Sunday, August 20, 2017

They don’t seem to have done much managing…
Shaun Wooler reports:
A computer geek with alleged links to global hacking group Anonymous has stolen patient data from an NHS appointment booking system.
The crook breached a private contractor’s security to access a database containing confidential records on up to 1.2million people.
SwiftQueue is paid by eight NHS trusts to manage a website, through which patients can book appointments with a GP, hospital or clinic.
They also operate terminals within waiting rooms, where patients can check-in upon arrival.
Read more on The Sun.
[From the article:
The source said the hack exploited weaknesses in SwiftQueue’s software, which should have been patched several years ago.
They claim to have downloaded the company’s entire database, containing 11million records, including passwords.
    The company said they do not hold patients’ medical records and passwords are encrypted.

A proper response!  Notice that the investigation is being directed by lawyers. 
From their web site, the following breach notification. According to their report to HHS, 266,123 patients were notified.
Notice of Data Breach
At Pacific Alliance Medical Center (PAMC), we understand that the confidentiality and security of medical and personal information is critically important, and we are committed to protecting it.  The purpose of this post is to notify patients and employees of a recent cyber incident that affected PAMC and may have resulted in a compromise of certain electronic files containing medical or personal information.
What Happened
On June 14, 2017, PAMC became aware that certain of its networked computer systems were being affected by a cyber incident.  PAMC suspects that the incident began on or shortly before that date.  Shortly after becoming aware of the issue, PAMC’s Information Technology Department completed a preliminary assessment and determined that certain networked computer systems had been infected by a computer virus that was encrypting (making unreadable) certain files on PAMC’s computer network.  PAMC promptly shut down its networked computer systems, initiated its incident response and recovery procedures, notified the Federal Bureau of Investigation, and began a forensic investigation under the direction of its counsel.  Since then, PAMC has decrypted (made readable again) the affected files and has taken action to restore the affected systems and prevent similar incidents from occurring.

Keeping up with the hackers or correcting omissions? 
Delaware Adds More Stringent Data Breach Notice Requirements
   Companies will be required to tell state residents affected by a data breach within 60 days and notify the state attorney general if a breach affects more than 500 residents.
   Medical and biometric data is included in the list of protected personal data for the first time in Delaware.
The new law also requires companies to provide a year of free credit monitoring services to any Delaware resident whose Social Security number is compromised in a breach.

Big Data Analytics.  It’s easier to remove a million watermarks than to remove just one.
Google shows how easy it is for software to remove watermarks from photos
Google’s research division today detailed just how easy it is for computer algorithms to bypass standard photo watermarking practices, stripping those images of copyright protection and making them vulnerable to reposting across the internet without credit.  The research, presented at a leading computer vision conference in Hawaii back in July, is described in detail in a paper titled, “On the Effectiveness of Visible Watermarks.”
   Dekel and Rubinstein say the core problem with current photo watermarking processes is the high level of consistency in style.  “We show that this consistency can be used to invert the watermarking process — that is, estimate the watermark image and its opacity, and recover the original, watermark-free image underneath,” the duo explain.  “This can all be done automatically, without any user intervention or prior information about the watermark, and by only observing watermarked image collections publicly available online.”   

It is possible to get technology right.  (Second only to McDonald’s, see the chart.)  Funny how often that requires other, non-technical changes.
Starbucks Teaches Silicon Valley a Lesson in Tech
There were plenty of reasons for skepticism when Starbucks rolled out its digital ordering system nationally in September 2015.  EBay had already rolled out a location-based system that recognized customers as they walked in the door.  Consumers were not particularly impressed; eBay eventually spun off its PayPal unit.  Apple Pay, meanwhile, was launched in 2014 as a faster, more secure method of payment.  Merchants weren’t enthused.  Many never activated the feature.
But Starbucks was still betting that its customers would jump at the chance to preorder coffee and food for pickup at a nearby store.
Sure enough, the company’s mobile order-and-pay feature has become a major hit, one more example of Starbucks’—and coffee’s—universal appeal.  The preorders have actually created bottlenecks at Starbucks’ counters, as pickups collide with in-store orders.  The company is rethinking store layouts and hiring preorder specialists to handle the demand.

Americans Love Ordering Pizza on Facebook
The cutthroat U.S. restaurant industry is getting increasingly aggressive about technology, enlisting Facebook Inc. and Inc. in their race to make it easier for customers to order and pay for their food.
Last month, TGI Fridays began letting customers foot the bill using their Amazon accounts.  And pizza chains are locked in an escalating battle to adopt new ordering methods -- a contest that involves chat bots, voice-activated devices and social networks.
Papa John’s International Inc. went so far as to declare itself an “e-commerce company” this month after delivering surprisingly strong results.
   Customers, especially millennials, are no longer content to call up a pizza place and dictate an order over their phone.  And they don’t want to wait in line at the Starbucks register.

At some point, they should hire someone who knows how to run a bank.
Wells Fargo troubles shift from phony bank accounts to real ones
After paying customers millions of dollars for opening phony accounts they did not want, Wells Fargo & Co has said it is now grappling with the possibility it harmed customers by closing real accounts they needed, leaving them without access to funds.
   Some of the complaints described fraudulent deposits of unknown origin.  Others said they were victims of identity theft and Wells Fargo closed their accounts and refused to reopen them or open new ones.  One customer said the bank closed an account after a hacker changed personal information, and then Wells Fargo improperly sent funds to the wrong address.
The complaints had consistent themes of confusion about why accounts were frozen or closed, and reflected desperation over being unable to access money, as well as frustration over not getting help from Wells Fargo's customer service.
   Well Fargo's major competitors did not report similar issues or regulatory probes in their quarterly filings.

(Related).  Anticipating a huge decline in stock price?  That should get someone’s attention.
Wells Fargo & Target of Unusually Large Options Trading (WFC)
Wells Fargo & Company was the recipient of some unusual options trading activity on Thursday.  Traders acquired 27,464 put options on the stock.  This is an increase of approximately 155% compared to the average daily volume of 10,758 put options.

Perspective.  Has the pendulum swung too far?
Tech Censorship of White Supremacists Draws Criticism From Within Industry
The debate intensified over whether the growing number of tech companies that blocked white supremacists and a neo-Nazi website on the internet have gone too far, as a prominent privacy group questioned the power a few corporations have to censor.

Sometimes, advertisers can use current events creatively.

No comments: