Monday, February 09, 2015

The inevitable result of any security breach?
John Commins reports:
Anthem Inc. faces hefty costs to repair the massive security breach that may have compromised the personal records of 80 million people. The extent of that liability could depend upon what safeguards the health plan had in place, and how it responds to the concerns of customers and federal regulators, industry observers say.
Given that this is the largest breach of healthcare sector data in U.S. history, Anthem potentially could face record-busting fines for violating the Health Insurance Portability and Accountability Act.
Or not, says Chris Apgar, CEO of Apgar & Associates, Portland, OR-based, healthcare data security consultants.
Read more on HealthLeaders Media.
[From the article:
With respect to potential HIPAA violations, Apgar says the Department of Health and Human Services' Office of Civil Rights will ask Anthem to explain the breach in detail.
"They'll be asking for a copy of their risk analysis, all of your security policies and procedures, describe the incident, what you did to mitigate, what are your efforts to prevent this from happening again," Apgar says. "If you can answer those questions, it's a matter of being able to demonstrate that they did the right thing."
… Even if the fines for HIPAA violations are relatively mild, Keegan says Anthem is already looking at spending $100 million or more just to notify consumers and pay for credit monitoring.

(Related) NOW will you spend some money on security?
I think many of us thought that the more aware businesses and organizations became aware of hacks and malware risks, the more they would rush to get cyberinsurance to protect themselves from financial ruin from a data breach. Cyberattacks should be good for business – if your business is cyberinsurance, right? But that’s not necessarily true, as reports:
Just hours after Anthem, the second-largest U.S. health insurer, announced it had suffered a massive security breach, the largest Lloyd’s of London insurer said cyber attacks are now too big for private insurance companies to handle, according to the Financial Times.
Catlin Group CEO Stephen Catlin told an insurance conference in London on Thursday (Feb. 5) that governments should take over risk coverage for hacking and malware. “Our balance sheets are not large enough to pay for that,” Catlin said, adding that cybersecurity was the “biggest, most systemic risk” he had ever seen.

Cyber-attacks rising in Utah, likely due to NSA facility
Utah state officials have seen what they describe as a sharp uptick in attempts to hack into state computers in the last two years, and they think it related to the NSA data center south of Salt Lake City.
… The state tracks the attempts with an automated system it purchased after a breach of health care information in 2012. The system detects, stops and counts the attempts to get into the computers, Squires said.
With that new equipment in place in January 2013, the state was seeing an average of 50,000 a day with spikes up to 20 million, Squires told The Associated Press. In February 2013, the number rose to an average of 75 million attacks a day, with up to 500 million on some days.

Attention geeks!
Raspberry Pi 2 Crippled By Xenon Camera Flash 'Death Ray'
… You see, if your camera happens to have a Xenon flash, taking a picture of the RPi 2 while it's operational might cause it to lock up, or power off. It sounds ridiculous, but it's true.
Considering the fact that others were able to confirm this issue so quickly, it doesn't seem like this issue would affect just a small number of second-gen RPi units. Some chip - likely the SoC - seems to be lacking shielding, and in some cases, even covering it up with light reflective material doesn't help. In one case, the issue would go away if the unit was turned upside-down.

How many “Things” attached to the Internet of Things will be gathering too much data, sending it to the manufacturer or some unnamed Third Parties who will than merge that information into a 'fractional dossier' that anyone can purchase for a nominal fee?
Samsung warns people about discussing 'sensitive information' in front of their SmartTV
Samsung's new SmartTV has a cool new voice-command feature, through which the internet-connected device could record everything you say and transmit it to a third party, writes the Daily Beast.
The company's voice recognition software allows viewers to communicate with their television by talking to it. It's enabled when a microphone symbol appears. Basically, instead of using a traditional remote control to change the channel, people can simply ask their Samsung TV to do it for them by uttering a few words.
This is worrying people, largely due to a warning hidden deep inside its "privacy policy." The Daily Beast first spotted this sentence, which reads:
Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.
… "If the transmission is not encrypted, a SmartHacker could conceivably turn your TV into an eavesdropping device," the website adds.
… Similar concerns were also raised about Siri in the US. The service also transmits information to a third-party.
(Related) Eventually, the possibility of escaping in a “getaway” car will no longer exist. Police will simply ask, “Someone ran out of this bank and drove away. Find them. Notify the closest patrol cars. Stand by to shut down the car on command.”
Wireless Systems in Vehicles Need a Lot of Improvement, Says Mass. Senator
… The report, which comes from the office of Senator Edward Markey (D-Mass.), says that security protocols on vehicles that prevent hackers from controlling them are “inconsistent and haphazard,” and most vehicles are not able to promptly detect exploits and act on them. “Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyberattacks or privacy invasions,” read the report, which adds that there is a “clear lack of appropriate security measures” to safeguard drivers from hackers.
… Several types of information are collected by vehicles’ wireless systems – the report states physical location on a regular basis, the last place where an owner parked their car, travel time, distance of travel, and previous driving destinations. Markey’s concerns about data collection, however, are nothing new, as the Alliance of Automobile Manufacturers and the Association of Global Automakers both responded to privacy concerns by releasing a set of guidelines regarding how data is harvested.

Will free “Office” Apps be enough to entice small businesses to drop Microsoft? Interesting question.
Google Outs Gameplan To Overthrow Microsoft Office
There are few pieces of software as ubiquitous as Microsoft's Office, and given its prominence for the past two-and-a-half decades, it's a hard ruler to overthrow. But that notion doesn't tame the likes of Google. In fact, the company's come forward about its plans to dethrone Microsoft Office, and nab at least 80% of its business. Now that's what we call ambition.
Google's Microsoft Office chase began ten-years-ago with the launch of its Google Apps platform. Today, Google Apps has become a solid all-in-one solution for businesses wanting to move most of their data and services to the cloud, such as email, storage, and so forth.
Since 2007, Google's Docs service has been integrated as well, which allows users to create documents, spreadsheets, and slideshows right on the Web. Best of all, these documents can be edited by more than one person at once, and have advanced sharing capabilities.

Something to scan for quotable quotes?
UK Interception of Communications Code of Practice
Via The Register: “The UK government slipped out consultation documents on “equipment interference” and “interception of communications” (read: computer hacking by police and g-men) on Friday. They were made public on the same day that the Investigatory Powers Tribunal ruled that the spying revelations exposed by master blabbermouth Edward Snowden had accidentally made British spooks’ data-sharing love-in with the NSA legal. The Home Office said it was seeking responses from Brits on its revised and updated draft Interception of Communications Code of Practice (PDF) and a newly-proposed equipment interference code (PDF). “The purpose of the codes is to make publicly available more information about the robust safeguards that apply to the police and the security and intelligence agencies in their use of investigatory powers,” said Secretary of State Theresa May’s department.”
[From the draft:
… An application for an interception warrant should state whether the interception is likely to give rise to a degree of collateral infringement of privacy.
… RIPA does not provide any special protection for legally privileged communications.
There is no prohibition in RIPA on the evidential use of any material that is obtained as a result of lawful interception which takes place without a warrant, pursuant to sections 3 or 4 of RIPA , or pursuant to some other statutory power.

For my Statistics students.
2012 Economic Census Geographic Area Series: Utilities
“This is a series of national-, state-, county-, place-, and metro area-level data files with statistics for all industries in the utilities sector down to the six-digit North American Industry Classification System level. These include statistics for electric power generation, transmission and distribution; natural gas distribution; and water, sewage, and other systems. The files provide statistics on the number of establishments, receipts or revenue, payroll, number of employees and other data items by industry. Today’s release is the first for the utilities sector and covers Colorado and geographic entities therein only. Statistics for the other states and geographic entities within them, for this sector, will be released on a flow basis over the coming months. The data from the 2012 Economic Census (as well as historical information from the 2007, 2002, and 1997 economic censuses) are available on Reference information about the economic census, including a data release schedule, is available on the 2012 Economic Census home page.”

No comments: