Risky Business #748 -- New cyber rules for US healthcare are coming
May 15, 2024
auto_awesome
Cybersecurity expert Lina Lau discusses the ongoing Ascension healthcare disruption, federal agencies assisting Catholic health networks post-cyberattack, and the necessity of enhanced security measures in the healthcare sector. The podcast also delves into the challenges civil society faces from state cyber actors, rising cyberattacks in healthcare, and the alarming trend of human trafficking victims coerced into scam activities in Southeast Asia.
New cyber rules are proposed for US healthcare to prevent ransomware attacks.
Challenges in attributing cyber threats to specific countries are complex and nuanced.
Scam syndicates in Southeast Asia generate $64 billion annually, posing significant challenges for dismantling criminal operations.
Deep dives
Risky Business Sponsor Guest Discusses Asset Discovery Tool Data
Run Zero's sponsor guest, Rob King, discusses the release of a report based on data collected by their asset discovery tool, highlighting the tool's ability to identify network assets and reveal potential security risks, such as printers compromising network segmentation.
US Healthcare Sector Ransomware Incidents and Security Requirements Debate
The podcast episode delves into the ransomware incidents impacting US healthcare providers, specifically discussing the challenges faced by Ascension due to ransomware disruptions and exploring the debate surrounding implementing new security requirements in the healthcare industry to prevent such incidents in the future.
UK Ministry of Defence Data Breach Attribution Controversy
Following a data breach involving a third-party contractor working with the UK Ministry of Defence, Defence Minister Grant Shaps urges caution in prematurely attributing the incident to China, revealing a new approach in attributing such breaches in the UK to ensure rigorous and accurate assessments independent of political pressures.
Reluctance in Attribution and the Complexity of Cyber Threat Groups
Attribution of cyber threats to specific countries like China is challenging due to national security concerns and the diverse range of threat actor groups within a single nation. The podcast highlighted the difficulty in attributing cyber attacks solely to a country like China, considering various entities like the Ministry of State Security, the PLA, and activist groups. Examples were given of incidents involving cyber espionage allegations against China, emphasizing the complexities and nuances involved in attributing cyber threats.
Massive Financial Impact of Southeast Asian Scams and Syndicates
Southeast Asian scams syndicates based in countries like Thailand, Myanmar, and Laos are reportedly generating a staggering $64 billion USD annually, equivalent to 40% of the combined GDP of those nations. Compared to ransomware and business email compromise (BEC) attacks, these scams are highly lucrative, yet receive less attention. The scale of financial activity controlled by these syndicates poses challenges as it can corrupt officials and entrench criminal operations, making dismantling them a daunting task. The podcast underscored the urgent need to address the substantial financial impact and systemic issues created by these criminal enterprises.
This week Patrick Gray and Adam Boileau along special guest Lina Lau discuss the week’s news, including:
The ongoing Ascension healthcare disruption, and
Whether its reasonable for healthcare orgs to be pushing back
Platforming cybercriminals for interviews
Own the libs by… not using E2EE messaging?
CISA’s secure by design, we want to believe!
The $64billion scale of indusrialised fraud
And much, much more.
This week’s sponsor is network discovery specialist, Run Zero. Director of research Rob King joins to talk about the weird and wonderful delights in their new Research Report.
