A recent
HHS settlement that included a relatively small monetary penalty, $31,000,
didn’t seem to get a lot of media attention. Maybe today’s announced settlement stemming
from a laptop
theft that resulted in a steep monetary penalty will get attention? From HHS:
The U.S. Department of Health and
Human Services, Office for Civil Rights (OCR), has announced a Health Insurance
Portability and Accountability Act of 1996 (HIPAA) settlement based on the
impermissible disclosure of unsecured electronic protected health information
(ePHI). CardioNet has
agreed to settle potential noncompliance with the HIPAA Privacy and Security
Rules by paying $2.5 million and implementing a corrective action plan. This settlement is the first involving a
wireless health services provider, as CardioNet provides remote mobile
monitoring of and rapid response to patients at risk for cardiac arrhythmias.
In January 2012, CardioNet
reported to the HHS Office for Civil Rights (OCR) that a workforce member’s laptop was stolen from a parked vehicle outside of
the employee’s home. The
laptop contained the ePHI of 1,391 individuals. OCR’s investigation into the impermissible
disclosure revealed that CardioNet had an insufficient risk analysis and risk
management processes in place at the time of the theft. Additionally, CardioNet’s policies and
procedures implementing the standards of the HIPAA Security Rule were in draft
form and had not been implemented. Further,
the Pennsylvania –based organization was unable to produce any final policies
or procedures regarding the implementation of safeguards for ePHI, including
those for mobile devices.
“Mobile devices in the health
care sector remain particularly vulnerable to theft and loss,” said Roger
Severino, OCR Director. “Failure to
implement mobile device security by Covered Entities and Business Associates
puts individuals’ sensitive health information at risk. This disregard for security can result in a
serious breach, which affects each individual whose information is left
unprotected.”
The Resolution Agreement and
Corrective Action Plan may be found on the OCR website at https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/cardionet
SOURCE: HHS
More than
five years from report of the theft to HHS settlement? It would be great if HHS had the resources to
investigate and pursue more cases in a way that resolves them more quickly.
My students would never do this. I’m almost positive.
The University of
Professional Studies, Accra (UPSA) has sacked 22 of its students who
hacked into the school’s computer system to manipulate their results.
A notice of dismissal from the
university said it took the decision after meeting on the issue at an emergency
meeting on Wednesday, 15th February, 2017 by the Academic Board.
The affected students are to
leave with school campus with immediate effect.
Source: Ghana/ClassFMonline.com/91.3FM. Although the students were dismissed for
hacking, other coverage suggests that there was one hacker, hired and paid by
the other students.
Unlike the U.S., where FERPA might prevent disclosure of
some of the details, there’s apparently less such prohibition in Ghana, as The
Citizen’s Ghana published
the names and pictures of some of the 22.
Does Russia really prefer Le Pen, the Trump-like
candidate?
French Presidential Candidate Targeted by Russia-Linked
Hackers
A notorious cyber espionage group linked to the Russian
government has targeted the political party of French presidential candidate
Emmanuel Macron, according to a report published on Tuesday by Trend Micro.
… Macron’s campaign has
confirmed for The Wall Street Journal that staffers received
phishing emails, but claimed the hacking attempts had failed. The National Cybersecurity Agency of France
(ANSSI) also confirmed the attacks, but refused to comment on their origin, Reuters reported.
… According to
Trend Micro, the En Marche phishing site was set up in mid-March. The security firm also discovered
a phishing domain apparently set up to target the Konrad-Adenauer-Stiftung
(KAS) political foundation in Germany. The
KAS phishing site, named kassap.de, was created in early April.
For my Computer Security students. It’s not always preparation for Cyber
War. Sometimes it’s just about the
money. (Ignore the specifics,
concentrate on the strategy.)
China's hand caught in the cookie jar
China’s hand in the cookie jar? Nation state or corporate espionage? Some themes change and others stay the same,
this theme continues to morph as the China, its state-owned enterprises and
conglomerates with ties to the government continue to vacuum up global
technologies.
Why? Obtaining the
fruits of the labors of other’s research and development via subterfuge and skullduggery
is much more cost efficient than conducting principal research directly
… Those who have
poo-pooed the efficacy of security awareness programs, should take heed.
