Tag Archive for: Scrutiny

Massive health care hack faces federal scrutiny

/in


  • ASSOCIATED PRESS Pages from the United Healthcare website are displayed on a computer screen, on Feb. 29, in New York. Federal civil rights investigators are looking into whether protected health information was exposed in a recent cyberattack against Change Healthcare, a massive U.S. health care technology company owned by UnitedHealth Group.

    ASSOCIATED PRESS

    Pages from the United Healthcare website are displayed on a computer screen, on Feb. 29, in New York. Federal civil rights investigators are looking into whether protected health information was exposed in a recent cyberattack against Change Healthcare, a massive U.S. health care technology company owned by UnitedHealth Group.

Federal civil rights investigators are looking into whether protected health information was exposed in the recent cyberattack on Change Healthcare.

The Office for Civil Rights said today that it also will examine whether Change Healthcare followed laws protecting patient privacy.

Change Healthcare provides technology used to submit and process insurance claims — and handles about 14 billion transactions a year.

The investigation was spurred by the “unprecedented magnitude” of the attack, Office for Civil Rights Director Melanie Fontes Rainer said in a letter.

The Office for Civil Rights, which is part of the U.S. Department of Health and Human Services, enforces federal rules that establish privacy and security requirements for patient health information.

UnitedHealth Group, which owns Change Healthcare, said it would cooperate. Spokesman Eric Hausman added that UnitedHealth Group is working with law enforcement to investigate the extent of the attack.

Attackers gained access to some of Change Healthcare’s information technology systems last month, disrupting billing and care-authorization systems across the country.

The American Hospital Association said recently that some patients have seen delays in getting prescriptions, and hospitals have had issues processing claims, billing patients and checking insurance coverage.

Change Healthcare said today that all of its major pharmacy and payment systems were back online. Last week, the company said it expects to start reestablishing connections to…

Source…

Why Apple risks facing India’s scrutiny after ‘hacking’ allegations against Modi government

/in


(Getty)

(Getty)

India’s lawmakers could pull up Apple representatives after several politicians from the country’s opposition said they received alerts on their iPhones warning them of “state-sponsored” hacking.

Ministers of the Narendra Modi-led government on Tuesday said they will investigate the allegations and “get to the bottom of these notifications” after screenshots of the alert sent by the American tech giant went viral on social media.

While opposition politicians have accused the ruling Bharatiya Janata Party (BJP) administration of spying on rivals and critics ahead of national elections in 2024, it could be Apple that soon faces the scrutiny of the Indian government.

A parliamentary committee on information technology is considering summoning representatives of Apple India over the alerts sent to public figures, an unnamed official of the committee was quoted as saying by news agency ANI on Wednesday.

The committee’s secretariat expressed “deep concern” over the alerts and is treating the matter with the “utmost seriousness”, the official said.

A minister from the Modi government also said Apple should explain what the notification means, especially their claims about the security of their devices.

“After today’s ‘threat notifications’ being received by many people, including MPs, and those in geopolitics, we expect Apple to clarify the following… if its devices are secure, why these ‘threat notifications’ are sent to people in over 150 countries,” said Rajeev Chandrasekhar, the minister of state for electronics and information technology, on X/Twitter.

The BJP’s lawmakers have also rubbished allegations of hacking made by opposition politicians.

“Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID,” said a screenshot of the alert shared by opposition members.

“If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone.

“While it’s possible this is a false alarm, please take this warning seriously,” it said.

The alerts were sent by…

Source…

Microsoft’s role in government email hack under cyber-inquiry scrutiny

/in


In a recent development that rattled the cyber world, Microsoft found itself in the crosshairs of a U.S. cyber inquiry after a breach of government officials’ email accounts. The planned investigation by a cybersecurity advisory panel will include an examination of the software giant’s role in the hack, which is suspected to be done by Chinese hackers.

The Cyber Safety Review Board, under the Biden administration, is set to focus broadly on risks to cloud computing infrastructure, Bloomberg reported.

According to a Department of Homeland Security official, as quoted by Bloomberg, the board will delve into identity and authentication management, looking into all relevant cloud service providers.

The cyber breach gave rise to vocal criticism from lawmakers like Senator Ron Wyden, who wrote to Attorney General Merrick Garland, Federal Trade Commission Chair Lina Khan, and Director of the Cybersecurity and Infrastructure Security Agency Jen Easterly.

In his letter, Senator Wyden firmly suggested that Microsoft’s cybersecurity procedures were sloppy and required a thorough investigation.

The public scrutiny surrounding Microsoft’s cybersecurity practices isn’t new. Recently, the company faced increasing criticism from computer security experts and government agencies who questioned the adequacy of its customer protection measures against breaches.

The email hack resonated powerfully because it occurred shortly before Secretary of State Antony Blinken’s planned trip to meet President Xi Jinping of China. Additionally, the hack utilized a Microsoft consumer signing key, which enabled the hackers to penetrate the networks and obtain entry to the officials’ emails.

In response, Microsoft committed to making 31 critical security logs accessible to licensees of the company’s lower-cost cloud services from September onwards to tighten their cybersecurity measures. The company also plans to extend the retention period for security logs from 90 to 180 days.

This tale underpins the need for relentless vigilance and rigorous security protocols in our increasingly connected world. It serves as a stern reminder of how even the giants of the tech world can stumble when it comes to…

Source…

Lapsus$ Hackers’ Corporate Exploits Draw US Cyber Board Scrutiny

/in


Lapsus$, a loosely organized collective of hackers that included teenagers, stood out for its public profile and its ability to exploit vulnerabilities in cyber systems at well-defended organizations such as Microsoft Corp., according to the Cyber Safety Review Board’s report.

Photographer: Daniel Acker/Bloomberg via Getty Images

Source…