April 2024 News & Tips | Change Healthcare Breach, Car Data Privacy

April 15, 2024|

View this email in your browser
Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.

If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
In this issue:
Month's News in Review
Upcoming Speaking Events
TCE Strategy in the News
Must Read Articles This Month
Cybersecurity Tip of the Month
Enjoy this month's newsletter? You can use this link to post on social media or send to friends! Thanks for sharing!
This Month's News in Review
Welcome back to the monthly TCE Strategy newsletter! From data privacy debacles to a 2nd ransom demand for UHG, it’s been a wild month in the world of cybersecurity. Let’s see how these stories can help us make better decisions about what is Secure Enough for us, the companies we work for, and our families.
Tried to get a prescription lately? part two:

Last month we talked about how the BlackCat (AKA “ALPHV”) ransomware variant was able to penetrate a company called Change Healthcare, which resulted in a whopping  $22 million dollar ransom payment, which is the 2nd largest known ransomware payment in history, only behind CNA financial in 2019. Turns out that wasn’t enough for the cybercriminals behind this breach. Apparently there was some sort of disconnect between the various groups that were a part of this breach, and they aren’t sharing the $22 million score in a way that is agreeable to the groups involved, so one of the groups has reached back out to UHG demanding another payment, under threat of releasing 4 terabytes of data that was exfiltrated as part of the breach. It will be interesting to see how this plays out, as it is not normal for large ransom payments to come without a resolution of the issue. There is no honor among thieves.
Cars spying on their owners

On the consumer end of cybersecurity, General Motors has some serious egg on their face as they were caught selling GM vehicle owners’ driving habits to insurance companies without the knowledge or consent of their customers. My guess is that GM buried some vague language 50 pages deep in a sales agreement stating that they have a right to collect and sell this sort of data, but the thought that any customer reads (and has the capability to understand legal gibberish that is purposely designed to obfuscate the real meaning behind it) the fine print of a hopeless long purchase agreement is laughable. Customer backlash around this has been strong, as there are several examples of people having dramatic insurance price increases as a result of this information being sold, even though the same customers’ accident history and insurance claim history are spotless. GM has stated that they are going to discontinue this practice, but without legislation preventing this sort of spying on consumers, it’s only a matter of time before car companies let the fervor die down and go back to selling this data again. Of course, lawsuits are already being filed over GM’s behavior.

I’d love to offer a suggestion to resolve this issue for new car buyers, but a recent investigation of all 25 auto makers that sell cars in the USA offered an “F” grade on their level of data privacy, without exception. I’d recommend buying used cars that do not have the capability of “phoning home” to tattle on your driving habits. Perhaps if new car sales are meaningfully impacted by these deceptive data sales practices, the auto makers may rethink selling our data as a revenue stream. Some cars allow the ability to turn off this data harvesting, but the setting is often buried deep in menus that are hard to navigate. I can speak from experience that some cars ask every month for the driver to continue to opt-out, and will opt you back in unless you click the “opt out” feature month after month after month.

Until next month, stay safe!

Upcoming Speaking Events

Here is a list of the cities that I will be in over the next few months. Please reach out if you have an event in mind!

April 18, Wichita, KS
April 23-25, Denver, CO
May 8, Des Moines, IA
May 10, Brainerd, MN
May 27-31, Las Vegas, NV
July 3, Brainerd, MN
August 3-6, Denver, CO
September 11, Tallahassee, FL
September 17-18, Casper, WY

TCE Strategy in the News

Thank you to Evan Schuman and ComputerWorld for the opportunity to be interviewed on a story about how companies are sending emails that look like phishing, which encourages bad user behavior.

Interesting Articles

This is an awesome story on the issue with "swiss cheese security" and how existing processes/procedures sometime LEND themselves to being exploited by fraudsters. To the banking sector, retail sector, e-commerce sector, etc., there are some very important lessons to be learned here. Thank you to Bruce Schneier for sharing this.
It will be interesting to see if a $10MM reward is enough to get someone to lead law enforcement to the BlackCat (ALPHV) ransomware makers. I certainly hope so.
I'm not a fan of video doorbells. Apparently Consumer Reports isn't either, and it's all about their cybersecurity.

There is great advice in this article on how to avoid new scams that take advantage of new AI tools.
Cybersecurity Tip of the Month
Creating Online Accounts Before Someone Else Does For You

Many people choose to have a minimal online presence thinking it may help keep them safe from becoming a victim of cybercrime. However, with the increased availability of personal information that can be found online, cybercriminals have gotten better at using social engineering and other methods to commit fraud. This can include using information such as addresses, Social Security numbers, and birthdays to impersonate victims and create accounts online, allowing them to steal financial information or money and avoid detection until well after the damage is done.
Banks, water companies, power companies, the IRS and even the post office are all offering to service you through an "online account". It is very important that you set up these accounts as yourself, before a cybercriminal beats you to it and tries to have your mail rerouted to them or your IRS tax refund sent to the wrong account. Turn on multi-factor authentication on these accounts and add a pin number if possible. Freezing your credit can also help prevent fraud. If you have older friends or family members who do not have much experience using the internet, offer to help them set up their own accounts and credit freezes as well.
Some places that you should set up online accounts include:

•    phone and internet provider
•    cell phone carrier
•    bank and retirement accounts
•    credit cards
•    IRS
•    USPS 
•    Social Security Administration

See my August 2022 Newsletter for steps to freeze your credit with the three major credit bureaus:
Forward Forward
We want your feedback!
< On a scale of 10, how helpful was this newsletter?>

Copyright © *|CURRENT_YEAR|* *|LIST:COMPANY|*, All rights reserved.

Our mailing address is:

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

You can reach Bryce at