Monday, February 26, 2018

Reinforcing several trends reported here earlier, including physician invulnerability.
MUSC terminates employees who 'snoop' in patients' medical records
Thirteen employees were fired in 2017 from the Medical University of South Carolina after administrators determined they had broken federal law by using patient records without permission, spying on patient files or disclosing private information.
Some of these privacy breaches involved high-profile patients. [You couldn’t sell my records to the National Enquirer. Bob]
MUSC staff explained to the hospital's Board of Trustees during a recent meeting that designated employees monitor the news media for any potential privacy breaches. Sometimes, they said, health care providers will "snoop" in patient records after a case makes the news. Eleven of 58 privacy breaches at MUSC in 2017 were categorized as snooping.
… But patients shouldn't worry excessively about the security of their own information. Experts agree that digital medical records are more secure than paper ones. [I’m an expert, and I strongly disagree. Bob]
Elizabeth Willis, the corporate privacy officer at Roper St. Francis, said the ability to track each employee who opens a record makes patient files less vulnerable to a security breach. [It makes detection of breaches easier, but does nothing to stop a breach – see paragraph one. Bob]
… She provided further information about security breaches and terminations at MUSC dating back to 2013. Since then, MUSC has identified 307 breaches and 30 employees have been fired. Nearly half of all those firings occurred last year. None were physicians, Woolwine said.

I called this a while back… Russia is demonstrating what could happen if they are banned from future games.
Russia Hacked Olympics Computers, Turned Blame on North Korea: Report
Russian military spies hacked hundreds of computers used by Winter Olympics organizers and tried to make it look like the work of North Korea, the Washington Post reported Sunday, quoting US intelligence sources.
South Korea had previously announced that it was investigating the failure of several Olympic-linked internet sites and broadcast systems just as the opening ceremonies were taking place on February 9.
The Russians used a North Korean internet provider to make it appear the attack originated in North Korea, in what is known as a "false flag" operation, the Post said.
they said the cyber attack against the Games -- from which Russia's team was excluded for doping -- was worrisome.
Some analysts believe the cyber attack was retribution for that ban. Some Russian athletes were allowed to compete, but only under the designation of "Olympic Athletes from Russia."

Can we prepare for the hack of the 2020 election?
A primer on political bots: Part one
Data Drive Journalism – “The rise of political bots brings into sharp focus the role of automated social media accounts in today’s democratic civil society. Events during the Brexit referendum and the 2016 U.S. Presidential election revealed the scale of this issue for the first time to the majority of citizens and policy-makers. At the same time, the deployment of Russian-linked bots designed to promote pro-gun laws in the aftermath of the Florida school shooting demonstrates the state-sponsored, real-time readiness to shape, through information warfare, the dominant narratives on platforms such as Twitter. The regular news reports on these issues lead us to conclude that the foundations of democracy have become threatened by the presence of aggressive and socially disruptive bots, which aim to manipulate online political discourse. While there is clarity on the various functions that bot accounts can be scripted to perform, as described below, the task of accurately defining this phenomenon and identifying bot accounts remains a challenge. At Texifter, we have endeavoured to bring nuance to this issue through a research project which explores the presence of automated accounts on Twitter. Initially, this project concerned itself with an attempt to identify bots which participated in online conversations around the prevailing cryptocurrency phenomenon. This article is the first in a series of three blog posts produced by the researchers at Texifter that outlines the contemporary phenomenon of Twitter bots. Bot accounts are a persistent feature of the user experience on Twitter. They can increase the influence of positive, negative, or “authentic” fake news stories; promote opinion posts from a variety of accounts (botnets); and circulate memes. Their ability to shape online political discourse and public opinion, however, is generating legitimate concerns. The significance of the bot effect stretches from the academic research community, to tech and platform companies, national regulatory bodies, and the field of journalism. One of the most recognized examples of this involves the lead-up to the 2016 U.S. Presidential Election. During that period, over 50,000 automated Twitter accounts from Russia retweeted and disseminated political material posted by and for Trump, reaching over 677,775 Americans. Over 2,000,000 tweets and retweets were the result of these Twitter bots, accounting for approximately 4.25% of all retweets of Trump’s tweets in the lead-up to the U.S. election. These findings accentuate the larger issue of state actors using social media automation as a tool of political influence…”

First numbers I’ve seen on the “new” cards.
Chip Cards Lead to 70% Drop in Counterfeit Fraud: Visa
The financial industry has been pushing for the adoption of EMV (Europay, MasterCard, Visa) card technology in the United States since 2011, and efforts were increased following the disclosure of the massive data breach suffered by Target in 2013.
However, according to Visa, by September 2015, only roughly 392,000 merchant locations had been accepting chip cards, and the number of Visa debit and credit cards using this technology was only at 159 million.
Data collected by Visa shows the number of storefronts that had migrated to EMV technology by December 2017 increased by more than 570%, with 2.7 million storefronts in the U.S., representing 59% of the total, accepting chip cards. The number of Visa cards using chip technology increased by 202% to 481 million, with 67% of Visa payment cards having chips.
Visa also reported that EMV cards accounted for 96% of the overall payment volume in the United States in December 2017, with chip payment volume reaching $78 billion.
As a result of U.S. merchants upgrading their payment systems for EMV cards, cases of counterfeit fraud had dropped by 70% in September 2017 compared to December 2015.
While the adoption of chip and PIN technology addresses the problem of counterfeit card fraud, it has not deterred fraudsters, who have simply shifted their focus to card-not-present (CNP) and other types of fraud.

Which part of “we surveil your children” did they not understand?
James Tozer reports:
Happily chatting and walking between lessons, these children are being watched by school spy cameras designed for their protection.
Now it has emerged that the images can be viewed by anyone after the CCTV systems were hacked and put online.
A disturbing website, which boasts ‘Watch live surveillance cameras in the UK’, allows people anywhere in the world to spy on children, teachers and parents in real time.
The website broadcasting the footage claims no cameras are hacked and all the internet-connected cameras on the site do not have proper password protection.
Read more on Daily Mail. So have UK parents just discovered the Internet of Unsecured Things the hard way? Were these systems really hacked or did they just use default configurations available to everyone or….? And will this result in cams in toilets being removed? Will any lessons be learned or is this just another 15 minute news cycle?

Is this any way to run a government agency?
Kathleen Dion of Robinson & Cole writes:
On January 30, 2018, EDUCAUSE, a higher education technology association, submitted a letter to the U.S. Department of Education describing concerns that it had with the Federal Student Aid (“FSA”) ability to protect federal student financial aid data.
First, EDUCAUSE expressed concerns about letters that various colleges and universities received from the FSA. These letters indicated that a data breach or suspected data breach occurred at educational institutions, and required the institutions to make a full accounting of their information security program. Some of the letters also indicated that the institutions failed to self-report alleged or suspected breaches. It appeared that the FSA identified these institution from news reports, but EDUCAUSE expressed concern that FSA did not confirm that the breaches or suspected breaches occurred prior to sending the letter.
[From the article:
Second, EDUCAUSE expressed concerns that FSA did not have proper reporting procedures in place. In late 2017, the FSA stated that notifications could be made via text message to an FSA official’s cellphone number. It also indicated that blocked phishing attempts constituted a suspected data breach that must be “immediately reported,” (i.e. on the date of detection).

An article worth reading.
On February 13, 2018, the New York Times reported that Uber is planning an IPO. Uber’s value is estimated between $48 and $70 billion, despite reporting losses over the last two years. Twitter reported a loss of $79 million before its IPO, yet it commanded a valuation of $24 billion on its IPO date in 2013. For the next four years, it continued to report losses. Similarly, Microsoft paid $26 billion for loss-making LinkedIn in 2016, and Facebook paid $19 billion for WhatsApp in 2014 when it had no revenues or profits. In contrast, industrial giant GE’s stock price has declined by 44% over the last year, as news emerged about its first losses in last 50 years.
Why do investors react negatively to financial statement losses for an industrial firm but disregard such losses for a digital firm?

Looks like everyone is underpaid!
Search and explore faculty, staff, and adjunct salary data at thousands of colleges
Chronicle of Higher Education – Chronicle Data – Institutions are grouped under the most recent Carnegie Classification. User may search full time salaries, staff salaries, and adjunct salaries, by college, state, sector or Carnegie Classification, as well as display by college.

I can not convince my students to take notes!
Laws on Recording Conversations in All 50 States
  • See also related reference from last June via Quartz – As Comey shows, documenting conversations with your boss can be smart – “Careful documentation of meetings via notes and memos is part of the FBI’s culture (via NYT), but there are sound reasons for ordinary workers to at least consider doing the same when we talk to our bosses. Taking notes—or better, recording conversations in states where its legal—is sound practice for employees who feel their managers are doing something inappropriate…

No comments: