Hospitals a Choice Target for Cyber Attacks

Complex computer and data systems.  Sensitive personal information.  The need to function without interruption or downtime.  Insufficient cyber-defenses.  These are some of the weaknesses that make hospitals a target of choice for hackers and cyber attackers.

This year alone, approximately 32 million people have had their sensitive health-related information breached by hackers in over 311 cyberattack incidents against health care providers.  These attacks, even when not directly targeting patient care, have led to increased death rates among heart patients.

Complex Systems and a Large Amount of Data

The complex computer and data systems of hospitals make them an easy target for hackers.   Hospitals have to maintain several systems simultaneously to work properly. This includes medical records of people, internet-connected medical devices, and billing records. After mergers with other organizations, which have been increasing in recent years, the systems get even more complicated and confusing.

Cybersecurity experts believe that the hospitals make an attractive target for cybercriminals because hackers know that the hospitals have a complex network and insufficient cybersecurity tools. Furthermore, hospitals have to be open 24/7 and cannot afford any interruptions, making them a soft target.  Cybercriminals are aware that their ransomware demands won’t go unanswered when it comes to hospitals and public health.

Additionally, hospitals also often have weak cybersecurity and do not receive significant assistance from the government to shore up their cyber defences.

Attractive Information

Hackers also target hospitals because they have sensitive data like patient records, social security, and patient addresses. Hackers know that they can sell such data and earn large amount of money on the dark web.


Spotting Fake News: Not As Easy as People Think

Fake news is pretty confusing

Most people think they are very good at identifying fake news. But a recent study suggests that users have a lot of trouble telling the difference between fact and fiction.

The participants of the study were fitted with a wireless EEG
(electroencephalography) headset that tracked their brain while they read political news headlines that were similar to those found on Facebook.

Surprisingly, participants were able to assess only 44% of the given political news accurately. According to the researchers, the participants confused some of the fake news as truth because it conformed to their pre-existing beliefs and biases.  When fake news confirmed their pre-existing beliefs, they tended to view it as true. The low accuracy rate in identifying fake news shows that most users are not good at evaluating the  credibility of news found on social media, like a Facebook news feed, for example.

Patricia Moravec, the study’s lead author, said that everyone believes that they are better than the average person at detecting fake news, but that is simply not possible.

We are not as good as we think at detecting fake news

When it comes to detecting fake news, we are not as good as we think.

The research was done with the help of 80 social-media-proficient undergraduate students who were asked to answer at least 10 questions about their own political beliefs before taking part in the study.


Social Media: The Silver Platter for Identity Thieves

Why Not to Share Too Much about Kids on Social Media

It turns out that kids don’t like it when their parents share pictures or information about them on social media.  This is especially true for teens.  So say the reports of a recent poll taken by Microsoft.

While interesting, children’s preferences are not the main reason that parents should be careful with social media posts.  Security is.

Criminals and fraudsters look to many sources to collect information about potential victims. These sources include hacks of company databases (like Yahoo, Equifax, eBay), which yield sensitive information about their users.  They can involve low-tech methods like sifting through people’s mailboxes or trash for private information like social security number.

Serving Personal Information on a Silver Platter

In other cases, people hand over their personal information directly to criminals.  For example, a fake email can lead unsuspecting recipients to click or log in.  This could give thieves direct access to the victim’s computers or online accounts.

Social media is a shining example of handing information straight to criminals. People often overshare information on sites like Facebook, Twitter and Instagram.  As a result, identity thieves can gather profiles on victims piece by piece.  One post might show a birthday.  Another might list all the members of the family. Another might mention a hometown or even an address. Slowly, enough of a profile comes together for a criminal to commit identity theft.

This is in addition to the dangers of predators who might use social media information to find victims.

Of course, safety is a significant reason for why parents should be very careful when posting about their children online. Extreme caution is a tool for parents to make sure they are not handing their own children’s private information to scammers or to others who would harm them.

Parents cannot control whether a major company gets hacked.  But they can take care not to hand over their own and their children’s personal information on a silver platter.


How to Prevent Cyber Attacks Effectively

Computer hacker silhouette of hooded man with binary data and network security terms

In a recent destructive phishing attack, a cybercriminal initially hacked the email of an exhibitions firm and then used a spoofed email to trick its client into wiring money to an overseas bank.

