Blog

Featured

Withheld EMR Audit Trail Incites Default Judgement

Judge James O’Hara writes order in full support of the law to release all of patients audit trail information to them. This was in response to the case of Angela Prieto vs. Rush University Medical Center in Chicago.

Cook County Circuit Court Judge James N. O’Hara wrote a Memorandum Order for the case of Angela Prieto vs. Rush University Medical Center (“RUMC”) and other defendants. The 23-page order highlights some important federal statutes, such as HIPAA and the HITECH Act. This established a legal basis for a plaintiff to receive their complete electronic medical record. Judge O’Hara implements a severe sanction that effectively was a default judgement leaving only the dollar amount of financial award to be determined by the jury.

Case Background

Plaintiff, Angela Prieto, on behalf of her son alleged that RUMC “negligently caused [her son] to suffer from hypoxic ischemic encephalopathy and respiratory distress syndrome during birth.” The case was originally filed in 2018. The request for production of electronic health records was originally filed in January of 2019. Plaintiff requested RUMC to produce the complete and unaltered EMR and audit trail. As of January 2022, there were three repeated requests from Prieto for RUMC to produce the complete EMR audit trail. 

Audit Trails in EMR

The use of Electronic Medical Records (“EMR”) also known as Electronic Health Records (“EHR”) is mandatory to comply with requirements that health care providers maintain electronic medical records for patients. Every hospital, doctors office, or any medical practice in the United States must be compliant. The transition to using EMR began in 1992. Electronic medical records became mandatory since the start of 2014 through the American Recovery and Reinvestment Act.

All EMR systems are required by federal law to have an audit trail system built in. Audit trails show any deletions or edits that may not be part of the finalized medical record. A complete EMR audit trail shows all entry, access or modifications made to a patient’s chart. EMR audit trail productions should include all available records from the initial patient encounter until the date of production.

Audit Trail Manipulation

Health care providers often limit their production of audit trail records to the date the patient left the health care facility. However, this practice is problematic. When a patient’s EMR is modified after a Plaintiff files litigation and requests their complete EMR with audit trail records, manipulation of the Plaintiff’s medical records after that date can’t be detected. It is a common practice for healthcare providers to only produce the finalized patient EMR chart. This omits the revision history, a clear indicator of when the patient’s EMR was modified, by whom, from where, what time, and the specific redline changes that were made, as is required by any HIPAA compliant EMR system.

Electronic Health Records and EMR revision history must be retained by any HIPAA compliant EMR software system.

As Judge O’Hara put it in his order, “The term ‘Audit Trail’ refers to the part of the patient’s EHR that displays any person logging in to the record to modify the record, correct the record, add to the record, alter the record, revise the record, complete the record, put finishing touches on the record, and any other entry or access into the medical record, or any other name synonymous with the reflection of who, when and what a person did in relation to the Electronic Health Record.”

Request for ‘a complete, unaltered EHR Audit Trail’

He went on to discuss the EMR audit trail request in this specific case stating, “…requests asked for ‘a complete, unaltered EHR’…Prieto also requested ‘a complete, unaltered Audit Trail… in native format.’” This is a typical wording of requests for EHR or EMR Audit Trails that many healthcare providers fail to produce the first time. Instead, healthcare providers often send incomplete audit trails filtering out certain information.

…inspection revealed many aspects of the audit trail and EHR discovery that were either withheld, misrepresented or otherwise not produced…

Judge James O’Hara

When the Defendant in this case failed to produce the Plaintiff’s complete electronic medical records, including a complete audit trail and EMR revision history as requested, Judge O’Hara granted “a motion for in camera, on-site inspection of the auditing systems at RUMC…” Judge O’Hara actually attended the onsite inspection himself. The date for the on-site inspection with the judge was set and O’Hara wrote of it, “…inspection revealed many aspects of the audit trail and EHR discovery that were either withheld, misrepresented, or otherwise not produced…”

Federal Laws Pertaining to EHR Audit Trail Production

HIPPA

Judge O’Hara listed the federal law governing audit trails. “Congress enacted the Health Insurance Portability and Accountability Act (“HIPAA”) to ‘improve the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information,’” O’Hara quoted from HIPAA. He then continued, “In response to HIPAA, the Department of Health and Human Services (“HHS”) published HIPAA’s right of access rule: ‘Except as otherwise provided… an individual has a right of access to inspect and obtain a copy of protected health information about the individual in a designated record set, for as long as the protected health information is maintained in the designated record set.’”

HITECH & THE Cures Acts

O’Hara went on to quote, “the HITCH Act in 2009, Congress ‘expanded HIPAA to include individuals’ rights to obtain electronic health records and added a stronger privacy and security requirements to protect health information.’” He continued on, “The Cures Act would later respond to a growing concern that healthcare software developers and provided sought to restrict the amount and types of information accessible to individuals by adding ‘information blocking’ provisions – to further encourage the broad access to patients’ own health information.” Healthcare providers often cite the “Designated Record Set” as not including the EMR audit trail or revision history.

U.S. Department of Health and human services (“HHS”)

Judge O’Hara continued to quote the rules of HHS in regards to a patient’s EHR audit trail production, “‘Individually identifiable health information’ is further defined as information created by a health care provider that relates to the provision of health care to an individual, among other things, that can be used to identify the patient. Id. In sum, audit trail information is included in the patient’s right of access if it is created or used by the healthcare provider, can be used to help treat or identify the patient, relates to the provision of health care to the patient, and is maintained in electronic media.” 

Electronic medical records with patient data and health care information stored electronically in tablet. Doctor using digital smart device to read the patient’s EMR chart.

The Alleged Burden of Producing the Complete Medical Record

The supposed time burden for the medical facility to produce the EHR Audit Trail and revision history is a major objection provided to the court as a defense to the request for a Plaintiff’s complete electronic medical record. Judge O’Hara addresses that point in stating, “HHS has acknowledged that this imposes a heavy burden on healthcare providers… However, the national policy is that this burden cannot overcome the patient’s right of access… HHS went even further to impose a scheme of penalties for entities that disobey this national policy.” 

Federal law says that audit trail data… is included in the patients right of access

Judge James O’Hara

Judge O’Hara finalized his section on the law by stating, “In sum, federal law says that audit trail data, including metadata associated with a patient’s EHR, is included in the patient’s right of access and that it constitutes information blocking to refuse to produce such data.”

