is present on the sub domain of HHS departmental contracts information system and it was discovered and shared on Twitter by infosec analyst Sexton the Anthea attack and that’s sec so me the attackers use it to link to malicious attachment containing coronavirus doc dot link Li ng lnk file, which will unpack an obfuscated VBS script that will download and execute a raccoon information stealer malware payload 18562 dot 188204 slash home slash post slash corona.xc and there’s a link. This is articles on bleeping computer there’s a link to the virus total analysis. And after saving it to temp slash uppercase H, lowercase H, uppercase K, uppercase f uppercase W. raccoon aka Legion mojado and Ricky Miller, is an information stealing malware initially spotted almost a year ago on criminal cyber criminal forums, and capable of stealing data such as email credentials, credit card info, cryptocurrency wallets, browser data and system information. So it gets on your system and it reads all those sensitive files. And this is why we tell people don’t save your passwords in Chrome or Firefox. Report from cyber Ark says that raccoon is capable of digging its way into about 60 different applications from browsers, cryptocurrency wallets, email and FTP clients to steal and deliver sensitive information to it. operators, so be careful of being redirected from hhs.gov site to any other website that doesn’t look legitimate. To defend against similar tax you should always be suspicious of coronavirus related attachments, which, you know I just said so, we’re going to leave it at that. Read on Forbes Cova 19 vaccine test center hit by cyber attack stolen data posted online and medical facility on standby to help test any Corona virus vaccine has been hit by a ransomware group that promised not to target medical organizations. So I think we talked about the two groups that said they wouldn’t one of those being mazed criminals behind these ransomware attacks have struck against stealing data from a victim and then publishing it online to get them to pay the ransom demand. That in and of itself would not be particularly newsworthy. Sadly, however, the Mays threat actors were amongst the leading cybercrime gangs which just days ago, pledged not to attack healthcare and medical targets. These threat actors didn’t go as far as those behind the doppelganger threat by offering free decrypted codes to those hit by accident, nor it would appear did they mean what they said the latest victim is Hammersmith medicines research, a British company that previously tested Ebola vaccine and is on standby to perform the medical trials on any Cova 19 vaccine. Malcolm Boies clinical director of Hammersmith medicines research told computer weekly that the cyber attack which took place on March 14 was spotted in progress stopped and systems are support restored without paying any ransom. We repelled the attack and quickly restored all our functions. He said. There was no downtime. This was admittedly before mais announced on March 18, that it would no longer target medical organizations However, this pledge has not stopped it from continuing and attempts to extort them. So they attack before March 18. But they’re trying to extort them after they made the announcement. The Maze attackers apparently managed exfiltrate data in this case patient records and has published some of them online. Boys told computer weekly that the hackers had sent Hammersmith medicines research sample files containing details of people who participated in testing trials between in 20 years previously, maze operators then published samples of data on the dark web. I’ve seen the posting from Ms group that had the ads Hammersmith medicines research as a new client, which is how it describes victims of his attack. tech giant GE discloses data breach after service provider hack this is on bleeping computer fortune 500 tech giant General Electric disclosed that personally identifiable information of current and former employees as well as beneficiaries was exposed in a security incident experienced by one of GE service providers. She is a multinational operating in a wide range of tech segments including aviation, power, healthcare and renewable energy and is currently ranked by Fortune 500 as its First largest company in the US by revenue. GE currently has customers of more than 180 countries and in excess of 280,000 employees according to the company’s 2018 annual report. GE says in a notice of data breach filed with the Office of Cal California Attorney General, that canon business process services canon, a GE service provider and had one of their employees email accounts breached by an unauthorized party in February. So this happened in California, which means it could fall into the ccpa they meet the guidelines. So they probably will be held under the ccpa the California Consumer Protection Act, or Privacy Act, I think it’s Privacy Act. We were notified on February 28 2020, that Canada had determined that between approximately February 3 and February 14, and unauthorized party gain access to an email account that contain documents of certain employees, former employees and beneficiaries entitled to benefits that were maintained on canons systems g Also status sensitive personal information exposed during the incident was uploaded by or for current and former employees as well as beneficiary is entitled to benefits in connection with the canons workflow routing service. So here’s some of the information that got direct deposit forms driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical Child Support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement, severance and death benefits with related forms, and documents may have included names addresses, social security numbers, driver’s license numbers, bank account numbers, passport numbers, dates of birth and other information contained in the relevant forms. GE systems were not breached. This was canon that was breached and being that they had the information. It’s a G’s information that was breached, but GE self was not breached on threat post. The World Health Organization targeted in espionage attempt to Cova 19 cyber Text spike, dark Hotel Group could have been looking for information on test vaccines or trial cures. The World Health Organization has attracted the notice of cyber criminals as the world wide covert. 19 pandemic continues to play out with a doubling of attacks recently, according to officials they’re problematically evidence has also shown as also now apparently surface that the dark hotel, a PT group has tried to infiltrate his networks to steal information. Alexander rebellious cyber security researcher attorney at Blackstone Law Group told Reuters that he personally observed a malicious state being set up on March 13 that mimic to whose internal email system Its purpose was to steal passwords from multiple agencies, staffers, and rebellious noted that he realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic. The attack appeared to be aimed at achieving a foothold at the agency rather than being an end unto itself. That’s that’s basic hacking you start by getting finding your way in. You start by reconnaissance and then you find your way on. The targeting infrastructure seems to focus on certain types of healthcare and humanitarian work, isn’t it organizations that are in common for cyber criminals causton role research at Kaspersky told threat posts this could suggest the actor behind the attacks are more interested in gathering intelligence rather than being financially motivated, which is very possible arm. As for the why of the attack, which was started by booster that information about remediation for coronavirus, such as cures test or vaccines would be invaluable to any nation states intelligence officials. So there sounds like they’re saying it’s a nation state. So far, we don’t know the motivation behind these attacks. However, at times like this, any information about cures or tests or vaccines, relating to coronavirus would be priceless and the priority of any intelligence organization of an affected country. He told threat posts and I think I saw today Let me see what the count is right now. It was 175 countries yes 175 countries currently have at least one person with the corona virus Cova 19 that is infection. Um, so, this you know, this is an example of what I mean this is a group trying to find their way into the World Health Organization and unknown why but they are trying to find a way in and they are trying to skirt around the system by using potentially contractors and so forth to get in. And this is why we need to remain vigilant when it comes to cybersecurity because as we’re running around, you know, things people take shortcuts. There’s so much going on, that some things might fall by the wayside because we need to get something else accomplished. bleeping computer reports three more ransomware families create sites to leak stolen data. So this methodology of getting your ransoms paid. We talked about a few months ago when they started doing this. And we told you that this would be a continued, this would continue to grow. And so here we are three more chrome three more ransomware families have created sites that are being used to leak the stolen data of non paying victims and further illustrates why all ransomware attacks must be considered data breaches. Ever since May is created their new site to publish stolen data of their victims who choose not to pay other ransomware actors such as Sona, KB, or rebel, the same name, same group, an empty and double payment have been swift to follow. Over the past two days bleeping computer has learned learned of another three ransomware families who have now launched their data leak sites, which are listed, so they are the net flume. ransomware. NET fill in ransomware has launched a site called corporate leaks that is being used to dump the data of victims who did not pay ransom net film is fair. New isn’t believed to be a new version of the new empty ransomware clop ransomware has also released a leak site called clop. Dash leaks has a couple extra special characters that they’re using to publish stolen data for non paying victims. The clock noise from were made news recently after it attacked them Maastricht University and was paid 30 bitcoins to recover the data. And then second met ransomware. And that’s spelled sck h m et. Finally, a relatively new ransomware called segment has also released data leak site called leaks, leaks and leaks, not much. Not much is known about this ransomware other than their ransom note is named recover files dot txt. So it’s going to be a continuing trend and we really, really have said it for months now. The only way you’re going to stop ransomware is to make it not profitable. if if if the ransomware operators are not making money, they’re not going to continue doing what they’re doing. Because it’s it is risk it is risk for them as well. bleeping computer reports Microsoft fixes Windows Defender scan bug with new update. So real quick there was a bug in Windows Defender where it would skip some files during scan. You would receive an error message that says the Windows Defender antivirus can scan skipped an item due to exclusion of network scanning settings. There was a workaround that said that was to enable network scanning and not fix the issue. But Windows Defender has released an update it is kB 405 to six to three and that will resolve the issue. info security group which is info security dash magazine com reports that is Cincinnati firm faces a $5 million data breach lawsuit is Cincinnati freight brokerage company is facing a $5 million lawsuit over a data breach that occurred last month. computer systems that total quality logistics which is t q l for sure were comparable In a cyber attack that took place in February 23, customer and carrier information was exposed to threat actors breached the company’s online web portal. Carrier data compromised in the attack include a tax ID numbers, bank account numbers, and in some cases social security numbers breached customer data included email addresses, phone numbers first and last name and t QL. Customer ID numbers. Now t QL is being sued by an unnamed trucking company owned by Charles Newman of Milwaukee County, Wisconsin. a complaint filed in the US District Court for the Southern District of Ohio alleges that t q l fail to implement and maintain reasonable security measures over personally identifiable information. The plain of accuses TKO negligence and claims that the consequences of the data breach were dire and far reaching had tkl taken the well known risk of cyber intrusion security seriously and adequately tested audited and invested in its IT systems and adequately trained staff to lawsuit states the data breach would never have occurred. I think I saw somewhere in this article that they believe it was fish began with fishing. So, you know, there there is that for whatever it is, um, why am I showing us right now because this Cincinnati is does not have that I’m aware of does not have a data breach. They don’t have the, you know, the GDPR or the ccpa, or the New York shield law. They don’t have those laws in Cincinnati yet. But here it is a $5 million lawsuit that that the originator of the lawsuit is trying to make a class action suit which would could could potentially put this company in in financial dire straits. So I’m sharing this because we really need we need to understand that data is worth more than gold. Right now on the on the site dark web, which is the black market of the internet. data, especially personally identifiable information and pH I even more so is worth more than gold. And people are going to continue to sue. And it’s going it’s going to get to be extremely expensive and people are going businesses are going to go bankrupt and people are going to lose their shirts over this and it just we we need to step up and protect PII pH I better than we’re doing now. So let me step off my soapbox and I got one more article to share with you for the news. WordPress malware distributed via pirated Corona virus plugins. So real quick, there is a group when you there is a way to get WordPress plug, you know, paid WordPress plugins and WordPress themes for free to distributed as Nolde or pirated, the key word there being pirated. So there’s a WP dash VCD family of WordPress infections. they distribute these plugins and themes as Nolde or pirated, and they usually have some code change in the plugin or theme that allows them to spread malware takeover websites, crypto jacking all these things that that can be done over the web. And now they’re doing this for through Chrome, through plugins, to Corona virus plugins, I’m sorry, through Corona virus plugins that will inject a backdoor into your website. And you know the purpose of that not sure. But what will happen is they can either take over your website, they can use your website to crypto mine, they can use you know, there’s just so much they could do with it. So the point is, don’t use pirate Did WordPress plugins or WordPress themes because, you know even if it wasn’t for coronavirus right now, it’s dangerous because you’re putting yourself in anybody who visits your site at risk. That’s going to wrap up the news. We’re gonna move on to our hot topics for the week. All right. Wash tech works with compliance businesses. We work with all businesses, but we specialize in compliance. And I talk a lot about HIPAA and I don’t talk nearly enough about law firms or financial firms but so I found this article posted on March 13. So it was kind of early in the coronavirus spread in the US. That was you know, before they closed the schools and everything else in my area. Know the West Coast was a little bit earlier than then we were on the east coast. But it was early in that stage. This is on law calm. The coronavirus, this recession and how law firms need to plan now to protect their business. Houston has offers practical tips on what law firms can do now to prepare for the impacts of a recession and the corona virus on their businesses, including potential associate referrals, hiring slowdowns, and marketing investments. It’s helpful in times like these for leadership teams to have a common understanding of what’s going on in a broader economy. its implications for law firm demand and a roadmap for how to tackle the difficult decisions I had. The following offers such a framing. Let’s start with the economy. We’ve entered a recession we can think of it as ultimately having one of three shapes. So we do we have entered a recession regardless of whether or not the corona virus created it. I don’t believe it did. I believe it accelerated it, but I don’t believe that it created it. I believe this. We were heading for this All along. So the three shapes V shaped worker stayed home causing a dip in economic output to dip as falls relatively quickly quickly by a recovery in which workers put in overtime to make up for loss of productivity to economy regains its pre departure directory in a matter of weeks. And so you may you may look at the stock market and believe that’s what’s happening. However, I don’t believe it is. U shaped the above initial dip in economic output is accompanied by a decline in consumer demand reflecting among other issues at contract a contraction and household wealth, home values, retirement assets, etc. The policymakers take responsible responsive fiscal and monetary measures and economic activity returns to predict growth rate in a matter of months. And an L shaped recession starts out as a U shape but the policy interventions proven effective in a dip is prolonged into quarters in years. Know I’m not a financial expert and but I do believe that They’re trying to prop things up. I don’t think it’s going to work for the long haul. So that’s something to think about. We experienced a V shape dip in recovery with SARS in 2002. And three however SARS and Cova 19. A very different when SARS had run its course there had been a total of 668 cases in 89 deaths outside of China and Cova 19. to comprehend, comparable numbers are already over 45,015 hundred. So as of right now, those numbers have dramatically increased. We are now over 500,000 confirmed cases in over 23,000 deaths. So and, you know, so that’s not the focus of the show. I don’t want to dwell on that, but definitely not the same case. The U shaped recession should be similar to that following the 2008 global financial crisis. US government increases debt from 65 to 80% of GDP and the Fed funds rate was cut from 5% to effectively zero. The recession officially lasted 18 months to December 2007 to June 2009. An L shaped recession is worse than the global financial crisis may seem a needlessly bleak scenario to consider it belongs on the set of possibilities because of the difference between 2008 and today, and the starting points for any policy actions US government debt is currently at 105% of GDP, according to 2018, quarter three, as compared with 65% in 2008, making increasing government borrowing more problematic. Similarly, on March 15, the Fed cut its headline note rate 2.25%, leaving no room for further cuts. And actually they did cut it again. But whatever the shape of the broader economic recession, the effect on law firm demand will be exaggerated response to it. This was the case in 2008. But it will be even more so. This time. This is because of the change since then, and how aggregate demand for legal services met between in House counsel and outside firms. Going into the last recession was roughly equal number of lawyers in the United States who worked in house At am law 100 law firms since then number of in house lawyers has grown 40% while that of an am law 100 is essentially at 2008 level. As the economic recession reduces aggregate demand for legal services we can expect in house lawyers to focus first and keeping themselves busy passing to outside counsel only that work, which they truly cannot handle in house. parenthetically, we can also expect that for the work they do send outside they’ll look for considerable price relief. Law Firm leaders don’t need to take a stance on the ultimate shape of this recession they can let it reveal itself over time however, they need to do three things now. Firstly, support clients in their immediate difficulties eg form a task force to ensure all major clients are being contacted by senior firm representatives and offered help in any way possible, both professional and personal to navigate to short term a