[ECP] NetHappenings 3/18/19

YOUR HEALTH INFORMATION PRIVACY RIGHTS

HIPPA  

Office for Civil Rights Headquarters
U.S. Department of Health & Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-800-368-1019
TTD Number: 1-800-537-7697

HHS Releases Voluntary Cybersecurity Practices for Health Industry

GDPR, California’s Consumer Privacy Act, and next-generation ransomware and denial of service attacks, a firm’s ability to provide security is also becoming a matter of survival. Put it all together, and many CISOs today exist in environments where they are not understood by business executives and thus are not being included in business initiatives until it is too late and security vulnerabilities expose the enterprise to cyberattacks and compliance violations.

WHO OWNS YOUR MEDICAL RECORDS?

In 2016, more than 100 million Americans have had their electronic medical records hacked from health systems. For example, this June, Banner Health in Phoenix had a breach of 3.7 million electronic medical records.
Many hospitals throughout the country have been held hostage for their health information system by hackers and have had to pay ransom to regain control of their patients’ medical data.

2016 more than 100 million Americans have had their electronic medical records hacked. Each one can be sold for $50.
The Health Insurance Portability and Accountability Act was written 20 years ago, when medical records were kept on paper, and is not applicable to the contemporary digital era.

Moreover, the pervasive selling of our medical data is unchecked, with no legal protection. The massive hacking of health system data has not resulted in any new legislation to date or enforcement via established laws.

Informed Patient Institute
We rate the websites that help you find the right doctor, hospital, and nursing homes and we provide tips about quality concerns. also see

https://www.philly.com/philly/health/what-is-philly-health-costs-and-how-can-it-help-me-20180220.html

ProPublica analyzed nearly 17,000 surgeons and found wide variations in complication rates for some of the most routine elective procedures. Explore our database to know more about a surgeon before your operation.
https://www.propublica.org/article/surgeon-level-risk-quotes

2016 Consumer Reports Medical Board Ratings

Medicare Provider Utilization and Payment Data: Physician and Other Supplier

Digital business has become a key driver to business strategy across industries.
CIOs have digital transformation at the center of their corporate
strategy.  #Cybersecurity, amazingly, is often not a top-tier priority in enterprise risk management. The #CISO, is only noticed when things go wrong. This is why CISOs are almost always fired or “resign” after major data breaches. The CISO is usually the most qualified person to manage post breach forensics, cleanup, and compliance audits.
https://venturebeat.com/2019/03/16/cisos-you-need-to-manage-by-walking-around/

Think a strong information security posture means you’re complying with HIPAA? Without proper documentation for government regulators, infosec protocols might safeguard data without meeting federal criteria.

Staff lapses and IT system vulnerabilities are key reasons behind SingHealth cyberattack, according to COI Report

ClassAction.org is a group of online professionals who are committed to exposing corporate wrongdoing and giving consumers the tools they need to fight back. We’ve been reporting on the legal space for nearly a decade and have built relationships with class action and mass tort attorneys across the country.

Prescription Hope
Prescription Hope offers over 1,500 brand-name medications all for the
set price of $50 per month for each medication. This covers 100% of the medication cost, no matter the retail price.

Market Share Matters: Evidence Of Insurer And Provider Bargaining Over Prices
Health-care providers and insurers have to agree on how much doctors will be reimbursed before doctors begin treating insurers’ clients. Those fees, which depend on the two parties’ relative clout. Abstract

A survey of the numbers, published this week in Health Affairs, shows that small-time doctor’s offices and insurance companies are getting squeezed by their larger competitors.
https://www.washingtonpost.com/news/wonk/wp/2017/01/09/its-hard-to-be-a-small-time-family-doctor-these-days-new-data-show/

Finally, U.S. hospitals will have to post their prices online.

Hospitals must post ‘chargemaster’ prices online.
Patient Estimate team call  484.337.1970
FAQ Requirements for Hospitals To Make Public a List of Their Standard Charges via the Internet
https://www.cms.gov/Medicare/Medicare-Fee-for-Service-Payment/AcuteInpatientPPS/Downloads/FAQs-Req-Hospital-Public-List-Standard-Charges.pdf
The chargemaster is not a useful tool for consumers who are comparison shopping between hospitals or health systems.
The chargemaster amounts are billed to an insurance company, Medicare, or Medicaid, and those insurers then apply their contracted rates to the services that are billed. In situations where a patient does not have insurance, our hospital has financial assistance policies that apply discounts to the amounts charged.
https://www.mainlinehealth.org/patient-services/patient-billing/standard-charges

A huge trove of medical records and prescriptions found exposed Thousands of health records and doctor’s notes were exposed daily
By Zack Whittaker TechCrunch.com March 17, 2019 A health tech company was leaking thousands of doctor’s notes, medical records, and prescriptions daily after a security lapse left a server without a password. The little-known software company, California-based Meditab, bills itself as one of the leading electronic medical records software makers for hospitals, doctor’s offices, and pharmacies. The company, among other things, processes electronic faxes for healthcare providers, still a primary method for sharing patient files to other providers and pharmacies. But that fax server wasn’t properly secured, according to the security company that discovered the data. SpiderSilk, a Dubai-based cybersecurity firm, told TechCrunch of the exposed server. The exposed fax server was running a Elasticsearch database with over six million records since its creation in March 2018. The faxes also included personal data and health information on children. None of the data was encrypted. […] Board of Directors responsible

MOUNTAIN VIEW, CA

800 West El Camino Real, Suite 350
Mountain View, California 94040
General +1 650 458 2620
Sales +1 650 458 2625
info@elastic.co
sales@elastic.co

The server was hosted on an subdomain of MedPharm Services, a Puerto Rico-based affiliate of Meditab, both founded by Kalpesh Patel.

NY Governor Cuomo Calls For Investigation on Facebook Health Data Collection

American Travelers Seek Cheaper Prescription Drugs In Mexico And Beyond
In Utah last year, the Public Employee Health Plan took this idea to a new level with its voluntary Pharmacy Tourism Program. For certain PEHP members who use any of 13 costly prescription medications — including the popular arthritis drug Humira — the insurer will foot the bill to fly the patient and a companion to San Diego, then drive them to a hospital in Tijuana, Mexico, to pick up a 90-day supply of medicine.

TechCrunch: Screen time inhibits toddler development, study finds. “In news that will surprise few but still alarm many, a study has found that kids 2-5 years old who engage in more screen time received worse scores in developmental screening tests. The apparent explanation is simple: when a kid is in front of a screen, they’re not talking, walking or playing, the activities during which basic skills are cultivated

Researchers Create Algorithm to Protect Kids from Disturbing YouTube Videos

Computer program that could bypass patents to produce synthetic drugs Software that can bypass current intellectual property and design medication with the same function as top drugs could help pharma companies…

“Massachusetts Attorney General Maura Healey alleges eight Sackler family members and nine Purdue board members or executives played key roles in the nation’s deadly opioid epidemic.

WHERE IS THE ANTITRUST LAW IMMUNE RESPONSE TO PARTRIMONAL CAPITALISM?

It’s so out of control

THE MONOPLY
Trends in governing have eroded the beliefs, norms and processes by which we learn to be accommodating citizens in a pluralistic, deliberative democracy. By manufacturing rights that limit democratic decision-making, centralizing power in Washington far from citizens’ lives, and empowering unelected bureaucrats in federal regulatory agencies, we’ve obstructed Americans’ practice of self-government.

WHERE IS THE ANTITRUST LAW IMMUNE RESPONSE TO PARTRIMONAL CAPITALISM?
Is law in the hands of the consumer or big business or the presidents colleagues?

Jerry Nadler is demanding information on Trump’s business and ties to Russia as well as the administration’s activities.
Representative Adam Schiff, the chairman of the House Permanent Select Committee on Intelligence, has hired Daniel Goldman, who served as an Assistant United States Attorney in the Southern District of New York from 2007 to 2017, as the committee’s senior adviser and director of investigations. He is a  veteran prosecutor with experience fighting Russian organized crime to lead his investigation of the Trump Administration.

