March 6, 2025 • 40 mins
Business owners and IT professionals: Learn practical cybersecurity tips and be entertained at the same time. :)
Join co-hosts Joe Erle, a seasoned cyber insurance expert, and Mike Dowdy, AI and cloud security expert, as they bring you unique insights from top industry professionals (Cyber Lawyer & Pentester on this episode) on the latest threats and protection strategies.
In this episode, we uncover the shocking details of the United Healthcare hack and its far-reaching implications. Don't let your business become the next victim – subscribe now to stay one step ahead of cybercriminals and protect your digital assets.
Our expert panel discusses the far-reaching implications of the UHC breach, the importance of robust cyber insurance, and practical steps businesses can take to protect themselves. From insider trading suspicions to Nancy Pelosi connections, we uncover the intriguing details surrounding this major cyber incident.
Was there a connection to the murder of UHC CEO, Brian Thompson? We put on our tin foil hats for a moment to discuss if Luigi Mangione worked alone or was part of a calculated conspiracy.
Special guests: Ross Molina, Partner and Vice Chair of the Data Privacy & Cybersecurity Practice of Lewis Brisbois https://www.linkedin.com/in/ross-molina-20784111
&
Mathew Quammen, Pentester, Co-Founder, and President of Optimize Cyber https://www.linkedin.com/in/matthewquammen/
Explore the United Healthcare ransomware attack with cybersecurity experts. Learn about the $22 million ransom, supply chain vulnerabilities, and the critical role of cyber insurance. Discover how multi-factor authentication, incident response plans, and proactive risk management can safeguard your business from devastating cyber threats.
Chapters: Introduction and guest introductions (00:00 - 03:02)
United Healthcare hack overview (03:02 - 07:46)
Supply chain vulnerabilities and vendor management (07:46 - 14:44)
Cyber insurance and its importance (14:44 - 21:22)
Insider trading suspicions and Nancy Pelosi connection (21:22 - 26:02)
Legal protections and incident response planning (26:02 - 31:11)
Practical cybersecurity tips for businesses (31:11 - 37:02)
Closing thoughts and contact information (37:02 - 40:45)
Extended Summary: This episode of Ransomware Rewind features a panel of cybersecurity experts discussing the massive United Healthcare hack and its implications. The attack, carried out by Black Cat Alpha V, resulted in the theft of 6 terabytes of data affecting over 100 million records. United Healthcare paid a $22 million ransom but still faced significant challenges afterward.
The conversation covers various aspects of cybersecurity, including:
The importance of supply chain security and vendor management
The critical role of cyber insurance in mitigating risks
Legal protections and the need for incident response planning
Practical cybersecurity measures like multi-factor authentication (MFA) and regular audits
The potential insider trading and political connections surrounding the hack
Experts emphasize the need for businesses of all sizes to take cybersecurity seriously, highlighting that many protective measures are more affordable and accessible than commonly believed. They stress the importance of having a comprehensive incident response plan, robust cyber insurance coverage, and proactive risk management strategies.
The episode concludes with practical advice for businesses, including the use of MFA, regular IT provider audits, and the importance of understanding and managing supply chain risks. Listeners are encouraged to use their annual insurance reviews as an opportunity to assess and improve their overall cybersecurity posture.
#CyberSecurity #RansomwareAttack #UnitedHealthcareHack #CyberInsurance #DataProtection #IncidentResponse #SupplyChainRisk #MFA #riskmanagement
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
the hospitals that were affected by this
were losing a $100 million a day
and the event they do get hit
you want them paying for the notifications
not you but hundreds of thousands of
of small companies end up with a checklist of a super regulation
where it's coming down from
from all the Fortune 5 hundreds
(00:20):
obviously the DOD space
and being that
that seemingly is what happens at United Healthcare and how change
change healthcare was affected
think that's where the connection
and makes it really interesting for the US and be a mid market
okay boy
you're my brother's boy
this is an Nancy Pelosi connection here
it's interesting um she
(00:41):
bought 14 million and call options
to follow out to networks on the day that they were packed
and she later made $32 million on that trade
and that was before the hack was even announced
uh that she bought a lot of things that Ross mentioned uh
and and that we've talked about today have been are things that are
are not as expensive as you think are some
(01:04):
in some instances are free to do today and can save
you can save your entire business in the end
welcome to the Ransomware Rewind podcast
she was literally not getting paid
and it all came down to
this could be avoided just with the simple sop
and if they would just want to follow that SOP
(01:26):
they'd be fine but a lot of folks
in the mid market space just focus on the cheap stuff
oh I can get an MSP
and then that MSP is a guy in a truck that's setting up an old school
Asa 50
five hundred and they just
that world's gone and the mid market needs to catch up
welcome to the Ransomware Rewind podcast
we have some great guests today
(01:47):
Ross Molina from Louis Brispoe
he's a uh breach and privacy attorney and we have Matt Cuaman
he's with optimized cyber uh
they specialize in pen testing uh consulting
BCSO backups
all the consulting services you need for your your company
welcome to the show I think you'll enjoy
(02:09):
we're gonna be talking about uh
United Healthcare and some of the connections between the hack and uh
the recent shooting of the CEO of United Healthcare
we might have some info
hot stuff going on here involving Nancy Pelosi who knows
how to protect you your business and your network from acts ransomware
(02:33):
any infiltration and what to do about it after
thanks Joe Glad to be here
Matt Woeman I'm the cofounder at Optimized Cyber
as Joe said we're an offensive security consulting company
in the past I've
I've been on the rant somewhere incident response side overseeing uh
large number of cases and certainly is an area interest
I got into security about 7
8 years ago and immediately fell in love with it
(02:56):
the beautiful thing is I grew up
my dad was a owned an HVAC company in small town Minnesota
and he experienced an incident where
where when he was going to sell his business um
people stole some proprietary information to the company that
that drastically reduced
cut in half the valuation of
of that exit of his his business and his life's work
(03:17):
so once I found out that's what we do in the cybersecurity spaces
we battle battle people online to help help small
mid size and obviously enterprise organizations
prevent incidents like that from happening
it was just a match made in heaven
so I got very lucky to find my way into security and
and having a lot of fun along the way
(03:37):
um got the chance to meet Ross uh
years ago working instant responses together Ross
why don't you introduce yourself
yeah thanks so much man
uh my name is Ross Molina
I'm a cybersecurity and data privacy attorney here in Louis Brisvoy
uh vice chair of our group
I used to do something totally different
I was a litigator didn't find it personally rewarding
I had a chance to come into this space and it has been fantastic
(04:00):
um
our our main
my main practice revolves around hopping in
when companies large and smaller at their worst right
they've been hit with an attack
we get to hop in we get to help them through from the starting line
all the way through the finish line
get them back up and running
make sure they're secure try to keep this from happening again
we also help them with any notifications to
(04:22):
individuals and regulators along the way
so it's it's really rewarding to hop in and be able to
help companies in their time of need
obviously it's not a fun process of what they're going through
but we enjoy working with them and helping with them so great
very happy that I've made this transition and couldn't
couldn't see it another way
do you want to introduce yourself
(04:43):
so it's Mike Daddy
and I was former president of two regional Toko data centers
and within that space
you can actually see what's going on with the data and over time
I got more and more involved in the security side and um
I went over to Rapid Scale because everything went over to the cloud
(05:06):
Rapid Scales focuses on managing the security and
the cloud environments
and I got passionate about it when I had several situations
where folks were about to get compromised
and we're able to say hey
you're getting these DDoS attacks
you're getting everything on the dark web
where you're gonna get attacked
and they actually listen to us and avoided losing everything
(05:29):
so that that account really rewarding
and then Joe
I've known you for a long time back into the status or something
so I'm gonna hand it over to you
so Earl here with C3 Insurance
I do cyber and tech insurance for companies
so if they have a service interruption
if they get ransomed
(05:51):
we're the ones that pay the bills for people like Matt and Ross
so that you can get the best people on your team when you get hacked
and get back to business right away
so um
I wanted to talk a little bit about United Healthcare
it was almost a year ago that this healthcare company
Change Healthcare had one of the biggest hacks
um in US history
(06:11):
uh Matt
you wanna tell us a little background
yeah absolutely
um
all this is public reporting and there's been good reporting on it so
um I wasn't involved in anything to do with United Healthcare
but reporting public reporting states that
that in Q1 of last year there was a
there was a ransomware event at United Healthcare
(06:32):
subsequently
I'm kind of fast forward in here
but the team had to be in front of the go meet their
go meet their Congress men and women and
and share some of the details about this incident
but sounds like there was a Ransom paid uh
they got uh
and and they moved along uh