exigencies. Secondly, they need to be ready with targeted initiatives to stoke demand once example one example set aside a virtual budget for key client investment initiatives and half time charged to this budget carry the same internal standing as full price client work another example we set the parameters deemed acceptable by pricing committee in order to win major matters matters. Thirdly, there’s there are set of capacity. There are a set of capacity and cost issues to address now, so as to be able to act quickly and decisively as events unfold. Examples of these include equity partner transitions, income partner transitions, overhead cost management, terminate, flailing growth initiatives deferral of income, incoming associate class and curtail the length of summer program again, I’m sorry curtail the link to the summer program? To all my law firm friends and clients out there. I hope you can weather the storm. You know if you need support today, we’re here to help. So let’s talk about Something a lot of us are facing at the moment, working from home. This is an article on Zd net. The title is working from home switch off Amazon’s Alexa say lawyers. One of the bright byproducts of doing all your work from home is that you might be discussing confidential matters and who might overhear them while there’s your smart speakers. Those who are not used to working from home must be going through several stages of spiritual discomfort. Yes, CD nuts more experienced hands can help you acclimate acclimatize, it says to the new working style now that the Cova 19 pandemic has disrupted modern working life. Yes, some professionals may not be able to, may not be able to deal with life science, their office perks lawyers, for example, many are used to sitting in their enclosed chambers closing their doors and holding vital conversations about lawyerly matters. There they feel secure working in their homes, they worry who may be spying on them. Alexa, for example, In her band of vastly intelligent speaker, Speaker persons. Bloomberg reports that famed UK law firm by Shan de Raya motto it’s business but it’s personal seriously is telling its fine employees to mute or even totally disable domestic smart speakers for confidential business calls. JOHN Hancock the machine under a partner who leads the cybersecurity discipline, offered these words perhaps we’re being slightly paranoid, but we need to have a lot of trust in these organizations. And these devices, we’d rather not take those risks. paranoia is one of the three essential skills every lawyer should have. The other two are of course I’m aggressive billing department and cataclysmic ability to outline even a politician. When Hancock refers to devices he means every gadget you’ve bought, to fully express your inability to make an effort around the house and your comfort with the surveillance state. Yes, even the devastatingly effective ineffective Amazon ring doorbell the law firm conceded that there may be less chance of being spied on by, say an Amazon Echo or Google Home then some tawdry facsimile, but paranoia is paranoid. It really can’t be slight. I warned to my Shawn’s misgivings. Can anyone really have total confidence in what these machines over here and where those recordings might appear? Sometimes switch speakers have deliberately live recorded your conversations to help create a better product for you, of course. Then there’s the recent research that revealed Alexa and her squad have accidentally activate and record conversations up to 19 times a day. Imagine you’re a lawyer dealing with a very important case involving dirty money local politicians power utility three former contestants on The Bachelor. At some point you utter the word Congresswoman unbeknownst to you, that may be the moment Alexa starts record. You see the research I mentioned above found that Congresswoman was one of the words that made Alexa think she was being summit. Yes, talk about ideas below her station, but Imagine the possible result when Alexa records the details of this call. And it mysteriously becomes a new york post level scandal, Bachelor contestants and local pause. Con medicine out of $50 million. Of course, there’s something else you could try. Once you’ve turned off Alexa Siri or Ms. Google? What if you don’t turn them back on? You might feel curiously free. So we do have Alexa’s in the house. And I do have one right next to me that is listening at the moment because I just said the magic word. When I’m having a sensitive conversation, I do turn it off. Because just like lawyers, go there you go. Alexa, stop. Just like lawyers. I have to have a sense of paranoia in security. And I never know what’s listening, what’s not listening and so forth. So there’s that take that for what it’s worth. Hopefully work for home is is a little easier to deal with now that it’s for most of us. It’s been a few weeks. And then finally, we’re going to talk about a covert 19 cyber attack roundup from the past week. So a group of researchers disclosed that cyber criminals are creating thousands of websites to exploit coven 19 bR no are Brno University Hospital in Czech Republic and US