Another consideration in the ransomware environment. Ignorance of double-secret probation is no excuse.
Companies may be punished for paying ransoms to sanctioned hackers - U.S. Treasury
Facilitating ransomware payments to sanctioned hackers may be illegal, the U.S. Treasury said on Thursday, signaling a crackdown on the fast-growing market for consultants who help organizations pay off cybercriminals.
In a pair of advisories, the Treasury’s Office of Foreign Assets Control and its Financial Crimes Enforcement Network warned that facilitators could be prosecuted even if they or the victims did not know that the hackers demanding the ransom were subject to U.S. sanctions.
A self-inflicted failure…
Germany fines H&M 35 million euros for data protection breaches
“The regional data protection authority in Hamburg has imposed an administrative fine of 35 million euros. The H&M group admits shortcomings at the service centre and has taken forceful measures to correct this,” it said in its June-August earnings report.
German daily Frankfurter Allgemeine Zeitung last year reported that the State Data Protection Commissioner in Hamburg had launched a probe into H&M management unlawfully sounding out workers about their personal life and storing the details.
According to the paper, H&M collected information on illnesses and other personal circumstances of employees at the centre. H&M said in January the breaches found were unacceptable and it was cooperating with the authorities.
Another poor reaction.
Magnolia Pediatrics notifies patients of a security incident after OCR tells them it’s reportable
Almost one year after Magnolia Pediatrics notified 11,000 patients about a ransomware attack on an unnamed IT vendor, they are now notifying more than 12,000 patients of another attack. This time, they wound up firing their vendor.
According to a notification on their web site, on March 26, the Magnolia Pediatrics discovered a security incident. Their IT vendor, LaCompuTech, investigated and reportedly told them that the only information that was compromised was the Master Boot Record, and that no patient information had been accessed, exfiltrated, or encrypted. According to Magnolia Pediatrics, LaCompuTech advised Magnolia that this was not a HIPAA breach and no notification to patients was required.
Why Magnolia would rely on their tech vendor for legal advice on their HIPAA obligations instead of calling their practice lawyer was not explained. [I suspect it was cheaper that way. Bob]
In any event, on September 11, OCR contacted Magnolia and informed them that this was a reportable incident because any individual who had the ability to encrypt the MBR had access to the entire server and therefore all the protected health information on it.
As a result, Magnolia Pediatric began contacting more than 12,000 patients — even though no protected health information was exfiltrated or copied or directly accessed.
The notification, reproduced below, does not explain how OCR became aware of the incident. Nor does it indicate whether the vendor was the same vendor who had the ransomware attack in 2019 and who paid the ransom to resolve that one.
DataBreaches.net reached out to LaCompuTech to inquire whether they were the same vendor involved in the ransomware incident and will update this post if a response is received.
In any event, one takeaway from this one seems to be a reminder to have a lawyer who is knowledgeable about HIPAA to advise you on your obligations and to consult with them.
As of today’s date, neither of the practice’s two HIPAA incidents are marked as closed by OCR.
Their third or fourth try…
https://fpf.org/2020/10/01/fpf-comments-on-draft-washington-privacy-act-of-2021/
FPF Comments on Draft Washington Privacy Act of 2021
Yesterday, on September 30, 2020, FPF submitted comments regarding the draft Washington Privacy Act of 2021. The draft was released by Senator Carlyle, the Chair of the Washington State Senate Committee on Environment, Energy, and Technology (EET) on September 9, 2020.
The new version closely resembles last year’s Second Substitute version of the Washington Privacy Act of 2020 (SSB 6281 ), with a few changes that reflect House amendments from the previous legislative session. In addition, the new draft WPA contains two new sections that would regulate the collection and use of COVID-19-related data by both public and private entities. It is anticipated that the Act will be officially introduced in Washington State at the beginning of 2021.
Perspective.
Sourcegraph: Devs are managing 100x more code now than they did in 2010
… Before diving into the data, it's important to understand the angle the survey is coming from. Sourcegraph's own business model is enabling code search at an enterprise scale—which means not just grep -r'ing your way through a directory, but simultaneously searching across a potentially vast array of repositories, both local and cloud, and with support for just about any language you can think of.
… Another chart we found interesting was specific to developers at companies that have not traditionally been considered technology companies—such as insurance, retail, and even food and beverage companies. Of the developers surveyed, 91 percent say their non-technology company functions more like a technology company than it did ten years ago. This won't surprise anyone who has noticed firms like Walmart Labs sponsoring open source technology conferences and delivering presentations.
The full survey results are available for download in PDF form.
Tools & Techniques.
https://www.bespacific.com/7-powerful-search-engines-for-social-networks/
7 Powerful Search Engines for Social Networks
Make Use Of: “Are you looking for a long-lost friend or an ex-colleague? Perhaps you’re trying to catch up with the weirdest trends on social media? If so, you’ll need a way to search social networks. There have been some awfully weird trends on social media. How many of these do you remember? How many have you taken part in? Of course, most social networks have their own search engines built in, but they’re fundamentally limited by the fact they can only search their own database. And how you are supposed to know whether Aunt Mary is on Facebook, Twitter, or one of the other myriad options? The solution? Use a network-agnostic social search engine. They can search all of the most common networks, as well as lots of the niche, smaller ones…”
Tools & Techniques.
New photo enhancing AI includes physical damage restoration option
YouTuber bycloud takes viewers through Microsoft's new AI for repairing old photos, which he says "is probably the best physical damage restoration for images I've ever seen." The supporting academic paper is Bringing Old Photos Back to Life. Results still have a significant range of quality, but some of the best ones are quite impressive.
For those interested in trying it out, he also made a GitHub tutorial:
Resources.
A beginner’s guide to the math that powers machine learning
How much math knowledge do you need for machine learning and deep learning? Some people say not much. Others say a lot. Both are correct, depending on what you want to achieve.
… In this post, I will introduce some of my favorite machine learning math resources. And while I don’t expect you to have fun with machine learning math, I will also try my best to give you some guidelines on how to make the journey a bit more pleasant.
… my personal favorite is Khan Academy’s math courses. Sal Khan has done a great job of putting together a comprehensive collection of videos that explain different math topics. And it’s free, which makes it even better.
I honestly wish the President a fast and full recovery, but I can’t help wondering if he will try intravenous Clorox or Hydroxychloroquine or any of the other “cures” he has recommended.
President Trump, first lady test positive for coronavirus, set to quarantine at White House
No comments:
Post a Comment