Hey everyone. I'm Drexon. This is the two minute drill where I cover some of the hottest security stories in healthcare, all part of the 2 29 project, cyber and risk community here at this week. Health. It's good to see you today. Here's some stuff you might want to know about. In fact, today, let's talk about insider threat stories.
CrowdStrike confirmed that a trusted insider took screenshots of internal systems, dashboards, and single sign-on links, and passed them to cyber criminals. No access, no source code. Just enough material that hackers were able to falsely claim that they had breached the CrowdStrike Systems. Cyber Thugs tried to pay $25,000 for access to CrowdStrike systems.
But in the end, all the data and all the systems are secure. The offender's been terminated, and law enforcement is now involved also today, a new insider risk report says that 93% of organizations say insiders are as hard or harder to detect than external attackers, and only one in four field confident that they can stop an insider attack before some kind of serious harm actually happens.
And another new analysis says that skilled insiders, admins, engineers, analysts, they represent the most dangerous threat categories because they know the systems and they know the processes, and they know the guardrails, and they don't need to break in. They're already inside. Here's some proof of the problem.
It turns out that Geisinger Health and Nuance have reached a $5 million settlement over a Nuance Insider who allegedly had continued access to data for days after they had been terminated by nuance. Investigators say that the data accessed included names and addresses and dates of birth and medical record numbers, and blah, blah, blah.
Okay. Okay. Just one more example. There's a documented case now where ransomware groups, including Medusa, directly approached employees at BBC offering life-changing money in exchange for valid credentials or MFA approvals. The story includes screenshots of the messages that were going back and forth, and it's not the only case like this.
They talk about some others too. It's a good reminder that cyber thugs don't need to hack in if somebody will just open the door for 'em. So when it's all said and done, insider threats aren't just malicious employees. They're employees that are being targeted. Your people are getting phishing emails and they're getting recruitment offers.
You might wanna talk about this in your next all hands. That's it for today's two minute drill. Thanks for being here, and I hope you have an amazing Thanksgiving. Stay a little paranoid and I'll see you around campus.