Predatory Monoply Control
What the 1% Knows and you don’t
Capital in the 21st Century by Thomas Piketty
Moyers & Company
Economist Paul Krugman explains how the United States is becoming an oligarchy – the very system our founders revolted against.
Patrimonial Capitalism Oligarchy Wealth – inherited wealth
https://www.youtube.com/watch?v=QzQYA9Qjsi0

!!!!!! Documenting all the places personal data goes.
https://thedatamap.org/

►Top MultiState Buyers of Personal Health Information
https://thedatamap.org/map2013/statebuyers.php

HIBP Have I Been Pawned?
https://pastebin.com/search?q=%40aol.com

►Rich Uncle Penny Bags trolls Equifax Hearing
https://cyberplayground.org/2019/03/03/monoply-mr-moneybags-russia-graphic/

► The words “common” and “predominate” spell out the problem with 50-state cybersecurity class actions
A Congresswoman gave Equifax data breach lawsuits a gift
https://finance.yahoo.com/news/a-congresswoman-gave-equifax-data-breach-plaintiffs-a-gift-190737413.html

► The 50-State Cybersecurity Class Action Is Here to Stay. How to Defend Against It!
https://finance.yahoo.com/news/50-state-cybersecurity-class-action-033054371.html

Amazon CEO Jeff Bezos hates when he is spied on but loves to spy on everyone else.

How the National Enquirer obtained the intimate photos exchanged between Bezos and his mistress. Jeff Bezos new girlfriend, says she ‘loved being on camera’ sending Lauren Sanchez text messages.
https://www.aclu.org/blog/privacy-technology/surveillance-technologies/amazon-google-and-microsoft-are-odds-dangers-face

The world’s richest billionaire and a notorious labor abuser, Amazon CEO Jeff Bezos Builds a Sprawling Surveillance State for Everyone Else but doesn’t like it when his girlfriends phone gets hacked showing his sexting sexy texts of the adulterous affair via sms. It’s easy to trick cellular providers into essentially giving them access to the person’s phone number. Hackers just call up.

  • Verizon, impersonate you, and convince the company to redirect his text messages to a different SIM card, intercepting your one-time login codes.
  • Comcast set Xfinity mobile phone set pins to “0000,” for all it’s customers and no way for them to change it — helping attackers steal phone numbers Xfinity Mobile deploys fix after weak PIN system fueled number-porting attacks. Comcast help page was edited this week 3/1/19 to remove any references to the account PIN. xfinity Mobile does not allow adding a PIN to your number and the PIN is 0000 for all numbers.
  • Kanye West’s iPhone X password was 000000
  • Zuckerberg’s password across multiple accounts dadada

SO HEY YOU SHOULD STOP USING TEXTS FOR TWO-FACTOR AUTHENTICATION
sexting / text messages are easily hacked / sms insecure
SMS text messages are often the weakest link in two-step logins

Hack Someone’s Phone to View Text Messages
Reddit Hacked, Despite SMS Two-Factor Authentication The hacker gained access to Reddit’s internal systems by circumventing SMS-based two-factor authentication on employee accounts. “We learned that SMS-based authentication is not nearly as secure as we would hope,” a website engineer said.
https://www.pcmag.com/news/362871/reddit-hacked-despite-sms-two-factor-authentication

Push is an application level service, sitting on the top of existing WAP stack. The server does not simply send push content to the phone, the user would surely not accept, for instance, interrupting of a voice call.

