The
inevitable result of any security breach?
John
Commins reports:
Anthem Inc. faces hefty costs to repair the massive security breach
that may have compromised the personal records of 80 million people.
The extent of that liability could depend upon what safeguards the
health plan had in place, and how it responds to the concerns of
customers and federal regulators, industry observers say.
Given that this is the largest breach of healthcare sector data in
U.S. history, Anthem potentially could face record-busting fines for
violating the Health Insurance Portability and Accountability Act.
Or not, says Chris Apgar, CEO of Apgar & Associates, Portland,
OR-based, healthcare data security consultants.
Read
more on HealthLeaders
Media.
[From
the article:
With
respect to potential HIPAA violations, Apgar says the Department of
Health and Human Services' Office of Civil Rights will ask Anthem to
explain the breach in detail.
"They'll
be asking for a copy of their risk analysis, all of your security
policies and procedures, describe the incident, what you did to
mitigate, what are your efforts to prevent this from happening
again," Apgar says. "If you can answer those questions,
it's a matter of being able to demonstrate that they did the right
thing."
…
Even if the fines for HIPAA violations are relatively mild, Keegan
says Anthem is already looking at spending $100 million or more just
to notify consumers and pay for credit monitoring.
(Related)
NOW will you spend some money on security?
I
think many of us thought that the more aware businesses and
organizations became aware of hacks and malware risks, the more they
would rush to get cyberinsurance to protect themselves from financial
ruin from a data breach. Cyberattacks should be good for business –
if your business is cyberinsurance, right? But that’s not
necessarily true, as Pymnts.com reports:
Just hours after Anthem, the second-largest U.S. health insurer,
announced
it had suffered a massive security breach, the largest Lloyd’s of
London insurer said cyber
attacks are now too big for private insurance companies to handle,
according
to the Financial Times.
Catlin Group CEO Stephen Catlin told an insurance conference in
London on Thursday (Feb. 5) that governments should take over risk
coverage for hacking and malware. “Our balance sheets are not
large enough to pay for that,” Catlin said, adding that
cybersecurity was the
“biggest, most systemic risk” he had ever seen.
Read
more on Pymnts.com
Perspective.
Cyber-attacks
rising in Utah, likely due to NSA facility
Utah
state officials have seen what they describe as a sharp uptick in
attempts to hack into state computers in the last two years, and they
think it related to the NSA data center south of Salt Lake City.
…
The state tracks the attempts with an automated system it purchased
after a breach of health care information in 2012. The system
detects, stops and counts the attempts to get into the computers,
Squires said.
With
that new equipment in place in January 2013, the state was seeing an
average of 50,000 a day with spikes up to 20 million, Squires told
The Associated Press. In February 2013, the number rose to an
average of 75 million attacks a day, with up to 500 million on some
days.
Attention
geeks!
Raspberry
Pi 2 Crippled By Xenon Camera Flash 'Death Ray'
…
You see, if your camera
happens to have a Xenon flash, taking a picture of the RPi 2 while
it's operational might cause it to lock up, or power off. It sounds
ridiculous, but it's true.
Considering
the fact that others were able to confirm this issue so quickly, it
doesn't seem like this issue would affect just a small number of
second-gen RPi units. Some chip - likely the SoC
- seems to be lacking shielding, and in some cases, even covering it
up with light reflective material doesn't help. In one case, the
issue would go away if the unit was turned upside-down.
How
many “Things” attached to the Internet of Things will be
gathering too much data, sending it to the manufacturer or some
unnamed Third Parties who will than merge that information into a
'fractional dossier' that anyone can purchase for a nominal fee?
Samsung
warns people about discussing 'sensitive information' in front of
their SmartTV
Samsung's
new SmartTV has a cool new voice-command feature, through which the
internet-connected device could record everything you say and
transmit it to a third party, writes
the Daily Beast.
The
company's voice recognition software allows viewers to communicate
with their television by talking to it. It's enabled when a
microphone symbol appears. Basically, instead of using a traditional
remote control to change the channel, people can simply ask their
Samsung TV to do it for them by uttering a few words.
This
is worrying people, largely
due to a warning hidden deep inside its "privacy policy."
The Daily Beast first spotted this sentence, which reads:
Please be aware that if your spoken words include personal or other
sensitive information, that information will be among the data
captured and transmitted to a third party.
…
"If the transmission is not encrypted, a SmartHacker could
conceivably turn your TV into an eavesdropping device," the
website adds.
…
Similar concerns were also raised about Siri in the US. The service
also transmits information to a third-party.
(Related)
Eventually, the possibility of escaping in a “getaway” car will
no longer exist. Police will simply ask, “Someone ran out of this
bank and drove away. Find them. Notify the closest patrol cars.
Stand by to shut down the car on command.”
Wireless
Systems in Vehicles Need a Lot of Improvement, Says Mass. Senator
…
The report, which comes from the office of Senator Edward Markey
(D-Mass.), says that security protocols on vehicles that prevent
hackers from controlling them are “inconsistent and haphazard,”
and most vehicles are not able to promptly detect exploits and act on
them. “Drivers have come to rely on these new technologies, but
unfortunately the automakers haven’t done their part to protect us
from cyberattacks or privacy invasions,” read the report, which
adds that there is a “clear lack of appropriate security measures”
to safeguard drivers from hackers.
…
Several types of information are collected by vehicles’ wireless
systems – the report states physical location on a regular basis,
the last place where an owner parked their car, travel time, distance
of travel, and previous driving destinations. Markey’s concerns
about data collection, however, are nothing new, as the Alliance of
Automobile Manufacturers and the Association of Global Automakers
both responded to privacy concerns by releasing a set of guidelines
regarding how data is harvested.
Will
free “Office” Apps be enough to entice small businesses to drop
Microsoft? Interesting question.
Google
Outs Gameplan To Overthrow Microsoft Office
There
are few pieces of software
as ubiquitous as Microsoft's
Office,
and given its prominence for the past two-and-a-half decades, it's a
hard ruler to overthrow. But that notion doesn't tame the likes of
Google.
In fact, the company's come forward about its plans to dethrone
Microsoft Office, and nab at least 80% of its business. Now that's
what we call ambition.
Google's
Microsoft Office chase began ten-years-ago with the launch of its
Google
Apps
platform. Today, Google
Apps has become a solid all-in-one solution for businesses
wanting to move most of their data and services to the cloud, such as
email, storage, and so forth.
Since
2007, Google's Docs service has been integrated as well, which allows
users to create
documents,
spreadsheets, and slideshows right on the Web. Best of all, these
documents can be edited by more than one person at once, and have
advanced sharing capabilities.
Something
to scan for quotable quotes?
UK
Interception of Communications Code of Practice
Via
The
Register: “The UK government slipped out consultation documents
on “equipment interference” and “interception of
communications” (read: computer hacking by police and g-men) on
Friday. They were made public on the same day that the Investigatory
Powers Tribunal ruled
that the spying revelations exposed by master
blabbermouth Edward Snowden had accidentally made British
spooks’ data-sharing love-in with the NSA legal. The Home Office
said it was seeking responses from Brits on its revised and updated
draft
Interception of Communications Code of Practice (PDF) and a
newly-proposed equipment
interference code (PDF). “The purpose of the codes is to make
publicly available more information about the robust safeguards that
apply to the police and the security and intelligence agencies in
their use of investigatory powers,” said Secretary of State Theresa
May’s department.”
[From
the draft:
…
An application for an interception warrant should state whether the
interception is likely to give rise to a degree of collateral
infringement of privacy.
…
RIPA does not provide any special protection for legally privileged
communications.
…
There
is no prohibition in RIPA on the evidential use of any material that
is obtained as a result
of lawful interception which takes place without a warrant, pursuant
to sections 3 or 4 of RIPA , or pursuant to some other statutory
power.
For
my Statistics students.
2012
Economic Census Geographic Area Series: Utilities
“This
is a series of national-, state-, county-, place-, and metro
area-level data files with statistics for all industries in the
utilities sector down to the six-digit North American Industry
Classification System level. These include statistics for electric
power generation, transmission and distribution; natural gas
distribution; and water, sewage, and other systems. The files
provide statistics on the number of establishments, receipts or
revenue, payroll, number of employees and other data items by
industry. Today’s release is the first for the utilities sector
and covers Colorado
and geographic
entities therein only. Statistics for the other states and
geographic entities within them, for this sector, will be released on
a flow basis over the coming months. The data from the 2012 Economic
Census (as well as historical information from the 2007, 2002, and
1997 economic censuses) are available on census.gov.
Reference information about the economic census, including a data
release schedule, is available on the 2012
Economic Census home page.”
[The
correct link is:
http://factfinder.census.gov/faces/tableservices/jsf/pages/productview.xhtml?pid=ECN_2012_US_22A1&prodType=table
No comments:
Post a Comment