Poor
data monitoring? Would they do the same thing if the potential
breach was an order of magnitude (or two) larger?
https://www.databreaches.net/unable-to-determine-what-files-were-accessed-norwood-clinic-notifies-all-228103-patients/
Unable
to determine what files were accessed, Norwood Clinic notifies all
228,103 patients
Norwood
Clinic
in Birmingham, Alabama is notifying 228,103 patients of a hacking
incident that left them unable to determine what, if anything, had
been accessed.
In
a notification to the Maine Attorney General’s Office, the clinic’s
external counsel reported
that
the breach began on September 20 and was discovered on October 22.
The types of patient information that may have been accessed included
name, contact information, date of birth, Social Security number,
Driver’s License number, limited health information, and/or health
insurance policy number.
In
their notice
to patients,
a copy of which was posted on their website, they write that despite
efforts by cybersecurity experts hired to help investigate the
incident
the
investigation was unable to confirm the specific information that may
have been accessed. Therefore, out of an abundance of caution,
Norwood is providing notice to all of its patients, regardless of
whether their information was in fact subject to unauthorized access
or acquisition. Norwood has no reason to believe [nor
any reason to doubt? Bob] that any individual’s
information has been misused as a result of this event.
Patients
are being offered credit monitoring services.
You
go where you can learn.
https://www.ft.com/content/1fb2f592-4806-42fd-a6d5-735578651471?segmentid=acee4131-99c2-09d3-a635-873e61754ec6
The
secret US mission to bolster Ukraine’s cyber defences ahead of
Russia’s invasion
Months
before the Russian invasion, a team of Americans fanned out across
Ukraine looking for a very specific kind of threat. Some were
soldiers, with the US Army’s Cyber Command. Others were civilian
contractors and some employees of American
companies that
help defend critical infrastructure from the kind of cyber attacks
that Russian agencies had inflicted upon Ukraine for years.
The
US had been helping Ukraine bolster
its cyber defences for
years, ever since an infamous 2015 attack on its power grid left part
of Kyiv without electricity for hours.
But
this surge of US personnel in October and November was different: it
was in preparation of impending war. People familiar with the
operation described an urgency in the hunt for hidden malware, the
kind which Russia could have planted, then left dormant in
preparation to launch a devastating cyber attack alongside a more
conventional ground invasion.
Experts
warn that Russia may yet unleash a devastating online attack on
Ukrainian infrastructure of the sort that has long been expected by
western officials. But years of work, paired with the past two
months of targeted bolstering, may explain why Ukrainian networks
have held up so far.
(Related)
https://www.wsj.com/articles/sec-considers-rule-requiring-firms-to-report-cyber-attacks-within-four-days-11646838001?mod=djemalertNEWS
SEC
Proposes Requiring Firms to Report Cyberattacks Within Four Days
Federal
regulators are considering a requirement that publicly traded
companies disclose data breaches and other significant cybersecurity
incidents within four days, as they seek to strengthen financial
markets’ resilience to online attacks.
It’s
all about perception. But put your lawyers on the big queston.
https://www.csoonline.com/article/3652337/should-cisos-stop-using-russian-security-and-tech-products.html#tk.rss_all
Should
CISOs stop using Russian security and tech products?
“From
a moral standpoint, CISOs should absolutely stop using Russian-made
security and technology products. However, from a security-related
standpoint, it’s much murkier,” says Shawn Smith, researcher and
director of infrastructure at nVisium. “There is always conflict
in the world, and while you should always evaluate backups in
situations like this, the products created by Russians aren’t any
less secure now than they were a month ago.”
Dominic
Grunden, CISO of UnionDigital Bank, strongly supports stopping use of
Russian-made products and services. “From a moral and humanity
perspective, imagine this: Your company would pay the Russian company
providing the security and tech product who in return pays taxes in
Russia, which directly supports the government and military that is
invading the Ukraine and resulting in loss of lives,” he tells CSO.
Grunden also cites the
global economic sanctions being imposed against Russia as
another issue, as CISOs
need to be sure they are not breaking laws in the countries the
company is operating in.
Invade
my country and I’ll identify you and call your mother!
https://www.wired.com/story/facial-recognition-identify-russian-soldiers/
Online
Sleuths Are Using Face Recognition to ID Russian Soldiers
It
takes five minutes to put a name to a soldier's face using little
more than a screenshot, but there's a catch.
