No
matter how logical it was to hold off on the audit (and there are
many good reasons to do so) the perception will be that they were not
concerned about security.
Shaun
Nichols reports:
A year or so before
American health insurer Anthem admitted it had been
ruthlessly ransacked by hackers, a US federal watchdog had offered to
audit the giant’s computer security – but was rebuffed.
And, after
miscreants
looted Anthem’s servers and accessed up to 88.8
million private records, the watchdog again offered to audit the
insurer’s systems, and was again turned away.
No
real surprise there, as now that everyone’s suing them, why would
they want an audit that could become more fodder for litigation? [To
confirm they had found and fixed all the problems? Bob]
But
why did they decline last year?
“We do not know why Anthem refuses to cooperate,” government
officials told The Register today.
The Office of the Inspector General (OIG) for the US Office of
Personnel Management (OPM) told us it wanted to audit Anthem’s
information security protections back in 2013, but was snubbed by the
insurer.
According to the agency, Anthem
participates in the US Federal Employees Health Benefits Program,
which requires regular audits from the OIG, audits that
Anthem allegedly thwarted. Other health insurers submit to Uncle
Sam’s audits “without incident,” we’re told.
Read
more on The
Register.
Will
Anthem live to regret its decision not to permit an audit last year?
And will HHS/OCR take that refusal into account in its own
investigation of the Anthem breach?
Interesting
that civilian researchers are “discovering” techniques that the
military has been using for decades. Perhaps next they will realize
that they do not need to break encryption to determine who is calling
whom.
Researchers
can work out your location based on who you talk to on Twitter
Researchers
from Cornell University have worked out how to track Twitter users'
locations — even when they have location services disabled.
A
paper from Ryan Compton, David Jurgens and David Allen explains a new
method for tracking the location of Twitter users to around 6km
based on who they interact with. Using the method, the researchers
say, they're able to "geotag over 80% of public tweets."
(Related)
A way to “discover” what can be learned from metadata. I wonder
if US companies would see this as a significant (money making) idea?
Simon
Sharwood reports:
Australia’s dominant carrier, Telstra, will give its customers the
chance to access their metadata, for a fee.
The new policy, explained in a post
from chief risk officer Kate Hughes, is based on the principle that
“offering the same access to a customer’s own metadata as we are
required to offer to law enforcement agencies.”
Read
more on The
Register.
Hard
to block all access on the Internet, but 100,000 is a very small
percentage of the population.
A
British-made documentary about a grisly gang rape in India spread
throughout social media on Thursday, thwarting official efforts to
block it and gaining a wide audience despite a government ban.
A
spokesman for YouTube in India, Gaurav Bhaskar, said that the
company had agreed to a government request to block channels of
multiple users who had uploaded the documentary. The original link
posted by the BBC, however, was still available, he said.
By Thursday night, the film had been viewed more than 100,000 times
from that link, not including viewings from other sources.
This
talk could have been titled, “Once upon a time, we had this thing
called Privacy”
Andy
Yen: Think your email's private? Think again
Sending
an email message is like sending a postcard, says scientist Andy Yen
in this thought-provoking talk: Anyone can read it. Yet encryption,
the technology that protects the privacy of email communication, does
exist. It's just that until now it has been difficult to install and
a hassle to use. Showing a demo of an email program he designed with
colleagues at CERN, Yen argues that encryption can be made simple to
the point of becoming the default option, providing true email
privacy to all.
[Also
see: https://protonmail.ch/
The
implications of your new hip, or pacemaker as just another thing on
the Internet of Things? We have no group we trust to gather, store
and analyze sensitive data and take all our personal secrets to the
grave. No matter how beneficial, we expect to see our data
compromised.
Medical
device surveillance on the horizon
Thousands
of people around the world have been exposed to toxic chemicals
generated by their metal hip implants. Similarly, many patients have
contracted infections from pieces of implanted mesh used in
hernia-repair surgery, even though materials less prone to causing
complications were available.
In
these cases, and many more like them, experts say the health care
system is failing to quickly detect and react to problematic medical
devices. It’s all the more puzzling because the health care system
is generating more data than ever on patients, and the safety gaps in
the system have long been recognized by Congress and health care
researchers.
Quicker
detection and communication could spare scores of patients from
suffering complications, if researchers could tap the vast troves of
health data that doctors and hospitals have begun to collect on their
patients.
That’s
why harnessing the potential of data on patients is one of the main
goals of a national device surveillance system proposal being
unveiled Monday by the health care arm of the Brookings Institution,
the Washington think tank.
The
report, “Strengthening Patient Care,” written at the behest of
the Food and Drug Administration’s device-safety division, lays out
an ambitious seven-year, $250 million proposal to study and then
launch the National Medical Device Postmarket Surveillance System.
Every
state will need laws that address drones. I wonder how many will
bother to pass them.
Derrick
Nunnally reports:
The Washington state House of Representatives passed a series of
bills Wednesday to strengthen privacy rights against emerging
incursions from surveillance technology and drone aircraft.
Under the bills sent to the Senate by wide, bipartisan margins, it
would become a state misdemeanor and civil liability for a private
citizen to use a drone to peep on another person, and police would
need specific legislative permission to buy new drones or other types
of advanced surveillance technology.
And a piece of technology already in use by police to sweep up data
from cellphone signals would require a warrant for any future usage.
Read
more from AP on KOMO
News.
I
wonder if Google runs their business through their smartphones? The
“little guys” Google is partnering with are the ones in direct
contact with users.
Android
for Work pushes Google further into enterprise
Google's
push into the enterprise gained steam last week when the company
finally launched Android
for Work, a containerization platform and standalone app for
older Android devices that lets IT administrators create separate
corporate and personal workspaces on Android smartphones and tablets.
Android
for Work is Google's latest attempt to address two of Android's most
significant challenges for IT: security and fragmentation. The
latest version of Android, v5.0, known as "Lollipop," now
supports separate spheres for personal and work. Devices running
older versions of the OS can access some of the same features in a
separate Android for Work app.
Google
is taking a partner-centric approach in hopes of encouraging more
businesses to adopt Android for enterprise applications and
protocols. To this end, the company partnered with many well-known
enterprise mobility management (EMM) providers, including BlackBerry,
Citrix, IBM, MobileIron, SAP, Soti and Vmware.
Four
one-hour talks. Might be worth watching.
Join
Me for An Afternoon of Free Webinars About Google Apps
On
March 31st Simple
K12 is hosting an afternoon
of free webinars about Google tools for teachers. The webinars
will start at 1pm Eastern Time and run until 5pm Eastern Time.
These
free
webinars are designed for folks who are new to using Google
tools. Teachers who would like to pick up some tips for teaching
others how to take advantage of the great things that Google has to
offer will also enjoy the content of these webinars.
Click
here to register for this free PD opportunity.
…
We will make the recordings available for 2 weeks following the
event.
First,
I need to get my students to talk in class. Then I might try this
collaboration stuff.
10+
No-Signup Collaboration Tools You Can Use in 10 Seconds
Criteria:
- No sign-up
- No download
- Shareable link
- Quick to start (10 seconds or less)
- Accessible from any Internet-enabled device
An
infographic that covers almost everyone. Then there are us
non-users who completely ignored the fad.
9
Types of Facebook Users – Which One Are You?
Have
you heard of a website called Facebook?
Of course you have! It’s one of the most popular sites on the
Internet. Everyone and their mom (literally) is on the social
network for one reason or another, and comically, most users seem
to fall into one of nine different categories.
Via
Optify
No comments:
Post a Comment