Wednesday, February 08, 2017
A bad example for my Computer Security students. You have to tell the government, but not the victims?
On October 21, 2016, Singh & Arora Oncology Hematology PC in Michigan notified HHS of a hacking incident that they reported impacted 16,000 patients. Today, we learn that 22,000 patients are first getting notification letters this week. Why has it taken more than three months since HHS was notified for patients to be notified?
Jessica Dupnack reports:
According to the letter, one of the practice’s servers was being accessed by an unauthorized user for nearly seven months between February and July of last year.
It wasn’t until August 2016 that they were notified of a problem.
So unauthorized access went on for almost five months (from February 27 – July 14), they learned of the problem on August 22, 2016, and they reported it two months later to HHS, but didn’t notify the patients until February of 2017? Why the long gap to notifying patients?
The files accessed contain names, insurance information and social security numbers.
The letter from Singn and Arora says the hackers were apparently not after this personal information. There is no indication it was used for identity theft, but they can’t say with total certainty that the information wasn’t compromised.
I wonder what makes them think the hackers were not after the PII or PHI. Although the reporter says “an unauthorized user” accessed the server, the letter (pieces of which were shown in the video of the news report) indicates that during those months, it was accessed by “unauthorized users” (plural). The letter also indicates that addresses, telephone number, date of birth, and CPT codes were in the accessed files.
So how can they know the information wasn’t used for identity theft when no one had been notified or might know to report any identity theft to them?
Michigan media outlets might want to pursue the question of why the delay in notification.
A sure method for capturing really stupid terrorists and insulting everyone else. What would they do to someone like me that uses no social media?
DHS mulls password collection at borders
FCW.com – “John Kelly, the new secretary of the Department of Homeland Security, testified that foreign travelers coming to the United States could be required to give up social media passwords to border officials as a condition of entry. “We want to say, for instance, which websites do you visit, and give us your passwords, so we can see what they do on the internet,” he said at a Feb. 7 House Homeland Security hearing, his first congressional hearing since his Senate confirmation. “If they don’t want to give us that information, they don’t come in.” Kelly noted that while this was “still a work in progress” and not necessarily “what we’re going to do right now,” he added that President Donald Trump’s freeze on entry to the U.S. by citizens of seven countries, “is giving us an opportunity… to get more serious than we have been about how we look at people coming into the United States.”
I hate fax machines. I write a request in my word processor, then print it, fax it, the FBI gets it and re-enters it into their computer system? How is that more efficient? We need a law that says you can’t go back to pre-Civil War technology. (Patented in France in 1858.)
Is the FBI Really Going Back to the Fax Machine for FOIA Requests?
The FBI quietly announced a new policy starting next month that requires all Freedom of Information Act (FOIA) requests to be sent via fax or through regular U.S. Mail and it is a move that seems to have made some government transparency advocates a little frustrated. A small number of requests can still me made through an online portal, but that will reportedly require users to provide personal information to the FBI to access the system.
… According to the Daily Dot, the policy is part of a larger government agency effort that they say seems to “intentionally rely on archaic technologies to process public records requests.” The CIA and the Defense Advanced Research Projects Agency (DARPA), which handles secret government technologies, also requires fax requests, according to the report.
You can’t eat analytics, so why add them to the menu?
More Data, Better Dining?
In order for a restaurant to be successful, it has to focus on more than just food and beverages. The industry is known for its tight profit margins, and without savvy owners, it’s really hard for even the best and most beloved restaurants to survive.
Damian Mogavero, a dining-industry consultant, has analyzed the data behind thousands of restaurants—which dishes get ordered, which servers bring in the highest bills, and even what the weather’s like—and found that these metrics can help inform the decisions and practices of restaurateurs. Ultimately, Mogavero believes that the data he collects is really a way to learn how to make customers happy
Perspective. As computers evolve from calculator to thinking machine…
What to Expect From Artificial Intelligence
… The task that AI makes abundant and inexpensive is prediction — in other words, the ability to take information you have and generate information you didn’t previously have. In this article, we will demonstrate how improvement in AI is linked to advances in prediction. We will explore how AI can help us solve problems that were not previously prediction oriented, how the value of some human skills will rise while others fall, and what the implications are for managers. Our speculations are informed by how technological change has affected the cost of previous tasks, allowing us to anticipate how AI may affect what workers and managers do.
Sounds simple. My Data Management students will find out that it is not.
Retale acquires shopping list app Out of Milk
Retale, a technology company that develops mobile-first shopping experiences, today announced the acquisition of Out of Milk, the biggest shopping list app on Android in North America.
Out of Milk has had more than 10 million downloads, and it fits with Retale’s core mission of providing mobile products and services that meet shoppers’ needs at every stage of the customer journey.
… Out of Milk also makes it easy to share lists with family and friends on mobile, desktop, and email; shopping lists are instantly synced as changes are made across devices and platforms, eliminating any confusion.
Perspective. For all my students. So much data that one cloud isn’t enough?
The future isn't cloud. It's multi-cloud
Cloud computing was supposed to simplify IT environments. Now, according to a recent study by Microsoft and 451 Research, nearly a third of organizations work with four or more cloud vendors. It would seem multi-cloud is the future of cloud computing.
That and few dollars will get you a cup of coffee. Wouldn’t this be better if they partnered with a law firm?
Starbucks Is Giving Employees Free Legal Advice on Immigration
After pledging to hire thousands of refugees, Starbucks is now offering its employees free legal advice on immigration.
The coffee giant sent a letter to workers Monday, saying that the company had partnered with Ernest & Young to offer free legal advice to "help navigate immigration issues and get answers in these uncertain times," CNNMoney reported.