Knowing
where your data is stored and what “normal” access should be is a
requirement for GDPA compliance. Isn’t it?
On
May 10, when DataBreaches.net first
reported that
the American
Medical Collection Agency had
been breached, we reported that information from 200,000 payment
cards had been found for sale on a top-tier market by Gemini
Advisory analysts,
whose investigation linked those cards to AMCA. At the time, we did
not know how many other payment cards might be put up for sale in
other batches at a later date. Nor did we know how much PHI and PII
may have been acquired by what appeared to be a hack of AMCA’s
patient portal.
That
week, very few news outlets picked up my report of the breach. Maybe
200,000 didn’t seem huge or maybe my little blog still doesn’t
get the attention it deserves. But this week, everyone is paying
attention to the breach because Quest
Diagnostics revealed
that 11.9 million of their patients were impacted and Quest and
Optum360 (who does billing for Quest) are investigating the incident
and have suspended referring past due accounts to AMCA in the
interim.
Then
today, Brian Krebs reported
that
LabCorp
reported
that 7.7 million of its patients had personal and/or financial
information exposed in the breach. So
we’re already at almost 20 million and that’s just from two of
AMCA’s clients. As I noted earlier, this may turn out to be the
biggest HIPAA breach of 2019.
Of
note, Krebs reports that AMCA reportedly informed LabCorp that it is
notifying 200,000 LabCorp patients whose credit card or bank account
information may have been accessed. That number is the same number
of payment cards that Gemini Advisory found up for sale, but Gemini
had informed DataBreaches.net that 15% of the cards had personal
information such as DOB and/or Social Security numbers. AMCA
reportedly informed LabCorp that none of LabCorp’s patients’ SSN
were stored on AMCA’s server. So the 200,000 cards for sale are
not necessarily — and probably aren’t — all LabCorp patients.
I
really fear we are just at the tip of this iceberg.
Implications
for social engineering. Why we run background checks. LinkedIn
never checks,
Fake
LinkedIn Profiles Are Impossible to Detect
Ever
wonder if all of the LinkedIn profiles that boast comprehensive
expertise, outstanding performance, and enviable recommendations…are
well, real? – Fake
LinkedIn Profiles Are Impossible to Detect:
“Don’t trust everything you see on LinkedIn. We created a fake
LinkedIn profile with a fake job at a real company. Our fake profile
garnered the attention of a Google recruiter and gained over 170
connections and 100 skill endorsements. Everyone is talking about
fake accounts on Facebook and fake followers on Twitter. LinkedIn
hasn’t been part of the conversation, but Microsoft’s social
network also has a big problem… [Note – this article is a must
read – I had no idea that it was so easy to create fake LinkedIn
profiles with what appear to be actual work histories, connections
and bona fides…]
More
evidence that the FBI is a collection of independent investigators
rather than a uniform organization?
Face
Recognition Technology: DOJ and FBI Have Taken Some Actions in
Response to GAO Recommendations to Ensure Privacy
Face
Recognition Technology: DOJ and FBI Have Taken Some Actions in
Response to GAO Recommendations to Ensure Privacy and Accuracy, But
Additional Work Remains. GAO-19-579T:
Published: Jun 4, 2019. Publicly Released: Jun 4, 2019.
“The FBI’s face recognition office can now search databases with more than 641 million photos, including 21 state databases. In a May 2016 report, we found the FBI hadn’t fully adhered to privacy laws and policies or done enough to ensure accuracy of its face recognition capabilities. This testimony is an update on this work and our 6 recommendations, only one of which has been fully addressed. For example, while the FBI has conducted audits to oversee the use of its face recognition capabilities, it still hasn’t taken steps to determine whether state database searches are accurate enough to support law enforcement investigations…”
Let’s
try this… How about that… A handy-dandy little chart to
summarize the amendments.
CCPA
Amendment Update June 2019 – Twelve Bills Survive Assembly and Move
to the Senate
… This
post provides clarity to an otherwise murky process by: 1) presenting
an overview of the California state legislative process; 2)
identifying a CCPA timeline and key deadlines; 3) analyzing the CCPA
amendments that recently passed the Assembly along with noteworthy
bills that failed in the Senate; and 4) outlining likely next steps
for amendment efforts prior to the law’s effective date.
Should
we expect a sea change in politics?
Can
Algorithms Help Us Decide Who to Trust?
