[metaslider id=2951] … Read More
Archives for February 2017
Activists and academics are calling on Canada’s privacy commissioner to investigate after an executive order from President Donald Trump last week stripped Canadians and other foreigners of the limited digital privacy protections they had enjoyed previously in the U.S.
The move could affect up to 90 per cent of Internet traffic in Canada, which is commonly routed through the U.S.
In an order signed last Wednesday, Trump declared that federal agencies “shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”
The Department of Homeland Security in 2007 extended certain Privacy Act protections to include “non-U.S. persons including visitors and aliens.” The original Privacy Act of 1974 did not cover non-U.S. citizens.
Trump’s order “has enormous implications for the privacy of everyone living outside the United States,” wrote Michael Geist, a professor of e-commerce law at the University of Ottawa.
“Given the close integration between U.S. and Canadian agencies — as well as the fact that Canadian Internet traffic frequently traverses into the U.S. — there are serious implications for Canadian privacy.”
Ronald Diebert of the University of Toronto’s Citizen Lab estimated that some 90 per cent of Canadian Internet traffic is routed through the United States. When it comes to the Internet, “there is no border,” he said in 2013.
Many have wondered whether any privacy protections really exist for Internet traffic in the U.S., given the 2013 revelations from Edward Snowden’s leaked documents showing mass, warrantless surveillance of telecommunications in the U.S. The Obama administration expanded the ability of intelligence agencies to share surveillance data, shortly before leaving office.
Trump’s new executive order “has real life implications,” consumer activist group OpenMedia said in a statement. “Everything from your financial status, to your medical history, your sexual orientation, and even your religious and political beliefs are exposed.”
The group said some Canadians “have had their lives ruined” due to inappropriate disclosure of data, even when they did no wrong.
“Some have faced career limitations, while others have had to deal with travel restrictions. When health records are wrongfully shared with U.S. border agents, even an encounter with the mental health system 20 years ago can be grounds to deny entry,” OpenMedia’s statement said.
Both OpenMedia and Geist are calling on the office of Canada’s Privacy Commissioner to open an immediate investigation.
OpenMedia is also calling for “a reassessment of what information our government chooses to share with the U.S.”
Recent cases of potential health data breaches include a cybersecurity breach, unauthorized access, and a stolen desktop computer.
– Flint, Michigan-based Singn and Arora Oncology Hematology is notifying 22,000 patients that some of their information may have been accessed in a cybersecurity breach, according to an ABC12 report.
An unauthorized user reportedly accessed one of the organization’s servers between February 2016 and July 2016. However, the practice did not become aware of the incident until August 2016.
Patient names, Social Security numbers, and insurance information were contained in the files. While there is no indication that the data was used for malicious purposes, Singn and Arora explained in its letter that it cannot say with complete certainty that the information was not compromised.
Potentially affected patients are being offered one year of complimentary free credit monitoring services.
10K impacted by unauthorized website access in Calif.
Verity Health System in California recently reported that an unauthorized third party may have accessed the personal information of “more than 9,000 individuals.”
Verity Health detected the access on January 6, 2017, and that it occurred on the Verity Medical Foundation-San Jose Medical Group website. The website is no longer in use but “immediate steps” were taken to secure it. The access reportedly took place between October 2015 and January 2017.
Potentially affected information included patient names, dates of birth, medical record numbers, addresses, email addresses, phone numbers and the last four digits of credit card numbers. However, full credit card numbers and Social Security numbers were not included. The data was also from 2010 to 2014.
While Verity reported 9,000 affected individuals in its statement, the OCR data breach reporting tool states that 10,164 were likely impacted.
“Verity Health System takes the security of our patients’ information seriously, and we regret that this incident occurred,” Verity Health CEO Andrei Soran said in a statement. “We took immediate steps to investigate this incident, notify the affected individuals and appropriate authorities, and ensure enhanced protection of our information systems going forward. We are working with a leading cyber-security firm to further evaluate the integrity of our information systems.”
Verity established a call center to answer questions and will also be offering potentially affected patients one free year of credit monitoring services.
This is another great article from Lifars – posted February 3, 2017
Click here to read the full interview of Danial Reardon
Here is a snippet:
LIFARS: Could you tell us about overall risk in the face of ransomware attacks in healthcare industry?
Daniel: The overall risks to the healthcare industry regarding ransomware attacks are very high and they will continue to increase in 2017. While most industries have experienced their issues combating ransomware, the healthcare industry is being targeted more and more and with even greater precision. Why is this?
The healthcare industry and healthcare data affects human lives, and these organizations are in the business of doing whatever they can to help and protect human life. This makes healthcare data (PHI) absolutely mission critical to the nature of their business. These healthcare organizations must operate under HIPAA compliance to satisfy the healthcare data requirements.
I believe the increased risk from ransomware is because the secret is out that hospitals and healthcare organizations have been paying ransoms to get their encrypted data or systems back online. Healthcare organizations are submitting to these criminals, and are taking no chances at losing patient data, potential lawsuits, or even worse, putting human lives at risk.
There are examples out there where healthcare organizations have paid tens of thousands in ransom to get patient data back. Cyber criminals are aware of these payments, and they are using ransomware as their weapon to expose this policy weakness.
While healthcare organizations should primarily focus on preventing ransomware from getting on their networks in the first place, some organizations are paying the ransom because it is the quickest way to get their data back and or/a system back online. Delta Risk has had clients seek our advice on whether they should pay a ransom if they are impacted. While we advise highly not to pay a ransom, there are clients considering it as part of a contingency plan if such a problem where to occur on a mission critical system.
Paying ransoms has really created momentum in the ransomware risks to a healthcare organization. Paying a ransom doesn’t guarantee you will be able to even get the data back, and it will also put a bigger bullseye on the organization’s back as the criminals begin to target any paying organization more aggressively.
Another factor I believe attributed to the increase in ransomware attacks is the cryptocurrency bitcoin. Bitcoin has been a boon for criminals looking to make a quick buck, and it compliments ransomware extremely well. Bitcoin is a means for these criminals to blackmail healthcare organizations without much trace to the financial transaction. It has gotten easier to setup a bitcoin account, and to link a bitcoin account to the malware so that a ransom can distributed easily and anonymously. Bitcoin has perpetuated the spreading of ransomware with criminal intent for financial gain.
As more healthcare devices get integrated online, these devices will continue to expose healthcare organizations to more risks as their digital footprint expands. As the old adage goes, “There is no honor amongst thieves”, so I foresee the ransomware threat to healthcare industry to continue to develop and in a more tactical manner, without any mercy. Spearheaded ransomware that targets entire business functions or operational systems that are mission critical will continue to disrupt healthcare organizations. As long as the potential for profit is greater than the likelihood of getting caught, healthcare organizations will to continue to be a criminal’s primary target.
Microsoft’s offers to users yielded results: Windows 10 installations for corporate users are constantly increasing and have already reached roughly 25 percent worldwide. That’s why the experts at AV-TEST decided to examine 12 corporate solutions for Windows 10.
Normally companies are slow to upgrade to new systems. For Windows 10, however, this trend is moving more quickly than expected. The worldwide share of Windows 10 among all operating systems is already at 25 percent. That is almost four times the market share of Windows 8.1.
Yet even with the new Windows 10, companies cannot rely on the built-in resources when it comes to security. A good client and server security solution is indispensable here. AV-TEST examined 12 security solutions for corporate users in the categories of protection, performance and usability. The tests took place over a two-month period in November and December 2016.
Two products achieve a top rating
The products can score up to 6 points in each test phase. This means a maximum of 18 points can be achieved. If a product reaches 18 or 17.5 points, it is rated a “top product”. The solutions from Bitdefender and Kaspersky Lab (Small Office Security) garnered this special recognition. A total of four products attained excellent results of 17 points: the packages from Symantec, Seqrite, Trend Micro and Kaspersky Lab (Endpoint Security).
All other corporate solutions tested still delivered good results of 14.5 to 16.5 points. This is also the range achieved by the free Microsoft System Center Endpoint Protection module.
It is rare to come across an article that is full of timely, accurate information on how to protect the endpoint, not whitepapers from specific vendors on why their endpoint products are the best, or picking the threat du jour and how to stop.
In the document from Tech Target – “Put Endpoint Security in Capable Hands”, provides clear and concise steps, to protect the endpoints, supplementary defenses, as well as a discussion on Cloud based endpoint security. Written by three highly respected individuals – Eric Cole, Michael Cobb and Karen Scarfone, it is well worth the time to download and read.