Wednesday, June 05, 2019


Knowing where your data is stored and what “normal” access should be is a requirement for GDPA compliance. Isn’t it?
On May 10, when DataBreaches.net first reported that the American Medical Collection Agency had been breached, we reported that information from 200,000 payment cards had been found for sale on a top-tier market by Gemini Advisory analysts, whose investigation linked those cards to AMCA. At the time, we did not know how many other payment cards might be put up for sale in other batches at a later date. Nor did we know how much PHI and PII may have been acquired by what appeared to be a hack of AMCA’s patient portal.
That week, very few news outlets picked up my report of the breach. Maybe 200,000 didn’t seem huge or maybe my little blog still doesn’t get the attention it deserves. But this week, everyone is paying attention to the breach because Quest Diagnostics revealed that 11.9 million of their patients were impacted and Quest and Optum360 (who does billing for Quest) are investigating the incident and have suspended referring past due accounts to AMCA in the interim.
Then today, Brian Krebs reported that LabCorp reported that 7.7 million of its patients had personal and/or financial information exposed in the breach. So we’re already at almost 20 million and that’s just from two of AMCA’s clients. As I noted earlier, this may turn out to be the biggest HIPAA breach of 2019.
Of note, Krebs reports that AMCA reportedly informed LabCorp that it is notifying 200,000 LabCorp patients whose credit card or bank account information may have been accessed. That number is the same number of payment cards that Gemini Advisory found up for sale, but Gemini had informed DataBreaches.net that 15% of the cards had personal information such as DOB and/or Social Security numbers. AMCA reportedly informed LabCorp that none of LabCorp’s patients’ SSN were stored on AMCA’s server. So the 200,000 cards for sale are not necessarily — and probably aren’t — all LabCorp patients.
I really fear we are just at the tip of this iceberg.




Implications for social engineering. Why we run background checks. LinkedIn never checks,
Fake LinkedIn Profiles Are Impossible to Detect
Ever wonder if all of the LinkedIn profiles that boast comprehensive expertise, outstanding performance, and enviable recommendations…are well, real? – Fake LinkedIn Profiles Are Impossible to Detect: “Don’t trust everything you see on LinkedIn. We created a fake LinkedIn profile with a fake job at a real company. Our fake profile garnered the attention of a Google recruiter and gained over 170 connections and 100 skill endorsements. Everyone is talking about fake accounts on Facebook and fake followers on Twitter. LinkedIn hasn’t been part of the conversation, but Microsoft’s social network also has a big problem… [Note – this article is a must read – I had no idea that it was so easy to create fake LinkedIn profiles with what appear to be actual work histories, connections and bona fides…]




More evidence that the FBI is a collection of independent investigators rather than a uniform organization?
Face Recognition Technology: DOJ and FBI Have Taken Some Actions in Response to GAO Recommendations to Ensure Privacy
The FBI’s face recognition office can now search databases with more than 641 million photos, including 21 state databases. In a May 2016 report, we found the FBI hadn’t fully adhered to privacy laws and policies or done enough to ensure accuracy of its face recognition capabilities. This testimony is an update on this work and our 6 recommendations, only one of which has been fully addressed. For example, while the FBI has conducted audits to oversee the use of its face recognition capabilities, it still hasn’t taken steps to determine whether state database searches are accurate enough to support law enforcement investigations…”




Let’s try this… How about that… A handy-dandy little chart to summarize the amendments.
CCPA Amendment Update June 2019 – Twelve Bills Survive Assembly and Move to the Senate
This post provides clarity to an otherwise murky process by: 1) presenting an overview of the California state legislative process; 2) identifying a CCPA timeline and key deadlines; 3) analyzing the CCPA amendments that recently passed the Assembly along with noteworthy bills that failed in the Senate; and 4) outlining likely next steps for amendment efforts prior to the law’s effective date.




Should we expect a sea change in politics?
Can Algorithms Help Us Decide Who to Trust?
The use of artificial intelligence (AI) and algorithms is increasing within organizations to manage business processes, hire employees, and automate routine organizational decision making. This comes as no surprise, since the application of simple linear algorithms have been shown to outperform human judgment in the accuracy of many administrative tasks. A 2017 Accenture survey also revealed that 85% of executives want to invest more extensively in AI-related technologies over the next three years.
Despite this forecast, the reality is that, at least in some cases, humans display strong feelings of aversion to the use of autonomous algorithms. For example, surveys reveal that 73% of Americans report that they are afraid to ride in a self-driving vehicle. Human doctors are also preferred over algorithms in the medical context, despite evidence that algorithms might sometimes deliver more accurate diagnoses. Such aversion creates work situations where the implementation of AI leads to a sub-optimal, inefficient, and biased use of algorithms. So, if AI is to become an important management tool in our organizations, algorithms need to be used as trusted advisors to human decision-makers. They should also help promote trust within the company.
does AI really possess such a “social” skill? This is an important question to ask because trust requires socially sensitive skills that are perceived to be uniquely human. In fact, the unique ability to understand human emotions and desires is a prerequisite for judging individual’s trustworthiness and is hard to resemble artificially. So can algorithms providing advice in this area of human interaction be accepted by human decision-makers?




A podcast.
How companies like Google are dealing with the ethics of AI
The Verge editor-in-chief Nilay Patel and AI reporter James Vincent discuss AI ethics and bias, and, specifically, what companies like Google are doing to tackle such challenges.




Perspective. Not the future of space enterprise I dreamed of as a kid, but with many of the enabling tools.
Why Big Business Is Making a Giant Leap into Space
Amazing things already are. One indication that big business is taking space more seriously is that interest has moved from the fringe to the mainstream, says Wharton management professor Anoop Menon. While space retains an undeniably speculative aspect, especially around development of business models, a number of factors are coming together now to suggest that big business’s foray into space is here.
I don’t think we are necessarily a long way away — it’s a matter of being creative,” said Menon, co-author with Laura Huang and Tiona Zuzul of “Watershed Moments, Cognitive Discontinuities, and Entrepreneurial Entry: The Case of New Space.” Satellites that capture geospatial data are potentially quite lucrative, he says, tracking shipping movements, deforestation or the location of mining deposits. “This is an interesting one,” says Menon of another idea: “Taking pictures of parking lots at Wal-Mart and Target and selling that to hedge funds, since traffic is a pretty good leading indicator of economic activity.”




Expect a market in “disconnectors.”
Everything Will Connect to the Internet Someday, and This Biobattery Could Help Make That a Reality
The Internet of Disposable Things is a phenomenon in which wireless sensors are attached to nearly any type of device in order to provide up-to-date information via the internet. For example, a sensor could be attached to food packaging to monitor the freshness of the food inside.
Internet of Disposable Things (IoDT) is a new paradigm for the rapid evolution of wireless sensor networks,” said Seokheun Choi, associate professor of electrical and computer engineering at Binghamton University. “This novel technique, constructed in a small, compact, disposable package at a low price point, can connect things inexpensively to function for only a programmed period and then be readily thrown away.”




Like ‘Moneyball’ but for individuals.
How Trevor Bauer Remade His Slider — And Changed Baseball
Travis Sawchik is a FiveThirtyEight staff writer. His new book “The MVP Machine: How Baseball’s New Nonconformists Are Using Data to Build Better Players,” co-authored with The Ringer’s Ben Lindbergh, is available this week. In it, they examine how outsiders (and a few forward-thinking insiders) are employing unconventional ideas along with new data from new technology to lead a bottom-up revolution in improving skill levels. We’re publishing an excerpt of the book on how Cleveland Indians pitcher Trevor Bauer, a trailblazer in player development, used new technology like the high-speed Edgertronic camera, which he introduced to baseball — along with some stealthy reconnaissance — to fuel his 2018 breakout. It was Bauer who ushered a new, game-altering field into the sport: pitch design.




I’ve lectured on several topic, have tons of handouts – why not combine that into a book?



No comments: