Have Your Healthcare Records Have Been Stolen, too?

Craig Peterson: We all have healthcare records, and they have some of our most personal information. That’s what we’re talking about today in follow-up to a webinar I did for the healthcare industry. So we’re going to chat right now a little bit more about your privacy.

Craig Peterson here.  

The actual hard stats on our healthcare records, a lot of them have been stolen. It’s just crazy to think about because, in reality, we have had millions of records stolen, 300 million healthcare records stolen to be exact since 2015; that is pretty bad.

[00:00:38] I’m looking at a chart right now that I showed to this healthcare industry group that is showing that the hacking event has almost doubled over the last three years, year to year, every year. So in 2018, 164 powerful hacks 2019, 312. That’s a good double. 2020, 430, which isn’t quite a double. So we are seeing a lot of data being stolen. But, of course, stolen data means misused data, which is a huge problem.

[00:01:14] Now, in the healthcare industry, they’ve got a different problem. That is these HIPAA rules. Now HIPAA has been in place for quite a while. It’s supposed to have been provided Portability of our records. Does anybody have any real luck with that? I know there are some I haven’t.

[00:01:30] Portability, I don’t even know where my health records have ended up. Frankly, cause my doctor ended up closing up shop, and I just have no idea. But it’s supposed to be Portability and privacy. Well, the most common violations of these HIPAA regulations revolve around professional hackers.

[00:01:50] Then you’ve got business associate disclosure. Remember I mentioned that. The cloud is not an excuse for not protecting your data. You cannot hand that off to a third party. There are many more that I go into in the presentation.

[00:02:05]Then here’s the next thing I wanted to talk with you guys about that is the amount of ransomware out there. I’m going to have a little bit of a ransomware offering.

[00:02:15]If you’re not a subscriber right now, go to craig peterson.com/subscribe. You’ll actually see it on the site @craigpeterson.com. If you scroll around, do a few things on the site, it should pop up automatically for you.

[00:02:31]Now we’re just talking about healthcare, and of course, this is every business and every person out there.

[00:02:37] I talked about this Conti gang. I don’t know if you’ve heard of them. C ON T I.

[00:02:42] Now, remember what I’ve said before about ransomware. It used to be that you’d get ransomware. Your computer would now have its data encrypted. Then it would pop up this big red screen up that said you’ve got ransomware to get to all of your data back because what the ransomware did was encrypt it. You need to go to this website. You need to pay this amount of Bitcoin to this Bitcoin wallet, and off it goes, right? That’s the idea.

[00:03:13]According to the FBI, you’ll get all your data back half the time. That’s even if you pay the ransom. Now, too, the state department and the FBI might come after you if you pay a ransom — because now you are supporting terrorist organizations, not just criminal enterprises. Huge deal.

[00:03:34] Now, the other side of ransomware, and this is what just hit with a few different medical providers here. I talked about the Rehobeth McKinney Christian health center services, New Mexico because now it’s much more advanced instead of just getting on your computer, encrypting your files, demanding a ransom to get the decryption key. They even pre-install the decryptor for you. Isn’t that handy? 

What they are doing is they get onto a computer, and then they start East-West spreading. Now we’ve seen that for years.

[00:04:08] I remember one of our clients, a car dealer, and this was five-seven years ago. They got some ransomware. Somebody clicked on something that they shouldn’t have, and suddenly their machine gets ransomware. The device, of course, is hooked up to the network. It is, in fact, mounting drives from their file server. So his machine has access to all of these files. This guy was a manager over there at this car dealership. So he had access to all of the files.

[00:04:47] Think about that for a minute. What his machine did back then is it said, Oh great, here are some network drives. So it started encrypting the S drive and the H drive, and the K drive. All of these different letters for these SMB mounted drives from the file server.

[00:05:03]We were in there beforehand, and we installed our security stuff.

[00:05:08]When his machine got this brand new strain of ransomware, and of course, he didn’t want us looking at what was on his device. So we couldn’t install all of the antivirus software because then we would have access to it.

[00:05:22]We’ve got another client that’s like that too, where the owner of the business doesn’t want us installing software to really keep his machine clean.

[00:05:29] I don’t know why people do that. Are they just trying to play their cards close to the chest? Is that what they’re trying to do? Are they looking at something they shouldn’t be looking at at work?

[00:05:43] Why do people do that? If you’ve got hints, let me know. Cause I would love to know me@craigpeterson.com. Why do people do that?

[00:05:52]Anyhow, his machine got the ransomware. It tried to start spreading to the file server. Now, we had special hardware and software installed. So we saw that spread start. We immediately shut down. It was all automatic. It was just shut down because our systems shut down his network port.

[00:06:13] His computer had the ransomware. We were able to just go ahead and restore from backup. The bad guys know that if all they’re doing is encrypting your data, then who cares? You restore from backup.

[00:06:29] Now, hopefully, you’re following a three-two-one backup scheme. Most places don’t.

[00:06:36] Hopefully, you’re testing it as well. We try every backup that we make for our customers every day. About once a week, we will spin up the servers in a virtual environment and make sure that it can boot to know we have a good backup. 

I got to tell you guys that the backups are not working most of the time, and it gets to be a real problem.

[00:06:57]What these guys have figured, including this Conti gang, is we’re not going to be able to get as much money out of them by just encrypting their discs. We need to do something else. So while they’re trying to spread East-West inside, what they’re doing is okay, so they got a hold of this manager’s computer. They start scanning for other computers and scanning for vulnerabilities scanning for ways it can gain access.

[00:07:26] Unfortunately, the statistics show us that most of us have file shares turned on our windows machines.

[00:07:34] That’s one of the things I talk about in my Improving Windows Security course, what to do, how to do, how to turn that off because that is the second target of ransomware. Once it gets onto your machine.

[00:07:49] You’ve got to turn off those file-sharing services.

Listen to this episode