This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
[00:00:00] Everyone. I'm Drex, and this is the two minute drill where I cover some of the hottest security stories in healthcare, all part of the 2 29 project, cyber and risk community here at this week. Health, it's great to see you today. Here's some stuff you might wanna know about and what's shaping up to be one of the biggest corporate data leaks of the year.
Global consulting Giant, Ernst and Young accidentally exposed four terabytes of client data on an open SQL database. The exposed records included internal spreadsheets and emails and client project files, some linked to financial services and healthcare accounts. The data sat exposed for weeks before a researcher spotted it and reported it.
No passwords, no encryption, no access controls. ENY has since secured the system and launched an investigation, but it's clear even the big consulting shops can trip over their own data hygiene. And I wonder if something like this happened to your health system in the past, I've seen it [00:01:00] multiple times.
How are you preventing it from happening to your organization in the future? There's a really great story in The Guardian that takes us inside of India's emerging cyber crime villages, where whole communities have shifted from agriculture to online fraud. Uh, so there are places in India where local economies now revolve around phish and investment scams and romance fraud.
Young workers earn more money running phone banks and fake call centers than they ever did harvesting rice and law enforcement crackdowns. They've tried, but it's been sporadic and the sheer scale of these operations makes prosecution difficult and call centers often pop back up within a day or two of being torn down.
It's a great article to read and share with your teams and your families. Cyber crime. These kinds of online scams are no longer just a hobby. They've become an industry with supply chains and training [00:02:00] pipelines and global reach and healthcare leaders need to think of this kind of fraud as being more like a factory and not really a one-off event.
It's really big business. And finally, today, AI browsers, perplexity and Chat GPT have just launched their own browsers that can. Search and click and fill out forms for you. Those are all creating quietly, a whole new class of security risk. TechCrunch has an article where researchers found that many of these tools are lacking sandboxing and data isolation controls, which means they can unintentionally expose cookies or session tokens or sensitive files as they rum the web or your device.
Developers say they're fixing the problems. The problem is that with these new browsers, we're basically training digital interns to do work for us, and we're giving them the keys to the kingdom, and we're not giving them a lot of supervision. [00:03:00] Every new piece of tech, like those new browsers from Perplexity, it's called Comet or Chat, GPT.
Theirs is called Atlas. Those new tech waves. Always start with innovation, and they always end with a patch cycle. So if your organization is experimenting with those new browsers, cool, but treat them like untrusted interns and supervise everything they touch. Or on this story and all the latest healthcare, tech and security news at this week, health.com/news.
Uh, I'll push the link in the comments. It'll take you directly to Spotify or Apple, so you can sign up for my UNH hacked podcast channels too. That's where all my shows live. And as they say, smash the like and subscribe button. Uh, look. Again, those will be in the comments. That's it for today's two minute drill.
Thanks for being here. Stay a little paranoid and I will see you around campus.