At a glance.
- The Metaverse may be a problem for kids.
- Third-party breach compromises patient information.
- Update on Washington state licensing breach.
Metaverse could become a playground for child predators.
Meta’s first enterprise in the Metaverse, a virtual reality app called Horizon Worlds, is restricted to users aged eighteen and over, but that doesn’t appear to be stopping children from joining. As the Washington Post reports, user reviews of the new app claim children are stepping into the virtual universe, with or without their parents’ permission. As interactions taking place in Horizon Worlds are largely self-moderated, sexual predators could use the app to target children for grooming or abuse. Sarah Gardner, vice president of external affairs at child protection nonprofit Thorn, says new apps like this one are an easy target for predators. “They see an environment that is not well protected and does not have clear systems of reporting,” she explains. “They’ll go there first to take advantage of the fact that it is a safe ground for them to abuse or groom kids.” And children are not the only targets. Last year a female beta tester reported she’d been virtually groped while using the app, only to be told by Meta that she should have implemented their “safety zone” feature to protect herself. When asked how the tech giant plans to protect vulnerable users, spokeswoman Kristina Milian stated, “We will continue to look at how people use Quest devices and how the product develops in making decisions about our product policies. Our goal is to make Horizon Worlds and Horizon Venues safe, and we are committed to doing that work.”
David Mahdi, CSO at Sectigo, wrote to comment that the Metaverse, whatever it actually turns out to be, will be heavily dependent on a range of cybersecurity measures, particularly a well-formed cryptographic infrastructure:
"As with any online infrastructure, the Metaverse will rely on a host of cybersecurity and identity fundamentals such as digital certificates to secure the influx of digital identities using its servers (whether centralized or decentralized). There will be a huge rise in the number of both smart devices and human identities that need to be accurately verified as applications of the Metaverse grow and enter the mainstream. With more complexity comes added risk. The success of the Metaverse will hinge on the safe management of its billions of digital identities, and very likely cryptography keys and certificates. Cryptography will no doubt be a critical infrastructure for the Metaverse. Without impeccable monitoring of the underlying cryptographic infrastructure—say, with digital certificates—an expired certificate or vulnerable crypto gone unnoticed could lead to catastrophic outcomes such as outages and cyberattacks."
Third-party data breach exposes patient data.
The Memorial Hermann Health System, based in the state of Texas, has disclosed that the data of over six thousand patients were compromised in the data breach of contracted vendor Advent Health Partners. On Tuesday, the vendor announced it had detected a cybersecurity issue in September that allowed an intruder to access files containing protected health data including patients’ names, dates of birth, Social Security numbers, driver’s licenses numbers, financial information, health insurance details, and treatment information. KHOU-11 reports that unusual Hermann employee email activity triggered an investigation, but so far there is no indication the patient data has been misused.
Update on the Washington licensing department breach.
As we noted earlier this week, the Washington State Department of Licensing experienced a data breach that potentially exposed the personal data of millions of licensed professionals. The Seattle Times reports that the department’s online licensing system, POLARIS, has been shut down as a precaution, and offers a full list of the twenty-three professional categories included in the affected database.