Siemens did not detect the theft of the intellectual
property via sophisticated data loss prevention technologies. They may have used those technologies to
verify the employee’s activities, but it was one employee noting something was
not quite right and reporting it in an appropriate and actionable manner. Self-policing at its best.
If an employee does not exceed their professional brief,
that is their normal and natural access necessary to conduct their duties, it
is near impossible to detect their having broken trust with their employer,
except through their non-technical behavior, which is observable by colleagues.
How valuable would this data be?
I started covering Aadhaar years ago on PogoWasRight.org
as a data protection mega-disaster waiting to happen. Those early posts are no longer available
online, but I’ve continued to watch for news on its implementation and
concerns. And while India’s government
keeps reiterating that everything is secure and fine, I keep seeing breach/leak
reports. So I was pleased to see that Nikhil Pahwa has compiled a list of
Aadhaar leaks.
I realize that when we’re talking about a database with
more than 1 BILLION individuals’ records, small leaks – even 1 million – may
seem like a drop in the bucket, but I still fear it’s only a matter of time
before we read about a breach that will dwarf the headline-grabbing Yahoo!
breach.
An interesting thought.
The Threat to Critical Infrastructure - Growing Right Beneath
Our Eyes
Nation-States do Not Fear Reprisal and are Likely to use ICS Artacks as
a Component of Geo-Political Conflict
… The “red lines”
that conventional wisdom once held would prevent disruptive or destructive
attacks against critical infrastructure have now been crossed numerous times,
and we can safely assume they will be again.
The notion of cold-war era “Mutually Assured Destruction”
as a deterrent force has dimmed and nation-states, jihadists and even
cyber-criminals have taken notice.
… Nation-states do
not fear reprisal and are likely to use ICS attacks as a component of
geo-political conflict. Alarmingly,
offensive cyber tools are becoming commonplace, lowering the bar for rogue
nations, jihadists and hacktivists to get into the ICS attack game. And, cyber-criminals are figuring out that ICS
networks are critical and therefore valuable, meaning it is only a matter of
time until we see major ransomware trends in ICS.
Trade in your Smartphone for an Artificially Intelligent
phone?
If this continues, one day my husband will be considered
far-sighted for refusing to give up his little old flip phone.
Bernie Suarez writes:
The march towards an Orwellian
future where every form of human behavior is being monitored by AI-driven appliances and electronics is quickly
becoming a reality. This was the plan
from the start and as we can see the ruling elite have not slowed down one bit
in their attempt to create this kind of world.
It is thus no surprise that
Samsung is releasing a new smart phone this week called the S8 and S8+ that has
a software called “Bixby” which will be studying your behavior in real-time and
will be reacting, responding and “learning” from you accordingly.
The new Samsung S8 smart phone
represents one of the first portable devices released to the general public in
which the owner will be officially
creating a 2-way relationship with the machine.
Read more on Activist
Post.
Interesting. I’ll
ask my students if anyone would like to go for a ride…
Waymo’s self-driving minivans are now offering rides to real
people in Arizona
Starting today, residents of the greater Phoenix metropolitan
area can sign up to go for a ride in a self-driving minivan. As often as they want. For free.
Waymo, the self-driving car startup spun
off from Google late last year, announced today that it’s offering its
services to members of the public for the first time. Waymo is calling it an “early rider program,”
intent on cataloguing how on-demand, driverless cars will factor into people’s
everyday lives. Interested participants
can sign up on the company’s website, and
Waymo will select riders depending on the the types of trips they want to take
and their willingness to use the self-driving service as their primary mode of
transportation.
Making language irrelevant? Making it possible for everyone to read the
ads?
Google adds support for more Indian languages to Gboard,
Maps, Translate; to leverage neural machine learning
… Having a
smartphone is a boon in the digital age, but is the language becoming a barrier
for the majority of Indians from tapping the fullest potential of a smart
device or internet in general?
Internet giant Google sees an
opportunity of growth in the vernacular segment. While it has already added Indian language
support to some of its services, the company today announced further expansion
to the number of Indian languages supported. It also revealed plans to leverage machine
learning to further improve its services with the Indian languages. Starting today, Google‘s products
including Maps, Translate, Chrome, and Gboard will support over 30 Indian
languages.
… It is estimated
that by 2021, Hindi speaking users will overtake English speaking Internet
users. Furthermore, 9 out of 10 users in
the next four years are likely to be Indian language users.
No comments:
Post a Comment