Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Data Transparency. Show all posts

Privacy is ‘Virtually Impossible’ on iPhones, Experts Warn

Privacy is ‘Virtually Impossible’ on iPhones, Experts Warn

Keeping your data hidden from Apple is ‘virtually impossible’, experts have warned. A groundbreaking study reveals that the default apps on iPhones, iPads, and MacBooks collect personal data even when they appear to be disabled. In a world where privacy concerns are paramount, this revelation raises significant questions about Apple’s commitment to safeguarding user information.

The Invisible Data Collection

The study, conducted by researchers from Aalto University in Finland, focused on Apple’s integral apps: Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My, and Touch ID. These apps are deeply embedded in the Apple ecosystem, making them challenging to remove. The researchers discovered that users often remain unaware of the data collection happening behind the scenes.

For instance, consider Siri—the friendly virtual assistant. When users enable Siri, they assume it only relates to voice control. However, Siri continues to collect data from other apps, regardless of the user’s choice. Unless users delve into the settings and specifically change this behaviour, their data remains vulnerable.

The Complexity of Protecting Privacy

Protecting your privacy on an Apple device requires expert knowledge and persistence. The online instructions provided by Apple are not only confusing but fail to list all necessary steps. Participants in the study attempted to change their settings, but none succeeded in fully protecting their privacy. The process was time-consuming, and the scattered instructions left users puzzled.

Amel Bourdoucen, a doctoral researcher at Aalto, highlights the complexity: “The online instructions for restricting data access are very complex and confusing, and the steps required are scattered in different places. There’s no clear direction on whether to go to the app settings, the central settings—or even both.”

The Uncertain Fate of Collected Data

While the study sheds light on the data collection process, the exact purpose of this information remains uncertain. Apple’s use of the collected data is not explicitly disclosed. However, experts predict that it primarily contributes to training Siri’s artificial intelligence and providing personalized experiences.

Recommendations for the Future

The study, to be presented at the prestigious CHI conference, offers several recommendations for improving guidelines:

Clearer Instructions: Apple should provide straightforward instructions for users to protect their privacy effectively. Clarity is essential to empower users to make informed decisions.

Comprehensive Settings: Consolidate privacy-related settings in one place. Users should not have to navigate a maze of menus to safeguard their data.

Transparency: Apple should be transparent about how collected data is used. Users deserve to know the purpose behind data collection.

In a world where privacy is a fundamental right, Apple’s slogan—“Privacy. That’s Apple.”—must translate into actionable steps. As users, we deserve control over our data, even in the face of seemingly insurmountable challenges.

Change Ransomware Attack: UnitedHealth Profits from a Crisis it Created

Change Ransomware Attack

Change Ransomware Incident: Details so far

The change Ransomware attack

  • Last week, an Oregon medical practice suffered a serious Ransomware attack called Change Ransomware.
  • Due to the attack, the medical practice was left with an empty bank account.
  • The only way out was to sell the practice to United Health. 

Emergency Exemption Request

  • UnitedHealth applied for an emergency exemption to speed up its acquisition of a medical practice in Corvallis, Oregon. 
  • The practice was on the verge of shutting down if the merger wasn't approved immediately.
  • The reason for this immediate merger is unclear, however, inside sources disclosed that it's the same issue affecting other health providers in the U.S.- the intentional weeks-long outage of United Health's Change Healthcare clearing and claims processing systems.
  • The outage compromised the flow of information essential for healthcare providers to get paid.

United Health's Profit Amid Crisis

  • United Health, a health insurer giant, has profited from desperation due to a hack of its Change computer systems. 
  • Roughly half of all healthcare transactions are down through Change.
  • The outage impacted 137 software apps that healthcare providers use. 
  • While healthcare providers try to cope with huge revenue losses, UnitedHealth keeps profiting and avoids disclosing its wealth.
  • UnitedHealth offered an emergency zero-interest lending program, providing small loans to healthcare institutions to "tide them over."

In the complicated healthcare industry, sometimes profit margins are prioritized over patient wellbeing. The recent UnitedHealth incident has raised concerns and left people in wonder. The controversy revolves around a Ransomware attack, a moral dilemma between ethical responsibility and financial interests, and an emergency exemption. UnitedHealth's Cyberattack Should Serve as a 'Wake-up Call' for HealthCare Sector

The Change Ransomware Attack

In Corvallis, Oregon, a medical facility practice faced a difficult situation. The change Ransomware attacks cost them their earnings, leaving the bank accounts empty, and almost pushing them on the verge of shutting down. 

To save themselves, the medical facility practice approached UnitedHealth. 

