The #CyberAvengers (Paul Ferrillo, Chuck Brooks, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma, Christophe Veltsos) are a group of salty and experienced professionals who have decided to work together to help our country by defeating cybercrime and slowing down nefarious actors operating in cyberspace seeking to exploit whatever their tapping fingers can get a hold of. How? We do this by raising our collective voices on issues critical importance so that we can keep this great country in the lead – both economically and technologically – and to keep it safe and secure. All the issues are intertwined and more complex than ever, which is why we have differing backgrounds but have a common cause. We complement each other, we challenge each other, and we educate each other. What do we get out of writing articles like this? Nada. Goose egg. We are friends. We are patriots. And we are not satisfied to sit around and do nothing. We want to keep this nation and its data safe and secure.
Check Point security group has released information revealing how hackers are now using online video subtitles as a source to transport viruses into personal computers, granting hackers to endless information for very little work.
This method of hacking requires a user to do nothing other than opening up their favorite videos online. According to a recent article, this is not even potential danger but is the real thing because it’s already being used successfully by the hackers.
Hackers are very knowledgeable and creative which is why most seem to be one step behind them in most cases. A few years ago people were panicking because of pop-ups, surveys, or phishing links. Now hackers are able to encrypt information by using techniques that can bypass many security products and it is more destructive than anything seen before.
This drastic increase in hackers using the technique of online video subtitles as a source to transport viruses is no surprise. Check Point stated they “estimate there are approximately 200 million video players and streamers” and online video streams have a massive audience making these defenseless targets very beneficial investments. Using this technique, these hackers are able to take complete control of a computer with minimal effort.
Big streaming sites such as VLC, Stremio, Popcorn Time, and others are assisting users in defense by providing updated patches for blocking viruses. Unfortunately downloading these patches is the only defense (other than completely avoiding online videos) and as we saw recently with the #WannaCry ransomware outbreak, counting on people to keep their systems patched seems to be too much to ask. Hopefully, that will begin to change.
Seth Tuma is a student at Santa Barbara City College in Santa Barbara, California.
Does the HIPAA Breach Notification Rule apply to all Covered Entities and Business Associates, Even Smaller Ones?
To many of you reading this post this question seems ridiculous. You know the answer. However, I get asked this question so frequently that I decided to answer it with a blog post to save time next time I get asked the same question. What is worse, however, is I often hear people say — out of complete ignorance — “no, it is not a big deal.”
Let me be clear: it is a big deal – a very big deal – and if it is considered a “breach” then you are required to report. See this Guide for more information.
Healthcare professionals must understand just how important cybersecurity and privacy of patient protected health information (PHI) is to their practices: You can spend your entire career building a fine medical practice and lose it all because you did not take this seriously. Don’t believe me? Then jump to this point of the post.
The reason for this is because under what is called the CIA Triad of Cybersecurity. To maintain the security of data, you must ensure you maintain its confidentiality, integrity, and availability; when you have a ransomware attack encrypt your data, you no longer have availability unless you have appropriate backups of the data. Moreover, depending on the nature of the ransomware, some strains may exfiltrate data prior to the encryption, causing a failure to maintain confidentiality as well.
Absolutely. When a Covered Entity or Business Associate fails to comply with the HIPAA Breach Notification Rule, HHS may launch an investigation and bring an enforcement action against the entity that failed to timely notify. Below are two notable cases where HHS has done this but it is important to note that the vast majority of the smaller ones are resolved with fines and compliance measures imposed at the investigation level:
Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.
Question: What do holiday charities, school closings,social media and ransomware have in common?
Answer: They are all tools that cybercriminals use to steal money from you!
Social engineering is a fancy way to describe old-fashioned lying. It is what happens when bad guys use deception to get people to do something really dumb that they would not ordinarily do. Most hacking, cybercrime, and data breaches are not caused by sophisticated attacks but are accomplished by social engineering.
The bad guys play on your emotions so that your desires overpower your judgment and “BAM!” they got you. This is the Nigerian Prince. This is the chain letter. This is countless other examples just like that. Remember the old lesson, “if it seems too good to be true …”
There is another variant floating around during the Holidays especially. Sad stories about people suffering tragedies during the Holidays, news events of tragedies during the Holidays, etc. and they all play on your emotions to get you to either give them something (money or data), propagate the scam by sharing it, or downloading something such as ransomware that will then force you to give them something!
This Holiday Season and always, click with caution!
Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.