government’s department of health and human services were targeted last week. So this is for March 24. So it’s a couple days old. But cybersecurity concerns are running high this week as large organizations local governments and hospitals continue to be to be the prime targets of hacking attempts due to Cova 19. Over that’s not all. According to a CNBC flash survey, more than one third of executives that’s 36% say that cyber threats have leaked after a majority of their employees work from home at this point of the global public health crisis and we’ve expressed this concern for weeks So, how Koba 19 laid the bed for attackers Corona virus related scam started around mid January, the spread of the virus helped attackers prey on fear and confusion of people. Many sophisticated nation state hackers use pandemic related traps to distribute malicious payloads. Further and more and more people now working from home often with fewer security defenses on the home networks have given additional attack surfaces for an unauthorized user to attempt data extraction from their computing environment. What attempts did hackers make? Below are some of the ways in which hackers were observed trying to cash in in a covert 19 outbreak conditions in the last week. security experts expose an ongoing phishing campaign actively spreading malware payloads through emails impersonating the director of General of the World Health Organization, researchers discovered a phishing campaign that impersonates The World Health Organization and promises to provide the latest guidance on cobit 19 Viet fakie book titled My health ebook, and I’ve actually haven’t seen that one in my mailbox, but I have seen screenshots from other people. A group of researchers also disclosed a cyber criminals are creating thousands of websites to exploit the covert 19 pandemic fears as a bait to spread malware through fake product offers. And cyber criminals targeted the world of meters website that checks updates on the kovat 19 pandemic. The site showed incorrect data about the current situation due to the attack and was a couple of serious attacks one cyber attackers targeted br no or Bruno University Hospital in Czech Republic, a major kovat 19 testing hub and disrupted its operations by halting systems. And as we talked about a few times now, hackers also hacked US government’s Department of Health and Human Services improperly circulated a false claim that the American government plan to introduce a nationwide lockdown. They were also hit with a well they haven’t confirmed but there was rumors they were hit with a DD Attack. Some ransomware operators had stated they will not attack healthcare facilities during the kovat 19 pandemic. However, it means ransomware actors who said will also stop all activity versus all kinds of medical organizations. Until the stabilization of the situation with virus did not seem to follow their own pledge as we talked about earlier. The ransomware remediation firm Cove wares in the malware defense from MC soft announced to offer free ransomware response services to healthcare facilities facing encryption threats during the pandemic. The firm’s revealed that their offer would include technical analysis to the ransomware development of a decryption tool whenever possible. ransom negotiation help and transaction handling if needed and more. Across the world major steps are being taken to control the spread of the pandemic. Meanwhile, rapid changes in daily life because of Cova 19 have also affected the way people interact with internet connected technologies. employees should All these tips and tricks to stay safe while working from home and we must all be vigilant of bad actors trying to use the situation to their advantage. Those tips and tricks are on and that was on site where, by the way, so those tips and tricks are on cyber.com slash news and in cybersecurity tips and best practices for remote workers. So I’m not going to go through it, I’ll skim it real quick. So you have use Password Manager. Make two factor authentication the standard implement Endpoint Protection software educate your staff on the physical safety of their devices. Avoid public or unsecured Wi Fi networks, use virtual private network VPN. Educate employees on security etiquettes and know how to detect and report phishing attempts. That being said, I just discovered today that a local municipality is having their employees use remote desktop to remote into their workstations in the office. And not over VPN, just over internet, very unsecure, and a very common attack vector. So even our government, local governments are not using best practices when it comes to cybersecurity. And this is going to be a big problem, you’re going to see more compromises. Because people, you know, you send an employee a home and say, This is how you connect, they’re not really trained on how to recognize threats and deal with potential threats. You’re not giving them you’re not giving them any tools to deal with those threats. And it becomes a big problem. And it’s going to be a big problem, you will you will see an increase in those types of attacks. Alright, it’s time for a little HIPAA education and we’re going to do that. By reviewing the February 2020 healthcare data breach report as reported on HIPAA journal comm there were 39 reported healthcare data breaches of 500 or more records in February and 1,531,855 records were breached, which represents a 21.9% month over month increase in data breaches and a 231% increase in breached records. More records were breached in February than in the past three months combined. In February, the average breach side was 39,278 Records and the mean breach size was 3335 Records. So this was the most breaches of wills about it looks about average so December was 41. January is 33. February it was 39 500 or more, but most records since September of 2019, when it was a little over 2 million. The largest healthcare data breaches have 2020 so the top 10 Health share of Oregon, which is a health plan had 654,362 Records affected by because of the theft of a laptop, which meant, which means that that laptop was not encrypted. And so which means we’re still not encrypting things which just, you know, almost as much as email blows my mind. BST and company CPAs LLP. You may remember we talked about this one a little bit, a few weeks ago. business associate, hundred 70,000. So this is a CPA by the way 170,000 Records, hacking it incident a network server. I believe that was a ransomware attack. AB on a healthcare healthcare provider 166,077 hacking it incident was email over like Medical Center and clinics 109,000 email Tennessee orthopedic Alliance at 1146 email Now, once in healthcare, 75,502, email, and ch healthcare systems health care provider email that was 63,581 solo labs, Inc, which was a business associate that was also a network server. So I don’t recall that one I’m guessing ransomware JDC, Healthcare Management 45,748 email, Ozark orthopedics, pa 15,240 email. So of the top 10 breaches, seven of them were email 70% of them, meaning phishing. And which means lack of training, lack of mitigation and lack of multi factor authentication on those email accounts to them or network server likely to be ransomware. And one was a stolen laptop that did not have any encryption because if it was encrypted, you wouldn’t have to report it. Causes of February healthcare data breaches so of the 39 Two of them were improper disposal. I vaguely recall talking about those. One, two of them were also last three were theft. I think one of them was theft of a server. If I recall correctly, maybe two of them. Six unauthorized access or disclosure, and 26 of them hacking it incident and then the location of that data of the pH. I, one was a desktop computer. One was portable electronic device. Two were laptops, five were network servers. Eight were paper, paper films and drumroll please, 22 of them. email. Email continues to be a big problem. Five of the breaches in February were business associates, eight were health plans and 26 were healthcare providers. Now, business associates have already been put on notice that they will be subject to more enforcement this year. And now currently, we’re dealing with With covert 19 an HHS has, of course is heavily involved in. So I don’t know how much enforcement we’re going to see in the next, I guess two to three months, probably, at least. But there’s going to be Enforcement Against business associates. We’ve only had one enforcement so far this year, and we talked about that last week. Email continues to be an issue and still for the life of me don’t understand why we’re not encrypting. Especially portable devices, but all devices in reality, why are we not encrypting things? Because if that laptop was encrypted, you don’t have to report it. If you emails have multi factor authentication and your employees are educated on what to look for in phishing, and you’re doing you’re taking mitigation steps, then guess what, you have a lot less than 22 email breaches. This is going to climb because of the covert 19 phishing attacks that are occurring. You’re going See, I can promise you march will be more email, email breaches for healthcare, I could just about guarantee it. That is our HIPAA education piece. Again, we shouldn’t be keeping pH I in email. I’ll get to that. Occasionally there might be a need to do that, but we shouldn’t be doing that. But we need multi factor authentication. We need to have phishing mitigation measures in place, and we need to educate our employees on what to look for. Oh, and we need to encrypt things. Alright, it’s time for the HIPAA breach roundup for the week. Not a lot. Again, I’m sure the HHS is is busy. But we have a few so Hawaii Pacific health has discovered an employee of Straub Medical Center in Honolulu has been stunning. looping on medical records of patients over a period of more than five years. Why Pacific health discovered the unauthorized access on January 17 2020, and launched an investigation and analysis of the access logs revealed. The employee first started viewing patient records in November of 2014 and continued to do so undetected until January 2020, some more than five years. During that time the employee viewed the medical records of 3772 patients. after concluding the investigation the employee was terminated. Effective patients had received treatment a stroke Medical Center Kapiolani Medical Center for Women and children Pali Momi Medical Center or Wilcox Medical Center. The types of information that the employee could have viewed included patient’s first and last names telephone numbers addresses email addresses dates of birth, race, ethnicity, religion, medical record numbers, primary care provider information, dates of service, appointment types and related notes hospital account numbers, department name provider names guaranteed names, account numbers, health plan names and social security numbers. The reason for access and records was not determined but Hawaii Pacific health believes it was out of curiosity rather than to obtain sensitive information for malicious purposes. However, data theft could not be rolled out. All patients whose record were accessed by the employee were notified by mail, March 17 2020. We’re offered one year of free credit monitoring and identity restoration services. The Minnesota based Senior Care Provider life Spark, which is spelled SP rk is notifying 9000 of its clients. That’s some of their protected health information was potentially compromised as a result of a November 2019 phishing attack. January 17 2020. Live spark no discover unauthorized individual had gained access to email account of one of its employees. The account was immediately secured and third party cybersecurity firm wasn’t gauged to investigate to breach the cybersecurity firm determined that a limited number of employee email accounts were compromised from November 5 through November 7. For the majority of affected individuals information in a compromised accounts was limited to names, medical record numbers, health insurance information and some health information. certain patients also had financial information and or their social security number exposed the investigation into the breaches ongoing. To date no evidence of data theft or misuse of protected health information has been found. Effective patients started to be notified on March 17 2020. The delay in sending notifications was due to unprecedented actions taken in response to kovat 19 individuals whose social security number was exposed have been offered complimentary credit monitoring and identity theft protection services. I have a couple of problems with this particular breach one is it says that one email account was compromised but then later on it says the compromised accounts So I don’t know if that was more than one. This, again is a case of no multi factor authentication, no phishing mitigation steps. The other problem I have is they did report in 60 days. So I’m not sure why they’re saying that the the delay was due to the unprecedented actions taken in response to cobit 19. But that’s just an excuse that should not be happening. And we really didn’t start feeling the effects of kovat 19 till early March. So I don’t know that that’s really relevant. University of Utah health announced on Friday that unauthorized individuals gain access to the email accounts of a limited number of employees between January 7 and February 21, and potentially access patients protected health information. University of Utah health discovered on February 3 2020, that malware had been installed on an employee’s workstation, which potentially gave unauthorized individuals access to patients protected health information, information stored in email accounts. On effect a computer was limited to names, birth dates, medical record numbers and some clinical information related to care provided by the University of Utah health. It is currently unclear how many patients have been affected by the breach and then the Oregon Department of Human Services has discovered an unauthorized individual gain access to the email account of one of its employees as a result of response to spear phishing email. Information Technology security processes had been put in place to detect email account compromises rapidly, which has limited to potential for data theft. The email account security breach was detected on March 6, and the account was immediately secured the Oregon DHS will be seeking assistance from third party entity to review the incident and determine what information has been exposed and how many individuals have been affected. Those individuals will be notified in due course, at this stage there’s no indication to any pH I has been accessed copied or misused. Out of the abundance of caution identity theft protection services will be offered to all affected clients. So it’s interesting to me that they have measures in place to catch it immediately. So it sounds like they noticed the the anomaly quickly and acted on it. But they don’t have doesn’t sound like they have multi factor authentication setup either. And it was spearfishing, so that makes me wonder Was it a high level executive that was potentially compromised. Alright, that is going to do it for this episode of the proactive it podcasts. So until next week, stay safe, stay secure and stay healthy everyone
Transcribed by https://otter.ai