This is just one recent example of the many cyber-attacks around the world, and it is certainly not the last.  What can organizations big and small do to  prevent such attacks?

Email: the deadly gateway

Over 91% of all cyber attacks are triggered by email, according to a recent study.  PwC asked 3.5 thousand IT and business leaders worldwide about resilience in order to find out which organizations are prepared to face and recover quickly from a cyber attack, and to and understand their operations.

Organizations deemed to be high “RQ” (resilience quotient)  have shifted their approach from a model of disaster recovery followed by business continuity to one of “resilience by design”. The newer approach involved having real-time views of higher-priority processes in order to allow responders and decision makers to react to incidents with a unified front.

To fight cyber attacks, companies must know in advance, before any actual cyber attack, the severity, nature and length of the disruptions that it can endure. The company must plan for the worst, including getting cyber insurance, putting all its security operations and personnel in place, and leaving no area unguarded– especially its email system.

Tabletop tests

The PwC report stresses that organizations must proactively test their level of preparation, including through “tabletop tests” which are simulations in which to rehearse important communications during attacks and to identify gaps and dependencies in several essential processes.



Fighting Misinformation, and Editorial Discretion

In September, Twitter closed down thousands of accounts globally which it said were spreading fake news and misinformation.  Twitter’s safety team said that it suspended many accounts in Europe and South America, as well as accounts from China.  Twitter’s move follows a trend among social media companies.  Previously, Facebook removed many fake accounts originating in the Middle East and China as well, on the grounds that they propagated fake news and misinformation.

The Balance: Fighting Misinformation, and Editorial Discretion

One of the significant external challenges that Twitter faces is the rise of political misinformation in advance of national elections in countries around the world.  As a result, the company has increased its focus on removing accounts that spread this misinformation.  Facebook and other social media companies also face this challenge.  The popularity of social media and the ease with which information can be shared on it makes it a prime area for those who wish to “win hearts and minds” with false information designed to look real.  Misinformation like this can threaten the integrity of elections by misleading voters in countries around the world.

As a result, social media platforms find themselves in a quandary:  They find themselves with a moral, and even in some cases, legal, responsibility to prevent their platforms from being used for such malicious purposes.  On the other hand, they claim to be platforms and not editors of information.  The process of weeding out and banning propagators of fake news challenges this definition, as these activities can cross the line into editorial discretion.




Third Party Consultants and Watchdogs: The Highs and the Lows


Companies, especially social media companies which navigate heretofore uncharted waters relating to politics, racial tension, and free speech, often benefit from association with independent, third-party organizations that can help keep their policies ethical and steer them in the direction of responsible stewardship.

Twitter was already facing censure and backlash from the government as well as from users when it announced the formation of the Trust and Safety Council in 2016. The Trust and Safety Council was an independent, external group with more than 40 outside experts and groups whose main task was to help “ensure that people feel safe expressing themselves on Twitter.”

Recently, however, some of the safety consultants revealed that Twitter has not been consulting them.

Twitter Trust and Safety Council wants more communication with company executives

Reportedly, the Twitter Trust and Safety Council had a good relationship with the company’s executives during the first two years of its formation, but subsequently, communication between them decreased. They did not have regular calls, or meetings with CEO Jack Dorsey to discuss new policies at the company annual summit.

Some members of the Trust and Safety Council sent a letter sent to Twitter’s leadership, highlighting that they have gone months without any updates from the company.  They wrote that the council had received no warnings about any changes in policy or about product changes, and concluded with a request to discuss the future of the council with the company’s CEO.

Twitter responds to the letter

Twitter responded to the letter stating that its leadership had been discussing ways to improve how the company works with advocates, partners, and experts, and arguing that one small group is not reflective of Twitter’s role worldwide, which is why the company was working to hear from a more diverse range of voices.


When companies like Twitter engage with external groups like the Trust and Safety Council, they get two major benefits:  independent counsel that can steer them away from abusive or damaging policies or practices, thus protecting the public as well as the company; and the public relations benefit of being able to tout these relationships as evidence of the company’s openness and dedication to social responsibility.

Of course, the voluntary nature of the relationship means that the degree of influence that the third parties have can vary greatly.