After the Ransomware attack - Can LifeLab customers protect their information?

 

The LifeLabs ransomware attack exposed a data breach that affected 10 million people in Ontario, and 5 million in BC. Information including Patient names, addresses, birthdates, email addresses, customer logins and passwords, health card numbers and lab test results were possibly exposed by the breach.

LifeLabs paid an undisclosed ransom amount to prevent the data from being leaked out onto the dark web by cybercriminals. So far, it appears the breach has been contained because the information has not surfaced. So what’s happening now?

In a recent update LifeLabs President and CEO Charles Brown said, “we have enhanced and accelerated our Information Security Management program through an initial $50 million investment, backing our plan to achieve ISO 27001 certification- a gold standard in information security management that is achieved by only a small number of organizations. LifeLab continues to deploy cyber security firms to monitor the dark web and other online locations for information related to the cyber-attack.” In addition, LifeLabs has appointed a Chief Information Security Officer (CISO) as well as a Chief Information Officer (CIO) and a Chief Privacy Officer (CPO). The company also promised that all of its staff will undergo regular annual cyber security and privacy awareness training.

This digital dirty laundry involving payouts to criminals suggests that LifeLabs didn’t take their cyber security as seriously as they should have.

Brown now says that cyber security is a top priority for LifeLabs. “2019’s cyber-attack is a strong reminder that we must continuously work to protect ourselves against cybercrime. Data protection and privacy are now central to everything we do. In fact, through our partnership with experts, the healthcare sector, governments, and IT companies, LifeLabs is making a commitment to become a global leader in protecting healthcare data.”

People in Ontario and BC who use LifeLabs are asking why didn't LifeLabs address their security weaknesses beforehand? And what will the Government Privacy Office do about this?

LifeLabs is still committed to providing one full year of free cyber protection services including dark web monitoring and identity theft insurance. Patients and customers can still register for these services until the end of 2020 by calling 1-888-221-2082.

#Ransomware #LifeLabs #Privacy #DataBreach

You’re a hoarder too

Your house is a mausoleum to your own family. Everything in it is a memory of some aspect of your family’s life. And now that you’ve gotten married, had careers, raised the children and retired, that story of life has become history. Your house has gone from a place where life occurred to a place where the next chapter that awaits is death.

Why am I so harsh about this shrine to yourself. Let’s take a tour. We start in the kitchen, with the refrigerator. Oh look, it’s covered in children’s drawings. Today they’re by the grandchildren but the fridge first hosted the work of your children. And where has that work gone? Is it in a box, on a shelf in the basement just off the rec room? Or is it in the attic? Are the mice turning it into nests for their babies?

What of the dining room? I admire your handsome dining room suite. Although it’s more than a little out-of-date. And yet it’s not hip enough to be retro. If you had to sell it you’d be hard-pressed to find anyone to take it. And you’ll never get what it’s worth.

You and your spouse may think that the children will want it. After all, it’s from the mausoleum. It’s part of the archived legacy of how your family became the people we see today. But without even knowing your children, I can tell you that you’re thinking is way off. It stands to reason that if your children are old enough to have careers, spouses a home then they’ve already furnished the dining room with a suite. And it’s up-to-date. Not old and tired.

The living room is next. The TV’s up-to-date. It’s a nice model and has some of the latest features. But your 80+ inches of home cinema would take up two walls in your children’s condos. And besides, they already have a TV. Or they watch Netflix on their laptops.

Then there’s the sofa, and the side chairs, and the coffee table, and the end tables, and the lamps. All worn out and tired. It costs more than it’s worth to have it re-covered. No charity will take it. The grandchildren going off to college can’t fit any of it in their bachelor pads.

Now what really ties the room together is that Persian carpet. Timeless. But if you have one Persian carpet and two children then you have an argument, not a bequest.

Next Up: The bedrooms.

Think of COVID-19 as glitter...

Dr.Ken McGrath provides us with this great analogy for the spread of COVID-19...

Have you ever come into contact with glitter? Like hugged or shaken hands with someone who was wearing or using it? And how for the next two weeks it hangs around forever and ends up on surfaces you can't recall touching, and places you can't image it ever getting, and seems to be there even after showering and washing?

Think of COVID-19 as glitter.

Equifax – What does it mean to me? Gone in 60k edition

143 million Americans have had their complete credit information exposed to thieves. This is not a nuisance hack, like someone can login to your Tahoo email and read all your points cards offers. Until you change your password and then it’s all status quo.