SMS services are content services initiated by SMS message to certain (usually short) phone number, which then answers with requested content, if available. It can also be used to send regular text as well as advanced content like operator logos, ringing tones, business cards and phone configurations. Lastly… SMS, short messaging service, is a way to send short (160 character) messages from one GSM phone to another. Push over GPRS can only simplify matters. BUT QUITE SIMPLY, PHONES CURRENTLY OPERATE THIS WAY. Using two bearers seems to be an unnecessary complication. Because Push Proxy Gateway tokenizes SI and SL documents, it may fit one SMS message (if not, it is segmented for transfer). The push content is sent to the phones over SMS, but the content is fetched by the phone over IP bearer, for instance CSD or GPRS. Then the user can decide does he accept push or not. It contains an URL specifying the service and a text for user describing the content. These inform the user about the content become available, and it is displayed only when it is not interrupting anything. Instead it sends a specific XML document, either Service Indication or Service Loading. It defines three kind of XML documents, one for the push data itself and another for protocol purposes (these are called pap document or push control documents). OTA is a lightweight protocol speaking with WAP stack (to be more specific, with WSP), PAP speaks with the push initiator. It defines two protocols, OTA and PAP. For this purpose WAP Forum defined WAP Push. There is, however, situations when the server (called in this context a push initiator) should be the initiator, for instance, when it must send a mail notification or a stock quote. ^ explains pull mode of operation: the phone initiates the transaction. Therefore, Kannel (Twitter) functions simultaneously as both a WAP and an SMS gateway. Although WAP is the hot and technically superior technology, SMS phones exist in huge numbers and SMS services are thus quite useful.
https://en.m.wikipedia.org/wiki/Push_Proxy_Gateway

Turn on the service Text “on” to 40404
Turn off mobile updates but keeep an active account on the web you can test “off” to 40404 or visit Twitter.com and trun off phone alerts. To delete your account text “delete me” to 40404 or visit your settings page and click “Delete your account.”

ALL THIS SPYING ON YOU !!!! is just fine with Jeff he just doesn’t like it when it happens to him.

2017, Amazon’s Rekognition AI face-recognition software used by governments and police forces around the world to spy on crowds.

Amazon is vying for a $10 billion contract with the Department of Defense to consolidate and host its data on the cloud.
Google is no longer competing for the $10 billion contract, and it decided not to renew an AI contract with the Pentagon after employees signed a petition.

Jeff Bezos says his companies will continue to do business with the US Department of Defense, despite internal and external criticism.
“If big tech companies are going to turn their back on the DoD, this country is going to be in trouble,” said Bezos on stage at the Wired25 conference in San Francisco on Monday.
The billionaire has faced backlash from Amazon (AMZN) employees over its business deals with government agencies.

Amazon CEO Jeff Bezos acknowledged his company’s Amazon’s AI Rekognition face-recognition software might be put to “bad uses,” buh he said the solution was to wait for society’s eventual “immune response” to take care of the problems.

REPEAT THIS TO YOUR FRIENDS

► ► “When they substitute their knowledge for ours, we grow angry because they have robbed us of our agency.”

Trends in governing have eroded the beliefs, norms and processes by which we learn to be accommodating citizens in a pluralistic, deliberative democracy. By manufacturing rights that limit democratic decision-making, centralizing power in Washington far from citizens’ lives, and empowering unelected bureaucrats in federal regulatory agencies, we’ve obstructed Americans’ practice of self-government.
https://cyberplayground.org/2018/12/04/when-they-substitute-their-knowledge-for-ours-we-grow-angry-because-they-have-robbed-us-of-our-agency/

► Google employees walked out for the right to sue their bosses.
“This is just the beginning of a movement for more employee control of what gets built and for whom.”
https://cyberplayground.org/2019/03/01/google-employees-walked-out-for-the-right-to-sue-their-bosses/

► Amazon worker pushes Bezos to stop selling facial recognition tech to law enforcement
https://thehill.com/policy/technology/411622-amazon-workers-push-bezos-to-stop-selling-facial-recognition-tech-to-law

I’m an Amazon Employee. My Company Shouldn’t Sell Facial Recognition Tech to Police.
Amazon’s ‘Rekognition’ program shouldn’t be used as a tool for mass surveillance
https://medium.com/s/powertrip/im-an-amazon-employee-my-company-shouldn-t-sell-facial-recognition-tech-to-police-36b5fde934ac

A couple weeks ago, my co-workers delivered a letter to this effect, signed by over 450 employees, to Jeff Bezos and other executives. The letter also contained demands to kick Palantir, the software firm that powers much of ICE’s deportation and tracking program, off Amazon Web Services and to institute employee oversight for ethical decisions.
https://medium.com/s/oversight/shock-anger-disappointment-an-amazon-employee-speaks-out-88d927792950

►ACLU, “Rekognition can identify, track, and analyze people in real time and recognize up to 100 people in a single image.
It can quickly scan information it collects against databases featuring tens of millions of faces.” “Amazon’s Rekognition raises profound civil liberties and civil rights concerns.” “Amazon’s Rekognition raises profound civil liberties and civil rights concerns.”
https://www.aclu.org/blog/privacy-technology/surveillance-technologies/amazon-google-and-microsoft-are-odds-dangers-face

► Kent Walker, google’s general counsel and senior vice president of global affairs, made it clear that Google — unlike Amazon and Microsoft — will not sell a face recognition product until the technology’s potential for abuse is addressed.

Amazon encourages governments to use its technology to track “persons of interest” and monitor public spaces, comparing everyone to databases with tens of millions of faces.
Amazon even suggested pairing face recognition with police body cameras, a move that would transform devices meant for police accountability into roving mass-surveillance devices.

► Amazon’s Rekognition falsely matched 28 members of Congress against a mugshot database. Tellingly, congressional members of color were disproportionately misidentified, including civil rights leader Rep. John Lewis, D-Ga. And that test wasn’t based on a hypothetical: Law enforcement has already been using Rekognition to match pictures against arrest-photo databases.

► We’re All Spies, Now—And Not Even Trump Can Hide From Our Prying Eyes
“Loose tweets destroy fleets,” the U.S. Air Force advised in 2015.
Amateur plane-spotters tracked Air Force One as it secretly made its way to Iraq, demonstrating the power of readily-available tools to reveal covert military operations. Taking advantage of plane- and ship-tracking websites, commercial satellite imagery, internet forums for aviation photographers and other social media, these amateurs have become a new kind of hybrid journalist and spy. They call their practice “open-source intelligence,” or OSINT and claim they’re keeping people informed and holding government accountable.
https://www.thedailybeast.com/were-all-spies-nowand-not-even-trump-can-hide-from-our-prying-eyes
► Compromised supply chain attacks are a well-established, if underappreciated, method of surveillance — and much work remains to be done to secure computing devices from this type of compromise.
https://theintercept.com/2019/01/24/computer-supply-chain-attacks/
https://theintercept.com/document/2019/01/23/dod-2011-strategy-for-operating-in-cyberspace-supply-chain-excerpts/

►Federal lobbying law:
If the Saudis or any other foreign government did direct or pay any company to produce such a magazine, that company would be required to register with the government under the Foreign Agent Registration Act.

These revelations give rise to serious concerns about abuse.
“It’s important to remember that the NSA’s surveillance activities are anything but narrowly focused — the agency is collecting massive amounts of sensitive information about virtually everyone.” “A U.S. person is entitled to greater legal protections against NSA surveillance than foreigners are.” ~Jameel Jaffer, deputy legal director of the American Civil Liberties Union

The Associated Press show that a Pro Saudi digital copy of the magazine, produced by American Media Inc., was quietly shared with officials at the Saudi Embassy in Washington almost three weeks before its publication. Trump administration has aggressively courted the Saudis and found a willing partner on a range of issues, including Iran, counterterrorism and Middle East peace, in the kingdom’s royal family.

