Peter A Clarke

Ransomware is providing itself an equal opportunity attacker.  Health facilities and hospitals have been particularly targeted.  Hospital records are sensitive their use are constant and critical.  They are willing to pay.  Health facilities also have notoriously poor privacy standards, especially in the handling of emails.

But logically there is no good reason why ransomware attacks would not do as well with a profession where records are sensitive and required on a constant basis.  Such as law.  As reported in Law firms held to ransom by cyber criminals  over a dozen Irish law firms have been hit by ransomware attacks in recent weeks.  This is a variation on a theme. Law firms being the subject of some form of cyber attack is nothing new.  In 2009 and 2013 the FBI warned that hackers were targeting law firms.  In 2013 the American Bar Journal highlighted the need to protect data from hackers.

A ransomware attack is Read the rest of this entry »

Apps are an integral part of delivery of services, the collection of and distribution of information.  Having a functional app is a critical part of on line business or just an on line presence.  Governments, non profits and even religious bodies are enthusiastic participants.  Apps are also notorious for their security weakness and general non compliance with data protection laws.  Regulators around the world are concerned about their poor protections.

The European Commission has commenced a consultation process on the safety of apps.  Apps include Read the rest of this entry »

Health information, like that information about one’s sexuality, political and religious beliefs, is highly sensitive.  It is defined in those terms within the Privacy Act 1988. There is an additional obligation upon health providers to maintain confidentiality.  Or one would have thought.  Unfortunately in the United States a practice has developed where health practitioners have retaliated to negative reviews on Yelp by providing responses which involve disclosing confidential information.  This is reported by Prop Publica in Stung by Yelp Reviews, Health Providers Spill Patient Secrets. On any level it is Read the rest of this entry »

Poor data handling policies can lead to very embarrassing outcomes, particularly when it results in the use of emails to transmit sensitive information.  A common form of data breach.  A police officer at Dyfed Powys used the internal email system on 18 June 2015 to send  emails to five internal recipients.  One of the emails contained a list of 8 registered sex offenders in Powys including their names, addresses, telephone numbers and email addresses.

The officer sent the email to a person outside the police service, in other words, outside the internal email system.  The recipient was a member of a community scheme, who notified the police of the error.

The Information Commissioner found that Read the rest of this entry »

The Privacy Commissioner issued a statement today announcing that he is investigating a possible breach by the MUA.  The media release provides:

The facts are outlined in Read the rest of this entry »

Financial regulators are beginning to take great interest in data security.  In Australia the Australian Securities and Investment Commission issued Report 429 titled Cyber resilience: Health check in March 2015.  In this Read the rest of this entry »

Ransomware, malware that encrypts a victim’s files until they pay for a decryption key, is a serious problem in data security. There are two types of ransomware:

(1) Crypto Ransomware — it encrypts files

(2) Locker Ransomware — it locks computers, preventing its use.

It is a bad problem that is getting worse.  It is commonly preventable with tight security measures, adequate and up to date software,proper training and protocols and regular if not daily back ups of data.  The sort of thing that many organisations in Australia don’t have because of a poor privacy culture brought about by inadequate regulation.

The BBC highlights the problem in Read the rest of this entry »

Telcos tend to be prone to privacy breaches.  In Australia Optus has been the subject of an enforceable undertaking and Telstra has been the subject of determinations made against it by the Privacy Commissioner.  In New Zealand Vodafone breached a customer’s privacy when providing an woman’s ex phone account details.  This is reported in Vodafone apologises for privacy breach.

This is a more common mistake than one would think.  It is hugely embarrassing and Read the rest of this entry »

Regulators around the world highlight in their guidances, press releases, speeches and, sometimes, enforcement actions the need for strong passwords and, preferably two factor authentication.  But strong and unpredictable passwords are vital. Something Mark Zuckerberg, as in Facebook Zuckerberg, should have known.  But he didn’t and his password to his social media accounts were hacked as reported in Mark Zuckerberg’s social media accounts compromised due to weak password. It is gravely embarrassing and Read the rest of this entry »

Hackers are equal opportunity pilferers.  They go where the weakness lies and the money resides.  As the reported hack on Read the rest of this entry »