Good day. The British government said it would cover the cost of some smaller medical suppliers to improve their cyber defenses amid security threats to health-care supply chains, WSJ Pro Cybersecurity’s James Rundle reports.
Other news: Russian, Chinese hackers prowl for U.S. election vulnerabilities; strict facial recognition law passes in Portland, Ore.; data center landlord
Equinix
confirms hack; and less privacy for health data after Covid-19.
Weekend reading: Breach-cost calculators; EU data-transfer unknowns; and white-hack hacker protections.
Protections for Medical Supply Chain
U.K. government funds cybersecurity assessments for smaller medical suppliers. The £500,000 funding, equivalent to $650,000, is being made available to hundreds of businesses involved in pandemic response efforts, the government said on Thursday.
Hacking fears have risen during the coronavirus crisis. The National Cyber Security Centre, which is part of the U.K.’s Government Communications Headquarters intelligence agency, warned in May that hackers linked to nation-states are targeting medical providers and researchers responding to the spread of Covid-19.
Smaller companies in the medical supply chain can be particularly at risk due to a lack of technical expertise, said Mark Roscrow, chairman of the Health Care Supply Association, which represents NHS procurement specialists.
Read the full story.
Election Security
Russian hackers have targeted 200 groups tied to U.S. election,
Microsoft
says. China is also circling select targets, The Wall Street Journal reports, citing a blog post from Microsoft.
The software giant’s threat intelligence team is able to track suspected cyberattacks against people and organizations that use its email platform and other Microsoft services. The findings don’t portray the full scope of foreign cyberattacks when it comes to the U.S. election because Microsoft is largely limited to analyzing threats to its own customers, but echo recent assessments from the U.S. intelligence community and other security experts.
Most of the attempted intrusions haven’t been successful, and those who were targeted or compromised have been directly notified of the malicious activity, Microsoft said. Russian, Chinese and Iranian officials didn’t immediately respond to a request for comment.
Like 2016: The Russian actor tracked by Microsoft is affiliated with a military intelligence unit and is the same group that hacked and leaked Democratic emails during the 2016 presidential contest. In addition to political consultants and state and national parties, its recent targets have included advocacy organizations and think tanks, such as the German Marshall Fund, as well as political parties in the U.K., Microsoft said.
Biden, Trump: Since March of this year, Microsoft said it had detected thousands of attempted attacks linked to a Chinese hacking group and nearly 150 account compromises. The widespread operations included attempts to compromise people close to the presidential campaigns and candidates themselves, including an unsuccessful effort to target Democratic nominee
Joe Biden’s
campaign through “non-campaign email accounts belonging to people affiliated with the campaign.”
China also has targeted at least one prominent person described by Microsoft as formerly associated with the Trump administration.
“It is critical that everyone involved in democratic processes around the world, both directly or indirectly, be aware of these threats and take steps to protect themselves in both their personal and professional capacities,” said Tom Burt, Microsoft’s vice president of consumer safety and trust.
More Cyber News
Portland passes strongest facial-recognition restriction in U.S. The law will ban businesses from using the artificial-intelligence-based tools in retail stores and other public spaces, going beyond restrictions elsewhere on government use, WSJ Pro Artificial Intelligence reports. City officials also voted Wednesday to prohibit city agencies from using facial recognition.
Some firms want opt-in: The ban affecting city agencies took effect after Wednesday’s unanimous vote. The private-sector ordinance, which cited the software’s higher error rates when identifying people of color and women, is due to be implemented on Jan. 1. The city said in its assessment of the law that facial recognition algorithms “are not widely used” in Portland’s private sector. Still, local business groups urged officials to create exceptions to the rules for hotels, banks and others.
Equinix data center provider confirms hack. Equinix Inc., which hosts data centers globally, detected malware on some internal systems and reported the incident to law enforcement, Bleeping Computer reports. Data that appears to be stolen from Equinix was included in a ransom letter that demanded payment of $4.5 million, the publication wrote. “The incident has not affected our ability to support our customers,” Equinix said in a statement to Bleeping Computer.
Health data after Covid-19: More laws, less privacy. The Health Insurance Portability and Accountability Act, or HIPAA, was enacted in 1996, when much of the health system was paperbound and fax-reliant. The law’s age is showing, WSJ’s Future of Everything reports. HIPAA’s disclosure rules, which took effect in 2003, don’t apply to personal health data in general, just the patient information flowing through the health-care system. Technology companies offering health-related services via sensors, apps and online portals may not be bound by its rules. New technologies and a greater awareness of public health after the pandemic could also fundamentally change our conception of health privacy, making it less about keeping information private than controlling how it is used.
Weekend Reading
Cyber Chiefs Calculate Data Breach Costs to Explain Risks to Executives
Officials Warn Privacy Shield Replacement May Be a Long Way Off
Hackers Acting in ‘Good Faith’ Gain Protections in Homeland Security Order