much quicker but the real pain in this incident was an additional
(06:53):
a reinfection we refer to it as but uh
a ransomware reinfection within a
within I believe 8 weeks um
still in Q1 of this past year
and change healthcare
who are benefits managers and manage payments out to pharmacist
mental health care providers
all the the people in the supply chain downstream of
(07:15):
of somebody the size of United Healthcare um
the real this was where the real pain was felt by the country um
because
hundreds of thousands of organizations were affected downstream
and had their businesses interrupted as well
so this isn't quite the catastrophic event that
that people have all been modeling for
that would be more along the lines of
(07:35):
let's say AWS is out for three months um
something real catastrophic for for American businesses
but it interrupted payments to so many people that
that
there's a lot of online stories about
clinics that had to close their doors or sell um
because they couldn't operate for for a period of some
some people as long as six months interrupted in payments
(07:57):
so what were the big lesson from this is um
auditing your supply chain looking at dependencies
who do you depend on and who depends on you
um because excuse me
all those other organizations in your outside of
outside of your own that you're doing business with
it becomes additional attack vectors and the
and the bad guys aren't stupid
(08:18):
they know that if they can interrupt billions of dollars of business
there's gonna be a bigger Ransom payout to them so Ross
how do how do you guys handle it in cases when
when there's these kinds of dependencies and other entities affected
I think you bring up a good point right
is I think most companies look internally
they look at themselves and they don't really notice
(08:38):
hey where else are we vulnerable and I think
for instance
a lot of healthcare providers have been awoken by the fact that hey
it's not just us got thrown out the door right
once you see a large scale breach like this
and so not only do you have to keep yourself secure
but you also need to keep for instance dentists
(08:59):
healthcare providers hospital chains
they they bring in third parties all the time to
to maintain their own data
um you're opening yourself up there right
um you can have baas
you can have all kinds of things but but what is in the BAA
for instance
something that's never really talked about is notification costs
in this case luckily
(09:21):
the notifications were handled for all of these groups
but there's a lot of BAAs that we see that don't include notification
on the on the business associates
the business associate gets hacked
and so what we advise on our end is
is yes get your network secure
make sure you're dealing with people that have their network secure
(09:41):
have contracts in place where if you're forming out your
your Phi to other groups make sure that
that BAA includes a notice provision
where if the business associate gets hit
they're also required to notify on your behalf
describe those acronyms for our listeners at
(10:01):
so BAA is a business associate agreement
so a lot of times covered entities
healthcare providers
will have an agreement in place for the Protection of medical records
for instance where or medical billing
they'll they'll send medical
they'll send medical treatment information to a third party company
who will then build a patients
(10:22):
will that sending Phi
and so
you're opening up yourself and give that national health information
right
personal health information
and so that clinic that doctor's office is opening up themselves
if that third party medical billing company gets
gets hit and so
you need to be comfortable
(10:42):
with what that third party medical company has in place
in terms of security
in the event they do get hit
you want them paying for the notifications
not you but cause under the breach notification rule
if a business associate gets hit
all they have to do is notify the covered entity
that they were impacted that there was a breach
(11:04):
and here's a list of the individuals
they don't necessarily need to I to notify those individuals
and so you can do it contractually
and so we
we have our clients when they're looking at their security stance
put that into your contracts
make sure that you are
insulating yourself from harm
that could come
as a result of one of these third party vendors getting hit
(11:26):
because it's a real problem
so notification procedures um
and requirement to notify is put in the contracts
what what do those causes usually look like a good one
it's just that it could be as simple as
in the event that a business associate has been
as has sustained a breach
they are responsible for all individual and regulatory notifications
(11:47):
um
something as simple as that
just to put the honest on that business associate
to actually incur that cost and
and get those notices out the door um
when those notices go out the door and they
they're sent by the business associate
and it has the business associate's name on it
that covered entity is not only getting rid of
(12:08):
of those notification costs
but any arrows for the people that are reading these
for the class action lawsuits
that are potentially coming down the line
that points the arrows back to the business associate
instead of the covered entity
if OCR comes knocking on the door and wanting to do an investigation
it'll be pointed towards that business associate not
(12:29):
not so much towards the covered entity
so something as simple as that can
can defray so many costs and headaches
in the event of the third party breach
um
it's a simple thing to do
but it pays dividends down the road
and in addition to that
aren't there closets where
that require maybe your vendors to notify you if you have a breach
(12:51):
or suspicion of a breach
that's interesting gosh
five years ago when this was a smaller problem
10 years ago
we never would see this ever in contracts and so basically
you were looking towards state data breach notification statutes
if it wasn't there fantastic
now because this is happening so frequently
(13:12):
you are having a lot of companies particular
I know we were talking earlier about the large companies
the the larger companies
who were concerned about their data being impacted
they're putting notice provisions in contracts
and so now when companies get hit with ransomware attacks
you obviously need to look at the federal state laws
but you also need to look through your contracts um
(13:34):
because there are notification clauses being put in there
and some of them say in the event of a breach
which breaches can typically be defined as
you know acquisition or access of sensitive data
but some are even going beyond that and saying
you know in the event of a cybersecurity incident
which is much more broad than a breach that they need to be notified
(13:55):
and so companies have started putting those in contracts
just
so they're aware of what's going on with their third party vendors
and what what are you saying about cyber insurance
or are people putting on into contracts with their vendors
that they require them to have cyber insurance
I haven't seen that yet but it's a
it's a great other parts of contracts
(14:16):
I think you should start doing it as
as part of part of these types of situations
just because every company needs to have cyber insurance
and they need to
have sufficient policy limits and no one thinks it's gonna hit them
and then they have no idea how expensive these things can be right
(14:37):
you have the forensic if the forensic investigation cost
you have the lawyer fees you have the
the restoration piece can be outrageous
and so that's not even getting in the notification
and potential class action lawsuits and all of that
so you definitely need to get protected and
and I think having your third parties vendors protected as well
(14:58):
knowing that there is a policy there that in the event that their hit
they're not just gonna go bankrupt
that they can draw on an insurance policy
that's a very good idea to keep that put in those provisions as well
where they're trying to protect that investment in that company
cause one breach could wipe that entire bank account out
yeah and the lender is just out of luck
(15:22):
absolutely
but the United Healthcare um
hack that was they got in with stolen credentials right
um there was uh
no MFA on this one system right
that's my understanding uh
that's what that's what
leadership from United Healthcare had to say in front of Congress uh
and I know there was
there was audible gasps from about the four people in the room
(15:45):
who knew what multipacropification was
everybody else said what's MFA
is that a is that a baseball play
what is that uh
but it was a big company right
very big company very hundred billion and in total word oh
north of that um north of that so and and to Ross's point
a £1 of a pound of recovery for a teaspoon of cure right
(16:11):
um the things we're talking about on the front end
that can mitigate a lot of these expenses
whether it's cyber insurance
whether it's assigning liability
appropriately in business relationships
um or any technical things
such as multi factor authentication and point detection response
making sure that you have your data and your backup
in the event of a Ransom event on your primary environment uh
(16:33):
these things cost pennies compared to the downstream effects and
and certainly we saw that with United Healthcare
the last thing I think any of us want is to see people
to see organizations that are currently doing business with
with the United Healthcare of the world
um JP Morgan
you know all the Fortune 5 hundreds
those companies now are auditing their vendors
(16:55):
and asking these security questionnaires and assigning liability uh
it's becoming we're seeing
we're seeing a large number of these
where you're being required to
both improve your security and improve your risk management
from a policy and and insurance perspective
um the last thing I wanna see is
is any small business lose one of these accounts with a
(17:15):
with a FedEx or or whomever
so the
the one thing I wanna make sure for all your listeners to understand
is while all this stuff sounds complicated
we all have a lot of acronyms in our industry and
and there's a lot of expertise obviously
