
Sign up to save your podcasts
Or
In this episode, Barbara and Kevin discuss:
Key Takeaways:
Connect with Kevin Fream:
Connect with Barbara Hales:
Twitter: https://twitter.com/DrBarbaraHales
YouTube: https://www.Youtube.com/TheMedicalStrategist
Books:
TRANSCRIPTION (154)
Dr. Barbara Hales 00:00
I’m your host, Dr. Barbara’s house. And today we have with us, Kevin Fream. He’s an interesting guy who states most people don’t understand the game they’re playing and get frustrated in business, cyberspace, and life. He says “I help you streamline your technology and have greater peace of mind. And let’s face it, that’s something we could all use.”
Kevin Frame is CEO of Matrix Force and creator of the patent-pending delta method, saving clients billions with eBay. He is the author of the number one bestselling book, Easy Prey, Streamlining Technology, and Changing Your Game, along with featuring a featured speaker at Harvard, NASDAQ, Coca-Cola, and Microsoft. Kevin also appears frequently on ABC, NBC, CBS, and Fox News and on an ongoing nationwide tour to warn the public about the perils of cybercrime, and ransomware.
Most business owners are just trying to go the distance, but they have IT support motivated to work against them. That’s why Kevin enjoys working with business leaders who understand cybersecurity can be a competitive advantage. We are most fortunate to have Kevin with us today. Welcome to the show, Kevin.
Kevin Fream 01:50
Dr. Barbara Hales 02:13
Kevin’s Cyber Security Journey
Kevin Fream 02:26
Dr. Barbara Hales 03:22
Kevin Fream 03:28
Fighting Ransomware
Dr. Barbara Hales 04:33
Kevin Fream 05:53
So, you’d have to format everything and then restore and restore from backup. And that’s, you know, that’s a really painful process. If you do have a backup, you still lose all that time. And in Oklahoma, where I’m from, in 2016, it was really common for over 1000 companies to be infected with ransomware every month, and that was about average across the nation. And that’s where I said, wait a minute, I can’t be doing this, we could get people up and running. But they would lose two weeks, and we would lose a massive amount of time and lose ourselves. So, I got together with 20 other cybersecurity experts from all around the world. And we wrote easy prey. And that’s what really got me invited to Harvard and the NASDAQ and then going around and doing a ransomware quiz on national TV. And the short of it is No, you shouldn’t pay the ransom because you have little or no expectation of getting your data back. And even if you do pay the ransom, there’s no assurance that you’re actually going to get all your systems up.
Generally, if you do get a key from the bad guys, and you have no idea of when they’re going to come and give you the information, then if you get access to the systems, it’s usually a one-time shot because the first time you try to restart the systems, they usually won’t start up again, and then you’re back to the same place.
Dr. Barbara Hales 08:21
Kevin Fream 08:26
If the worst happens, you’re ready. And you already have things in place and know what to do and you don’t get stuck having to pay the ransom. Because that’s the flip side, right, Barbara is generally if someone penetrates your system and axon, they’re there for more than 45 days. And the average actually in the industry is 123. And then all that time, they will usually go and manipulate your backup. So, it looks like it’s running but it’s not. And so, you really don’t have a backup and that’s why so many organizations get stuck because they don’t have any contingencies in place, or even gone to the next level. To be able to look out for the stuff. So, it’s a huge deal and continues to be.
Dr. Barbara Hales 10:05
Kevin Fream 10:31
It was somebody who called the helpdesk and said they were a new exec with MGM. And I need an account setup. And people are people. All this makes common sense. And after you’ve heard it once, but to help desk operators set up an account for someone who didn’t know, who obviously just looked on LinkedIn and made up a LinkedIn profile. And from there, since I had an account, they could start off and get access to the systems and download their malicious code. They encrypted over 16 Major properties for MGM, and all the associated Bally’s, all of those associated casinos, and any subsidiaries, and they were there a long time. And they ended up having to pay the ransom. And that’s where none of your clients want to be.
Dr. Barbara Hales 12:07
The Matrix Force
Kevin Fream 12:34
Why don’t you take the next step and publish your executive summary of your HIPAA risk exam on your website, or even things like a HIPAA compliance form that says we do these top 10 things for HIPAA, and it’s signed off by the office administrator or the main doctor? And then, oh, by the way, we already have an incident response page if something happens here, and if something does happen, we’re going to upload a PDF of exactly what happened, but it explains what our process is for handling it. And then, if you do an actual drill, you’ll find lots of holes really quickly, and you have a work plan. And each year, you start eliminating some holes, and the first few years are some big ones. And then it gets less and less. Most medical practices don’t have any kind of alerting or management in place to even notice if something’s going wrong. So, there’s it by the time you wait for backup, it’s too late.
