Pete Recommends Weekly highlights on cyber security issues November 15, 2019

Subject: One cryptocurrency investor reportedly lost $24 million worth of bitcoin in a SIM swap attack
Source: Markets Insider
https://markets.businessinsider.com/currencies/news/bitcoin-investor-loses-24-million-of-crypto-sim-swap-hackers-2019-11-1028677818

  • Crypto investor Michael Terpin lost roughly 1,5oo bitcoins on January 7, 2018, after falling victim to a SIM swap attack, The Wall Street Journal reported.
  • The bitcoin stake was worth $24 million that day, roughly three weeks after the asset hit its record high price.
  • The incredibly precise hack involves thieves taking control of a phone number and using it to access email accounts, bank reserves, and even crypto wallets.

Michael Terpin was hit by the attack on January 7, 2018, days after bitcoin reached its record high price. Thieves stole roughly 1,500 bitcoins by taking control of his phone number and using Google’s “Forgot password?” feature to gain access to his email. With possession of the two personal accounts, the thieves hacked Terpin’s crypto wallet, stole the digital assets and quickly sold them, according to WSJ.


Subject: Google is collecting health data on millions of Americans
Source: CNN Wire via WPMT FOX43
https://fox43.com/2019/11/12/google-is-collecting-health-data-on-millions-of-americans/
  • Google has confirmed it’s collecting health data on millions of Americans through a new partnership with Ascension, one of the country’s largest nonprofit health systems. The tech company and Ascension confirmed they were working together to analyze patient data to give health care providers new insights and care suggestions for patients. The project, codenamed “Project Nightingale,” was first reported by the Wall Street Journal Monday.Although light on specifics, Google and Ascension said the partnership would integrate Ascension’s various silos of health data in the cloud. In a blog post, Google said the project was a “business arrangement to help a provider with the latest technology, similar to the work we do with dozens of other healthcare providers.”…
  • Google acknowledged the sensitivity of patient health data, adding that it’s “understandable” people wanted to ask questions about Project Nightingale. That’s why both companies issued public statements about the project hours after the Journal report.

Filed in: News, Technology
Topics: data, Google, health care

Subject: As auto technology advances, so does risk for hacking
Source: UPI.com
https://www.upi.com/Top_News/US/2019/11/12/As-auto-technology-advances-so-does-risk-for-hacking/1891572926178/?ur3=1

Nov. 12 (UPI) — As vehicle technology advances and cars become more sophisticated, experts say they also will become more popular targets for cybercriminals.Cybersecurity firm IntSights reported recently, in an analysis titled “Under The Hood: Cybercriminals Exploit Automotive Industry’s Software Features,” [10-page PDF] that cybercriminals have been circulating data on the Internet that describe how to hack into car systems.

Cars and trucks have been at least partly computerized for decades, but recent leaps in auto technology present hackers with a serious target, experts say.

The most common types of attacks target a car’s Controller Area Network protocol — a component that can open access to all of a vehicle’s functions. Hackers also use devices known as “code grabbers” to copy or intercept the signals used to remotely open and start a vehicle.

Etay Maor, IntSights’ chief security officer and one of the report’s editors, said auto hacks can potentially take over vehicle systems and harm drivers. But he says the main objective is to steal items from inside vehicles or take the vehicles.

Faye Francy, executive director of the Automotive Information Sharing and Analysis Center, said she isn’t surprised by the IntSights warning. Her organization shares, tracks and analyzes intelligence about cyberthreats in the auto industry.

She added that vehicle security is not solely the responsibility of automakers. Owners, she stressed, must be cautious when plugging smartphones and other communication devices into their vehicles. And when selling a vehicle, she said, it’s critical that drivers delete all the device-linked data from the car’s computer so it can’t be exploited by the next owner.


Subject: Federal Court Rules Suspicionless Searches of Travelers’ Phones and Laptops Unconstitutional
Source: EFF via beSpacific
https://www.bespacific.com/federal-court-rules-suspicionless-searches-of-travelers-phones-and-laptops-unconstitutional/

Subject: Hospital cyberattacks linked to heart attack deaths, study shows
Source: Reuters via Business Insider
https://www.businessinsider.com/cyber-attacks-hospitals-rise-in-heart-attack-deaths-study-2019-11

A study published by researchers at Vanderbilt and the University of Central Florida earlier this month examined mortality rates for heart attacks at more than 3,000 hospitals nationwide, 311 of which had experienced data breaches.

The study, which we saw thanks to cybersecurity researcher Brian Krebs, found that those hospitals took as many as 2.7 minutes longer to give patients an ECG in the years following a data breach. Those hospitals also saw 36 additional deaths per 10,000 heart attacks per year on average.

Featured Digital Health Articles:
Telehealth Industry: Benefits, Services & Examples
Value-Based Care Model: Pay-for-Performance Healthcare
Senior Care & Assisted Living Market Trends
Smart Medical Devices: Wearable Tech in Healthcare
AI in Healthcare
Remote Patient Monitoring Industry: Devices & Market Trends


Subject: Everything you need to know about Google Reverse Image Search
Source: The Daily Dot via beSpacific
https://www.bespacific.com/everything-you-need-to-know-about-google-reverse-image-search/

The Daily Dot: “We’re living in the Instagram age, an era dominated by photos and images, it’s often very hard to determine if the photo you are looking at has been altered or not; image enhancement is almost considered protocol when it comes to creating online content, and photo-editing apps are too plenty to count. Along with this, the internet is home to a thriving repost culture, making it hard to pinpoint where a photo came from, and whether or not you are seeing it straight from its original source. For both instances, there’s one thing you can do to investigate a picture’s origin and authenticity, and that’s to use Google reverse image search. It’s a very quick process to do on your computer’s Web browser, but if you intend to do a Google reverse image search through your smartphone, you’ll need to have the Chrome app installed. Here’s a quick guide…”

beSpacific Subjects: Internet, Knowledge Management, Search Engines
TDD category: https://www.dailydot.com/debug/
site feed: https://www.dailydot.com/feed/


Subject: How to Protect Yourself From Unethical or Illegal Spying
Source: MakeUseOf via beSpacific
https://www.bespacific.com/how-to-protect-yourself-from-unethical-or-illegal-spying/

MakeUseOf: “A quick Google search for “spy software” yields over 150 million results. There is a massive interest in spying software and gadgets. Irrespective of the motivation or justification, spying is illegal. It is a gross invasion of privacy in most countries around the world. You don’t have to suffer if someone is spying on you. There are several tools that will help you find hidden spy apps and programs on your computer, smartphone, or otherwise. Here’s how to protect yourself from being spied on…”


Subject: Google’s health-care project with NIH was scuttled over data privacy concerns
Source: The Washington Post
https://www.washingtonpost.com/technology/2019/11/15/google-almost-made-chest-x-rays-public-until-it-realized-personal-data-could-be-exposed/

Two days before Google was set to publicly post more than 100,000 images of human chest X-rays, the tech giant got a call from the National Institutes of Health, which had provided the images: Some of them still contained details that could be used to identify the patients, a potential privacy and legal violation.

Google’s ability to uphold data privacy is under scrutiny as it increasingly inserts itself into people’s medical lives. The Internet giant this week said it has partnered with health-care provider Ascension to collect and store personal data for millions of patients, including full names, dates of birth and clinical histories, in order to make smarter recommendations to physicians. But the project raised privacy concerns in part because it wasn’t immediately clear whether patients had consented to have their files transferred from Ascension servers or what Google’s intentions were.

The Department of Health and Human Services said this week that it was looking into whether Google’s “mass collection of individuals’ health records,” through its Ascension partnership, may violate the Health Insurance Portability and Accountability Act, or HIPAA, the federal law that protects the privacy of some types of medical records.

Filed here: https://www.washingtonpost.com/business/technology/

Posted in: Civil Liberties, Cybercrime, Cybersecurity, Healthcare, Privacy