but it's not as it's not nearly as expensive as you're thinking
if you're that small business with even 5 employees
(17:36):
appropriately safeguarding your organization is not it's not millions
it's not hundreds of thousands it's uh
it's certainly south of that so uh
very affordable and now we get the opportunity
through better security to enable new business opportunities
whether it's with a Fortune 500
or the department of defense
or government contract that requires these security things
(18:00):
you're starting to get some return on investment
because now our clients can
can win those contracts
now these
all these major companies are doing these vendor risk management
processes and auditing their supply chains
so hundreds of thousands of
of small companies end up with a checklist of
send us your latest pen test oh
we've never done that before
send us your ball man or send us your IR plan
(18:23):
send us your all those kinds of things that you do day in
day in and day out
a lot of people have to catch up when regulations hit
but this is a super regulation where it's coming down from
from all the Fortune 5 hundreds
obviously the DOD space
and being that
that seemingly is what happens at United Healthcare and how change
change healthcare was affected
think that's where the connection and makes it really interesting
(18:46):
for the US and be a mid market
Mike have you seen a lot of these supply chains or
or questionnaires come down for your clients
um where Fortune 5 hundreds are asking about smaller organizations
I I love it one of the challenges that I see a lot like CPA farms
processing corrected you but law firms or just smaller practice
they'll have Microsoft Exchange hosted on site
(19:09):
running an end of life OS
I was like that you're gonna be held liable
and I get a lot of push back
cause they think that cyber insurance
and cyber security is really expensive
and it you sit along I like the idea of just having sops and
and checklist all the way down the line
so when you do get a major contractors
(19:30):
people out there putting RFP
that they specifically state in the RFP
that they have certain requirements for cyber security
because we're living in an age where every company is the data
that's it and you've got to protect your data that is the currency
interesting part 2 is we've seen
I think most people kind of shy away from insurance
and think insurance companies
(19:52):
they they kind of look at it in terms of auto insurance companies
where they're trying to avoid paying for anything
cyber insurance is completely different
and and the the groups that we work with a lot
not only are they your insurance company
but they're also looking out right
and so they're constantly looking at their insurance
seeing if there's any vulnerabilities that they see
(20:13):
I can't tell you how many times
we've had insurance companies actually reach out to the insurance say
hey
you're you're vulnerable here
and we've actually been able to get in
and stop something before it happened
and so yes you are you are getting
ensured you're
you're covering yourself in the event that something bad happens
but it's almost like you're
(20:34):
you're also protecting yourself too in the front end
and that these companies are very
they're great to work with
um it is not like the auto industry
auto insurance industry it there
they're easy to work with
or looking out for your best interest
in the event that something happens
they're not looking to cheap out
they're looking to get you the best
the best groups available
(20:55):
get in there and quickly get you back up and running
and so I think there's kind of a mindset shift there
that you're buying more than just insurance
when you get yourself an insurance policy
get bigger and bigger is that
the cyber insurance industry
is more proactive than any other insurance
they are paying up front for you to and sometimes upgrade your systems
(21:18):
um they're doing analysis for you
they're um
doing threat detection for you 24 7 um
notifying you if there's possible incidences that could affect you
and then in the case that you have a bridge
they're bringing in the entire team
people like Ross at Louis Brispo's say that right big boy
(21:40):
but it's alright big boy and Brisbane way okay boy
you're my prince boy and uh
they also requiring people like math to come in and do pen testing um
if you don't have that already
or giving discounts for people that get regular pen test
going back to United Healthcare um
I just wanted to highlight some of the
the numbers that I researched
(22:01):
the hackers Black Cat Alpha B were able to steal 6 terabytes of data
which was over 100 million records
they paid 22 million Ransom and like you said
that didn't solve their problems
they still had a lot a lot of issues after even paying the Ransom
cause they were reinfected
quick point on the Joe
(22:23):
after they paid a lot of these Ransom or gangs work as like referral
there's subsidiaries and uh you know advanced businesses but anyway
uh
there was two Ransom war gangs that worked together on the
on the attack and one of them did not get their 10% referral fee or
you know initial compromise fee
(22:43):
so there was a you know a
a subsequent
that's why there was a that's speculated to be the reason there
why there was a reinfection um
and there's been there was bad blood between the two groups
I think it's called like Alpha and Black Cat
but they also I believe ended up disbanding and and rebranding coming
back coming back out where's the honor between thieves right
(23:05):
I cannot figure if you're not looking out for your gang members
yeah so the there's a couple layers right
there's the access brokers
the people that get in and then there's the guys that actually handle
franchise owners that create the ransomware software and
and run the uh
you know the marketing or something that for like the franchise yeah
(23:25):
Mark
or they have like the thinners that you can access
and in the back end you know acting uh
it's all very uh organized and uh
one number I saw that was kind of crazy was
the hospitals that were affected by this
were losing $100 million a day
I've lost business due to this well one act uh
(23:49):
so this
this hack was one of the biggest if not the biggest in US history
and you know with recent news with the CEO
Brian Thompson getting killed in broad daylight in New York
there is more more interesting connections with this hack um
did you guys read anything on that
I did read about uh timing
(24:11):
uh of
of some executive compensation
where people were selling shares during the period where
or right before the period where the
the incident was uncovered
but it looked like it had been announced in advance and you know
everything looks
looks like everything looks nefarious when
when the hackers are when the incident happens
so everything in hindsight looks oh
(24:32):
this must this must have been a conspiracy
it was probably people selling shares because they
you know needed to pay some bills
um but there was a lot of speculation of who was this insider trading
and I believe there was an investigation into
that was one thing I saw what else did you see Joe
there was
there was an insider trading investigation from when they were first
(24:54):
were first being looked at by the DOJ
some of the
executives sold stock
before they announced that they were being investigated
including Brian Thompson and then there was a report that Nancy Pelosi
this is the Nancy Pelosi connection
it's interesting
she bought 14 million and
(25:16):
call options to follow out to networks
on the day that they were packed
and she later made $32 million on that trade
and that was before the hack was even announced
uh that she bought the
so that was that's pretty suspicious in my opinion
but interesting connections
like Brian Thompson's grandpa was like business with Nancy Pelosi's
(25:41):
some kind of connection that way
so
I don't know
like I like to put the blue light glasses on for this conversation
I'm not exactly sure where this is heading
well I think that there is some kind of investigation going on
right where maybe Bryant Thompson would have to talk under oath
and maybe this situation might have come up and it's possible that
(26:02):
was not working alone and that this was a planned hit
uh to keep uh
Brian Thompson quiet
well I'll
I'll tell you what I have seen is
I've heard firsthand incidents
where these ransomware gangs are making so much money that
that they do have people within
you know within communities
one business owner who was just having her
(26:23):
just being terrorized by people who got access to her icloud
her email and then we're taking money out of her business account
little by little because there were some limits on it
but they struggled to get her up to get it
to get the attacker out of
out of her accounts
they were intercepting mail in her mailbox
terrifying
and stealing you know
(26:44):
grabbing the new debit and credit cards
and then they call in
and they had the legitimate information that she did not even have
so she couldn't prove it
and I have another
a covid story of a life insurance company
was mailing out policies during Covid
like right right when Covid started
couldn't deliver them in person anymore
(27:04):
so they started mailing the written policies
a friend of mine's the
a life insurance broker and told me the story
his client someone stole the policies off of their porch
they called in to the call center and got the beneficiary changed
oh that's horrible
on their life insurance policies
(27:26):
and luckily he caught it when he got along by as the agent that
you know why isn't the spouse the beneficiary anymore
who is this person
the the
the clients knew nothing about it and yeah
they got the police involved quickly
cause somebody had literally a 1 million
multimillion dollar Ransom over their heads
through the life insurance policy
(27:46):
so
and going back historically
people have stolen stolen credit card information
this used to be prior to ransomware
this is where the majority of money was made stealing credit cards
putting them on a new mag stripe on a credit card
and then they would give them out and people would go buy stuff
they'd sell it on eBay and make their profits that way
that was a multi billion dollar industry
yeah so we've seen it before where people among the
(28:09):
you know within within your city
town state are physically involved
so cyber just becomes one more area of risk management
we gotta understand that
that there's a lot of people on the other side
um that are making their money off
off these types of activities
the man in the middle attacks are really hard to find too
(28:30):
this is essentially what they're doing and then where they at
so you could have a man in middle attack
where that person is in Pakistan
but the attack is going from two people within San Diego
although those are hard to track down
I know we uh
we're running out of uh time here
but I wanted to see if you Ross could uh
just kinda go over like what legal protections
(28:50):
companies can
go through in order to like be prepared in case they hacked and
you know
what they should do to get hacked cause breach council should be
you know at least be the first or second call yeah
so I mean typically
what we like to advise clients
is to have an instant response plan in place right
and so you're never when things like this happen
(29:10):
it's normally the worst day of your of your professional career
people are running around frantic
if you don't have a game plan for this
it's going to be a lot harder
so yes we recommend being proactive
reaching out um
you know we
we just
like a number of other law firms and companies can put together
and it's in a response plan
it'll have everything on there so that in the event that this happens
(29:32):
you open it up see step 1 call Breach Council
step 2 notify your insurance carrier
it'll have the policy limit
I mean the policy number one so that everything can get going
um obviously have have cyber security insurance
you know that that's that's major have
you know in terms of protecting yourself
(29:52):
I think going through the incident response plan process
will kind of identify some things that
hey we need to make sure that this vendor
these vendors have protections in place
we need to make sure we have
you know our
our EDR not only in place
but actually in place across the entire network um
(30:12):
yeah and we've seen instances where you know say oh yeah
we have sent a lot place like okay
well you didn't have it on that one server that got hit
and then once they got in
they took everything so the same thing with MFA
and I know I'm probably getting it in Matt's wheelhouse here
but you know
having MFA in place and actually enforced and enforced for
for everyone in in the group um
(30:34):
you know similar to the to the EDR roll out
we've seen a lot of instances for instance
healthcare providers where
you know
our law firms where they have MFA enforced for everyone except for
okay well
there's this one
you know older partner who doesn't want MFA on their accounts like
well guess how they got in through that that account
(30:54):
so I think just thinking proactively thinking hey
you know
and that starts with getting an incident response playing in place
it's cheaper than you think
and it makes you think of your vulnerabilities and how you gain plan
you know once an incident happens great amount you wanna fill in
you know where you where you guys come in
absolutely and
(31:14):
and I
I think the right place to do all of this for free the S&B owner
the midmarket account owner that that wears a million hats
and I'm sure the last thing they wanna do is get in
into the cybersecurity management industry
is use your annual insurance renewal as the opportunity to review
all of this
let's cyber risk management is not as complex as it sounds well
(31:38):
in the technical details obviously
it gets pretty granular but at a high level
what you need to do is have a great cyber insurance policy
that's gonna cover uh
cover your business to help recover and to help fill in the gaps
where if you're not getting paid for 6 months
my insurance policy is is helping pay for
for us to stay operational during that time so cyber insurance
(32:00):
have a cyber risk management plan
have a risk management strategy that's written
that we can follow and is our source of truth
that is that we can use to defend ourselves
if we ever end up in a courtroom following one of these incidents
and can be our guiding post
so we're so we're also not wasting money on unnecessary tools um
(32:21):
and then 3 use both of those use your insurance
use your risk management strategy
your privacy strategy
use that to inform what you're doing on a 24 7 basis
on a day to day basis
a lot of things that Ross mentioned uh
and and that we've talked about today have been
are things that are are not as expensive as you think are some
in some instances are free to do today and can save
(32:45):
you can save your entire business in the end
and um
that it can be that drastic of a difference between between the
the positions you find yourself in when you have an incident um
these things get get very expensive very fast and with hindsight
that's why I'm on this side now not
not doing the incident response space anymores
(33:05):
I wanna be able to inform people of
make these 5 small steps today that don't cost as much as you think
and you can find yourself in a position where
you're not spending any money out of pocket
Ransom or events you know
if you're downstream of United Healthcare
and you can't get paid for three four
five months that's always painful um
(33:26):
but if you have continuity plans
and if you have an insurer that's paying in the interim
and you've talked to Louis Brispoly about
making sure that you don't have any regulatory issues uh
or or people you need to report to it's still painful
but it's not you know it's a fraction of the pain
1% of the pain compared to
flying by the seat of your pants and having no financial backing
(33:48):
when that incident happens so um
use your annual insurance review call Joe
use your annual insurance review to
look at cyber risk management holistically from a privacy and
and proactive security standpoint
and you're you're taking people through those incident response plans
doing tabletop exercises
kind of run running it with them
(34:09):
is that one of the things that you do
yeah I'll give a free tabletop for your listeners real quick
uh and I'll talk fast cause we could stretch this out for an hour
but you walk into the office on Monday
and you can't get on and all of your emails and servers are locked uh
what do you do
so run that scenario for your organization uh
(34:30):
you wait you get the following Monday you get into the office and uh
your bank account is missing $500,000
you had 780 in in there on Friday and you have
you're missing $500,000 on Monday
what do you do who are you calling
where do you go
run those two scenarios for your business
(34:51):
and if you don't have good plans
you need to call Joe
yeah call me
like a better call saw commercial
but I mean that insurance is a
insurance and risk management is where this all starts yeah
absolutely and not all insurance policies the same quality uh
one thing that I'm seeing a lot because of the supply chain risk
is that insurance companies are limiting your
(35:14):
dependent
business income on companies that you have written contracts with
so if this company here gets hacked and it affects you
but you're there's a company in between you two
and you don't have a written contract with this person
you could be out of luck depending on the wording of your policy
so it's definitely something to to look into
(35:34):
especially now that we are having these crazy
events like Crowdstrike and other downstream incidents with
for example let me clarify a change change healthcare
let me clarify on that because I've never heard that before
and I wanna get Ross's thought on this too
you're saying in some policies if I have an AWS instance
(35:57):
I would be covered but if I have a solution provider
who's hosting that AWS for me to use
depending on the language that may or may not be covered in
in the event of an outage
but depend on your contract
I think yeah because okay yeah
that's important again
but think that if you're using a contractor to access AWS
(36:17):
and you can't access that service
that that's part of their service
you know uh
covered and I'm thinking more like change healthcare because yes
Change Healthcare was breached
but a lot of these doctors offices did not have contracts with Change
Healthcare
they were down the line maybe two or two or three iterations right
so because of because of that
(36:39):
another incidents like that like take like snowflake for example
we're having these major crowd outages just because like they're out
you may not have a contract with snowflake
but you can't operate because the state has gone so I don't know it's
it's fun to go through hypotheticals
but you know it all depends on
(37:00):
actual details of the whether things are
are covered or not and my experience
insurance companies are looking for a way to pay for your incident
they're trying to find coverage in the policy
and I've called in a number of claims that I thought well
I managed expectations of course
but I thought would
would not be covered and they found a way to cover it there
(37:22):
one example is uh
one of my my clients was uh
caught up in a Ponzi scheme where they were uh
backing these uh payment processing loans
and the guy ended up just like taking off with the money um
you know paying them back 20%
but then after a while just like stop paying it back
and was able to saw that money back under social engineering coverage
(37:46):
so yeah
the the wording that we
we was usually pretty broad and like you guys said
you're not
getting by with anybody that's going to charge you less than like 400
$500 an hour in the instant response to forensics or attorneys
so it's definitely worth it
even if you're having a small breach to do that
(38:07):
and one more question for Louis Prince boy Ross
do you guys do like retainers with with companies
so if they do have a breach
you know they're ready to to go with you guys
they don't have to do all the paperwork
yeah no
we do that all the time where you know again
it can be part of an incident response plan where we can write that in
um into the instant response plan
(38:28):
just so you have it
or some companies like to get everything squared away beforehand
make sure we have no conflicts and and get involved
um
just in the event that something happens
not only do they have our contact information