Dr. Barbara Hales 14:11
Dark Web
Kevin Fream 14:30
You can never get off that list. You can go back by time, and maybe time heals all wounds, maybe. But you could still be found out there. And the average HIPAA fine is $1.5 million average, even, even for small practices, and so it could break the bank. And, you know, a lot of doctors, I think, are a little bit naive in also don’t believe this happens. I don’t know if you get that feedback at all.
Dr. Barbara Hales 15:34
Kevin Fream 15:56
Dr. Barbara Hales 16:42
Kevin Fream 16:43
Dr. Barbara Hales 17:25
Null and Void Insurance
Kevin Fream 17:28
Dr. Barbara Hales 17:56
Kevin Fream 18:00
Dr. Barbara Hales 18:41
Cyber Risk Prevention
Kevin Fream 18:47
Dr. Barbara Hales 19:21
Kevin Fream 19:23
Dr. Barbara Hales 20:05
Kevin Fream 20:10
Dr. Barbara Hales 20:13
Kevin Fream 20:53
But HIPAA has been around since 2013. Why doesn’t every medical practice have things like that? Here’s our executive summary of our risk. Here’s a summary of the vulnerability scan. Here’s a link to our vetted it support that does the same thing. Out of all of the HIPAA violations on the 8020 rule, 80% are not covered entities, they’re not a medical practice, it is their electronic medical records platform, or it is their IT vendor that’s not vetted since 97% of them aren’t. And not a they are not according to the IRS and the FTC, only 3% of IT firms in the US are vetted by government and industry authorities. Wow. So, it’s not only if you’re a doctor, it’s not only your medical practice, it’s all your business associates that you are responsible for. And if you’re not doing your risk exam and asking, asking business associates, where’s your where’s your risk exam? And where’s your business compliance form? Then you’re violating a, a big part of HIPAA, and you’re responsible for knowing that.
Electronic Health Record System
Dr. Barbara Hales 22:54
Kevin Fream 23:10
So, there’s not a lot of privacy details in it. And then secondly, they there, there is a HIPAA compliance form to fill out, like I mentioned before, that the top 10 things of yes, we do data breach training. And yes, we do, you know, have these policies and procedures. And, yes, we do a disaster drill, all those kinds of things, those 10, top 10 A, an officer in that organization signs off on that, and puts their money where their mouth is. Because otherwise, the practice is totally liable. If the practice is doing what it’s saying. And there’s fraud from a business associate, or if they’re not doing what they’re saying, then guess who’s going to bear the brunt of the fine, it’s going to be the business associate. And you have some capability for the practice, then to recoup some of their loss.
Dr. Barbara Hales 24:32
Kevin Fream 24:47
Computer Hardware
Dr. Barbara Hales 25:26
Kevin Fream 26:00
Dr. Barbara Hales 26:50
Kevin Fream 27:03
Dr. Barbara Hales 27:33
Kevin Fream 27:43
Dr. Barbara Hales 28:15
Kevin Fream 28:19
Dr. Barbara Hales 28:43
Kevin Fream 28:52
Cyber Attacks and CyberCrime
Dr. Barbara Hales 29:32
Kevin Fream 30:15
But the biggest thing he said is 97% of all breaches are from the person who’s at the keyboard, and everybody has to be responsible for their own use on a computer. And that’s exactly right, is I can’t protect you from yourself on the computer because you’re making all the decisions, and you’re pressing all the buttons, but I can help you avoid loss and improve your operations. And yes, we’re looking out if something does happen. But you know, it’s you’re just not off and off the risk scale. And you’re responsible, regardless. And, you know, that’s coming full circle is we’re now seeing CIO of Casaya, for instance, you know, is, or excuse me, the CIO of SolarWinds, is now being federally prosecuted for fraud, for not filling out a risk exam properly. So, it’s a huge deal.
Dr. Barbara Hales 32:09
Kevin Fream 32:36
Protect Yourself In The Online World
Dr. Barbara Hales 33:41
Kevin Fream 33:56
Dr. Barbara Hales 34:20
The post How to Avoid Cybersecurity Breaches first appeared on The Medical Strategist.
