Can your company do business without its computer system? Let’s ask Atlanta!

Atlanta RansomwareIn the world of cybersecurity and data protection, we tend to think about most cyber incidents as being “data breaches” because that’s the term de jour that occupies news headlines. Because of this, far too many companies think that if they do not have valuable data that hackers would want to “breach,” so to speak, they do not need to be concerned about cybersecurity. While this is wrong on one level because all data has value to hackers, it is even more wrong on a much greater level.

There is a lot more to cybersecurity and data protection than just breaches of the confidentiality of data (i.e., “data breaches“). Hackers have shown a strong trend over the last couple of years of attacking the computer system itself and, as some call it, “bricking” company’s computers and/or data and demanding an extortion payment in exchange for their promise to honor their word and undo the damage (if they even can). This is the process underlying what is often called ransomware.

Do you see where I’m going with this? If not, let me see if I can simplify this process for you a bit with the question below: (1) If you still think your company does not have data that is valuable to hackers, and (2) You still think that means that your company does not need to focus on cybersecurity,

Can your company continue to do business if it is not able to use its computer system?

If you’ve seen the news today you see that the City of Atlanta has had many of its computer systems bricked by ransomware and those business operations that require the use of those systems are now shut down.

Now, let me ask you, “how many days can your company go without doing whatever it is that it does before it really begins to hurt?”

Still need more convincing? Ok, I addressed this issue in more detail in Chapter 5 of The #CyberAvengers Playbook (free to download) — go give it a read.

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Allscripts EHR Ransomware Attack is Huge–How Will it Impact Healthcare Practices?

OCR LogoSee recommendations below

On January 19, 2018, cybercriminals were successful in a ransomware attack on Allscripts, an electronic healthcare record (EHR) provider for healthcare providers across the United States. The attack encrypted some of Allscripts systems and prevented those healthcare providers who use those systems for their EHRs from being able to access their patient records. Not only is there the obvious impact this has had on those healthcare providers’ ability to treat their patients, but also, under HIPAA, the Office of Civil Rights presumes that all cyber-related security incidents where protected health information was accessed, acquired, used, or disclosed are reportable breaches unless certain criteria are satisfied. (See checklist in this post and this post for further explanation).

TMLT LogoThe Texas Medical Liability Trust (TMLT)’s blog post, Allscripts EHRS Falls Victim to Ransomware Attacks, goes into much greater detail in describing the facts of this event and what has taken place since the initial attack. The blog also provides an excellent analysis of the Business Associates considerations in a situation such as this and the post features several important recommendations for what practices need to do now from my friend and excellent cybersecurity and data privacy attorney Adrian Senyszyn (LinkedIn) and myself. So, what are you waiting for, go read the TMLT post … and hope and pray that you planned ahead and have cyber insurance!

See Also:

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

The #CyberAvengers

#CyberAvengers: A National Cybersecurity Action Plan is a Serious Priority

The #CyberAvengers recently published an article that offers fabulous timely advice in these troubled cyber-times.

The #CyberAvengers have also recently published The #CyberAvengers Playbook: The Non-Technical, No-Nonsense Guide for Directors, Officers, and General Counsels. This book was sponsored by FireEye which has made this free download available on its website.

While you’re at it, check out The #CyberAvengers website and join in the #CyberAvengers discussion on Twitter!

_____________________________

The #CyberAvengers (Paul FerrilloChuck BrooksKenneth HolleyGeorge PlatsisGeorge ThomasShawn TumaChristophe Veltsos) are a group of salty and experienced professionals who have decided to work together to help our country by defeating cybercrime and slowing down nefarious actors operating in cyberspace seeking to exploit whatever their tapping fingers can get a hold of. How? We do this by raising our collective voices on issues critical importance so that we can keep this great country in the lead – both economically and technologically – and to keep it safe and secure. All the issues are intertwined and more complex than ever, which is why we have differing backgrounds but have a common cause. We complement each other, we challenge each other, and we educate each other. What do we get out of writing articles like this? Nada. Goose egg. We are friends. We are patriots. And we are not satisfied to sit around and do nothing. We want to keep this nation and its data safe and secure.

The #CyberAvengers Playbook (free download)

CyberAvengers Playbook CoverThe #CyberAvengers recently published The #CyberAvengers Playbook: The Non-Technical, No-Nonsense Guide for Directors, Officers, and General Counsels. This book was sponsored by FireEye which has made this free download available on its website.

While you’re at it, check out The #CyberAvengers website and join in the #CyberAvengers discussion on Twitter!

 

For another great #CyberAvengers book, get Take Back Control of Your Cybersecurity Now through the following tweet!

_____________________________

The #CyberAvengers (Paul FerrilloChuck BrooksKenneth HolleyGeorge PlatsisGeorge ThomasShawn TumaChristophe Veltsos) are a group of salty and experienced professionals who have decided to work together to help our country by defeating cybercrime and slowing down nefarious actors operating in cyberspace seeking to exploit whatever their tapping fingers can get a hold of. How? We do this by raising our collective voices on issues critical importance so that we can keep this great country in the lead – both economically and technologically – and to keep it safe and secure. All the issues are intertwined and more complex than ever, which is why we have differing backgrounds but have a common cause. We complement each other, we challenge each other, and we educate each other. What do we get out of writing articles like this? Nada. Goose egg. We are friends. We are patriots. And we are not satisfied to sit around and do nothing. We want to keep this nation and its data safe and secure.

The #CyberAvengers

#CyberAvengers: Tips for responding to #cyberattacks and lessons on #cybersecurity survival

The #CyberAvengers recently published two articles that offer fabulous timely advice in these troubled cyber-times.

While you’re at it, check out The #CyberAvengers website and join in the #CyberAvengers discussion on Twitter!

_____________________________

The #CyberAvengers (Paul FerrilloChuck BrooksKenneth HolleyGeorge PlatsisGeorge ThomasShawn TumaChristophe Veltsos) are a group of salty and experienced professionals who have decided to work together to help our country by defeating cybercrime and slowing down nefarious actors operating in cyberspace seeking to exploit whatever their tapping fingers can get a hold of. How? We do this by raising our collective voices on issues critical importance so that we can keep this great country in the lead – both economically and technologically – and to keep it safe and secure. All the issues are intertwined and more complex than ever, which is why we have differing backgrounds but have a common cause. We complement each other, we challenge each other, and we educate each other. What do we get out of writing articles like this? Nada. Goose egg. We are friends. We are patriots. And we are not satisfied to sit around and do nothing. We want to keep this nation and its data safe and secure.

The #CyberAvengers

#CyberAvengers: Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity

Read the recent #CyberAvengers recent article, Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity, on Brink-The Edge of Risk.

This article discusses the recent federal legislation, Promoting Good Cyber Hygiene Act of 2017, which promotes the following best practices items that are further discussed in the article

  1. Security updates and patch management
  2. Workforce phishing training
  3. Multifactor authentication
  4. Backup redundancy and management
  5. Not using outdated and unsupported software
  6. Use of the cloud
  7. Intrusion detection and prevention systems
  8. Using a managed services provider (MSP) or managed security service provider (MSSP)
  9. Cyber insurance

_____________________________

The #CyberAvengers (Paul FerrilloChuck BrooksKenneth HolleyGeorge PlatsisGeorge ThomasShawn TumaChristophe Veltsos) are a group of salty and experienced professionals who have decided to work together to help our country by defeating cybercrime and slowing down nefarious actors operating in cyberspace seeking to exploit whatever their tapping fingers can get a hold of. How? We do this by raising our collective voices on issues critical importance so that we can keep this great country in the lead – both economically and technologically – and to keep it safe and secure. All the issues are intertwined and more complex than ever, which is why we have differing backgrounds but have a common cause. We complement each other, we challenge each other, and we educate each other. What do we get out of writing articles like this? Nada. Goose egg. We are friends. We are patriots. And we are not satisfied to sit around and do nothing. We want to keep this nation and its data safe and secure.

The #CyberAvengers

#CyberAvengers: 9 Ways to Declare Independence from Hacking

Read the recent #CyberAvengers recent article, 9 Ways to Declare Independence from Hacking, on NextGov and Levick.com.

_____________________________

The #CyberAvengers (Paul FerrilloChuck BrooksKenneth HolleyGeorge PlatsisGeorge ThomasShawn TumaChristophe Veltsos) are a group of salty and experienced professionals who have decided to work together to help our country by defeating cybercrime and slowing down nefarious actors operating in cyberspace seeking to exploit whatever their tapping fingers can get a hold of. How? We do this by raising our collective voices on issues critical importance so that we can keep this great country in the lead – both economically and technologically – and to keep it safe and secure. All the issues are intertwined and more complex than ever, which is why we have differing backgrounds but have a common cause. We complement each other, we challenge each other, and we educate each other. What do we get out of writing articles like this? Nada. Goose egg. We are friends. We are patriots. And we are not satisfied to sit around and do nothing. We want to keep this nation and its data safe and secure.

The #CyberAvengers

#CyberAvengers: Ransomware Spreading Like Crazy Worms

Read the recent #CyberAvengers recent article, Ransomware Spreading Like Crazy Worms, on NextGov.com, Levick.com, or The #CyberAvengers website.

_____________________________

The #CyberAvengers (Paul FerrilloChuck BrooksKenneth HolleyGeorge PlatsisGeorge ThomasShawn TumaChristophe Veltsos) are a group of salty and experienced professionals who have decided to work together to help our country by defeating cybercrime and slowing down nefarious actors operating in cyberspace seeking to exploit whatever their tapping fingers can get a hold of. How? We do this by raising our collective voices on issues critical importance so that we can keep this great country in the lead – both economically and technologically – and to keep it safe and secure. All the issues are intertwined and more complex than ever, which is why we have differing backgrounds but have a common cause. We complement each other, we challenge each other, and we educate each other. What do we get out of writing articles like this? Nada. Goose egg. We are friends. We are patriots. And we are not satisfied to sit around and do nothing. We want to keep this nation and its data safe and secure.

The #CyberAvengers

#CyberAvengers: Fixing the Federal IT Mess Before it is Too Late

Read the recent #CyberAvengers article, Fixing the Federal IT Mess Before it is Too Late, on Levick.com or The #CyberAvengers website.

_____________________________

The #CyberAvengers (Paul FerrilloChuck BrooksKenneth HolleyGeorge PlatsisGeorge ThomasShawn TumaChristophe Veltsos) are a group of salty and experienced professionals who have decided to work together to help our country by defeating cybercrime and slowing down nefarious actors operating in cyberspace seeking to exploit whatever their tapping fingers can get a hold of. How? We do this by raising our collective voices on issues critical importance so that we can keep this great country in the lead – both economically and technologically – and to keep it safe and secure. All the issues are intertwined and more complex than ever, which is why we have differing backgrounds but have a common cause. We complement each other, we challenge each other, and we educate each other. What do we get out of writing articles like this? Nada. Goose egg. We are friends. We are patriots. And we are not satisfied to sit around and do nothing. We want to keep this nation and its data safe and secure.

New Hacking Technique Revealed, Viruses in Online Video Subtitles

Check Point security group has released information revealing how hackers are now using online video subtitles as a source to transport viruses into personal computers, granting hackers to endless information for very little work.

This method of hacking requires a user to do nothing other than opening up their favorite videos online. According to a recent article, this is not even potential danger but is the real thing because it’s already being used successfully by the hackers.

Hackers are very knowledgeable and creative which is why most seem to be one step behind them in most cases. A few years ago people were panicking because of pop-ups, surveys, or phishing links. Now hackers are able to encrypt information by using techniques that can bypass many security products and it is more destructive than anything seen before.

This drastic increase in hackers using the technique of online video subtitles as a source to transport viruses is no surprise. Check Point stated they “estimate there are approximately 200 million video players and streamers” and online video streams have a massive audience making these defenseless targets very beneficial investments. Using this technique, these hackers are able to take complete control of a computer with minimal effort.

Big streaming sites such as VLC, Stremio, Popcorn Time, and others are assisting users in defense by providing updated patches for blocking viruses. Unfortunately downloading these patches is the only defense (other than completely avoiding online videos) and as we saw recently with the #WannaCry ransomware outbreak, counting on people to keep their systems patched seems to be too much to ask. Hopefully, that will begin to change.

______________________

Seth Tuma is a student at Santa Barbara City College in Santa Barbara, California.