Darnley's Cyber Café
Embark on a journey with us as we explore the realms of cybersecurity, IT security, business, news, technology, and the interconnected global geopolitical landscape. Tune in, unwind with your preferred cup of java (not script), and engage in thought-provoking discussions that delve into the dynamic evolution of the world around us.
Darnley's Cyber Café
Medical Record Theft is on The Rise
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Why were millions of baby data was stolen in Ontario Canada?
MOVEit hack releases millions of personal medical information globally, threats of insurance fraud
Is your data safe anymore?
In this episode, Darnley discusses why cyber criminals are targeting your medical data, and is protecting your data impossible today? Also highlighting what you can do to properly protect yourself in the current world of uncertainty.
Click here to send future episode recommendation
Subscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
Episode Recap:
· Why Cyber criminals are targeting your medical data
· What is MOVEit and Decades of Newborn Data Stolen in Ontario
· Is protecting your sensitive data impossible now?
Why cyber criminals are targeting your medical data?
· There are several reasons why cyber why they target your medical data
1. Consists of valuable information, including PII, medical history, treatment plans, insurance details, payment information
2. High demand in the black market, they can sell this information to be used for fraudulent purposes such as, financial gain, identity theft, or insurance fraud.
3. Medical records often hold your social insurance number, birthdates, addresses – this data can be used to commit fraud.
4. Healthcare fraud – criminals can use this to bill insurance companies or government healthcare programs to services and medication.
5. Extortion – Criminals may threaten to release sensitive medial information such as health records or STI diagnoses to extort money from individuals or healthcare providers.
· Majority of users are at the mercy of the medical institutions with protecting their medical data, I don’t think you really asked your provider what their security practices are.
· Some regulatory compliance such as
o HIPPAA (Health Insurance Portability and Accountability Act) USA
o GDPR (General Data Protection Regulation) Europe
o PHIPA (Personal health information protection act) Canada
o Data Protection Act UK
· What if something happens to your children’s health records? Do you think about the ramifications of when your newborns health records gets stolen? How would you deal with this?
What is MOVEit and Decades of Newborn Data Stolen in Ontario
· Have you heard about the MOVEit attack? Did you know over 100 million individuals have been affected to date of this podcast?
· Touted as the largest hack of the year – so far – the mass exploitation of breach caused many victims.
· Began in May 2023 when Progress disclosed a zero-day vulnerability in MOVEit transfer – this is a managed file transfer service used by thousands of organizations around the world to move transfers of usually sensitive data across the internet.
· This vulnerabvivlity allowed cyber criminals to raid this vulnerability and access MOVEit transfer servers and steal customers sensitive information stored there.
· This hack was done with the Russian-linked ransomware and extortion gang CLOP. Clop has threatened to publish the stolen data if they don’t receive payments.
· This threat in particular has affected some 3.4 million people in Ontario Canada for patients who sought pregnancy care and including the two million new born children across this Canadian province.
· According to the government funded agency BORN Ontario, the hackers have copied more than a decade worth of data including fertility, pregnancy, and newborn and child healthcare offered between January 2010 to MAY 2023.
· When the Ontario Privacys Watchdog – The Information and Privacy Commissioner, which oversees BORN declined to comment further of the incident. There has been no word yet if BORN has paid the ransom.
· This MOVEit attack has affected over 100 million individuals so far, with not all organizations that have disclosed the incidents so the number of victims still continues to climb.
· Many other organizations such as the US federal agencies which relied on MOVEit software.
· Clop gang has been the masterminds of attacking file-transfer tools such as Fortra and Acellion.
Is protecting your data impossible now?
· I have heard this same question throughout the ages…what is the point anymore? You go through all this cybersecurity stuff now to find that the transfer tool you relied on gets compromised and all your customers data is stolen?
· Yes, many organizations and agencies rely on third party transfer tools such as MOVEit – the big question is why? Developing your own tools can be expensive and cause extra overhead, so relying on third parties makes financial sense to reduce the amount of building expenses in-house.
· It is also frustrating to hear that your children’s, or your own data has been stolen – many people who do not listen to these sort of stories don’t think to understand much about it or give it a second thought. It only becomes a reality to them once something major happens to their bank account or something that realty affects them…this can be a really damaging mindset however humans are known to be complacent, even within war zones.
· Do you understand that CLOP can make upwards of $100 million dollars with this attack – and if the ransom gets paid by organizations and insurance agencies, this will only fuel the fire in attacks such as these.
· Yes I understand this is a little frustration with no real end in sight – just a perspective that laying your eggs in the proverbial basket is not a good idea either, especially when it comes with handling customer data.
· So what can you do? That’s the million dollar question here…
· For a business such as MOVEit, they should implement robust cybersecurity measures, including firewalls, intrusion detection systems, regular software updates, access controls, and network security practices. Regular cybersecurity training for personnel is also essential to prevent human error that could lead to security breaches.
· For individuals and normal folk…always use unique non-repeating passwords, make them unguessable.
· Enable two-factor authentication on all your accounts that support it, for the ones that don’t email the company and ask why.
· Don’t click on links in emails – always be skeptical of emails that have a sense of urgency.
· Backup your data – don’t rely on one backup drive and cloud-backups. They all can fail
· Stay informed of scams, listen to podcasts such as these to keep a general understanding of today’s cyber crimes.
· Lockdown your information – be very mindful of sharing personal information, especially with strangers and on social media.
· Check your credit report – try doing this semi-annually if possible
· Separate accounts and email address – don’t use the same email address for everything, have one email address used for important transactions and another for your newsletters and online shopping.