5
1717 ratings
In this episode, Barbara and Kevin discuss:
Key Takeaways:
Connect with Kevin Fream:
Connect with Barbara Hales:
Twitter: https://twitter.com/DrBarbaraHales
YouTube: https://www.Youtube.com/TheMedicalStrategist
Books:
TRANSCRIPTION (154)
Dr. Barbara Hales 00:00
I’m your host, Dr. Barbara’s house. And today we have with us, Kevin Fream. He’s an interesting guy who states most people don’t understand the game they’re playing and get frustrated in business, cyberspace, and life. He says “I help you streamline your technology and have greater peace of mind. And let’s face it, that’s something we could all use.”
Kevin Frame is CEO of Matrix Force and creator of the patent-pending delta method, saving clients billions with eBay. He is the author of the number one bestselling book, Easy Prey, Streamlining Technology, and Changing Your Game, along with featuring a featured speaker at Harvard, NASDAQ, Coca-Cola, and Microsoft. Kevin also appears frequently on ABC, NBC, CBS, and Fox News and on an ongoing nationwide tour to warn the public about the perils of cybercrime, and ransomware.
Most business owners are just trying to go the distance, but they have IT support motivated to work against them. That’s why Kevin enjoys working with business leaders who understand cybersecurity can be a competitive advantage. We are most fortunate to have Kevin with us today. Welcome to the show, Kevin.
Kevin Fream 01:50
Dr. Barbara Hales 02:13
Kevin’s Cyber Security Journey
Kevin Fream 02:26
Dr. Barbara Hales 03:22
Kevin Fream 03:28
Fighting Ransomware
Dr. Barbara Hales 04:33
Kevin Fream 05:53
So, you’d have to format everything and then restore and restore from backup. And that’s, you know, that’s a really painful process. If you do have a backup, you still lose all that time. And in Oklahoma, where I’m from, in 2016, it was really common for over 1000 companies to be infected with ransomware every month, and that was about average across the nation. And that’s where I said, wait a minute, I can’t be doing this, we could get people up and running. But they would lose two weeks, and we would lose a massive amount of time and lose ourselves. So, I got together with 20 other cybersecurity experts from all around the world. And we wrote easy prey. And that’s what really got me invited to Harvard and the NASDAQ and then going around and doing a ransomware quiz on national TV. And the short of it is No, you shouldn’t pay the ransom because you have little or no expectation of getting your data back. And even if you do pay the ransom, there’s no assurance that you’re actually going to get all your systems up.
Generally, if you do get a key from the bad guys, and you have no idea of when they’re going to come and give you the information, then if you get access to the systems, it’s usually a one-time shot because the first time you try to restart the systems, they usually won’t start up again, and then you’re back to the same place.
Dr. Barbara Hales 08:21
Kevin Fream 08:26
If the worst happens, you’re ready. And you already have things in place and know what to do and you don’t get stuck having to pay the ransom. Because that’s the flip side, right, Barbara is generally if someone penetrates your system and axon, they’re there for more than 45 days. And the average actually in the industry is 123. And then all that time, they will usually go and manipulate your backup. So, it looks like it’s running but it’s not. And so, you really don’t have a backup and that’s why so many organizations get stuck because they don’t have any contingencies in place, or even gone to the next level. To be able to look out for the stuff. So, it’s a huge deal and continues to be.
Dr. Barbara Hales 10:05
Kevin Fream 10:31
It was somebody who called the helpdesk and said they were a new exec with MGM. And I need an account setup. And people are people. All this makes common sense. And after you’ve heard it once, but to help desk operators set up an account for someone who didn’t know, who obviously just looked on LinkedIn and made up a LinkedIn profile. And from there, since I had an account, they could start off and get access to the systems and download their malicious code. They encrypted over 16 Major properties for MGM, and all the associated Bally’s, all of those associated casinos, and any subsidiaries, and they were there a long time. And they ended up having to pay the ransom. And that’s where none of your clients want to be.
Dr. Barbara Hales 12:07
The Matrix Force
Kevin Fream 12:34
Why don’t you take the next step and publish your executive summary of your HIPAA risk exam on your website, or even things like a HIPAA compliance form that says we do these top 10 things for HIPAA, and it’s signed off by the office administrator or the main doctor? And then, oh, by the way, we already have an incident response page if something happens here, and if something does happen, we’re going to upload a PDF of exactly what happened, but it explains what our process is for handling it. And then, if you do an actual drill, you’ll find lots of holes really quickly, and you have a work plan. And each year, you start eliminating some holes, and the first few years are some big ones. And then it gets less and less. Most medical practices don’t have any kind of alerting or management in place to even notice if something’s going wrong. So, there’s it by the time you wait for backup, it’s too late.
Dr. Barbara Hales 14:11
Dark Web
Kevin Fream 14:30
You can never get off that list. You can go back by time, and maybe time heals all wounds, maybe. But you could still be found out there. And the average HIPAA fine is $1.5 million average, even, even for small practices, and so it could break the bank. And, you know, a lot of doctors, I think, are a little bit naive in also don’t believe this happens. I don’t know if you get that feedback at all.
Dr. Barbara Hales 15:34
Kevin Fream 15:56
Dr. Barbara Hales 16:42
Kevin Fream 16:43
Dr. Barbara Hales 17:25
Null and Void Insurance
Kevin Fream 17:28
Dr. Barbara Hales 17:56
Kevin Fream 18:00
Dr. Barbara Hales 18:41
Cyber Risk Prevention
Kevin Fream 18:47
Dr. Barbara Hales 19:21
Kevin Fream 19:23
Dr. Barbara Hales 20:05
Kevin Fream 20:10
Dr. Barbara Hales 20:13
Kevin Fream 20:53
But HIPAA has been around since 2013. Why doesn’t every medical practice have things like that? Here’s our executive summary of our risk. Here’s a summary of the vulnerability scan. Here’s a link to our vetted it support that does the same thing. Out of all of the HIPAA violations on the 8020 rule, 80% are not covered entities, they’re not a medical practice, it is their electronic medical records platform, or it is their IT vendor that’s not vetted since 97% of them aren’t. And not a they are not according to the IRS and the FTC, only 3% of IT firms in the US are vetted by government and industry authorities. Wow. So, it’s not only if you’re a doctor, it’s not only your medical practice, it’s all your business associates that you are responsible for. And if you’re not doing your risk exam and asking, asking business associates, where’s your where’s your risk exam? And where’s your business compliance form? Then you’re violating a, a big part of HIPAA, and you’re responsible for knowing that.
Electronic Health Record System
Dr. Barbara Hales 22:54
Kevin Fream 23:10
So, there’s not a lot of privacy details in it. And then secondly, they there, there is a HIPAA compliance form to fill out, like I mentioned before, that the top 10 things of yes, we do data breach training. And yes, we do, you know, have these policies and procedures. And, yes, we do a disaster drill, all those kinds of things, those 10, top 10 A, an officer in that organization signs off on that, and puts their money where their mouth is. Because otherwise, the practice is totally liable. If the practice is doing what it’s saying. And there’s fraud from a business associate, or if they’re not doing what they’re saying, then guess who’s going to bear the brunt of the fine, it’s going to be the business associate. And you have some capability for the practice, then to recoup some of their loss.
Dr. Barbara Hales 24:32
Kevin Fream 24:47
Computer Hardware
Dr. Barbara Hales 25:26
Kevin Fream 26:00
Dr. Barbara Hales 26:50
Kevin Fream 27:03
Dr. Barbara Hales 27:33
Kevin Fream 27:43
Dr. Barbara Hales 28:15
Kevin Fream 28:19
Dr. Barbara Hales 28:43
Kevin Fream 28:52
Cyber Attacks and CyberCrime
Dr. Barbara Hales 29:32
Kevin Fream 30:15
But the biggest thing he said is 97% of all breaches are from the person who’s at the keyboard, and everybody has to be responsible for their own use on a computer. And that’s exactly right, is I can’t protect you from yourself on the computer because you’re making all the decisions, and you’re pressing all the buttons, but I can help you avoid loss and improve your operations. And yes, we’re looking out if something does happen. But you know, it’s you’re just not off and off the risk scale. And you’re responsible, regardless. And, you know, that’s coming full circle is we’re now seeing CIO of Casaya, for instance, you know, is, or excuse me, the CIO of SolarWinds, is now being federally prosecuted for fraud, for not filling out a risk exam properly. So, it’s a huge deal.
Dr. Barbara Hales 32:09
Kevin Fream 32:36
Protect Yourself In The Online World
Dr. Barbara Hales 33:41
Kevin Fream 33:56
Dr. Barbara Hales 34:20
The post How to Avoid Cybersecurity Breaches first appeared on The Medical Strategist.