ON
MARCH 1, Chechnya’s leader Ramzan Kadyrov posted a short video on
Telegram, in which a cheery
bearded soldier stood
before a line of tanks clanking down a road under an overcast sky.
In an accompanying post,
Kadyrov assured Ukrainians that the Russian army doesn’t hurt
civilians and that Vladimir Putin wants their country to determine
its own fate.
In
France, the CEO of a law enforcement and military training company
called Tactical Systems took a screenshot of the soldier’s face and
got to work. Within about an hour, using
face recognition services available to anyone online,
he
identified that
the soldier was likely Hussein Mezhidov, a Chechen commander close to
Kadyrov involved in Russia’s assault on Ukraine, and found his
Instagram account.
“Just
having access to a computer and internet you can basically be like an
intelligence agency from a film,” says the CEO
Devices
that rat you out?
https://www.oswego.edu/news/story/digital-assistants-artificial-intelligence-and-blurred-lines-intervention
Digital
assistants, artificial intelligence and the blurred lines of
intervention
How
are Alexa, Siri and artificial intelligence (AI) impacting and
intervening in dangerous situations in daily life? That’s an
evolving issue that SUNY Oswego communication studies faculty member
Jason Zenor continues to explore, including in an award-winning
publication.
In
“If You See Something, Say Something: Can Artificial Intelligence
Have a Duty to Report Dangerous Behavior in the Home,” published in
the Denver Law Review, Zenor
recounted a 2017 incident where police reported a jealous man
threatening his girlfriend at gunpoint unknowingly caused their
Amazon Echo’s Alexa to call the police, leading to his arrest.
While
the incident made national news -– in part because of its relative
rarity –- Zenor noted it represents the tip of an iceberg for how
AI evolves to interact with daily online activity.
… Liability
issues could complicate the picture even further, and could lead to
unexpected lawsuits for companies using AI.
“Once
you do act, then you do have a duty of due care,” Zenor said. “If
you do not use due care and it leads to an injury, then there could
be liability. So, companies may open themselves up to liability if
they program AI to be able to respond and it goes wrong. Conversely,
if the companies could program AI to do this and choose not to, then
there will certainly be at a minimum PR issues, but I could see it
turning into class action negligence cases when deaths do occur.”
Why are we afraid of creative AI?
https://www.natlawreview.com/article/update-artificial-intelligence-uspto-urges-federal-circuit-to-affirm-decision-ai
Update on
Artificial Intelligence: USPTO Urges Federal Circuit to Affirm
Decision That AI Cannot Qualify as an “Inventor”
In
three
previous
blog
posts,
we have discussed recent inventorship issues surrounding Artificial
Intelligence (“AI”) and its implications for life sciences
innovations – focusing specifically on scientist Stephen Thaler’s
attempt to obtain a patent for an invention created by his AI system
called DABUS (“Device for Autonomus Bootstrapping of Unified
Sentence). Most recently, we considered
Thaler’s
appeal of the September 3, 2021 decision out of the Eastern District
of Virginia, which ruled that under the Patent Act, an AI machine
cannot qualify as an “inventor.” Continuing this series, we now
consider the USPTO’s recently filed opposition to Thaler’s
appeal.
In
its opposition
brief,
the USPTO argued that under the “plain language Congress chose to
incorporate in the Patent Act,” only a human being can be
considered an “inventor.”
Tools
& Techniques.
https://www.bespacific.com/search-the-internet-with-marginalia/
Search
the internet with Marginalia
“This
is an independent DIY search engine that
focuses on non-commercial content, and attempts to show you sites you
perhaps weren’t aware of in favor of the sort of sites you probably
already knew existed. The software for this search engine is all
custom-built, and all crawling and indexing is done in-house. This
search engine isn’t particularly well equipped to answering queries
posed like questions, instead try to imagine some text that might
appear in the website you are looking for, and search for that…So
it’s a search engine. It’s perhaps not the greatest at finding
what you already knew was there, instead it
is designed to help you find some things you didn’t even know you
were looking for…”
Tools & Techniques. (Math students, check
number 6)
https://www.makeuseof.com/best-apps-to-study-stay-organized/
The 7 Best
Apps to Help You Study and Stay Organized
