At a glance.
- Pics of cancer patients exposed by ransomware gang.
- Remembering the human element of data breaches.
- More on the perils of digitizing fraud detection.
Pics of cancer patients exposed by ransomware gang.
In the latest installment of “Cybercriminals are the Worst,” ransomware group BlackCat has posted images of cancer patients from Lehigh Valley Health Network (LVHN) on the dark web. The Morning Call reports that the hospital network, based in the US state of Pennsylvania, suffered a ransomware attack at the hands of BlackCat last month. The hackers demanded a ransom in exchange for the stolen data, and LVHN CEO Brian Nester says the healthcare provider refused to pay. LVHN spokesperson Brian Downs stated Tuesday that three photos of patients receiving oncology treatment, along with seven documents containing patient data, had been published online. “This unconscionable criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior,” Downs stated. The health network continues to work with cybersecurity experts and law enforcement to investigate the attack, which targeted the IT system of Delta Medix, which was acquired by LVHN in 2021. LVHN says the attack has had “very little impact” on other systems.
Remembering the human element of data breaches.
Now that data breaches have become commonplace, most companies have familiarized themselves with the technical aspects of attack response to ensure that the business emerges with as little damage as possible. However, Help Net Security posits, often the impact to human victims is overlooked. Heikki Stark, Consultant at Finnish cybersecurity firm WithSecure, works with individuals who have been impacted by cyberattacks, and he notes that most people are unaware of how a data leak can affect them on a personal level. Most victims are uninformed when it comes to security mitigations like multifactor authentication, and they often become complacent about protecting their data. In order to better protect individuals, Stark recommends companies implement effective asset management systems to keep tabs on exactly what data they’re storing and which employees can access it. He also suggests keeping staff up to date on the latest security risks, regulatory monitoring system activity, promoting strong password hygiene, and taking caution when it comes to remote work. Finally, working with organizations like Victim Support Europe and the CyberPeace Institute can ensure that individuals impacted by a breach receive the assistance they need.
More on the perils of digitizing fraud detection.
As we discussed yesterday, a recent investigation has uncovered the messy underbelly of Denmark’s welfare fraud detection system and its reliance on flawed machine learning algorithms. In 2011 it was estimated that up to 5% of all welfare payments in the country were fraudulent (compared to just 0.39% in neighboring France). While that statistic has been questioned by some experts, it motivated right-wing politicians to scrutinize the country’s welfare system and Annika Jacobsen, head of the Danish Public Benefits Administration’s data mining unit, to create one of the world’s most sophisticated fraud detection systems. Wired reports that Jacobsen has increased the number of state databases her agency can access from three to nine, allowing them to gather data on everything from residents’ tax info to their relationships, and use machine learning models to predict which beneficiaries are most likely to commit fraud. The result is a fraud detection process that is fueled by politics and backed by questionable data analytics, and some human rights advocates say the risk assessment system amounts to systematic surveillance. Although it has not yet been challenged under EU law, this could change if the EU’s proposed Artificial Intelligence Act is passed.
As Wired notes, the global fraud detection industry has thrived in recent years, with govtech companies peddling systems designed to make government administration simpler and more efficient. And there’s big money on the line: in 2021, the govtech market was estimated to be worth €116 billion in Europe and about $440 billion globally, and in 2014 McKinsey estimated government digitization could save $1 trillion a year in public funds. However, because such systems are designed by the private sector, intellectual property laws shield them from thorough analysis, leaving many unanswered questions about their accuracy. Scandals linked to this tech have been rampant. For instance, a UK community group called the Greater Manchester Coalition of Disabled People investigating whether discrimination against disabled people could be the result of government automation projects, and in 2019 tens of thousands of Dutch households, many of which were immigrants from Ghana, were wrongfully accused of child benefits fraud. Victoria Adelmant, director of New York University’s digital welfare state project, states, “The models are always secret. If you don’t have transparency, it’s very difficult to even challenge and assess these systems.”