Nope. This is a great enflickerment of the financial system. And there can be no recovery. The nature of the data that was compromised was too sensitive. The only solution what could possibly make whole of that which has been made wrong is for the US Government to issue every citizen a new Social Security Number (SSN). And that is not going to happen. Nor do you want it to.

If you’ve ever changed banks, and then tried to update your direct deposit info with the butcher, the tailor and the maker of candlesticks, then you will comprehend this thought experiment. Imagine updating your SSN with every business you’ve ever done business with. And every government department. And every lender. Just think of it- going to everyone who holds your bona fides, and saying “Oh yeah I’m still Alan Fox 001 002 003. Except now I’m 123 456 789.

Not. Gonna. Happen.

So there will be no government bailout of your actual identity. You will still be you – 001 002 033. And you will be struggling with 1634 million other Americans to continue a fiscal life post-Equifax. Only now the bad man has everything they need to impersonate you every time they need a spare thousand bucks. And there ain’t gonna be anything you can do about it, sucker.

Equifax is going to bring such national ill health to us that the only metaphor that captures the nature of the damage ahead is that of the smallpox epidemics of the 18^th century. Not only does everyone have the disease – it will ravage us all. We will all bear the scars. And I mean this quite literally, that our credit will be bruised and marked up. And those that have the smallest pox – the least damaged credit – will be the most socially desirable.

For what has been unleashed into the international network of thieves, hackers, Nigera 419 crooks, American organized crime, Russian mobsters, Yakuza – you name it – now has the ability to impersonate 134 million Americans at any time, in any way they choose.

So what does that mean for me? Well, as a Canadian, not much. It was a US hack, and there’s been no report of an equivalent hack in Canada. So here’s what to do next…

Don’t panic.

Think of this as a civil defense drill of the 1960s. This is a test. Only a test. Had this been a real pan-North-American cyberhack, the bank would already have sold your house from under you.

Wake-up call, Part One:

Change your passwords. Really, it’s so simple, and so effective, and the fact you don’t do it with on a regular basis shows that you have a belief in magical thinking. Yes, I am aware that it is challenging to come up with a set of universal passwords that can be changed a porter. But eternal vigilance is the price of being on the WWW.

Turn on you credit card alerts. This is so obvious that I believe Gail Vaz-Oxlade has a line of T-shirts promoting it. But seriously- turn on the alerts, and then every time the card is used, you will be informed. A great step one.

Wake-up call, Part Two:

Decline any offered increase in your available credit. If the thieves have got ahold of your balance don’t increase it until you know you’re safe.

Hint- you’ll never be safe again.

Change your pins. Your bank accounts. Your credit cards. And you can’t be bothered to change your PIN more than once every few YEARS?!

Deal with the things that go “Bump” on your financial report:

The magnitude of the Equifax hack means that those exposed could potentially be victimized by some of the gnarlier forms of fraudulent impersonation:

·         The thieves will mortgage your house

·         The thieves will apply for credit cards until they have sucked your credit bureau dry

What a credit bureau report will reveal:

The telling signs:

·         The thieves will change your address at your financial institutions. They will then bleed you dry.

·         The thieves will have mortgaged your property. And your equity is gone. Due to a quirk of banking laws in Canada, if a thief takes out a mortgage on your house, the house must pay back the mortgage. The fact the thief will have counterfeited your signature gives you proof and cause to sue the thief. To the bank, the money is still owed by the property. If that means foreclosing on you, then that’s what will happen.

Side note: Title insurance protects against this, but only during purchase and sale.

The Equifax top three protections for Canadians:

For Canadians, the top Equifax protections are:

·         Turn on credit card alerts

·         Get your free credit scores from Equifax, TransUnion, and the other one

What about credit freezes?

·         Not yet

We’ve noticed you're a good customer. If that continues, we will soon have to unsubscribe you.

On Friday the 1st I made a shopping list. Saturday the 2nd I loaded some tempting offers on one of my loyalty cards. On Sunday the 3rd I went on a spree and purchased 125 dollars of Health & Beauty Aids. Creams. Lotions. Ointments. Products that make your dull hair shiny. Products that make you shiny skin dull. Stuff that I needed. Because I had carefully chosen the promotional offer that suited my needs, I was rewarded with over 18,000 bonus points. Nice.

On Monday the 4th I went to pick up something at the post office of that same store. And I remembered I needed some bar soap. Cha-ching, another 120 points. Here, I thought, was a merchant who really gets it. I'm spending money I usually spend at other retailers here, at this store, because of the rewards. And, frankly – d'uh. That's how a loyalty program works.

