admin – Page 34 – Cyber Law Watch

Old-school data breach sees hospital investigated

Mar 28 2017

While health institutions around the world work to secure patients’ personal information and prevent the hacking or leaking of data from their systems, one Melbourne hospital is being investigated after medical records were found lying in a gutter in a nearby street.

Fairfax Media reports Australia’s Privacy Commissioner Timothy Pilgrim is investigating how the paper records of 31 patients of the John Fawkner Private Hospital were removed from the premises last month.

The documents, which were found by a local resident, were sent to both the Privacy Commissioner, and Victoria’s Health Complaints Commissioner.

Under current legislation, there is no obligation for the hospital to notify the affected patients that their privacy has been breached. All this will change under the new data breach notification laws, which were passed by the Australian government last month, and are expected to come into force within the next 12 months.

This breach is a timely reminder for all businesses, government agencies and other organisations covered by Australia’s privacy laws to take stock of how they store personal information – whether it be in a filing cabinet, on a hard-drive, or in a cloud – and ensure it is secure.

Is your IoT device putting you at risk?

Mar 21 2017

By Cameron Abbott and Giles Whittaker

As the uptake of IoT (Internet of Things) devices increases, industry experts question whether adequate cybersecurity measures are in place. While we are not surprised with the results of a recent survey, it has been confirmed that IoT devices represent the next big cybersecurity threat.

A Tripwire study found 96% of surveyed IT pros expect to see an increase in security attacks on IoT. The study acknowledges the promise of these devices in facilitating tasks and bringing convenience, but also notes the risk they pose as they’re not always built with security in mind. The study found the industries facing the biggest threat include energy, utilities, government, healthcare and finance with devices connecting the Industrial Internet of Things viewed as susceptible to serious consequences. David Meltzer, COO at Tripwire, says there must be a change in the level of preparation for such attacks or the realization of these risks will be experienced.

You are not alone! Rasomware attacks increase

Mar 21 2017

By Cameron Abbott and Giles Whittaker

While no one likes to admit that they have been caught out or victimised by cyber-attacks such as ransomware, what appears to be true is that a lot of organisations are. The lesson is that it is quite likely to happen so design your IT systems to give you a recovery option. No good having your back up encrypted as well!

A survey (reg. req.) of IT security decision makers by CyberEdge found that a whopping 61% of respondents’ organizations were victimized by ransomware in 2016. Among those hit by ransomware, 33% paid the ransom to recover their data, 54% refused to pay but recovered their data anyway, and 13% refused to pay and lost their data. In general, the report found the percentage of organizations being hit by successful cyber-attacks continues to rise, from 62% in 2014 to 70% in 2015, 76% in 2016, and 79% in 2017. Three in five respondents believe a successful cyber-attack is likely in the coming year.

US Government charges two Russian spies for 2014 Yahoo data breach

Mar 17 2017

By Cameron Abbott and Giles Whittaker

US federal authorities have charged 4 men – including 2 Russian spies – in regards to the massive 2014 Yahoo data breach that resulted in the stolen data of over 500 million Yahoo accounts in 2014.

It is speculated that the Russian government used the information obtain to conduct a range of espionage activities, including the targeting of “Yahoo trade secrets that contained, among other data, subscriber information including users; names, recovery email accounts, phone numbers and certain information required to manually create or “mint,” account authentication web browser “cookies” for more than 500 million Yahoo accounts” according to an indictment.

In addition to the above Alexsey Belan – a 29 Latvian born Russian national – was able to steal financial information such as gift cards and credit card numbers from webmail accounts and used the accounts to profit from earning commissions on fraudulently redirecting a subset of Yahoo’s search engine traffic.

As the frequency and severity of cyber attacks increase, Director of the FBI James Comey identified the priority “to pierce the veil of anonymity surrounding cyber crimes,” and that US national security authorities “are shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests.”

Is Uber’s Greyball pushing the boundaries of what is legally and ethically OK?

Mar 13 2017

By Cameron Abbott and Allison Wallace

Ridesharing service Uber has been using a self-developed program called Greyball in a bid to avoid regulatory scrutiny and other law enforcement activity.

As reported in The New York Times, the program uses various techniques to survey government officials when rolling out the service in new cities. This came after Uber’s services encountered legal issues (including cars being impounded and drivers fined) as it tried to operate in new locations, including in Melbourne, Australia. Read More

Australia’s new data breach notification laws: what they mean for you

Feb 15 2017

By Cameron Abbott, Rob Pulham and Allison Wallace

Further to our blog post yesterday, we’ve prepared a summary into the implications of the Privacy Amendment (Notifiable Data Breaches) Bill 2017 that has now been passed by both houses of Parliament. Read our article here.

Australian data breach notification law passes both houses of Parliament

Feb 14 2017

By Cameron Abbott and Rob Pulham

For those who have been following the progress of the Australian data breach notification laws, as of yesterday (13 February 2017) the bill has been passed by both houses of Parliament and now awaits royal assent.

Update: Mandatory Data Breach Notification Laws closer to being introduced

Feb 07 2017

By Cameron Abbott and Allison Wallace

As foreshadowed by the Attorney General’s Department last year, the Australian government is pushing ahead with its plan to introduce mandatory data breach notification laws, with Parliament today agreeing to a third reading of the Privacy Amendment (Notifiable Data Breaches) Bill 2016. You can find more about the proposed legislation here. We’ll keep you updated as the bill makes its way through parliament.

Baseball team pays a big price for hacking

Feb 07 2017

By Cameron Abbott and Allison Wallace

You may not have followed this but the America’s Major League Baseball (MLB) St Louis Cardinals had an employee who accessed the Astros’ system around 60 times over two years, gaining access with a password similar to that used by a Cardinals colleague who left the club to work for the Astros in 2011. (Also a little lesson there about password management one would think.)

Anyway Correa was last year fined nearly USD280,000, and sentenced to 46 months in Federal prison. Enough said. Read More

Juniper report predicts IoT botnets will be an unmanageable cyber-security issue

Jan 26 2017

By Cameron Abbott

Juniper’s Internet of Things for Security Providers: Opportunities, Strategies, & Market Leaders 2016-2021 cautions that the scale of connectivity related to consumer IoT will lead to unmanageable cybersecurity risk created by botnets in excess of 1 million units. The research found that botnets that disrupt internet services form part of the near-term threat landscape and will be used for more malicious purposes in the future. Botnets are expected to be used not only to disrupt services, but also to create a distraction in order to enable multi-pronged attacks. While the research calls on IoT manufacturers to implement security-by-design, it also found the market is wide open for challenger security vendors.

Author - admin