At a glance.
- Disposed medical devices discovered with sensitive network data.
- “We’re reaching out to you about extending your car’s warranty…”
Disposed medical devices discovered with sensitive network data.
A new report from cybersecurity firm Rapid 7 shows that medical devices found for sale on the secondary market contained sensitive info that could allow hackers to compromise the organizations that previously used them. Principal researcher Deral Heiland says that, after examining thirteen de-acquisitioned medical infusion pumps offered on sites like ebay, eight still contained WiFi PSK access credentials because they had not been properly purged. Rapid 7 explains that such info could be used by hackers to access the network of the medical organization that previously used the pump.
In other words, in the wrong hands, these pumps could lead to the compromise of private medical data. Removing such credentials from these devices is not a particularly difficult task, and it demonstrates a lack of responsibility when it comes to properly disposing of equipment that stores sensitive information. The report argues that a more comprehensive de-acquisitioning process for medical devices is necessary in order to better protect patient data. Rapid 7 offers the full report on their site.
“We’re reaching out to you about extending your car’s warranty…”
Scam calls purporting to be about the recipients expiring auto warranty have become so commonplace that they’ve become a meme-worthy running joke.The government is attempting to crack down on these scams by penalizing the companies that run these operations. TechCrunch reports that the US Federal Communications Commission (FCC) just fined one such robocaller a record-setting $300 million for a scheme that’s been operating since 2018.
The FCC announcement states, “This enterprise operated a complex scheme designed to facilitate the sale of vehicle service contracts under the false and misleading claim of selling auto warranties. Two of the central players of the operation, Roy M. Cox and Aaron Michael Jones, were under lifetime bans against making telemarketing calls following lawsuits by the Federal Trade Commission and State of Texas.”
The operation went by various company aliases including Sumco Panama, Virtual Telecom, Davis Telecom, and Geist Telecom. It’s estimated the companies placed at least five billion calls over the past five years, and even FCC Chairwoman Jessica Rosenworcel was hit. In her remarks about the fine, Rosenworcel stated, “Armed with the facts [the FCC] gave phone companies permission to cut off this traffic before going one step further and directing them to block it outright. We got results. Following our action, the number of auto warranty calls fell by 99 percent.”
It’s worth noting the FCC’s fine recommendation must now be evaluated and prosecuted by the Justice Department, and by the time the DOJ comes to collect, the company might have found corporate loopholes, like sequestering their earnings in forfeiture-proof vehicles, to avoid payment. Fines like these are notorious for going unpaid or being drastically reduced due to a lack of resources for collection.