So imagine my surprise later this week when I got home and opened this email:

“Are you still there?
Hello!
We’ve noticed you haven't opened our emails in a while. If there continues to be no activity, we will soon have to unsubscribe your email address.”

I was going to be fired as a customer. For using my loyalty card to buy hundreds of dollars of merchandise at their store!

How can they have created a stack where, even though I am loading offers on my phone from my emails into their app, and buying products on both a promotional-driven and a daily needs basis, there is some feed that cannot see any of those transactions and decides to fire me as a customer?

This is a retailer whose marketing department is staffed by people who are not in the first quartile of any cohort.

The moral of the story is “watch your stack”. Don't pull a data feed of customers to fire without parsing a feed that shows you customers that have just purchased. In fact, better yet – don't fire your customers using a loyalty program.

BTW worst of all, the only way to re-enroll in the program is to follow phishing-scam style links to dodgy login pages. Priceless.

And PPS. Of course I can't send them an email capturing the above information. Their loyalty campaign emails are do-not-reply.

The Search for General Tso...

There's been a trend since the turn of the Century (or Millennium, if you prefer) to examine the story of the Chinese diaspora in North America in terms of restaurants. Young Chinese are exploring their own cultural heritage via the lens of a menu.

Here's a link to Karen Tam's 2006 Installation at YYZ Gallery: Shangri-La Caf: A Division
of Gold Mountain Restaurant.

In Canada the first wave of immigrants from China built the CPR. Every navvy camp (to use the historically correct and fortunately ethnically-neutral term) had a group of men who cooked traditional meals for the work crews. Obtaining certain items was always an issue.

Food issues were often the cause of work stoppage and job actions. Some Chinese would drop off the railroad and open a restaurant in whatever prairie town they happened to be in. Stepping out from that center, those millennial artists observe that Chinese-Canadian cuisine was the first Fusion cuisine. Also, these restaurants were seen as a tasty window on the exotic East. In that sense it presages the fascination with all things Egyptian that occurred after the successful Howard Carter-Lord Carnarvon opening of Tut's tomb.

Cover Song Wednesdays - James Last- 17 Apr 1929 to 9 Jun 2015

I encountered James Last on a hot summer evening when the townies were getting their groove on at some country club. By prior arrangement I was there to help with the equipment. And in case you're wondering, that's "Last rhymes with Lost" not "Last rhymes with fast". Deutsche, don't cha know.

James Last and his Orchestra were beyond camp. They took bright, poppy hits of their day and arranged them into even brighter, poppier orchestra arrangements that drew you into a "Get Happy" mode that just won't stop.

Your first impression on encountering a James Last track is "Oh no, I've bought a recording of elevator music!" But after listening to enough of his work, you realize that the musicians in this band are cats with some really great chops, man. Including muttonchops, by the 1970s. They're so "out there" they're orbital. Great arrangements, great players. Wall to wall camp.

But don't believe me. Listen to the YouTube of the great James Last...

Judy in Disguise (With Glasses). This song is a Buggles-style parody of the great Beatles song Lucy in the Sky with Diamonds. How hip is it? According to Wikipedia "Jello Biafra released a live version as part of his 2015 live album of New Orleans rock and soul covers, Walk on Jindal's Splinters."

Note: This clip goes on for an hour, so watch as little or as much as you want.

Non-Stop Dancing! Live in Berlin in 1982, non-stop medley of Can't Stop the Music, El Dorado and Xanadu.

For me this whole thing has such a Wes Anderson feel. The band is wearing random and vaguely matched outfits. "Blue, with piping - sure. You're in the horn section. Plum? Swing by strings".

Live At The Royal Albert Hall, London 1978
Hey- That's Star Wars a la disco...

Note: This clip goes on for an hour and a half, so watch as little or as much as you want.

Mamma Mia. James Last and ABBA. It's like a gold-plated black-velvet painting in a champagne fountain infinity pool. FYI the Saxophonist is Matthias Clasen.

Dancing Queen. James Last and ABBA. It's like a Rolls-Royce drenched in Nutella in a Louis Vuitton double-wide trailer home. FYI the Saxophonist is Matthias Clasen.

Orange Blossom Special. The whole show band on Ocean Drive in Miami. So Miami Vice. In 2001. That's PEAK James Last.

MacArthur Park. Are you frickin kidding me?! Have you even been listening to these tracks? James Last was born to orchestrate this cover. Jimmy Webb meets "Hansi" and kicks major butt at 5 minutes 40 seconds...

Derek Watkins on the melodic flugelhorn solo in the early part, and then switches to trumpet.

Live in Vienna 17th april 2013.