The Emergency Exemption Request

UnitedHealth immediately demanded an emergency exemption to speed the process of acquiring the struggling practice. The reason for the urgent exemption was unclear, however, inside sources suggested a common link: the weeks-long outage, that would slowly push healthcare providers on the brink of shutting down. The outage would disrupt the flow of information crucial for providing salaries to healthcare providers. 

UnitedHealth's Profits, Others Suffer in Crisis

Here's when the story gets interesting. UnitedHealth has profited from the desperate emergency exemption due to its own system's hacking. Half of the total healthcare transactions depend on Change. 

While healthcare providers were dealing with the losses and on the edge of falling, UnitedHealth declined to share its wealth. However, UnitedHealth is making profits. 

Learnings from the Change Ransomware Attack and UnitedHealth's Approach

The healthcare sector is also evolving quickly. Insurer Giants like UnitedHealth should be made accountable for their actions, and we must scrutinize their actions. 

The crisis amid which UnitedHealth made profits again underlines the dire need for accountability, transparency, and an honest commitment to patient wellbeing.

Ethics must prevail in the delicate balance between profit and well-being. 

Absence of Cybersecurity Expertise Affects Public-Safety Organizations

 

Cybersecurity threats have become pervasive for police departments, first responders, and other public-safety organizations, with 93% of organizations reporting a cybersecurity incident in the previous year. According to a report published on December 8 by cloud platform provider Mark43, which was based on a survey of 343 first responders. 

Based on the 2023 U.S. Public Safety Trends Report, 76% of first responders are concerned about the vulnerability of their IT systems to ransomware attacks and data breaches. Simultaneously, the vast majority of first responders must deal with outdated technology and disconnected systems, with 68% of public-safety officers required to file paperwork from the office rather than in the field, and 67% of first responders experiencing issues with inefficient technology, according to the report.

"These agencies in many cases do not have a dedicated security staff who can worry about these issues all day, ensuring that data is backed up and running vulnerability scans," he says. "To the the [cybersecurity] community, these are table stakes — you need to be doing patching, you need to be doing vulnerability scanning ... but these agencies are realizing that they cannot protect themselves from these risks on their own."

While technology can help fix many of the problems that presently afflict first responders, most state and local agencies lack the technical expertise to protect such technology from threats, as per Larry Zorio, chief information security officer for Mark43, which provides information systems for law enforcement and first responder agencies.

In 2021, the FBI warned that the Conti cybercriminals group had targeted at least 16 healthcare and first responder networks with ransomware. A ransomware attack disrupted 911 service in Suffolk County, New York in September 2022.

First Responders are being targeted

According to the FBI's 2021 advisory, these attacks pose additional risks to citizens.

"Cyberattacks targeting networks used by emergency services personnel can delay access to real-time digital information, increasing safety risks to first responders and could endanger the public who rely on calls for service to not be delayed," the advisory stated. "Loss of access to law enforcement networks may impede investigative capabilities and create prosecution challenges."

Ransomware attacks, in general, are expected to continue at the same rate, according to information technologists. According to a study commissioned by Ransomware.org, the vast majority of IT professionals (84%) see ransomware as a significant threat to businesses. Furthermore, 41% of IT professionals believe their company will be a target this year, while 43% believe the threat will remain the same.

The cybersecurity concerns of first responders are not unwarranted. In 2019 and 2020, ransomware groups intensified their attacks on state, local, tribal, and territorial (SLTT) government agencies. In 2019, for example, a coordinated ransomware attack on 22 town agencies and local government organizations disrupted citizen services. Ransomware attacks on local school systems impacted at least 753,000 students in 2019 and 1.2 million in 2020, according to the National Center for Education Statistics.

For first responders, cybersecurity threats must be balanced against the slow adoption of technology that could improve the efficiency of their jobs and operations. While the majority of first responders believe that an integrated reporting system would streamline operations, according to the Mark43 survey, only a quarter of first responder organizations (27%) have moved to the cloud — the other two-thirds have not.

According to the Mark43 survey, compliance and data transparency are also major concerns for first responders, with 86% of respondents requesting improved crime reporting and two-thirds requesting more public transparency.

The agencies must prioritize roles in technology, data management, and cybersecurity. Instead, cybersecurity is frequently delegated to untrained IT personnel within the department or to officers nearing retirement, according to Zorio.

"I don't feel that officers, who are trying to serve our communities, the fact that they are worried about that every day is definitely a concern," he says. "The industry in general needs to help them where we can, because it is not their job to worry about cybersecurity."

Based on the survey, cybersecurity issues include both malicious cybercriminal attacks and availability issues caused by attacks.