Poor data monitoring? Would they do the same thing if the potential breach was an order of magnitude (or two) larger?
Unable to determine what files were accessed, Norwood Clinic notifies all 228,103 patients
Norwood Clinic in Birmingham, Alabama is notifying 228,103 patients of a hacking incident that left them unable to determine what, if anything, had been accessed.
In a notification to the Maine Attorney General’s Office, the clinic’s external counsel reported that the breach began on September 20 and was discovered on October 22. The types of patient information that may have been accessed included name, contact information, date of birth, Social Security number, Driver’s License number, limited health information, and/or health insurance policy number.
In their notice to patients, a copy of which was posted on their website, they write that despite efforts by cybersecurity experts hired to help investigate the incident
the investigation was unable to confirm the specific information that may have been accessed. Therefore, out of an abundance of caution, Norwood is providing notice to all of its patients, regardless of whether their information was in fact subject to unauthorized access or acquisition. Norwood has no reason to believe [nor any reason to doubt? Bob] that any individual’s information has been misused as a result of this event.
Patients are being offered credit monitoring services.
You go where you can learn.
The secret US mission to bolster Ukraine’s cyber defences ahead of Russia’s invasion
Months before the Russian invasion, a team of Americans fanned out across Ukraine looking for a very specific kind of threat. Some were soldiers, with the US Army’s Cyber Command. Others were civilian contractors and some employees of American companies that help defend critical infrastructure from the kind of cyber attacks that Russian agencies had inflicted upon Ukraine for years.
The US had been helping Ukraine bolster its cyber defences for years, ever since an infamous 2015 attack on its power grid left part of Kyiv without electricity for hours.
But this surge of US personnel in October and November was different: it was in preparation of impending war. People familiar with the operation described an urgency in the hunt for hidden malware, the kind which Russia could have planted, then left dormant in preparation to launch a devastating cyber attack alongside a more conventional ground invasion.
Experts warn that Russia may yet unleash a devastating online attack on Ukrainian infrastructure of the sort that has long been expected by western officials. But years of work, paired with the past two months of targeted bolstering, may explain why Ukrainian networks have held up so far.
(Related)
SEC Proposes Requiring Firms to Report Cyberattacks Within Four Days
Federal regulators are considering a requirement that publicly traded companies disclose data breaches and other significant cybersecurity incidents within four days, as they seek to strengthen financial markets’ resilience to online attacks.
It’s all about perception. But put your lawyers on the big queston.
Should CISOs stop using Russian security and tech products?
“From a moral standpoint, CISOs should absolutely stop using Russian-made security and technology products. However, from a security-related standpoint, it’s much murkier,” says Shawn Smith, researcher and director of infrastructure at nVisium. “There is always conflict in the world, and while you should always evaluate backups in situations like this, the products created by Russians aren’t any less secure now than they were a month ago.”
Dominic Grunden, CISO of UnionDigital Bank, strongly supports stopping use of Russian-made products and services. “From a moral and humanity perspective, imagine this: Your company would pay the Russian company providing the security and tech product who in return pays taxes in Russia, which directly supports the government and military that is invading the Ukraine and resulting in loss of lives,” he tells CSO. Grunden also cites the global economic sanctions being imposed against Russia as another issue, as CISOs need to be sure they are not breaking laws in the countries the company is operating in.
Invade my country and I’ll identify you and call your mother!
https://www.wired.com/story/facial-recognition-identify-russian-soldiers/
Online Sleuths Are Using Face Recognition to ID Russian Soldiers
It takes five minutes to put a name to a soldier's face using little more than a screenshot, but there's a catch.
ON MARCH 1, Chechnya’s leader Ramzan Kadyrov posted a short video on Telegram, in which a cheery bearded soldier stood before a line of tanks clanking down a road under an overcast sky. In an accompanying post, Kadyrov assured Ukrainians that the Russian army doesn’t hurt civilians and that Vladimir Putin wants their country to determine its own fate.
In France, the CEO of a law enforcement and military training company called Tactical Systems took a screenshot of the soldier’s face and got to work. Within about an hour, using face recognition services available to anyone online, he identified that the soldier was likely Hussein Mezhidov, a Chechen commander close to Kadyrov involved in Russia’s assault on Ukraine, and found his Instagram account.
“Just having access to a computer and internet you can basically be like an intelligence agency from a film,” says the CEO
Devices that rat you out?
Digital assistants, artificial intelligence and the blurred lines of intervention
How are Alexa, Siri and artificial intelligence (AI) impacting and intervening in dangerous situations in daily life? That’s an evolving issue that SUNY Oswego communication studies faculty member Jason Zenor continues to explore, including in an award-winning publication.
In “If You See Something, Say Something: Can Artificial Intelligence Have a Duty to Report Dangerous Behavior in the Home,” published in the Denver Law Review, Zenor recounted a 2017 incident where police reported a jealous man threatening his girlfriend at gunpoint unknowingly caused their Amazon Echo’s Alexa to call the police, leading to his arrest.
While the incident made national news -– in part because of its relative rarity –- Zenor noted it represents the tip of an iceberg for how AI evolves to interact with daily online activity.
… Liability issues could complicate the picture even further, and could lead to unexpected lawsuits for companies using AI.
“Once you do act, then you do have a duty of due care,” Zenor said. “If you do not use due care and it leads to an injury, then there could be liability. So, companies may open themselves up to liability if they program AI to be able to respond and it goes wrong. Conversely, if the companies could program AI to do this and choose not to, then there will certainly be at a minimum PR issues, but I could see it turning into class action negligence cases when deaths do occur.”
Why are we afraid of creative AI?
Update on Artificial Intelligence: USPTO Urges Federal Circuit to Affirm Decision That AI Cannot Qualify as an “Inventor”
In three previous blog posts, we have discussed recent inventorship issues surrounding Artificial Intelligence (“AI”) and its implications for life sciences innovations – focusing specifically on scientist Stephen Thaler’s attempt to obtain a patent for an invention created by his AI system called DABUS (“Device for Autonomus Bootstrapping of Unified Sentence). Most recently, we considered Thaler’s appeal of the September 3, 2021 decision out of the Eastern District of Virginia, which ruled that under the Patent Act, an AI machine cannot qualify as an “inventor.” Continuing this series, we now consider the USPTO’s recently filed opposition to Thaler’s appeal.
In its opposition brief, the USPTO argued that under the “plain language Congress chose to incorporate in the Patent Act,” only a human being can be considered an “inventor.”
Tools & Techniques.
https://www.bespacific.com/search-the-internet-with-marginalia/
Search the internet with Marginalia
“This is an independent DIY search engine that focuses on non-commercial content, and attempts to show you sites you perhaps weren’t aware of in favor of the sort of sites you probably already knew existed. The software for this search engine is all custom-built, and all crawling and indexing is done in-house. This search engine isn’t particularly well equipped to answering queries posed like questions, instead try to imagine some text that might appear in the website you are looking for, and search for that…So it’s a search engine. It’s perhaps not the greatest at finding what you already knew was there, instead it is designed to help you find some things you didn’t even know you were looking for…”
Tools & Techniques. (Math students, check number 6)
https://www.makeuseof.com/best-apps-to-study-stay-organized/
The 7 Best Apps to Help You Study and Stay Organized
No comments:
Post a Comment