March 2024 News & Tips | Change Healthcare Breach, Car Security

View this email in your browser
Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.

If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
In this issue:
Month's News in Review
Upcoming Speaking Events
TCE Strategy in the News
Must Read Articles This Month
Cybersecurity Tip of the Month
Enjoy this month's newsletter? You can use this link to post on social media or send to friends! Thanks for sharing!
This Month's News in Review
Welcome back to the monthly TCE Strategy newsletter! From a new record high in healthcare ransomware payments to continued automotive recalls due to theft via USB stick, it’s been a wild month in the world of cybersecurity. Let’s see how these stories can help us make better decisions about what is Secure Enough for us, the companies we work for, and our families.
Tried to get a prescription lately?

In a stunning healthcare supply chain attack, the BlackCat (AKA “ALPHV”) ransomware variant was able to penetrate a company called Change Healthcare. Apparently BlackCat were not satisfied with the $15MM score from the Caesars breach, not to mention the notoriety from the MGM breach. Change Healthcare acts as the “glue” that holds critical parts of the healthcare system together, such as linking pharmacies and insurance companies together so that consumers can buy prescriptions and pharmacists can submit insurance claims, along with other things. TCE Strategy has been up against BlackCat in the past, and it’s a very well written piece of malware. In fact, it uses a programming language called RUST, which is part of “next generation” programming languages that the USA government has urged companies to adopt because of their superior cybersecurity around the way they manage a computer’s memory. I’ve mentioned in previous newsletters that ransomware attacks are normally crimes of opportunity, but this one may have been targeted: Change Healthcare is owned by Optum, which is owned by United Heath Group, or UHG. UHG is a gigantic player in the healthcare space, and they have deep pockets. BlackCat sent out a message to their affiliates a few months ago asking them to target healthcare companies and nuclear power plants, and this breach has disrupted healthcare across the country. Hopefully all nuclear power plants are on high alert about cybersecurity, and are using air-gapped networks to protect the systems that control the reactors.

Even more striking, it appears that UHG has paid a $22 million dollar ransom, which is the 2nd largest known ransomware payment in history, only behind CNA financial in 2019. UHG has not confirmed this yet, but a 350-bitcoin payment was recently made to a cryptocurrency wallet known to be controlled by BlackCat, so several media outlets have already reported that the likelihood of that payment being for the Change Healthcare breach is very high.

Details have not come out as to how this breach took place, but there is speculation that the ConnectWise vulnerability that was recently patched may be responsible. Patch early, patch often… As mentioned last month, ransomware requires a specific set of events to take place:
  • Cybercriminal finds a way to get a foothold into a network. This appears to be the ConnectWise vulnerability in this case.
  • Cybercriminal finds exploitable vulnerabilities inside the network to gain “domain administrator” privileges.
  • Cybercriminal finds data backups and destroys them. Offline backups eliminate this part of the attack chain.
  • Cybercriminal encrypts production data, and normally steals data so that they have a copy to use as another means of extorting money from the victim company.
  • Cybercriminal demands money to unencrypt the data so that the company can resume business.
The thought that a company the size of UHG could fall victim to a ransomware attack is very surprising, as ransomware is such an avoidable crime. The Minneapolis Public School District, USA was hit with ransomware last year, but they did not pay the ransom, which is most likely because they had immutable backups of their data.

To a company the size of UHG, $22 million is a rounding error. To cybercriminals, a $22 million score is a lifetime’s worth of money. Inadequate cybersecurity leads to ransomware. This is a preventable crime if companies are proactive in their approach to minimize their exposure to cybercriminals. Here is a short list of things your company can do to stay out of the crosshairs of ransomware gangs:
  • Monthly cybersecurity vulnerability scanning and patching program
  • Anti-virus on ALL computers. Must include 24x7 monitoring
  • Upgrade, isolate or decommission all computers with end-of-life Operating Systems
  • Multi-factor authentication on email accounts, VPN connections and domain admin accounts
  • Use a weak password checking program to ensure that your organization has reasonably strong passwords
  • Backups – be sure to keep a copy offline. Test your backups periodically
When cybersecurity gets physical

Normally cybersecurity issues are, well, security issues about our cyber world. Online information is the target: bank accounts, cryptocurrency wallets, stolen identities, etc. Sometimes the cybersecurity world intersects with physical security, and an ongoing story about Hyundai and Kia cars being able to be stolen with a USB stick vividly illustrates the point. From a Public Radio article: “Certain models built between 2011 and 2022, including multiple years of Kia Souls and Hyundai Sonatas, were designed without an engine immobilizer. That's technology that stops cars from starting without a key. A hack spread on social media showed how to start the vehicles quickly and key-free. In the summer of 2021, TikTok videos of kids taking advantage of the vulnerability took off.” Apparently Kia and Hyundai cars accounted for around 5% of all automotive theft prior to 2021, and now it is 55%, an increase of an order of magnitude.

The US Government announced a service campaign over a year ago to encourage Kia and Hyundai owners to bring their cars back to their respective dealerships to have the problem fixed, but that doesn’t solve the problem of criminals breaking Kia/Hyundai windows in the hopes that a certain car isn’t yet patched, nor does it help with lower resale value of those vehicles. Last May, Hyundai and Kia entered into a $200 million settlement from a class action lawsuit, but that only includes $300 per car owner that can go toward aftermarket security upgrades for a given car.

Perhaps this incident will encourage consumers to take the cybersecurity of their purchases more seriously. It really hits home when your car gets stolen because an auto manufacturer wanted to save a few bucks on each car they sold.

Until next month, stay safe!

Upcoming Speaking Events

Here is a list of the cities that I will be in over the next few months. Please reach out if you have an event in mind!

March 27-29, Springfield, IL
April 3, Reno, NV
April 9, Des Moines, IA
April 18, Wichita, KS
May 8, Des Moines, IA
May 27-31, Las Vegas, NV
July 3, Brainerd, MN
August 3-6, Denver, CO
September 11, Tallahassee, FL

TCE Strategy in the News

Thank you to KARE11 and Gordon Severson for the opportunity to partner on a story about the Change Healthcare breach.

Interesting Articles

This is a giant invasion of privacy, and a very good reason to NOT buy a new car. "In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving. Some drivers may not realize that, if they turn on these features, the car companies then give information about how they drive to data brokers like LexisNexis."
"Typically, an attacker will first try to fool their victim into believing that they're trustworthy, often using information garnered from social media, before persuading them to hand over data or carry out actions to compromise security."
Cybersecurity Tip of the Month
 Spring Cleaning: Safely Disposing of External Hard Drives and USB Drives

With the first day of Spring finally arriving tomorrow, many of us will surely have the "spring cleaning" bug very soon. If you come across old USBs or hard drives that you decide to get rid of, please keep these things in mind before you do.

When selling, donating, or disposing of old USB drives or hard drives, many people think they can simply delete the files and they will be safe. This is not true, however. Third-party data recovery software programs can often restore these files, meaning that any sensitive documents or data on these drives could be exposed or fall into the wrong hands.
There are several different ways you can securely wipe these devices:
-Formatting an external device: Windows and Mac operating systems come with built-in format options for erasing hard drive data. You can follow a few simple steps to initiate this method which performs a write-zero pass, filling the storage space with zeros. To see more detailed step-by-steps for Windows and MacOS, 
visit this article.
-Erasing data on external drives using an app: There is no shortage of apps, paid and free, that will perform a data erasure service for you. Some of these are 
described more in depth here and include:
              -Android: Secure Eraser, Shreddit
              -Windows: CCleaner, Eassos PartitionGuru, MiniTool Drive Wipe
              -MacOS: StellarWipe Mac, Mac Washing Machine Secure X9
              -Windows and MacOS: AweEraser, Super Eraser
              -Windows, MacOS, and Linux: WipeDrive
-Erase hard drives using Darik’s Boot-and-Nuke (DBAN) software: DBAN is a free data destruction program used to completely erase all the files on a hard drive. This is a great free program but will erase EVERYTHING on the hard drive, including applications, personal files, and operating systems, so it needs to be used carefully and intentionally. These articles give some very helpful tips and steps for using DBAN:
-Using the cipher command: Cipher.exe is a built-in command line tool in the Windows operating system that can be used to encrypt or decrypt data on drives and can be used to securely erase the free space on a drive, meaning you must first format the drive so it is all free space. A short tutorial on using cipher can be found 
If you are disposing of a USB or external hard drive for any reason, be sure to do your due diligence. Double check what data is on the drive, determine how sensitive it is, and decide on the best way to ensure it is erased from the drive. And if in doubt, a good old fashioned hammer will always get the job done.
Forward Forward
We want your feedback!
< On a scale of 10, how helpful was this newsletter?>

Copyright © *|CURRENT_YEAR|* *|LIST:COMPANY|*, All rights reserved.

Our mailing address is:

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

You can reach Bryce at

Subscribe to Newsletter

Browse newsletter archives: