Metomic Finds Healthcare Organizations Are at High Risk of a Data Breach with 25% of Publicly Shared Files Containing Sensitive Data 

Posted in Commentary with tags on July 24, 2024 by itnerd

Metomic today released its “Healthcare Data Crisis – Uncovering the Alarming Gaps in Data Security and Compliance” report, offering deep insights on all the ways insecure file-sharing practices are putting healthcare organizations at risk of a data breach. Metomic revealed that 25% of publicly shared files owned by healthcare organizations contain Personally Identifiable Information (PII). Sixty-eight percent of private files that have been shared externally (giving access to people outside of the organization) contained PII and 77% of private files shared internally. 

While publicly shared files that contain highly sensitive data pose the biggest risk for healthcare organizations and underscore the need for data security and DLP tools, many of the access permissions for private files are never updated or removed. This leads to “stale data” living in places like Google Drive where multiple people continue to have access to files they no longer need or should not be able to retrieve, creating high-risk environments that could easily lead to a data breach. 

Metomic’s findings are extremely alarming considering the spiraling trend of data breaches happening across the healthcare space, a highly regulated industry that must follow strict data standards and legislative policies such as HIPAA and GDPR. According to The HIPAA Journal, the healthcare industry experienced more data breaches in 2021 than any previous year. That upward trend has continued to rise. Not only did 2023 see a record number of data breaches, but also a record number of the “most breached records” with more than 133 million records exposed. 

This year, the ransomware attack on Change Healthcare wreaked havoc across the industry, disrupting payments to hospitals, pharmacies, and healthcare providers for more than a week. UnitedHealth claims the attack will likely cost the company between $1.35 billion and $1.6 billion by the end of the year.  

Another concerning trend identified by Metomic is the amount of payment card industry (PCI) information, such as credit card numbers and banking information, that is saved in publicly shared and external files. According to Metomic’s research, 1% of publicly shared files owned by healthcare organizations contain PCI—a number that, at first glance, seems relatively tiny, but 1% means that there are easily accessible files that contain highly vulnerable financial data. 

Given the distressing number of data breaches happening across the healthcare space, it’s imperative that PCI data be heavily monitored at all times. 

The full report, which also includes common file-sharing errors and DLP tactics to stop high-risk data from being exposed, can be downloaded on Metomic’s website at: “Healthcare Data Crisis – Uncovering the Alarming Gaps in Data Security and Compliance.”

Leave a comment »

CrowdStrike Says Sorry To Their Partners By Offering Up A $10 Gift Card…. Seriously?!?!

Posted in Commentary with tags on July 24, 2024 by itnerd

TechCrunch is reporting that they have in their possession an email where CrowdStrike who took down millions of PCs worldwide is offering up a $10 gift card as their way of saying sorry:

CrowdStrike, the cybersecurity firm that crashed millions of computers with a botched update all over the world last week, is offering its partners a $10 Uber Eats gift card as an apology, according to several people who say theyreceived the gift card, as well as a source who also received one.

On Tuesday, a source told TechCrunch that they received an email from CrowdStrike offering them the gift card because the company recognizes “the additional work that the July 19 incident has caused.” 

“And for that, we send our heartfelt thanks and apologies for the inconvenience,” the email read, according to a screenshot shared by the source. The same email was also posted on X by someone else. “To express our gratitude, your next cup of coffee or late night snack is on us!”

Now this email was sent to their partners as opposed to their end customers. Likely because their partners are taking the brunt of the anger over this epic fail by CrowdStrike. Still is $10 worth it for partners who have had to do heroics to get customers back online, and if they’re like me are likely still doing heroics to get their customers online? Personally, I don’t think so. But you tell me by leaving a comment below and sharing your thoughts.

Leave a comment »

New Samsung Galaxy Z Fold6, Galaxy Z Flip6, Galaxy Watch Ultra, Galaxy Watch7, & Galaxy Buds3 Series Are Now Available In Canada

Posted in Commentary with tags on July 24, 2024 by itnerd

The new Samsung Galaxy Z Fold6, Galaxy Z Flip6, Galaxy Watch Ultra, Galaxy Watch7, and Galaxy Buds3 Series are now available for purchase at Samsung Experience Stores, online at samsung.com/ca, and at select national retail and carrier partners across Canada. If you missed my first look at these products, here’s a link my first look.

Here’s the pricing for all the new devices:

  • Galaxy Z Fold6 – 256GB starting at $2,564.99
  • Galaxy Z Fold6 – 512GB starting at $2,724.99
  • Galaxy Z Flip6 – 256GB starting at $1,462.99
  • Galaxy Z Flip6 – 512GB starting at $1,622.99
  • Galaxy Watch Ultra 47mm starting at $879.99
  • Galaxy Watch7 44mm BT starting at $449.99
  • Galaxy Watch7 40mm BT starting at $409.99
  • Galaxy Watch7 44mm LTE starting at $519.99
  • Galaxy Watch7 40mm LTE starting at $479.99
  • Galaxy Buds3 Pro starting at $329.99
  • Galaxy Buds3 starting at $209.99

Trade-In offers

Canadians who purchase an eligible Galaxy Z Fold6 or Galaxy Z Flip6 device between July 24, 2024, and August 13, 2024, can receive a combined trade-in promotional credit and trade-in credit of up to $1000 when they trade-in an eligible Galaxy Z Series smartphone in any condition. The trade-in program is being supported at samsung.com/ca and at Samsung Experience Stores.

Bundle offers

Canadians who purchase an eligible Galaxy Z Fold6 or Galaxy Z Flip6 device between July 24, 2024, and September 4, 2024, can get 50% off on Eligible Galaxy Watch Ultra or Watch7 smartwatch.

Canadians who purchase an eligible Galaxy Z Fold6 or Galaxy Z Flip6 device between July 24, 2024, and September 4, 2024, can get 50% off on Eligible Galaxy Buds3.

Canadians who purchase an eligible Galaxy Buds3 device between July 24, 2024, and September 4, 2024, can get a bonus eligible Galaxy Buds Case (valued up to $44.99).

Leave a comment »

Cordoniq Wins 2024 Future of Work Product of the Year Award

Posted in Commentary on July 24, 2024 by itnerd

Cordoniq has been honored with a Future of Work Product of the Year Award, following a 2024 winning streak and bringing its awards tally to seven this year alone. Of the nominated companies, only nine were selected for this prestigious distinction.

The 2nd Annual Future of Work Product of the Year Award recognizes and honors companies that showcase the most innovative and disruptive products and solutions that have positively supported a new era of productive work environments across the globe. These winners recognize that the workplace has evolved – driven by the rise of remote work, new upskilling and reskilling needs, adoption of AI and automation, a renewed focus on both employee and customer experiences, and other factors – and have developed solutions to meet new standards productivity and success.

Cordoniq provides innovative video collaboration that is disrupting the marketplace, thanks to its secure-by-design approach, next-gen UX and innovative features, like Android TV Capabilities, Green Video Collaboration Technology, Privacy & Security, Share Web & Browser Content, Video Meeting Rooms and more. Cordoniq’s platform-as-a-service (PaaS) model is entirely API driven so it can interact directly with virtually anything in a company’s tech stack, and is trusted by the U.S. Department of Defense, the Pentagon, Special Operations Forces (USSOCOM), and the National Guard.

Leave a comment »

CrowdStrike Says That The Global Outage Was Caused By A Bug That Wasn’t Caught By Their QA…. WTF?!?!?

Posted in Commentary with tags on July 24, 2024 by itnerd

Crowdstrike has posted a root cause analysis in regards to them taking down a whole lot of PCs last Friday. Some of which are still down because of how huge their screw up was. In any case, this global IT nightmare was caused by an “undetected error” in the content configuration update for its Falcon platform affecting Windows machines. And that their fix for this is that the company will do more internal testing as well as putting in place “a new check” to stop “this type of problematic content” from being deployed again.

In short, something slipped through their QA process or perhaps lack of one as either is plausible, that caused millions of PCs to blue screen. That’s a total fail.

There’s something else that should be pointed out. CrowdStrike CEO George Kurtz has lived this nightmare before:

On April 21, 2010, the antivirus company McAfee released an update to its software used by its corporate customers. The update deleted a key Windows file, causing millions of computers around the world to crash and repeatedly reboot. Much like the CrowdStrike mistake, the McAfee problem required a manual fix.

Kurtz was McAfee’s chief technology officer at the time. Months later, Intel acquired McAfee. And several months after that Kurtz left the company. He founded CrowdStrike in 2012 and has been its CEO ever since.

Clearly he’s learned nothing from that experience. And I am sure that someone will be asking him about that real soon as he’s been requested to answer questions about this epic fail in Washington.

Leave a comment »

Enhance Your Olympic Viewing Experience at Home With Samsung

Posted in Commentary with tags on July 24, 2024 by itnerd

With the Olympics just around the corner on July 26th, you can elevate your Olympic watch parties into unforgettable experiences using the cutting-edge AI technology from Samsung. 

Neo QLED TVStep into the heart of the Olympics with the new Samsung Neo QLED 8K TV. Designed for an immersive experience, it brings every detail of the games to life. Enjoy breathtaking clarity as you cheer on your favourite athletes in as they gear up for competition with quality that will have you feeling like you’re right alongside Simone Biles herself on the mat. 

A television on a wall Description automatically generated

Bespoke AI Appliances:  Just as the Olympics unites people, so does sharing food. Whether you’re new to the excitement or a longtime fan that never misses the games, pair your favourite cuisines from the places you love with the event you can’t wait to see unfold, for the ultimate watch experience. 

A kitchen with a bar and a refrigerator Description automatically generated
A kitchen with a table and chairs Description automatically generated

Check out www.samsung.ca today for more details

Leave a comment »

Abstract Security Names Chris Camacho COO 

Posted in Commentary with tags on July 24, 2024 by itnerd

Abstract Security today announced that Chris Camacho has joined the company as Chief Operating Officer (COO). As one of Abstract’s co-founders, Camacho has been instrumental in launching and advising the company since its inception. Through his role as COO, Camacho will lead the company’s customer-first approach and spearhead its strategic global market expansion. 

A well-respected industry leader, Chris Camacho is an entrepreneur, investor, and advisor with more than 25 years of cyber security leadership experience from roles at The World Bank, Bank of America, Flashpoint, and others. Camacho has spearheaded initiatives across Operational Strategy, Incident Response, Threat Management, and Security Operations to ensure cyber risk postures align with business goals. Camacho earned a BS degree in Decision Sciences & Management of Information Systems from George Mason University.

Abstract has seen growing demand since emerging from stealth and announcing its Seed funding in March 2024. In April, Abstract announced the opening of its first Middle East office. In May, the company announced the addition of Christopher Key to its Board of Directors and was selected as a “Pioneering Cybersecurity Startup” winner, as part of the 2024 Global Infosec Awards.

Leave a comment »

BlackFog Strengthens Leadership Team with Strategic Appointments

Posted in Commentary with tags on July 24, 2024 by itnerd

BlackFog, today announced it has made new appointments to strengthen its leadership team as it witnesses significant growth. John Sarantakes has joined as Chief Revenue Officer, and Mark Griffith has been appointed as Vice President of Strategic Sales.

As one of its founding team members, CMO Brenda Robb has also been promoted to President of BlackFog. As executive director of the company, Brenda led the expansion of the company into Northern Ireland, where BlackFog has now established R&D headquarters. As President, Brenda’s strong leadership skills and counsel will be leveraged with BlackFog’s expansion throughout North America.

With over 28 years in technology sales, John Sarantakes will play a pivotal role as CRO in driving global sales through direct sales and the development of a strong channel. He will also target sales growth across State, Federal, Local Government and Education sectors.

Previously at InMotion Software, John served as Senior Vice President of Strategy and Business Development. He has also held positions as Executive Vice President at Headspring Systems, Senior Vice President of Sales and General Manager of EMEA at Absolute Software and National Sales Director at Dell.

Mark Griffith was also appointed as Vice President of Strategic Sales at BlackFog. Griffith, who has more than 30 years of experience in strategic leadership and innovation, will lead BlackFog efforts to develop partnerships with MSPs and MSSPs, to secure customers in State, Local and Government agencies, and continue to work alongside customers on a tactical and operational standpoint.

These appointments lay the foundation for BlackFog’s next stage of rapid growth. As ransomware threats escalate, the demand for data protection and anti data exfiltration is at an all-time high. Organizations are seeking new effective solutions to help them protect their systems and data from ransomware attacks.

Leave a comment »

CrowdStrike Summoned To Capitol Hill To Explain His Company’s Screw Up

Posted in Commentary with tags on July 24, 2024 by itnerd

When the CrowdStrike snafu happened on Friday, I said this:

I’ll be watching this situation and posting updates when it warrants an update. But this situation is bad and likely won’t improve for a while. And when this is resolved, CrowdStrike will have a whole lot of explaining to do.

And later that day, I said this:

I wish every help desk globally well in dealing with this as this is going to be days if not a week or two of remediation. I also hope that CrowdStrike gets hauled in front of the relevant authorities globally to explain why this happened, and why corporate users should trust them again.

Well, it looks like I will get my wish based on this:

Today, House Committee on Homeland Security Chairman Mark E. Green, MD (R-TN) and Subcommittee on Cybersecurity and Infrastructure Protection Andrew Garbarino (R-NY) sent a letter to CrowdStrike Chief Executive Officer George Kurtz, requesting his public testimony before the Committee regarding the global information technology (IT) outage that occurred last Friday. The outage was attributed to a “defect” in a CrowdStrike software update. The cascading effects impacted key functions of the global economy including aviation, healthcare, banking, media, and emergency services. 

It will be interesting to see if he actually show’s up, and what he says if he does. This company pretty much executed the most successful cyberattack in the history of the planet….. By accident. So I am not surprised that Congress wants to ask some questions about this. And what he’s going to ensure that this won’t happen again.

1 Comment »

New GeoFencing, Compliance Solution from Appdome

Posted in Commentary with tags on July 23, 2024 by itnerd

Appdome today announced it has enhanced its award-winning Geo-Fraud Detection service to include two new defenses: Geo-Location Fencing and Geo DeSync Attack Detection. Combined with other Geo-Compliance features available on the Appdome platform, mobile app developers and enterprises can eliminate location-based fraud, ensure geo-compliance and deliver location relevant user experiences in mobile apps free from location spoofing, fake location, VPNs, Fake GPS Apps and other threats.

Geo-fencing is essential in finance apps and other regulated industries that need to meet Know Your Customer (KYC) and other compliance mandates, such as the US Federal Financial Institutions Examination Council (FFIEC), EU General Data Protection Regulation (GDPR), and the Monetary Authority of Singapore (MAS) requirements. Geo-fencing enables mobile app developers to restrict or limit app access on a country or regional level, ensuring that operations are compliant with local laws and regulations.

A Geo Desync Attack is a cyber-attack that intentionally creates mismatches in location data on a mobile device. By manipulating GPS coordinates, altering the time zone settings, and falsifying accelerometer readings, attackers can deceive location-based services and security systems. This type of attack can lead to inaccurate tracking, unauthorized access, and potential breaches of security protocols, undermining the integrity of location-dependent applications and services.

Unlike legacy geo compliance offerings that rely on proprietary, costly, and vendor-built geo service networks, the Appdome Geo Compliance solution zeros in on protecting the mobile device’s built-in location services and ensures these services have not been abused or tampered with. Appdome’s approach eliminates the need for third-party networks, SDKs, complex server-based implementations and does not require third-party monthly usage fees, allowing the enforcement to work even if the device is not network-connected.

The full Appdome Mobile Geo-Compliance solution puts an end to geo-fraud by detecting fake location, fake GPS apps, fraudulent location, detect VPN, no SIM (fake device), teleportation, Geo DeSync and other attacks. Customers simply select the Geo-Compliance features needed in any Android & iOS apps and initiate the build command from CI/CD or using the Appdome Platform’s “Build My App” button. Appdome’s patented technology uses machine learning to code the defenses into each application, so mobile developers don’t have to.

The Appdome Geo-Compliance solution is available in multiple enforcement modes including advanced telemetry and customized responses or workflows when geo compliance threats are detected, and monitoring geo-fraud attacks via the Appdome ThreatScope™ Mobile XDR, either before or after the deployment of geo-location defenses via the Appdome platform.

See the full Appdome Mobile Geo-Compliance solution live at Black Hat USA August 3-8, 2024 in booth #1350.

For more information on Appdome Geo-Compliance capabilities and to book a personalized demo, visit https://www.appdome.com/mobile-fraud-detection/geo-compliance/.

Leave a comment »

« Older Entries
Newer Entries »