Another Top U.S. Health Provider Sees Millions of Patient Records Stolen — Here’s What We Know + More

Another Top U.S. Health Provider Sees Millions of Patient Records Stolen — Here’s What We Know

TechRadar reported:

Kentucky-based healthcare provider Norton has confirmed that it has suffered a significant ransomware attack that may have put the data of millions of its patients at risk.

In a filing to the Maine Attorney General on December 8, the healthcare giant said that 2.5 million individuals had been affected by the breach.

Norton said that the attack took place between May 7 and May 9, 2023, stating that it took until mid-November to analyze the extent of the attack and the types of patient data that had been exfiltrated.

Avoiding specifics, Norton says that some or all of the following data may have been exposed: name, contact information, Social Security Number, date of birth, health information, insurance information, and medical identification numbers. Some driver’s license numbers or other government ID numbers, financial account numbers, and digital signatures may also have been exposed.

When Protecting Kids Online, Don’t Let Apple and Google Off the Hook

Newsweek reported:

In the last year, Utah, Arkansas, Louisiana, and Texas passed landmark laws mandating age verification and parental consent for minors to access social media. We have worked with many state legislators to draft principles for this legislation.

With America’s youth caught in social media addiction and internet-mediated experiences influencing every part of their lives, parents need tools to control who is talking to and influencing their kids in order to raise them. In response, some Big Tech companies have either lobbied against the bills or tried to carve out exceptions for themselves.

Because of the constitutional, privacy, and practical concerns in having users age verified by tech platforms, we also have argued that legislatures should ensure that “age verification…be both effective and capable of preserving user privacy.”

Requiring users to give social media companies more personal information is akin to putting the wolves in charge of the chicken coop. Additionally, online anonymity would be threatened. This is why we have recommended that verification be conducted by a third party in a two-step authentication process, or even more securely by a third party using cryptographic methods like zero-knowledge proofs.

Another simple and straightforward solution that legislators should consider in their efforts to protect kids online is requiring age verification at the device level (as one of us has elaborated on in a recent policy brief from the Ethics and Public Policy Center and Institute for Family Studies). Smartphones serve as children’s main portals to the internet and social media platforms, and yet they have been unaddressed by any laws to date. According to a 2022 Pew Research study, 95% of teenagers have access to smartphones.

What’s Making Critics Most Worried About Competing Surveillance Bills in the House

The Washington Post reported:

There are two competing House proposals to revise and extend a potent surveillance tool due to expire at year’s end — and the opposing sides of the debate have tried to paint each other’s bills as fatally flawed.

On one side, critics say the House Intelligence Committee-approved version would dramatically expand the range of businesses that could be compelled to aid government surveillance, down to coffee shops that provide WiFi service.

On the other side, critics say the House Judiciary Committee-approved version would delay or inhibit investigations into a range of heinous crimes, such as human trafficking.

That only scratches the surface of the broadsides launched against both bills, which tackle an update and extension of Section 702 of the Foreign Intelligence Surveillance Act, long touted by national security officials as one of the most powerful surveillance authorities in the government’s arsenal and long decried by civil liberties advocates as privacy-invasive.

Pharmacies Share Medical Data With Police Without a Warrant, Inquiry Finds

The Washington Post reported:

The nation’s largest pharmacy chains have handed over Americans’ prescription records to police and government investigators without a warrant, a congressional investigation found, raising concerns about threats to medical privacy.

Though some of the chains require their lawyers to review law enforcement requests, three of the largest — CVS Health, Kroger and Rite Aid, with a combined 60,000 locations nationwide — said they allow pharmacy staff members to hand over customers’ medical records in the store.

Pharmacies’ records hold some of the most intimate details of their customers’ personal lives, including years-old medical conditions and the prescriptions they take for mental health and birth control.

Because the chains often share records across all locations, a pharmacy in one state can access a person’s medical history from states with more restrictive laws. Carly Zubrzycki, an associate professor at the University of Connecticut Law School, wrote last year that this could link a person’s out-of-state medical care via a “digital trail” back to their home state.

WEF Likens ‘Misinformation’ to a Cybersecurity Issue in Calls for More Action

Reclaim the Net reported:

According to a recent study by the World Economic Forum (WEF) and allied organizations, cybersecurity concerns are taking on new dimensions.

Misinformation and disinformation disseminated via the internet are now being framed as key challenges in ensuring “cybersecurity.” The troubling report was launched on December 5 and designated as “Cybersecurity Futures 2030: New Foundations.”

The study postulates the future of cybersecurity lies rather in safeguarding the integrity and source of data. This introduces a novel perspective on the significance of locating and quashing fabricated information, cynically tagged as “mis”- or “dis-information” held in the cybersecurity domain.

The report’s writers unfold an interesting perspective where “stable governments,” with long-term tech and cybersecurity strategies up their sleeves, morph into reliable and trustworthy information gatekeepers. The study also puts the roles of government and the private sector in preserving trust under its lens, particularly in the U.S. context, deliberating who should be entrusted with the key censorship task.

Amazon Is Still Selling the Clothes Hook Spy Cameras It’s Being Sued Over

Quartz reported:

Amazon may be responsible, at least partly, for a man spying on an underage girl using a clothes hook hidden camera, a U.S. judge ruled less than two weeks ago. You’d think the first thing the retail giant would do is pull down any and all such listings — but no.

The original listing for the camera referred to in the ongoing case is no longer online, but the BBC found several identical products on Amazon’s U.K. website. Quartz independently verified at least three listings of the sort on Amazon.co.uk and at least one on Amazon.com. No such results showed up for “clothes hook camera” on Amazon.co.in.

What’s more, the Seattle-based e-commerce titan lets vendors sell many more everyday items doubling as hidden cameras, such as alarm clocks, wall chargers, USB chargers, car keys, photo frames, and smoke alarms. Potential uses in the product descriptions include identifying an intruder, monitoring pets and kids, and catching a cheating partner.