These are so common I rarely post them.  However, I’m teaching Computer Security this quarter and this has a local angle.

Unencrypted patient info from 2008 left in a van, and…… yeah.

From their disclosure notice:

Western Health Screening (“WHS”) is an organization that offers comprehensive blood screening tests.  It partners with community organizations, such as hospitals, to provide onsite blood screenings at Health Fairs throughout the Western slope of Colorado.  

WHS recently learned that a vehicle owned by WHS in route to a Health Fair and passing through Salt Lake City, Utah, was stolen.  There was a piece of computer equipment known as a “jump drive” belonging to WHS that was in the stolen vehicle.  Upon learning of this theft, WHS immediately investigated and determined that the jump drive, which was password protected, but unencrypted, contained participants’ personal information.  WHS learned of the theft on February 7, 2017, but determined that the jump drive was unencrypted on February 15, 2017.  

…   WHS also conducted its own internal investigation. WHS determined that the jump drive contained demographic information that had been collected by WHS for health fair participants from the years 2008-2012, including health fair participants’ names, addresses, phone numbers and in some instances Social Security numbers.  WHS also determined that the jump drive can only be accessed via a unique password.

So why was a portable device with unencrypted patient information from 2008 – 2012 even in the van in 2017?  If they needed old information as part of the current screening services, then how might they have accessed it more securely?  At the very least, the data or drive should have been encrypted.  Did Western Health Screening’s risk assessment include portable devices left in vans or taken out in the field for screenings?  I would hope so.

It has always been possible to do this, but there may be lots of small vendors and you need to keep checking.

http://fortune.com/2017/04/18/cybergrx-seriesb/

Cyber Risk Auditor Raises $20M Amid ‘Viral’ Customer Growth

CyberGRX believes it has solved a security problem that has long vexed many companies: How to ensure that third-party suppliers don't provide a way for hackers to attack their networks?  As Target can attest, these vendors—such as point-of-sale companies or caterers—can amount to a soft underbelly of a corporate network.

The solution is to create a clearinghouse for cyber-risk in which a third party, CyberGRX, vets the suppliers and confirms they are taking the right steps to keep hackers away.  CyberGRX's clearinghouse model, which is being used by the likes of private equity firm Blackstone and insurer Aetna, also saves chief security officers from spending hundreds of hours vetting individual vendors.

…   The process can spare chief security officers from the tedious task of auditing dozens or hundreds of vendors to ensure they follow proper cyber-hygiene.  Meanwhile, it ensures vendors do not have to prove their security competence over and over to each new customer—they can simply show they have been vetted by CyberGRX.

It’s not always obvious.

http://www.cnbc.com/2017/04/22/five-ways-to-save-more-on-car-insurance.html?__source=google%7Ceditorspicks%7C&par=google&google_editors_picks=true

Why your credit score may matter more to auto insurers than your driving record

Not paying your bills on time can affect your auto insurance premiums more than having two DUIs.

A recent Consumer Reports analysis found that a two-car couple with poor credit would pay an extra $2,090 per year in premiums on average compared with a similar couple with excellent credit.  That is more than the extra $1,750 annually a two-car couple would pay if they had two violations for driving under the influence of alcohol or drugs.  (California and Massachusetts prohibit auto insurers from using credit scores when setting rates.)

Something that should interest my students.

https://www.cbinsights.com/blog/amazon-strategy-teardown/#other

Amazon Strategy Teardown: Building New Business Pillars In AI, Next-Gen Logistics, And Enterprise Cloud Apps

Amazon is the exception to nearly every rule in business.  Rising from humble beginnings as a Seattle-based internet bookstore, Amazon has grown into a propulsive force in at least five different giant industries: retail, logistics, consumer technology, cloud computing, and most recently, media and entertainment.  The company has had its share of missteps — the expensive Fire phone flop comes to mind — but is also rightly known for strokes of strategic genius that have put it ahead of competitors in promising new industries.

From SciFi, fact.

https://venturebeat.com/2017/04/22/heres-the-star-trek-tricorder-that-won-the-3-million-qualcomm-xprize/?google_editors_picks=true

Here’s the Star Trek Tricorder that won the $3 million Qualcomm Xprize

…   The Xprize contest required contestants to be able to diagnose 13 conditions and monitor five vital signs.  Harris, who is an emergency room doctor, and his brother George led a team of seven at the company (also known as Basil Leaf Technologies) that worked on nights and weekends to create DxtER.  The prototype can now detect 34 conditions, but before bringing it into the world Harris said it will need to detect more than 100 conditions to be really useful.

It currently detects conditions such as stroke, anemia, diabetes, tuberculosis, Hepatitis A, and others.  If your vital signs reach dangerous levels, it could give you a warning about the risk of an imminent stroke or heart attack.  Harris is targeting a price of around $200.