but they have a relationship and they feel comfortable with
with who is their breach counsel
and so we do that all all the time
Brayden um
how can how can people find you Ross
(38:50):
yeah you can look us up Louis Brisbane
com uh
my my cell phone number is 5 0 4 2 3 5 2 6 8 1 uh
that
that's the phone I typically use just cause in this line of business
it's that's how that's how we get in contact or you know
email Ross dot Molina at louisprintboy dot com
awesome and how about you man
optimize cyber.com as the best way to to get a hold of us
(39:13):
there's an intake form on there
call your call you right back with a with our contact us
how do you spell how do you spell optimize on that
optimize o p t I m I z e cyber c y b e r
com on an unrelated note when we started this company a few years back
could not believe that
(39:33):
that domain was available as cheaply as we got it
so yeah up to my cyber.com
great guys
Mike do you have anything to to bring you some bring us home no
we trust
all the good things is just the simple things will go a long way
like MFA like making sure everything's updated
(39:55):
one thing that I would add is audit your it provider
and make sure that they're in compliance
and make sure they're hitting all the marks
and how do people get a hold of you Mike
just rapid scale.net or you can just call me directly
6 1 9 8 2 2 0 5 9 5 great great
and I'm Joe C 3 insurance slash cyber is the best way to um
(40:18):
interact with us or you can find me on the socials LinkedIn
Instagram even TikTok
I'm really cool and I got your dancer on there
viral insurance guy yeah exactly
I I can't wait to viral
alright guys thank you so much for joining us
um we really appreciate you coming on the show
taking the time and I wish you guys a great 2,025 and we'll talk soon
(40:44):
alright guys
the hospitals that were affected by this
were losing a $100 million a day
and the event they do get hit
you want them paying for the notifications
not you but hundreds of thousands of
of small companies end up with a checklist of a super regulation
where it's coming down from
from all the Fortune 5 hundreds
(00:20):
obviously the DOD space
and being that
that seemingly is what happens at United Healthcare and how change
change healthcare was affected
think that's where the connection
and makes it really interesting for the US and be a mid market
okay boy
you're my brother's boy
this is an Nancy Pelosi connection here
it's interesting um she
(00:41):
bought 14 million and call options
to follow out to networks on the day that they were packed
and she later made $32 million on that trade
and that was before the hack was even announced
uh that she bought a lot of things that Ross mentioned uh
and and that we've talked about today have been are things that are
are not as expensive as you think are some
(01:04):
in some instances are free to do today and can save
you can save your entire business in the end
welcome to the Ransomware Rewind podcast
she was literally not getting paid
and it all came down to
this could be avoided just with the simple sop
and if they would just want to follow that SOP
(01:26):
they'd be fine but a lot of folks
in the mid market space just focus on the cheap stuff
oh I can get an MSP
and then that MSP is a guy in a truck that's setting up an old school
Asa 50
five hundred and they just
that world's gone and the mid market needs to catch up
welcome to the Ransomware Rewind podcast
we have some great guests today
(01:47):
Ross Molina from Louis Brispoe
he's a uh breach and privacy attorney and we have Matt Cuaman
he's with optimized cyber uh
they specialize in pen testing uh consulting
BCSO backups
all the consulting services you need for your your company
welcome to the show I think you'll enjoy
(02:09):
we're gonna be talking about uh
United Healthcare and some of the connections between the hack and uh
the recent shooting of the CEO of United Healthcare
we might have some info
hot stuff going on here involving Nancy Pelosi who knows
how to protect you your business and your network from acts ransomware
(02:33):
any infiltration and what to do about it after
thanks Joe Glad to be here
Matt Woeman I'm the cofounder at Optimized Cyber
as Joe said we're an offensive security consulting company
in the past I've
I've been on the rant somewhere incident response side overseeing uh
large number of cases and certainly is an area interest
I got into security about 7
8 years ago and immediately fell in love with it
(02:56):
the beautiful thing is I grew up
my dad was a owned an HVAC company in small town Minnesota
and he experienced an incident where
where when he was going to sell his business um
people stole some proprietary information to the company that
that drastically reduced
cut in half the valuation of
of that exit of his his business and his life's work
(03:17):
so once I found out that's what we do in the cybersecurity spaces
we battle battle people online to help help small
mid size and obviously enterprise organizations
prevent incidents like that from happening
it was just a match made in heaven
so I got very lucky to find my way into security and
and having a lot of fun along the way
(03:37):
um got the chance to meet Ross uh
years ago working instant responses together Ross
why don't you introduce yourself
yeah thanks so much man
uh my name is Ross Molina
I'm a cybersecurity and data privacy attorney here in Louis Brisvoy
uh vice chair of our group
I used to do something totally different
I was a litigator didn't find it personally rewarding
I had a chance to come into this space and it has been fantastic
(04:00):
um
our our main
my main practice revolves around hopping in
when companies large and smaller at their worst right
they've been hit with an attack
we get to hop in we get to help them through from the starting line
all the way through the finish line
get them back up and running
make sure they're secure try to keep this from happening again
we also help them with any notifications to
(04:22):
individuals and regulators along the way
so it's it's really rewarding to hop in and be able to
help companies in their time of need
obviously it's not a fun process of what they're going through
but we enjoy working with them and helping with them so great
very happy that I've made this transition and couldn't
couldn't see it another way
do you want to introduce yourself
(04:43):
so it's Mike Daddy
and I was former president of two regional Toko data centers
and within that space
you can actually see what's going on with the data and over time
I got more and more involved in the security side and um
I went over to Rapid Scale because everything went over to the cloud
(05:06):
Rapid Scales focuses on managing the security and
the cloud environments
and I got passionate about it when I had several situations
where folks were about to get compromised
and we're able to say hey
you're getting these DDoS attacks
you're getting everything on the dark web
where you're gonna get attacked
and they actually listen to us and avoided losing everything
(05:29):
so that that account really rewarding
and then Joe
I've known you for a long time back into the status or something
so I'm gonna hand it over to you
so Earl here with C3 Insurance
I do cyber and tech insurance for companies
so if they have a service interruption
if they get ransomed
(05:51):
we're the ones that pay the bills for people like Matt and Ross
so that you can get the best people on your team when you get hacked
and get back to business right away
so um
I wanted to talk a little bit about United Healthcare
it was almost a year ago that this healthcare company
Change Healthcare had one of the biggest hacks
um in US history
(06:11):
uh Matt
you wanna tell us a little background
yeah absolutely
um
all this is public reporting and there's been good reporting on it so
um I wasn't involved in anything to do with United Healthcare
but reporting public reporting states that
that in Q1 of last year there was a
there was a ransomware event at United Healthcare
(06:32):
subsequently
I'm kind of fast forward in here
but the team had to be in front of the go meet their
go meet their Congress men and women and
and share some of the details about this incident
but sounds like there was a Ransom paid uh
they got uh
and and they moved along uh
much quicker but the real pain in this incident was an additional
(06:53):
a reinfection we refer to it as but uh
a ransomware reinfection within a
within I believe 8 weeks um
still in Q1 of this past year
and change healthcare
who are benefits managers and manage payments out to pharmacist
mental health care providers
all the the people in the supply chain downstream of
(07:15):
of somebody the size of United Healthcare um
the real this was where the real pain was felt by the country um
because
hundreds of thousands of organizations were affected downstream
and had their businesses interrupted as well
so this isn't quite the catastrophic event that
that people have all been modeling for
that would be more along the lines of
(07:35):
let's say AWS is out for three months um
something real catastrophic for for American businesses
but it interrupted payments to so many people that
that
there's a lot of online stories about
clinics that had to close their doors or sell um
because they couldn't operate for for a period of some
some people as long as six months interrupted in payments
(07:57):
so what were the big lesson from this is um
auditing your supply chain looking at dependencies
who do you depend on and who depends on you
um because excuse me
all those other organizations in your outside of
outside of your own that you're doing business with
it becomes additional attack vectors and the
and the bad guys aren't stupid
(08:18):
they know that if they can interrupt billions of dollars of business
there's gonna be a bigger Ransom payout to them so Ross
how do how do you guys handle it in cases when
when there's these kinds of dependencies and other entities affected
I think you bring up a good point right
is I think most companies look internally
they look at themselves and they don't really notice
(08:38):
hey where else are we vulnerable and I think
for instance
a lot of healthcare providers have been awoken by the fact that hey
it's not just us got thrown out the door right
once you see a large scale breach like this
and so not only do you have to keep yourself secure
but you also need to keep for instance dentists
(08:59):
healthcare providers hospital chains
they they bring in third parties all the time to
to maintain their own data
um you're opening yourself up there right
um you can have baas
you can have all kinds of things but but what is in the BAA
for instance
something that's never really talked about is notification costs
in this case luckily
(09:21):
the notifications were handled for all of these groups
but there's a lot of BAAs that we see that don't include notification
on the on the business associates
the business associate gets hacked
and so what we advise on our end is
is yes get your network secure
make sure you're dealing with people that have their network secure
(09:41):
have contracts in place where if you're forming out your
your Phi to other groups make sure that
that BAA includes a notice provision
where if the business associate gets hit
they're also required to notify on your behalf
describe those acronyms for our listeners at
(10:01):
so BAA is a business associate agreement
so a lot of times covered entities
healthcare providers
will have an agreement in place for the Protection of medical records
for instance where or medical billing
they'll they'll send medical
they'll send medical treatment information to a third party company
who will then build a patients
(10:22):
will that sending Phi
and so
you're opening up yourself and give that national health information
right
personal health information
and so that clinic that doctor's office is opening up themselves
if that third party medical billing company gets
gets hit and so
you need to be comfortable
(10:42):
with what that third party medical company has in place
in terms of security
in the event they do get hit
you want them paying for the notifications
not you but cause under the breach notification rule
if a business associate gets hit
all they have to do is notify the covered entity
that they were impacted that there was a breach
(11:04):
and here's a list of the individuals
they don't necessarily need to I to notify those individuals
and so you can do it contractually
and so we
we have our clients when they're looking at their security stance
put that into your contracts
make sure that you are
insulating yourself from harm
that could come
as a result of one of these third party vendors getting hit
(11:26):
because it's a real problem
so notification procedures um
and requirement to notify is put in the contracts
what what do those causes usually look like a good one
it's just that it could be as simple as
in the event that a business associate has been
as has sustained a breach
they are responsible for all individual and regulatory notifications
(11:47):
um
something as simple as that
just to put the honest on that business associate
to actually incur that cost and
and get those notices out the door um
when those notices go out the door and they
they're sent by the business associate
and it has the business associate's name on it
that covered entity is not only getting rid of
(12:08):
of those notification costs
but any arrows for the people that are reading these
for the class action lawsuits
that are potentially coming down the line
that points the arrows back to the business associate
instead of the covered entity
if OCR comes knocking on the door and wanting to do an investigation
it'll be pointed towards that business associate not
(12:29):
not so much towards the covered entity
so something as simple as that can
can defray so many costs and headaches
in the event of the third party breach
um
it's a simple thing to do
but it pays dividends down the road
and in addition to that
aren't there closets where
that require maybe your vendors to notify you if you have a breach
(12:51):
or suspicion of a breach
that's interesting gosh
five years ago when this was a smaller problem
10 years ago
we never would see this ever in contracts and so basically
you were looking towards state data breach notification statutes
if it wasn't there fantastic
now because this is happening so frequently
(13:12):
you are having a lot of companies particular
I know we were talking earlier about the large companies
the the larger companies
who were concerned about their data being impacted
they're putting notice provisions in contracts
and so now when companies get hit with ransomware attacks
you obviously need to look at the federal state laws
but you also need to look through your contracts um
(13:34):
because there are notification clauses being put in there
and some of them say in the event of a breach
which breaches can typically be defined as
you know acquisition or access of sensitive data
but some are even going beyond that and saying
you know in the event of a cybersecurity incident
which is much more broad than a breach that they need to be notified
(13:55):
and so companies have started putting those in contracts
just
so they're aware of what's going on with their third party vendors
and what what are you saying about cyber insurance
or are people putting on into contracts with their vendors
that they require them to have cyber insurance
I haven't seen that yet but it's a
it's a great other parts of contracts
(14:16):
I think you should start doing it as
as part of part of these types of situations
just because every company needs to have cyber insurance
and they need to
have sufficient policy limits and no one thinks it's gonna hit them
and then they have no idea how expensive these things can be right
(14:37):
you have the forensic if the forensic investigation cost
you have the lawyer fees you have the
the restoration piece can be outrageous
and so that's not even getting in the notification
and potential class action lawsuits and all of that
so you definitely need to get protected and
and I think having your third parties vendors protected as well
(14:58):
knowing that there is a policy there that in the event that their hit
they're not just gonna go bankrupt
that they can draw on an insurance policy
that's a very good idea to keep that put in those provisions as well
where they're trying to protect that investment in that company
cause one breach could wipe that entire bank account out
yeah and the lender is just out of luck
(15:22):
absolutely
but the United Healthcare um
hack that was they got in with stolen credentials right
um there was uh
no MFA on this one system right
that's my understanding uh
that's what that's what
leadership from United Healthcare had to say in front of Congress uh
and I know there was
there was audible gasps from about the four people in the room
(15:45):
who knew what multipacropification was
everybody else said what's MFA
is that a is that a baseball play
what is that uh
but it was a big company right
very big company very hundred billion and in total word oh
north of that um north of that so and and to Ross's point
a £1 of a pound of recovery for a teaspoon of cure right
(16:11):
um the things we're talking about on the front end
that can mitigate a lot of these expenses
whether it's cyber insurance
whether it's assigning liability
appropriately in business relationships
um or any technical things
such as multi factor authentication and point detection response
making sure that you have your data and your backup
in the event of a Ransom event on your primary environment uh
(16:33):
these things cost pennies compared to the downstream effects and
and certainly we saw that with United Healthcare
the last thing I think any of us want is to see people
to see organizations that are currently doing business with
with the United Healthcare of the world
um JP Morgan
you know all the Fortune 5 hundreds
those companies now are auditing their vendors
(16:55):
and asking these security questionnaires and assigning liability uh
it's becoming we're seeing
we're seeing a large number of these
where you're being required to
both improve your security and improve your risk management
from a policy and and insurance perspective
um the last thing I wanna see is
is any small business lose one of these accounts with a
(17:15):
with a FedEx or or whomever
so the
the one thing I wanna make sure for all your listeners to understand
is while all this stuff sounds complicated
we all have a lot of acronyms in our industry and
and there's a lot of expertise obviously
but it's not as it's not nearly as expensive as you're thinking
if you're that small business with even 5 employees
(17:36):
appropriately safeguarding your organization is not it's not millions
it's not hundreds of thousands it's uh
it's certainly south of that so uh
very affordable and now we get the opportunity
through better security to enable new business opportunities
whether it's with a Fortune 500
or the department of defense
or government contract that requires these security things
(18:00):
you're starting to get some return on investment
because now our clients can
can win those contracts
now these
all these major companies are doing these vendor risk management
processes and auditing their supply chains
so hundreds of thousands of
of small companies end up with a checklist of
send us your latest pen test oh
we've never done that before
send us your ball man or send us your IR plan
(18:23):
send us your all those kinds of things that you do day in
day in and day out
a lot of people have to catch up when regulations hit
but this is a super regulation where it's coming down from
from all the Fortune 5 hundreds
obviously the DOD space
and being that
that seemingly is what happens at United Healthcare and how change
change healthcare was affected
think that's where the connection and makes it really interesting
(18:46):
for the US and be a mid market
Mike have you seen a lot of these supply chains or
or questionnaires come down for your clients
um where Fortune 5 hundreds are asking about smaller organizations
I I love it one of the challenges that I see a lot like CPA farms
processing corrected you but law firms or just smaller practice
they'll have Microsoft Exchange hosted on site
(19:09):
running an end of life OS
I was like that you're gonna be held liable
and I get a lot of push back
cause they think that cyber insurance
and cyber security is really expensive
and it you sit along I like the idea of just having sops and
and checklist all the way down the line
so when you do get a major contractors
(19:30):
people out there putting RFP
that they specifically state in the RFP
that they have certain requirements for cyber security
because we're living in an age where every company is the data
that's it and you've got to protect your data that is the currency
interesting part 2 is we've seen
I think most people kind of shy away from insurance
and think insurance companies
(19:52):
they they kind of look at it in terms of auto insurance companies
where they're trying to avoid paying for anything
cyber insurance is completely different
and and the the groups that we work with a lot
not only are they your insurance company
but they're also looking out right
and so they're constantly looking at their insurance
seeing if there's any vulnerabilities that they see
(20:13):
I can't tell you how many times
we've had insurance companies actually reach out to the insurance say
hey
you're you're vulnerable here
and we've actually been able to get in
and stop something before it happened
and so yes you are you are getting
ensured you're
you're covering yourself in the event that something bad happens
but it's almost like you're
(20:34):
you're also protecting yourself too in the front end
and that these companies are very
they're great to work with
um it is not like the auto industry
auto insurance industry it there
they're easy to work with
or looking out for your best interest
in the event that something happens
they're not looking to cheap out
they're looking to get you the best
the best groups available
(20:55):
get in there and quickly get you back up and running
and so I think there's kind of a mindset shift there
that you're buying more than just insurance
when you get yourself an insurance policy
get bigger and bigger is that
the cyber insurance industry
is more proactive than any other insurance
they are paying up front for you to and sometimes upgrade your systems
(21:18):
um they're doing analysis for you
they're um
doing threat detection for you 24 7 um
notifying you if there's possible incidences that could affect you
and then in the case that you have a bridge
they're bringing in the entire team
people like Ross at Louis Brispo's say that right big boy
(21:40):
but it's alright big boy and Brisbane way okay boy
you're my prince boy and uh
they also requiring people like math to come in and do pen testing um
if you don't have that already
or giving discounts for people that get regular pen test
going back to United Healthcare um
I just wanted to highlight some of the
the numbers that I researched
(22:01):
the hackers Black Cat Alpha B were able to steal 6 terabytes of data
which was over 100 million records
they paid 22 million Ransom and like you said
that didn't solve their problems
they still had a lot a lot of issues after even paying the Ransom
cause they were reinfected
quick point on the Joe
(22:23):
after they paid a lot of these Ransom or gangs work as like referral
there's subsidiaries and uh you know advanced businesses but anyway
uh
there was two Ransom war gangs that worked together on the
on the attack and one of them did not get their 10% referral fee or
you know initial compromise fee
(22:43):
so there was a you know a
a subsequent
that's why there was a that's speculated to be the reason there
why there was a reinfection um
and there's been there was bad blood between the two groups
I think it's called like Alpha and Black Cat
but they also I believe ended up disbanding and and rebranding coming
back coming back out where's the honor between thieves right
(23:05):
I cannot figure if you're not looking out for your gang members
yeah so the there's a couple layers right
there's the access brokers
the people that get in and then there's the guys that actually handle
franchise owners that create the ransomware software and
and run the uh
you know the marketing or something that for like the franchise yeah
(23:25):
Mark
or they have like the thinners that you can access
and in the back end you know acting uh
it's all very uh organized and uh
one number I saw that was kind of crazy was
the hospitals that were affected by this
were losing $100 million a day
I've lost business due to this well one act uh
(23:49):
so this
this hack was one of the biggest if not the biggest in US history
and you know with recent news with the CEO
Brian Thompson getting killed in broad daylight in New York
there is more more interesting connections with this hack um
did you guys read anything on that
I did read about uh timing
(24:11):
uh of
of some executive compensation
where people were selling shares during the period where
or right before the period where the
the incident was uncovered
but it looked like it had been announced in advance and you know
everything looks
looks like everything looks nefarious when
when the hackers are when the incident happens
so everything in hindsight looks oh
(24:32):
this must this must have been a conspiracy
it was probably people selling shares because they
you know needed to pay some bills
um but there was a lot of speculation of who was this insider trading
and I believe there was an investigation into
that was one thing I saw what else did you see Joe
there was
there was an insider trading investigation from when they were first
(24:54):
were first being looked at by the DOJ
some of the
executives sold stock
before they announced that they were being investigated
including Brian Thompson and then there was a report that Nancy Pelosi
this is the Nancy Pelosi connection
it's interesting
she bought 14 million and
(25:16):
call options to follow out to networks
on the day that they were packed
and she later made $32 million on that trade
and that was before the hack was even announced
uh that she bought the
so that was that's pretty suspicious in my opinion
but interesting connections
like Brian Thompson's grandpa was like business with Nancy Pelosi's
(25:41):
some kind of connection that way
so
I don't know
like I like to put the blue light glasses on for this conversation
I'm not exactly sure where this is heading
well I think that there is some kind of investigation going on
right where maybe Bryant Thompson would have to talk under oath
and maybe this situation might have come up and it's possible that
(26:02):
was not working alone and that this was a planned hit
uh to keep uh
Brian Thompson quiet
well I'll
I'll tell you what I have seen is
I've heard firsthand incidents
where these ransomware gangs are making so much money that
that they do have people within
you know within communities
one business owner who was just having her
(26:23):
just being terrorized by people who got access to her icloud
her email and then we're taking money out of her business account
little by little because there were some limits on it
but they struggled to get her up to get it
to get the attacker out of
out of her accounts
they were intercepting mail in her mailbox
terrifying
and stealing you know
(26:44):
grabbing the new debit and credit cards
and then they call in
and they had the legitimate information that she did not even have
so she couldn't prove it
and I have another
a covid story of a life insurance company
was mailing out policies during Covid
like right right when Covid started
couldn't deliver them in person anymore
(27:04):
so they started mailing the written policies
a friend of mine's the
a life insurance broker and told me the story
his client someone stole the policies off of their porch
they called in to the call center and got the beneficiary changed
oh that's horrible
on their life insurance policies
(27:26):
and luckily he caught it when he got along by as the agent that
you know why isn't the spouse the beneficiary anymore
who is this person
the the
the clients knew nothing about it and yeah
they got the police involved quickly
cause somebody had literally a 1 million
multimillion dollar Ransom over their heads
through the life insurance policy
(27:46):
so
and going back historically
people have stolen stolen credit card information
this used to be prior to ransomware
this is where the majority of money was made stealing credit cards
putting them on a new mag stripe on a credit card
and then they would give them out and people would go buy stuff
they'd sell it on eBay and make their profits that way
that was a multi billion dollar industry
yeah so we've seen it before where people among the
(28:09):
you know within within your city
town state are physically involved
so cyber just becomes one more area of risk management
we gotta understand that
that there's a lot of people on the other side
um that are making their money off
off these types of activities
the man in the middle attacks are really hard to find too
(28:30):
this is essentially what they're doing and then where they at
so you could have a man in middle attack
where that person is in Pakistan
but the attack is going from two people within San Diego
although those are hard to track down
I know we uh
we're running out of uh time here
but I wanted to see if you Ross could uh
just kinda go over like what legal protections
(28:50):
companies can
go through in order to like be prepared in case they hacked and
you know
what they should do to get hacked cause breach council should be
you know at least be the first or second call yeah
so I mean typically
what we like to advise clients
is to have an instant response plan in place right
and so you're never when things like this happen
(29:10):
it's normally the worst day of your of your professional career
people are running around frantic
if you don't have a game plan for this
it's going to be a lot harder
so yes we recommend being proactive
reaching out um
you know we
we just
like a number of other law firms and companies can put together
and it's in a response plan
it'll have everything on there so that in the event that this happens
(29:32):
you open it up see step 1 call Breach Council
step 2 notify your insurance carrier
it'll have the policy limit
I mean the policy number one so that everything can get going
um obviously have have cyber security insurance
you know that that's that's major have
you know in terms of protecting yourself
(29:52):
I think going through the incident response plan process
will kind of identify some things that
hey we need to make sure that this vendor
these vendors have protections in place
we need to make sure we have
you know our
our EDR not only in place
but actually in place across the entire network um
(30:12):
yeah and we've seen instances where you know say oh yeah
we have sent a lot place like okay
well you didn't have it on that one server that got hit
and then once they got in
they took everything so the same thing with MFA
and I know I'm probably getting it in Matt's wheelhouse here
but you know
having MFA in place and actually enforced and enforced for
for everyone in in the group um
(30:34):
you know similar to the to the EDR roll out
we've seen a lot of instances for instance
healthcare providers where
you know
our law firms where they have MFA enforced for everyone except for
okay well
there's this one
you know older partner who doesn't want MFA on their accounts like
well guess how they got in through that that account
(30:54):
so I think just thinking proactively thinking hey
you know
and that starts with getting an incident response playing in place
it's cheaper than you think
and it makes you think of your vulnerabilities and how you gain plan
you know once an incident happens great amount you wanna fill in
you know where you where you guys come in
absolutely and
(31:14):
and I
I think the right place to do all of this for free the S&B owner
the midmarket account owner that that wears a million hats
and I'm sure the last thing they wanna do is get in
into the cybersecurity management industry
is use your annual insurance renewal as the opportunity to review
all of this
let's cyber risk management is not as complex as it sounds well
(31:38):
in the technical details obviously
it gets pretty granular but at a high level
what you need to do is have a great cyber insurance policy
that's gonna cover uh
cover your business to help recover and to help fill in the gaps
where if you're not getting paid for 6 months
my insurance policy is is helping pay for
for us to stay operational during that time so cyber insurance
(32:00):
have a cyber risk management plan
have a risk management strategy that's written
that we can follow and is our source of truth
that is that we can use to defend ourselves
if we ever end up in a courtroom following one of these incidents
and can be our guiding post
so we're so we're also not wasting money on unnecessary tools um
(32:21):
and then 3 use both of those use your insurance
use your risk management strategy
your privacy strategy
use that to inform what you're doing on a 24 7 basis
on a day to day basis
a lot of things that Ross mentioned uh
and and that we've talked about today have been
are things that are are not as expensive as you think are some
in some instances are free to do today and can save
(32:45):
you can save your entire business in the end
and um
that it can be that drastic of a difference between between the
the positions you find yourself in when you have an incident um
these things get get very expensive very fast and with hindsight
that's why I'm on this side now not
not doing the incident response space anymores
(33:05):
I wanna be able to inform people of
make these 5 small steps today that don't cost as much as you think
and you can find yourself in a position where
you're not spending any money out of pocket
Ransom or events you know
if you're downstream of United Healthcare
and you can't get paid for three four
five months that's always painful um
(33:26):
but if you have continuity plans
and if you have an insurer that's paying in the interim
and you've talked to Louis Brispoly about
making sure that you don't have any regulatory issues uh
or or people you need to report to it's still painful
but it's not you know it's a fraction of the pain
1% of the pain compared to
flying by the seat of your pants and having no financial backing
(33:48):
when that incident happens so um
use your annual insurance review call Joe
use your annual insurance review to
look at cyber risk management holistically from a privacy and
and proactive security standpoint
and you're you're taking people through those incident response plans
doing tabletop exercises
kind of run running it with them
(34:09):
is that one of the things that you do
yeah I'll give a free tabletop for your listeners real quick
uh and I'll talk fast cause we could stretch this out for an hour
but you walk into the office on Monday
and you can't get on and all of your emails and servers are locked uh
what do you do
so run that scenario for your organization uh
(34:30):
you wait you get the following Monday you get into the office and uh
your bank account is missing $500,000
you had 780 in in there on Friday and you have
you're missing $500,000 on Monday
what do you do who are you calling
where do you go
run those two scenarios for your business
(34:51):
and if you don't have good plans
you need to call Joe
yeah call me
like a better call saw commercial
but I mean that insurance is a
insurance and risk management is where this all starts yeah
absolutely and not all insurance policies the same quality uh
one thing that I'm seeing a lot because of the supply chain risk
is that insurance companies are limiting your
(35:14):
dependent
business income on companies that you have written contracts with
so if this company here gets hacked and it affects you
but you're there's a company in between you two
and you don't have a written contract with this person
you could be out of luck depending on the wording of your policy
so it's definitely something to to look into
(35:34):
especially now that we are having these crazy
events like Crowdstrike and other downstream incidents with
for example let me clarify a change change healthcare
let me clarify on that because I've never heard that before
and I wanna get Ross's thought on this too
you're saying in some policies if I have an AWS instance
(35:57):
I would be covered but if I have a solution provider
who's hosting that AWS for me to use
depending on the language that may or may not be covered in
in the event of an outage
but depend on your contract
I think yeah because okay yeah
that's important again
but think that if you're using a contractor to access AWS
(36:17):
and you can't access that service
that that's part of their service
you know uh
covered and I'm thinking more like change healthcare because yes
Change Healthcare was breached
but a lot of these doctors offices did not have contracts with Change
Healthcare
they were down the line maybe two or two or three iterations right
so because of because of that
(36:39):
another incidents like that like take like snowflake for example
we're having these major crowd outages just because like they're out
you may not have a contract with snowflake
but you can't operate because the state has gone so I don't know it's
it's fun to go through hypotheticals
but you know it all depends on
(37:00):
actual details of the whether things are
are covered or not and my experience
insurance companies are looking for a way to pay for your incident
they're trying to find coverage in the policy
and I've called in a number of claims that I thought well
I managed expectations of course
but I thought would
would not be covered and they found a way to cover it there
(37:22):
one example is uh
one of my my clients was uh
caught up in a Ponzi scheme where they were uh
backing these uh payment processing loans
and the guy ended up just like taking off with the money um
you know paying them back 20%
but then after a while just like stop paying it back
and was able to saw that money back under social engineering coverage
(37:46):
so yeah
the the wording that we
we was usually pretty broad and like you guys said
you're not
getting by with anybody that's going to charge you less than like 400
$500 an hour in the instant response to forensics or attorneys
so it's definitely worth it
even if you're having a small breach to do that
(38:07):
and one more question for Louis Prince boy Ross
do you guys do like retainers with with companies
so if they do have a breach
you know they're ready to to go with you guys
they don't have to do all the paperwork
yeah no
we do that all the time where you know again
it can be part of an incident response plan where we can write that in
um into the instant response plan
(38:28):
just so you have it
or some companies like to get everything squared away beforehand
make sure we have no conflicts and and get involved
um
just in the event that something happens
not only do they have our contact information
but they have a relationship and they feel comfortable with
with who is their breach counsel
and so we do that all all the time
Brayden um
how can how can people find you Ross
(38:50):
yeah you can look us up Louis Brisbane
com uh
my my cell phone number is 5 0 4 2 3 5 2 6 8 1 uh
that
that's the phone I typically use just cause in this line of business
it's that's how that's how we get in contact or you know
email Ross dot Molina at louisprintboy dot com
awesome and how about you man
optimize cyber.com as the best way to to get a hold of us
(39:13):
there's an intake form on there
call your call you right back with a with our contact us
how do you spell how do you spell optimize on that
optimize o p t I m I z e cyber c y b e r
com on an unrelated note when we started this company a few years back
could not believe that
(39:33):
that domain was available as cheaply as we got it
so yeah up to my cyber.com
great guys
Mike do you have anything to to bring you some bring us home no
we trust
all the good things is just the simple things will go a long way
like MFA like making sure everything's updated
(39:55):
one thing that I would add is audit your it provider
and make sure that they're in compliance
and make sure they're hitting all the marks
and how do people get a hold of you Mike
just rapid scale.net or you can just call me directly
6 1 9 8 2 2 0 5 9 5 great great
and I'm Joe C 3 insurance slash cyber is the best way to um
(40:18):
interact with us or you can find me on the socials LinkedIn
Instagram even TikTok
I'm really cool and I got your dancer on there
viral insurance guy yeah exactly
I I can't wait to viral
alright guys thank you so much for joining us
um we really appreciate you coming on the show
taking the time and I wish you guys a great 2,025 and we'll talk soon
(40:44):
alright guys
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Special Summer Offer: Exclusively on Apple Podcasts, try our Dateline Premium subscription completely free for one month! With Dateline Premium, you get every episode ad-free plus exclusive bonus content.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!