The
use of artificial intelligence (AI) and algorithms is increasing
within organizations to manage business processes, hire employees,
and automate routine organizational decision making. This comes as
no surprise, since the application of simple linear algorithms have
been shown to outperform human judgment in the accuracy of many
administrative tasks. A
2017 Accenture survey also
revealed that 85% of executives want to invest more extensively in
AI-related technologies over the next three years.
Despite
this forecast, the reality is that, at
least in some cases,
humans display strong feelings of aversion to the use of autonomous
algorithms. For example, surveys
reveal
that 73% of Americans report that they are afraid to ride in a
self-driving vehicle. Human doctors are also preferred
over
algorithms in the medical context, despite evidence that algorithms
might sometimes deliver more
accurate diagnoses.
Such aversion creates work situations where the implementation of AI
leads to a sub-optimal, inefficient, and biased use of algorithms.
So, if AI is to become an important management tool in our
organizations, algorithms need to be used as trusted advisors to
human decision-makers. They should also help promote trust within
the company.
… does
AI really possess such a “social” skill? This is an important
question to ask because trust
requires socially sensitive skills that are perceived to be uniquely
human. In
fact, the unique ability to understand human emotions and desires is
a prerequisite
for
judging individual’s trustworthiness and is hard to resemble
artificially. So can algorithms providing advice in this area of
human interaction be accepted by human decision-makers?
A
podcast.
How
companies like Google are dealing with the ethics of AI
The
Verge editor-in-chief Nilay Patel and AI reporter James Vincent
discuss AI ethics and bias, and, specifically, what companies like
Google are doing to tackle such challenges.
Perspective. Not the future of space enterprise I
dreamed of as a kid, but with many of the enabling tools.
Why Big
Business Is Making a Giant Leap into Space
… Amazing
things already are. One indication that big business is taking space
more seriously is that interest has moved from the fringe to the
mainstream, says Wharton management professor Anoop
Menon.
While space retains an undeniably speculative aspect, especially
around development of business models, a number of factors are coming
together now to suggest that big business’s foray into space is
here.
“I
don’t think we are necessarily a long way away — it’s a matter
of being creative,” said Menon, co-author with Laura Huang and
Tiona Zuzul of “Watershed
Moments, Cognitive Discontinuities, and Entrepreneurial Entry: The
Case of New Space.”
Satellites that capture geospatial data are potentially quite
lucrative, he says, tracking shipping movements, deforestation or the
location of mining deposits. “This is an interesting one,” says
Menon of another idea: “Taking pictures of parking lots at Wal-Mart
and Target and selling that to hedge funds, since traffic is a pretty
good leading indicator of economic activity.”
Expect a market in “disconnectors.”
Everything
Will Connect to the Internet Someday, and This Biobattery Could Help
Make That a Reality
… The
Internet of Disposable Things
is a phenomenon in which wireless sensors are attached to nearly any
type of device in order to provide up-to-date information via the
internet. For example, a sensor could be attached to food packaging
to monitor the freshness of the food inside.
“Internet
of Disposable Things (IoDT) is a new paradigm for the rapid evolution
of wireless sensor networks,” said Seokheun
Choi, associate professor of electrical and computer engineering at
Binghamton University.
“This novel technique, constructed in a small, compact, disposable
package at a low price point, can connect things inexpensively to
function
for only a programmed period and then be readily thrown away.”
Like
‘Moneyball’ but for individuals.
How
Trevor Bauer Remade His Slider — And Changed Baseball
Travis
Sawchik is a FiveThirtyEight staff writer. His new book “The MVP
Machine: How Baseball’s New Nonconformists Are Using Data to Build
Better Players,” co-authored with The Ringer’s Ben Lindbergh, is
available
this week.
In it, they examine how outsiders (and a few forward-thinking
insiders) are employing unconventional ideas along with new
data from new technology
to lead a bottom-up revolution in improving skill levels. We’re
publishing an excerpt of the book on how Cleveland Indians pitcher
Trevor Bauer, a trailblazer in player development, used new
technology like the high-speed Edgertronic camera,
which he introduced to baseball — along with some stealthy
reconnaissance — to fuel his 2018 breakout. It was Bauer who
ushered a new, game-altering
field
into the sport: pitch design.
I’ve
lectured on several topic, have tons of handouts – why not combine
that into a book?
No comments:
Post a Comment