►Metadata embedded in the PDF file, obtained by the AP from two different individuals, show it was produced by an AMI production employee at 8:41 p.m. on Feb. 19. By the next day — Feb. 20 — Saudi officials had started forwarding it to Washington foreign policy contacts, giving them an early look.
► Pecker dined at the White House with Trump and a French businessman with close business ties to the Saudis, and later traveled to Riyadh to pitch Saudi investors on helping AMI acquire Time magazine, The New York Times reported.
► Kushner’s family real estate firm, The Kushner Cos., once sought money from a Saudi investor to buy out its partner in a Manhattan skyscraper that had been losing money for years.
► “Catch and Kill” AMI paid $30,000 8 months earlier to a former doorman at a Trump building requiring him to sign a contract that  prevented him from going public. AMI said it paid the doorman not for his silence, but for exclusive rights to the story
https://www.apnews.com/d293d282a9ec4d0c83fe0a25ff5f285c
►The document, provided by NSA whistleblower Edward Snowden, identifies six targets, all Muslims, as “exemplars” of how “personal vulnerabilities” can be learned through electronic surveillance, and then exploited to undermine a target’s credibility, reputation and authority.
https://theintercept.com/2019/02/08/jeff-bezos-protests-the-invasion-of-his-privacy-as-amazon-builds-a-sprawling-surveillance-state-for-everyone-else/
►Wherever you are, the NSA’s databases store information about your political views, your medical history, your intimate relationships and your activities online,” he added. “The NSA says this personal information won’t be abused, but these documents show that the NSA probably defines ‘abuse’ very narrowly.
►The NSA possesses embarrassing sexually explicit information about at least two of the targets by virtue of electronic surveillance of their online activity. The report states that some of the data was gleaned through FBI surveillance programs carried out under the Foreign Intelligence and Surveillance Act.
► James Bamford, a journalist who has been covering the NSA since the early 1980s, said the use of surveillance to exploit embarrassing private behavior is precisely what led to past U.S. surveillance scandals
<https://www.huffpostbrasil.com/2013/11/26/nsa-porn-muslims_n_4346128.html?ec_carp=8743119989930048067>
► Trump Ordered Officials to Give Jared Kushner a Security Clearance
https://www.nytimes.com/2019/02/28/us/politics/jared-kushner-security-clearance.html

The Success of Unions vs. The Monopolies

Background of the  Federation of Organized Trades and Labor Unions

The American Federation of Labor
Founded: December 8, 1886 was a national federation of labor unions in the United States founded in Columbus, Ohio, in December 1886 by an alliance of craft unions disaffected from the Knights of Labor, a national labor association.

American Federation of Labor-Congress of Industrial Organizations (AFL-CIO), American federation of autonomous labor unions formed in 1955 by the merger of the AFL (founded 1886), which originally organized workers in craft unions, and the CIO (founded 1935), which organized workers by industries.
https://chroniclingamerica.loc.gov/lccn/sn83045211/1919-09-15/ed-1/seq-3/

The eight-hour-day movement

 

Davos Billionaires Keep Getting Richer
The world’s elite have prospered since the financial crash.

U.N. Rights Chief Warns Of Threats From Inequality

An Alternative History of Silicon Valley Disruption

#InnovatingInequality: Tech & its shareholders’ extraction extends to Silicon Valley’s working families.
@wpusanews @ucsc new report
90% workers in Silicon Valley are worse off today despite two decades of unparalleled tech biz growth.

The Revolving Door

GOOGLE
DARPA’s Regina Dugan Joins Google 2013
Her push into crowdsourcing and outreach to the hacker community were eye-openers in the often-closed world of military R&D. Dugan also won over some military commanders by diverting some of her research cash from long-term, blue-sky projects to immediate battlefield concerns. ~ wired.com

#AMAZON Corporation Welfare Queen Leeches

Not 1 dollar paid in taxes from the Richest Man in America thanks to their loopholes from bankrolled politicians and their lobbies.

amazon #Loophole that allows @jeffBezos #Amazon get away with NO #TAXES

amazon Why should Amazon the Welfare Queen Corporation that contributes nothing get tax break welfare from the state.

amazon Amazon, Facebook, Google, Apple,ETC are all MONOPOLIES with the SAME power of the British East India Company.

amazon Taxpayers are screwed by Walmart, Amazon How low-wage employers cost taxpayers $153B a year

amazon Retail pharmacy and drug distributor stocks are on the move after Amazon’s announced acquisition of online pharmacy startup PillPack.

amazon Competition, Civil Liberties, and the Internet Giants

Selling Your Data

►!!!!!! Documenting all the places personal data goes.
https://thedatamap.org/