Read the full order here: https://www.famjustice.org/_files/ugd/06ff46_3a6bcab463544b8b97bb10e7249405d8.pdf

Featured

Ways to Protect Your Vehicle From Theft

Motor vehicle owners face many new cyber challenges. Learn how to keep your vehicle safe from cyber criminals targeting automobiles.

As criminals are getting smarter about Motor Vehicle Theft, you should become more aware of ways to protect your vehicle from falling victim. Vehicle manufacturers are making changes to help combat theft but there are steps individuals can take immediately.

What car companies are doing

When you discover your vehicle is stolen, companies, such as OnStar, have vehicle theft plans in place. OnStar is a system available on certain Chevrolet, Buick, GMC and Cadillac models. The Stolen Vehicle Assistance program allows you “utilize GPS technology designed to locate your vehicle, alert authorities, and in some cases, remotely slow down your vehicle so thieves won’t get far.”

Toyota has also come out with a similar feature on their cars called Safety Connect. When your vehicle is stolen, “agents can assist authorities in locating your vehicle using GPS technology.”

This technology will help to recover your stolen vehicle. Even the knowledge of this technology existing in these vehicles will prevent theft.

Finding Solutions

Companies should consider other options to further the effort to reduce vehicle theft. This could be as simple as an on/off switch on key fobs. Another solution could be to increase the encryption making the data more difficult to duplicate onto outside devices. 

Protecting yourself against Motor Vehicle Theft

To minimize the risk of your vehicle being stolen beyond recovery there are a few things that consumers can do:

  1. Place your key fob in a metal tin, aluminum foil, or in Faraday Bag when not in use. Metals can help to interfere with radio frequencies criminals use to unlock and start your vehicle.
  2. Keep your key fob far away from windows and doors when not in use.
  3. Remove the battery from key fob when not in use.
  4. Use a Steering Wheel Lock to physically secure the steering column and deter potential thieves.
  5. Keep your vehicle in a locked garage when possible.
  6. Subscribe to a vehicle tracking security service that will alert you whenever your vehicle is departing from a location.
  7. Consider adding a tracker (such as Apple AirTag) somewhere inside your vehicle, so if it is stolen, you have the means of identifying where the vehicle was transported to.
  8. Install a video surveillance system (such as the Ring doorbell camera system) that will alert you whenever a person trespasses onto your property.
  9. Park your vehicle in well lit and visible parking lot location.

Summary

Overall, as vehicles get smarter, hackers do too. It’s important to take the necessary precautions to protect yourself from vehicle theft. Before buying a new vehicle, research vehicle models that use higher encryption and have reliable anti-theft systems in place. Consider buying a vehicle that requires insertion of your key in order to start. Even better, go for a vintage automobile that lacks any solid state components and your vehicle should be resistant to any such radio frequency attacks.

Featured

Preparing to Work with an EMR Expert

Learn what details to provide when hiring a data forensic expert during medical malpractice litigation to increase efficiency and cost effectiveness.

Prepare a summary of the following:

  • Develop timeline of notable events
  • Organize case documents and provide to your experts
  • Copy of the Complaint
  • Requests to produce
  • Interrogatories filed
  • Replies to Interrogatories
  • EMR Produced
  • Audit Logs Produced

Ask Your EMR Data Expert to Prepare the EMR for efficient review by attorneys & medical experts

  1. OCR the produced EMR (Allows for keyword searching)
  2. Convert the EMR to a spreadsheet format where practical
  3. Identify key events and providers
  4. Consider filtering for key dates, workers, or concepts
  5. Produce subset pdf documents / spreadsheets that are more easily reviewable
  6. Consider having pivot tables created showing overviews

In-Person Direct access provides additional information

  • Routing History
  • What the notes looked like at various points in time
  • Access to deleted records
  • Communications between healthcare workers
  • Example Screenshots from Popular HIS Systems follow

Enigma Forensics EMR Data Forensics Experts provide detailed analysis and interpretation of an EMR Audit Trail to assist Medical Malpractice Attorneys during litigation. We help win cases! Hire an Expert (HAE)! Call 312-668-0333

To Learn More about the EMR process

Featured

EPIC Software

Epic software is used by many hospitals that is HIPPA compliant. It is used to track all additions, modifications, and ensures the complete patient history is recorded. Check out this blog to learn more about EPIC software!

EPIC software is used by many hospitals to track patient care and manage the overall patient experience.  When something goes wrong during a patient stay that leads to long-term injuries or death of the patient, it is highly common that medical malpractice litigation ensues. 

Health Information Personal Privacy Act, HIPPA

The Health Information Personal Privacy Act, commonly referred to as HIPPA, places several important requirements on health care providers.  HIPPA requires that all access to a patient’s electronic medical record commonly referred to as EMR, track all addition, modifications, and allow access while ensuring the complete revision history of the EMR is maintained. 

EMR Audit Log

Audit logs or audit trails are required to ensure that reconstruction of the complete revision history can be established.  EPIC printed reports of patient’s EMR can be produced using various filters that result in a less than complete production of the patient’s full electronic medical records.  Some of the filters that are routinely used include:

  • Date filter to show only the time the patient was receiving care at the healthcare provider
  • Production of only non-confidential notations
  • Production of only the final version of the EMR without the detailed revision history
  • Filter notes exclusive to the named defendant health care providers
  • Filter by department

These filters described previously when used in producing a patient’s EMR result in an incomplete production of the EMR.

Sticky Notes

EPIC has a communication platform known as Sticky Notes. This serves as an instant messaging mode of communication between healthcare workers discussing a specific patient.  EPIC lacks a report that can allow easy printing or export of these notes. This creates a common misperception among health providers that these notes are not part of the legal discoverable record.  In fact, there are other ways to access these sticky notes, which are an important part of documenting the patient care provided.  An in-person inspection of the EMR using a camera to record the user’s screen can allow for obtaining these important communications. These sticky notes are part of the EMR and are subject to preservation by HIPPA. 

On-Site Inspection

During an onsite inspection to obtain the complete EMR, it is important to ensure that the user accessing EPIC has full administrative rights to the system.  In some health care organizations, sticky notes may be accessible only to physicians.  Regardless, obtaining these important communications can be a vital source of information to reveal important events leading up to a lifelong injury or death.

Enigma Forensics has assisted in numerous medical malpractice cases working with either the plaintiff or defendant’s side of litigation. Our experts dig through each record to analyze ultimately to find the “smoking gun!” We call ourselves the data detectives! If you are working on a medical malpractice case and would like to win, call Enigma Forensics at 312-668-0333.

To learn more about Electronic Medical Records check out these blogs.

Featured

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Why is the Health Insurance Portability and Accountability Act of 1996 so important? It keeps our healthcare systems in check! Check out this video with transcripts to learn how it affects patient’s rights to request their own Electronic Medical Records (EMR’s).

Lee Neubecker: So HIPAA is the Health Insurance Portability and Accountability Act of 1996 and why this is important is all the hospital information system providers, have to certify that their software is HIPAA compliant. Otherwise, the hospitals receiving Medicare reimbursement wouldn’t be able to use the software. So, the presumption should be that any healthcare organization that is receiving Medicare funding is compliant with the rules of HIPAA and we’ll talk through what that requires here.

HIPAA Audit Trail Requirements: EMR / EHR

  1. Application audit trail audit trails
    1. EMR Opened / Accessed
    2. EMR Closed
    3. EMR Created
    4. EMR Edited (Original and Replacement Value) with last update time
    5. EMR Deleted
  2. System level audit trails
    1. Successful or unsuccessful logon event by username
    2. Date and time of each logon or logoff attempt
    3. Specific device used to logon
    4. Application user successfully or unsuccessfully accessed
  3. User audit trails
    1. Monitor and log user activity in an ePHI application 
    2. Record events initiated  by the user
    3. Commands directly initiated by the user
    4. Log access to ePHI files and resources
  4. Healthcare organizations must retain records at least six years
  5. States with stricter retention requirements must be honored

First, HIPAA requires that there be application audit trails that show when the EMR was open, accessed, closed, created, edited, the original value, replacement value, who updated it? When, from what computer, whether it was deleted? Your system-level audit trails, which has to do with the logons of the user to the system when they logged on, what computer was at the nurses’ station? Was it the computer that was actually bedside with the patient? So all of that can be relevant, especially in establishing whether or not a healthcare provider was with the patient at an important time.

User audit log trails monitor the user activity within a specific EPHI application. It records events, what commands were issued, and so on. Healthcare organizations must retain these records for at least six years and typically, if there’s an issue where litigation is involved at the point in time that they’re notified, their risk management committee will collect the records and make preservation of the available data. Some states have stricter retention requirements beyond six years and in those cases, the state rules should apply according to HIPAA.

HIPAA Audit Trail Requirements: Must Track

  1. Each time a user logins
  2. Whenever changes are made to databases
  3. When new users are added
  4. Access levels for each user
  5. File access by users
  6. Logins to operating systems
  7. Firewall logs
  8. Anti-malware logs

Other requirements of HIPAA include the following.

When a user logs on when changes are made to the databases, when users are added, access level for each user, what rights they have, the file access by the user. Logins to the operating system, firewall logs, anti-malware logs and more. So there’s a lot of requirements that hospitals are compliant and other health care organizations that are receiving Medicare funding follow these requirements.

Example Audit Trail: Meditech

Example Audit Trail

Lee Neubecker:

Here’s an example of what an audit trail log looks like. I know it’s probably a little bit difficult to see all of this but what we see, this one’s Meditech. What you’ll see here is there’s a run date, the date and time the report was run, the runtime, the username, the specific database being accessed, and who the patient was.
Then across the top, you have different data columns such as date, time, the user. What action, were they modifying, exporting, viewing? The description of the action? Then you have the device being used to access it. It also shows here that there’s a confidential flag and certain records which may or may not be produced.
And then there’s the ability for someone to, you know, Dr. Smith could enter something and emulate another user and you don’t often see the notion that someone else emulated another user when you’re viewing the progress note or printed chart. So the audit trail is important.
Now, unfortunately, this audit trail doesn’t show you the specific changes being made and oftentimes, what’s necessary is you actually have to get a direct in-camera inspection of the Meditech or other HIS system to be able to record and document what the care provider sees.

Watch other videos making up this 4 part series, Unlocking the EMR Audit Trail.

Part 1 of 4: “The Keys to Unlocking Electronic Medical Records”
https://enigmaforensics.com/blog/keys-to-unlocking-the-emr-audit-trails-electronic-medical-records/
Part 2 of 4: “HIPAA”
https://enigmaforensics.com/blog/health-insurance-portability-and-accountability-act-of-1996-hipaa/
Part 3 of 4: “Navigating to Trial or Settlement”
https://enigmaforensics.com/blog/navigating-to-trial-or-settlement/
Part 4 of 4: “In-Person Direct Access”
https://enigmaforensics.com/blog/in-person-direct-access-provides-additional-information/
Featured

Keys to Unlocking the EMR Audit Trails (Electronic Medical Records)

Have you ever requested Electronic Medical Records (EMR’s) and its beyond difficult to read? The printed pages are not searchable, mixed in with junk, lacking versions that you know should be recorded? Check out this video blog with transcripts. Lee Neubecker, CEO and President of Enigma Forensics offers keys to unlocking the mystery of EMR’s.

Click to view Video on Keys to Unlocking the EMR Audit Trails
(Electronic Medical Records) 



Video Transcripts follows:
EMR Audit Trails, as produced by Healthcare Providers during medical malpractice discovery, frequently filter out the important history of the patient’s medical record. Learn how to compel discovery of the patient’s complete EMR history.

Lee Neubecker: So today, we’re going to be talking about the keys to unlocking Electronic Medical Record Audit Trails. We have a mixture of people on the webinar today. I know some people represent healthcare providers. Other people represent litigants involved with medical malpractice. I’m going to be talking a little bit today about how the process works.


Scenarios where Electronic Medical Records (EMR) are important

  • Eldercare neglect or abuse
  • Failure to provide appropriate & timely care leading to patient injury
  • Failure for staff to provide to correct type of care
  • Credentials of staff that performed procedures
  • Discussions between staff are relevant
  • Establishing the supervising physician neglected appropriate care
  • Allegations involving child welfare accusing parents of harming a child

Lee Neubecker: We’ll begin with discussing some of the scenarios where Electronic Medical Records are relevant and important. If you’re suspecting that the elderly has been abused in a nursing home, that could be important to know. Records of care when medications were provided, whether or not patients were neglected. All of that information can be discerned from reviewing the electronic medical record history. In some cases, there’s allegations about not providing appropriate care over time or the staff providing the wrong type of care. So, many of these cases become litigated in various medical record experts or clinical experts get involved. We’ll be talking about later today about how you really want to start with getting command of the EMR or Electronic Medical Records so that it can be efficiently reviewed not only by you and your team but also by any experts that might be retained to assist with the case. It’s important to understand that there might be discussions between staff, physicians and nurses and whatnot that aren’t in the progress notes or printed medical record. So we’ll be covering that in a little bit. Allegations about harm to children by parents or healthcare providers. That’s also relevant as well. In some cases, we’ve seen situations where the chart reflects a certain color of bruising many days after a child was admitted into a facility for care but the coloration of bruises often can suggest that the bruising happened before entry into a facility. On a case like that, knowing whether or not the child was bathed and whether it was reported early on can help determine was the child injured in the health care provider’s place of care or did it happen prior to admission?

What typically happens when you request the EMR

  1. Printed pages (not searchable)
  2. Mixed in with junk
  3. Sorted most recent to oldest
  4. Lacking version historical revisions
  5. Limited reports that have unnecessary filters
  6. Hold back on communications (Sticky Notes / Routing)
  7. Records entered not contemporaneously to events 

Lee Neubecker: So what typically happens when you ask for the electronic medical record for your patient or your chart, the healthcare providers will often produce it in the most unhelpful way. They might print it if it’s printed or dumped to a PDF that’s flattened, it’s not searchable.

It might be included with lots of redundant information, out of order, sorted not intuitively from oldest to newest, but backwards. Oftentimes, the version revision history of the progress notes are completely missing. So, for instance, if you have an Epic EMR production. With Epic, they have the ability to enable the specific version number so that you can determine the revision history over time and that isn’t always what’s included in the printed report that gets produced.

Some reports will have unnecessary filters. For instance, if only named providers are shown and you don’t see a mixture of healthcare staff providing care to a patient, that might suggest that the report was produced with only the name key healthcare providers included. And so, when you’re requesting electronic medical records, you really want to be very specific to say, use no other filter other than the patient identifier or the patient medical record number, date filters and whatnot, narrowly defining the date and time when the patient was in the hospital or healthcare facility might result in filtering out of important records that show that the chart might’ve been modified or manipulated well after the patient’s departure from the facility and after the patient experienced some type of harm.

Another thing I see, sorry about that. Another thing I see that happens sometimes is in addition to different filters, such as like filtering by date or filtering by healthcare provider or department, sometimes the filters aren’t displayed on the reports and you really want to be able to understand what filters are used. One other filter that might be used without your knowledge is whether or not the record is considered confidential.

Confidential would suppress the record oftentimes from appearing on the printed medical record report. So you want active, inactive, all version history, confidential, you want the entirety.

Another important thing that is relevant in many cases involves the communications between healthcare providers. With Epic, you have the ability and with Cerner, you have the ability for routing of communications, either almost like an email system within the healthcare system or something known as sticky notes, which is basically like an instant messaging platform between healthcare staff about a patient.

And there’s documentation out there where hospitals say that sticky notes are not part of the medical-legal record. Well, HIPAA requires that all that data be retained. So the data is in there, it’s in the backend database or you have to inspect the hospital information system to be able to document it on the photo or on video.

Another thing that we see a lot of our records that are entered in, after the fact, when you enter a record into a hospital information system, you can list the reported date and time of the event but that is oftentimes different than when the record was actually saved and created in the system. So we’ll talk about that more as we go through.

Important Concepts & Terms

  • (EMR) Electronic Medical Records
  • (EHR) Electronic Health Record
  • (HIS) Health Information System
  • (PACS) Picture Archiving and Communication System
  • (ePHI) / (PHI) Electronic Protected Health Information
  • Data Dictionary
  • Delimited Format
  • Native Files
  • Audit Trail
  • Audit Logs
  • Pivot Tables
  • OCR (Optical Character Text Recognition)

Lee Neubecker: First, I’d like to cover some important concepts and terms that are relevant to Electronic Medical Records in medical malpractice litigation.

EMR, Electronic Medical Records is synonymous with EHR, the Electronic Health Record. A hospital Information System is sometimes referred to as HIS and that’s like Cerner or Epic or Meditech or whatever software system is being used to manage the patient care and store their electronic medical record. PACS is specific to video, phototypes involved with the documentation of electronic medical records, as it pertains to things like MRIs, x-rays, videos of surgeries, and so on. And each of these systems often has its own audit logs separate from the HIS system. ePHI is Electronic Protected Health Information. That’s what all the stuff is about.

Data dictionaries are abstract or key to help you to cross-reference the initials of the health care provider or the department or procedures or lab test results to the friendly name. And if you’re working on one of these cases, you want to include in your request for production, a production of the data dictionary, so that you can make sense of the charts and records that are produced to you.

Another thing that I like to ask for when I’m getting electronic medical records is to request that that data be produced in what’s known as a delimited format, which is like a spreadsheet format, sometimes known as comma-delimited. That allows you to manipulate the data much more easily and filter and aggregate and do things that can help you see into what’s happening quickly without having to review oftentimes tens of thousands of pages.

Native files refer to the file as it exists. Like if there’s a transcription that’s saved as a WAV file that has the original doctor’s notes, asking for the native file of the transcriptions would give you the actual file that was recorded, as opposed to some transcription of the file.

Audit trail or audit logs, HIPAA requires that data be stored about the creation, modification and access of electronic health records. And these audit logs will show when things are added, updated, modified. The logs and audit trails that are produced often don’t answer the key question about what changes are happening. And usually, I get involved with helping the parties understand well, what really happened? What was a real revision history? When did it occur? Who did it, from what computer? At what date and time was data deleted? Was it added? And that’s very relevant to many medical malpractice cases. When we’re analyzing data, some of the things we can do, we can take the electronic medical records if they’re produced in a delimited format, we can quickly prepare aggregate summary charts that might show how many minutes did, or how many interactions with the EMR did the supervising physician have? What dates and time where the records looked at? When did modifications occur? If modifications occurred after a patient’s discharge, which I see quite a lot of times, that can be suggestive of efforts to fabricate the medical record history.

When we get the data, in addition to trying to get it into a delimited or a spreadsheet format, we’d like to make sure that the data is OCRed, which is optical character text recognition, that allows for searching and key concepts, names of providers, dates and times and so on. And all of that can be very important as you work a case.

Watch other videos making up this 4 part series, Unlocking the EMR Audit Trail.

 

Part 1 of 4: “The Keys to Unlocking Electronic Medical Records”
https://enigmaforensics.com/blog/keys-to-unlocking-the-emr-audit-trails-electronic-medical-records/
Part 2 of 4: “HIPPA”
https://enigmaforensics.com/blog/health-insurance-portability-and-accountability-act-of-1996-hipaa/
Part 3 of 4: “Navigating to Trial or Settlement”
https://enigmaforensics.com/blog/navigating-to-trial-or-settlement/
Part 4 of 4: “In-Person Direct Access”
https://enigmaforensics.com/blog/in-person-direct-access-provides-additional-information/
Featured

Cyber-Attacked on Supply Chain Again!

In lieu of the recent ransomware cyber attacks on critical supply chain assets, Enigma Forensics analyzes two recent cyber attacks and what lessons we have learned.

Cyber attacks on our supply chain. Will it stop? Enigma Forensics is a cyber forensic company and our love for data security keeps us focused on the 4W’s and 1H of a Cyber Attack. Here’s the latest of two very important cyber attacks on our crucial supply chain.

Who was involved? What happened? When? Where? How did it happen?

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, experienced a ransomware cyberattack. Colonial Pipeline carries gasoline and jet fuel mainly to the Southeastern United States. The cyber attackers impacted computerized equipment managing the pipeline. They took the company offline and wanted a sizable ransom to reverse the cyber attack.

This pipeline disruption caused an immediate reaction. Americans felt a rise in gasoline prices, people were panic buying and there were crazy long lines at the pump. Some areas reported no gasoline at all. What was the company’s response? Colonial Pipeline’s CEO Joseph Blount reported, they learned the criminal cyber attackers infiltrated Colonial’s computers through a legacy or old virtual private network, commonly known as a V.P.N.

Joseph Blount, CEO of Colonial Pipeline paid approximately $5 million in Bitcoin ransom to the attackers. Blount told the Senate Homeland Security Committee at a hearing, paying the ransomware was the hardest decision of his career. Blount said he knew how critical Colonial’s pipeline is to the country and he put the interests of the country first. When asked about the security on the particular VPN that was hacked, Blount said it was not a two-factor security password that texts to a phone but single factor authentication using only a plain text password. He said it was more complicated than the typical Colonial123 password. Lesson learned?

Following the attack on Colonial Pipeline, another ransomware cyber-attack occurred on our supply chain.

JBS Meat Packing Hack (it rhymes!)

JBS is considered to be one of the largest meatpacking companies in the world. At the end of May, they reported cyber criminals used ransomware to take over the company’s network systems and stopped meat production. JBS revealed they made a payment of $11 million to a Russian-speaking ransomware gang called “REvil” to protect JBS meat plants from any further impact on farmers, grocery stores, and restaurants.

Why are we seeing a surge in targeting a crucial supply chain?

There are many contributing factors in the recent wave of hacking attacks. It’s a fact more folks are working from home and lack the cybersecurity necessary to guard against intrusions. Another large contributing factor is that software used to allow bad actors to break into a network system is more sophisticated and readily available. The largest factor is that the United States companies are more globally connected than ever before therefore increasing their exposure to cybercriminals.

Who’s in Charge?

You might be asking who is in charge. It’s the United States Department of Homeland Security (DHS). Its stated missions involve anti-terrorism, border security, immigration and customs, cybersecurity, and disaster prevention and management.

Cyber Security Prevention

June 10, 2021 – The Department of Homeland Security Cybersecurity and Infrastructure Security Agency unveiled guidance for defending against ransomware attacks targeting operational technology assets and control systems, in light of the rise in critical infrastructure attacks.

The guidance joins a host of federal agency and White House efforts to crack down on ransomware and improve threat sharing between entities, as the frequency and disruption of attacks continue to ripple across the country. Combining knowledge and sharing prevention ideas will be the key to thwarting future attacks.

Fingers Crossed that the guidance works. We have all learned the lesson that it’s vital that we secure our supply chain in the United States and abroad. We don’t want to say what’s next!

Check out this series of our video blogs pertaining to cyber breaches!

Featured

The Keys to Unlocking Electronic Medical Records by Lee Neubecker

Join us on Friday, June 25 from noon – 1:00 pm. Please register on Eventbrite at:
https://electronicmedicalrecords.eventbrite.com

Electronic Medical Records Unraveled!

EMR Audit Trails as produced by Healthcare Providers during medical malpractice discovery frequently filter out the important history of the patient’s medical record. Learn how to compel discovery of the patient’s complete EMR revision history and the complete audit trail.

Enigma Forensics, Inc. was founded by Lee Neubecker, CISSP, an established Computer Forensics Expert for over 20 years and the President / CEO of Enigma Forensics. Mr. Neubecker has been ranked as one of the top global experts in cybersecurity and computer forensics by Who’s Who Legal for many years running.

Please join us this week, on Friday, June 25th at Noon to 1 PM CST for a complimentary Zoom webinar learn more about:

  • Neubecker demystifies Electronic Medical Records (EMR) by revealing how EMR can be fabricated, filtered, incomplete or misleading.
  • Neubecker will walk through the typical stages involved with litigating medical malpractice cases as they relate to EMR. 
  • Neubecker will discuss some of the typical problems and concerns with tendered EMR audit trails and patient charts as produced during discovery.
  • You will learn how to request and compel discovery to obtain the complete patient EMR audit trails and EMR revision history.
  • Most of all, you will learn how to detect records that may have been electronically manipulated. 

Watch the presentation now on YouTube:

Featured

Beware of Trade Secret Theft

Employers beware of Trade Secret Theft. A Forensic Expert can reveal a pattern that is indicative of a departed employee. Hire an Expert (HAE) to help track stolen or misappropriated data to lessen the financial loss left in the wake by a former employee.

Departing Employees Steal Data

Employers beware of trade secret theft! The pandemic forced many employers to require their employees to work from home without appropriate cybersecurity measures required to secure sensitive data. The increased vulnerability of company trade secrets has made it extremely difficult to navigate through an employee’s departure from an organization. Enigma Forensics has over 20 years of experience helping organizations navigate through the separation of employers, partners, and employees. Even the most technically savvy employers in the technology sector have issues with trade secret theft. Check out this example!

August 2020, Former Google exec Anthony Levandowski sentenced to 18 months for stealing self-driving car trade secrets

The technology giant Google recently sued their departed superstar engineer Anthony Levandowski. Levandowski helped develop the fast-growing world of self-driving cars and was the primary executive who helped Google to grow in the self-driving car industry. For reasons we can only speculate about, he departed Google to start his own self-driving truck company called Otto.

Levandowski sold Otto to Uber in 2016

Lewandowski’s new company, Otto become the first-ever self-driving trucking company. In 2016, he entered a deal with Uber to sell Otto and joined Uber as a high-ranking executive in its self-driving division. Google’s new self-driving unit called Waymo filed a lawsuit against Uber for trade secret theft. Waymo alleged that through Uber’s purchase of Otto they gained access to Google’s sensitive technology that Levandowski allegedly illegally took on his way out Google’s door.

Levandowski settled with Waymo (Google) in a trade secret theft case

During the trial, Levandowski refused to hand over documents and as a result, became in trouble with the US Attorney’s Office. He eventually reached a deal and was ordered to pay $747,000 in restitution to Google and a fine of $97,000. Levandowski had to declare bankruptcy after another separate court ruling that found him guilty of poaching Waymo engineers. Following the aftermath of the trade secret case against Uber and Levandowski, in September 2020, Levandowski filed another lawsuit. He alleged that the Waymo case negatively affected the Otto deal with Uber, and as a result, didn’t receive the financial rewards that were promised to him. Karma always seems to creep into these scenarios.

The Same Story Over and Over Again

All too often we see the same story played out no matter what the industry, company, or corporation. For top earners, there are only a few options for them to make a change. These are two options that we typically see in trade secret cases.

The first option is to out on their own as an entrepreneur or the second option is to go work for the competition. Once a top earner joins the competition, it’s often only a matter of time before they call on trusted former colleagues to join them. The next step in pursuing employees that departed for a competitor is often hiring a computer forensics expert skilled in trade secret misappropriation investigations. An expert is an unbiased third party that will track down the data that was illegally taken, document his/her findings in an affidavit, and assist with fact discovery. Ultimately, confronting the former employee with clear facts that demonstrate the trade secret misappropriation may lead to an agreed settlement. Often times, litigation continues and leads to a trial with the evidence at issue presented in a court of law. Having an experienced expert on your side can make the difference in the overall outcome.

Enigma Forensics has assisted in many trade secret cases. Hire an Expert (HAE) and Win Your Trade Secret Case! Call Enigma Forensics at 312-668-0333 to investigate.

To learn more

Featured

How to Unlock Electronic Medical Records

Electronic Medical Records can make or break a case! Do you want to learn how to unlock an Electronic Medical Record Audit Trail? Check out this complimentary MCLE (1 hour) credit seminar via Zoom, as Enigma Forensics CEO, Lee Neubecker offers keys to unlock the mysteries of the EMR audit trail. Read through this blog to register for this complimentary event.

Please join Enigma Forensics as our CEO, Lee Neubecker, as he presents:

“Keys to Unlocking Electronic Medical Records EMR”

Tuesday, May 25,

noon-1:00 p.m. Via Zoom

This complimentary program is offered for 1 hour of MCLE Credit in Illinois.

Register here: https://osadil.eventsair.com/2021-the-keys-to-unlocking-electronic-medical-records/2021-thekeystounlockingelectronicmedrecords/Site/Register

Enigma Forensics is partnering with the following sponsors:
The Family Justice Resource Center

If you are facing a wrongful allegation, The Family Justice Resource Center can help. The process of overcoming a medically-based wrongful allegation is exceedingly difficult. They offer a place to turn for families facing allegations of abuse and neglect. By learning the keys to unlocking the Electronic Medical Records it will become easier to uncover the root cause of every allegation. #https://www.famjustice.org/

Center for Integrity in Forensic Sciences

The Center for Integrity in Forensic Sciences (CIFS) is the first non-profit organization in the United States to bring exclusive focus to improvement of the reliability and safety of criminal prosecutions through strengthening the forensic sciences. Its educational and service goals span legislation, all facets of the judicial system, and experiential education of tomorrow’s lawyers and scientists. Its innovative approach allows law students and both undergraduate and graduate students in the sciences to work collaboratively, expanding the knowledge and competency of students across that broad spectrum. #https://cifsjustice.org/about-cifs/

Illinois Innocence Project

The Illinois Innocence Project (IIP) is dedicated to freeing innocent men and women imprisoned in Illinois for crimes they did not commit. They advocate on behalf of this silenced population by researching and investigating claims of innocence and providing legal representation and other assistance to prove credible claims of actual innocence. #https://www.uis.edu/illinoisinnocenceproject/about/

Illinois Public Defender Association

The Illinois Public Defender Association was incorporated in 1969 as a non-profit 501 [c][6] an educational organization for Public Defenders. The goals of education, interchange of ideas, and camaraderie are reflected by semi-annual seminars serving Public Defenders and court-appointed counsel in all 102 counties. #https://www2.illinois.gov/osad/PublicDefenderInformation/Pages/PDAssociation.aspx

Enigma Forensics

Lee Neubecker is CEO and Founder of Enigma Forensics. We are a computer forensic company that focuses on Electronic Medical Records and Data Recovery. We are pleased to offer this complimentary MCLE credited event.

To learn more about the keys to unlocking Electronic Medical Records EMR

Featured

How to Compel Discovery of Electronic Medical Records

EMR Audit Trails as produced by Healthcare Providers during medical malpractice discovery frequently filter out important history of the patient’s medical record. Learn how to compel discovery of the patient’s complete EMR history.

Are you attempting to compel the production of a patient’s electronic medical chart and the complete electronic medical record audit trail?

Medical malpractice litigation today routinely requires obtaining the complete electronic medical record audit trail. Compelling the entire patient’s EMR Audit Trail Discovery is vital to the case. Hospitals, clinics, dentists, and other health providers are required to document patient interactions in electronic HIPAA compliant Healthcare Information Systems (HIS). Electronic Medical Records (EMR) also referred to as Electronic Health Records (EHR) are used almost interchangeably. Requesting and receiving the complete EMR for a harmed party can be a daunting process, especially when health care providers produce voluminous audit trail reports in paper form that lack any clear documentation of exactly what changes were made to the EMR.

HIPAA compliant HIS software providers are required to log all access, review, editing, and deletion of records. Such logs must include a record of the user making the change, the source computer that made the change, the date and time of the records actual creation (this can be different than the date and time stamp that appears on the printed patient chart or progress notes), and all versions of the chart as it existed at various points in time. While the HIS software providers maintain HIPAA compliance, ensuring that deleted or revised patient records remain in the HIS record, those earlier revision instances or deleted (marked inactive) records are routinely left off the patient’s printed EMR. By design, the EMR audit trail reports lack the specific modifications being made and by whom. It is often necessary to formulate your discovery request in a specific way to ensure that all audit trail logs from all of the various HIS-connected systems are produced in such a way that provides a clear understanding of health care events that took place.

The following graphic depicts the typical process involved with retaining a computer forensics expert skilled in deciphering EMR to assist with compelling discovery of the complete patient electronic medical records, including the revision history.

1. Request Patient’s Complete Electronic Medical Records (EMR)

It is important that your discovery request includes important relevant details and enough specificity to ensure you receive a comprehensive production of available information without having unnecessary filters applied. We have seen routine usage of filters such as named users, narrow start and ending dates, departments and other available filters that result in receiving an incomplete production of the patient’s EMR. If you would like a sample electronic medical record discovery request list of items, please call us and we would be happy to share our sample request with you. Engaging our firm early on in the process can help speed things along.

2. Review Produced EMR Records

Reviewing the timeline of events and the complaint to develop an understanding of the critical moments when decisions were made or not made leading to harm to the patient is usually the starting point for engaging a computer forensics expert to assist you. Following the review of the case documents, converting the EMR produced to a more usable format is important before analysis begins. Ensuring that the EMR has been OCR’s, adding page labels to the document if missing saves time downstream and allows for surgical review of voluminous EMR to isolate records of care by date, time, health care provider name, medication, or other activity. Summarizing data and performing focused reviews around key dates and times can provide important insights.

3. Identify examples of withheld records or apparent manipulation

During the review process, it is helpful to identify examples of abnormalities or notations that indicate other data referenced is not contained in the production of the patient’s EMR. Reviewing the complete EMR records produced, not just the critical dates and times, can often help establish normal patterns of EMR and can be used in contrast to critical dates and times where EMR appears to be missing from the record. Skilled and experienced EMR data forensics experts often find indicators of manipulation that may not be readily apparent to someone who is not an EMR data forensics expert. Plaintiff’s medical malpractice counsel should send a written or emailed request to the health care provider to produce apparently missing records. This documentation of asking for the missing data will be helpful later when a motion to compel is filed with the court. Judges always like it when litigants attempt to work things out first amongst themselves before seeking judicial intervention. It is not uncommon that our firm is retained at this stage when the non-expert has reviewed the EMR produced and suspects something is hinky. Having your EMR data forensic expert assist with drafting the follow-on request for missing EMR can help lay the foundation for a later affidavit in support of a motion to compel.

4. Review Supplemental Production of Records if Received

In many cases, healthcare providers will partially respond to a supplemental request for EMR. The production oftentimes still lacks the clear ability to correlate the revision history of the patient’s chart and medical record. The review of all of the EMR produced to date is important in beginning to build the argument to be included in the future EMR expert witness affidavit in support of an onsite inspection of the HIS to obtain the patient’s complete EMR including the revision history.

5. Affidavit in Support of Motion to Compel Onsite Direct Inspection

The EMR data forensics expert must lay the foundation documenting their credentials, what they reviewed, significant findings, notes of any deficiencies in the production, and establishing that additional information not produced by the health care provider may be available from performing an onsite inspection. Direct engagement with the HIS can often reveal additional details such as the actual time or original entry of a notation as well as the life cycle of modification over time showing which device was used to access or modify the notation, what user accessed/modified the record, and the current status of records entered into the EMR. Inactive or deleted notations may be revealed on some HIS systems by toggling the view settings to show inactive records. The sworn statement by the EMR data forensics expert is an important tool in winning your motion to compel and often is filed with the motion, or submitted shortly after and before the hearing on the motion. In some cases, sharing the EMR data forensics expert’s curriculum vitae with the health care provider and the signed affidavit in support of the motion to compel onsite recorded inspection of the patient’s EMR may result in an agreement to allow inspection without the court’s order or an acceptable settlement offer. It never hurts to try.

6. File Motion to Compel Onsite Direct Inspection of the EMR System

Usually, to obtain direct onsite inspection of the healthcare provider’s HIS is a request likely to encounter objections and resistance. Filing a motion to compel and providing a supporting EMR expert witness affidavit can help overcome objections. A federal U.S. District Court ordered a hospital to provide such direct access to a patient plaintiff in a medical malpractice case. (Borum v. Smith, W.D. Ky. No. 4:17-cv-17, 2017 U.S. Dist. LEXIS 109249 (July 14, 2017)). The court’s decision and arguments can be viewed at this link. Onsite inspections can also be performed using remote control/viewing software such as WebEx, Zoom, TeamViewer, and others if the court allows and so orders. Typically, healthcare provider staff or HIS software consultants with administrative access to the HIS will perform the actions directed by the plaintiff’s EMR consultant and allow for recording screenshots of the patient’s EMR as viewed within the software.

7. Court Testimony in Support of Motion to Compel Onsite Direct Inspection

Having your EMR expert present in the hearing on your motion to compel usually takes place in person or via a remote video conferencing tool such as Zoom. Since the outbreak of Covid-19 began to escalate in 2020, courts have become more comfortable with allowing remote experts to appear via electronic video conferencing, making it easier to retain the most knowledgeable EMR computer forensics expert witness without concerns over the geographic location of your expert witness. Allowing the judge to ask questions of your EMR expert witness directly and assist you with responding to any raised objections has been proven to be highly effective in winning the motion to compel onsite inspection of the plaintiff’s EMR.

8. Onsite Inspection

Once the court has granted the motion to compel an onsite inspection, it is important to ensure that any in-person meeting isn’t a waste of everyone’s time. Problems that can arise include the health care provider producing someone to operate the computer terminal who is not knowledgeable about how to use the HIS or that lacks full administrative access to the complete backend databases containing detailed historical information including revision history of the EMR. In some cases, such as Cerner and Epic, some screens can be viewed in the software that will show progress notes and the revision histories including the user name modifying or entering the record and the times the record was updated by the user. In other systems, it may be necessary to access the back-end database system with administrative credentials to perform Structured Query Language (SQL) queries to identify the relevant record history. Having an EMR expert that has experience writing SQL database queries is important when the HIS doesn’t offer a built-in report or display view that can show the complete historical record of events.

9. Review Records Captured Onsite

Following the onsite inspection, it is often necessary to review in more detail the screenshots and video footage documenting the EMR in the HIS. Reports generated during the onsite may need to be compared against earlier productions of EMR to help document any records that were withheld. Where it is provable that the healthcare provider withheld patient EMR, it may be possible to petition the court to order reimbursement of expert witness fees associated with the consulting engagement.

10. Write Final Report

Many times, a final report is not necessary. Typically, once it is established that records were withheld, or it is believed to be known that this may be the case, it is more often than not that a settlement offer is made to the plaintiff when obfuscation or manipulation of the patient’s EMR took place. If no acceptable settlement is reached, writing a final report in the form of a sworn affidavit to detail the delays and extra costs associated with discovery is important for petitioning the court to award expert fees. Other times, the data obtained from the onsite inspection can be presented without a report or sworn affidavit. Photos and videos can sometimes avoid the need to generate a final report.

11. Expert Witness Deposed

Should an acceptable settlement offer not have been reached, the EMR expert witness will be deposed. This typically is preceded by a request for the disclosed expert witness’s communications with counsel and any work product or notes. Working with an EMR expert witness that has been deposed numerous times and has achieved successful outcomes following the given deposition can make or break your case. If the defense counsel can undermine the credibility of your expert, the admissibility of any of the opinions sworn to by your expert may be excluded. If your EMR expert witness is successful at establishing that records were held back or manipulated and provides a reliable deposition in support of those opinions, your case matter is likely to receive a reasonable settlement offer proportionate to the offenses and harm caused to your client.

12. Trial Testimony

It is rare that you will need your EMR Expert Witness to testify at trial regarding manipulation or withholding of evidence. If the facts exist and have been produced, they often speak for themselves. Many healthcare organizations face frequent malpractice litigation. If it is established in the public record that a healthcare organization permanently deleted a patient’s EMR, that organization could lose Medicare/Medicaid funding for not maintaining HIPAA compliance, a problem that could far exceed paying out a settlement to a single aggrieved party.

13. Case Settles

Medical malpractice cases often settle when it has been established that the records have been altered to distort the true record of patient care. Having news reports published detailing how a healthcare organization manipulated historical patient EMR to mask a mistake resulting in the harm of the patient would only invite more litigation by other harmed patients. In the interest of protecting their organization from further litigation and more intrusive discovery, healthcare organizations need to maintain their profitability and minimize costs paid out for ongoing litigation.

Summary

When you are getting stonewalled by a healthcare organization and feel that you are receiving cryptic EMR audit trails, or a production that is missing data that should exist, having an experience EMR computer forensics expert witness and consultant on your side can help you achieve a better outcome for your client. If you would like to discuss a case matter with us, we are happy to provide a complimentary consultation. Call us today at 312-668-0333.

Featured

Trade Secret Theft – Local Man Arrested

Trade secret theft of intellectual property, data misappropriation or corporate espionage is a growing trend. All are considered criminal acts that cost employers and employees millions of dollars and future income. This growing trend has attorney’s teaming up with data and computer forensic experts to find the smoking gun and save their clients a great deal of money. Ultimately saving companies or businesses that may be at risk of closing!

How to Avoid Trade Secret Theft of Intellectual Property and Data Misappropriation?

Corporate trade secret theft of intellectual property and data misappropriation with a competitive international company. All sounds right out of a James Bond movie!

Employee Resigns but Doesn’t Tell He Will Be Working for the Competitor

In September of 2015, an employee of a metal company was caught red-handed at O’Hare International airport with his luggage filled with company documents. That employee was Robert O’Rourke. O’Rourke was unhappy working for Dura-Bar, a McHenry County metal manufacturing firm he started working for in 1984 as a metallurgical engineer and eventually became a salesperson. He accepted a new position for a Chinese competitor named Hualong as Vice President of research and development. When he resigned he didn’t tell Dura-Bar management he was going to work for Hualong company. A company that manufactures cast-iron products and is in direct competition with Dura-Bar. On his last day of work, O’Rourke goes out for drinks with some of his colleagues. He slips up and tells them he is going to work for Hualong.

Departing Employee Downloads Electronic Data and Documents Belonging to the Company.

According to evidence at trial, in late 2013, O’Rourke began several months of negotiations to take a similar job with a rival firm in Jiangsu, China. While still employed at Dura-Bar, he then downloaded electronic data and documents belonging to Dura-Bar without authorization two days before officially leaving the company.  The following week, he packed up the proprietary information and went to O’Hare International Airport in Chicago to board a flight to China.  Federal authorities intervened at the airport and seized the stolen trade secrets from O’Rourke before he could travel to China. Gotcha!

Employee Charged and Convicted

About four years later, in October 2019, a federal judge sentenced a 30-year employee of a McHenry County manufacturing firm to a year and a day in federal prison for stealing trade secret information while planning to work for a rival company in China.

Hire an Expert (HAE)!

Enigma Forensics has over 20 years of experience. We work with attorneys on recovering and proving trade secret theft of intellectual property and data misappropriation for their clients. Criminal acts such as these can cost companies millions of dollars to defend and recover damages. Companies need to protect themselves by setting up protocols to alert when large quantities of data are being downloaded. To further protect themselves, employers must use non-compete agreements when hiring employees that work with proprietary company information.

To Learn More…

Featured

Trade Secret Theft and Misappropriation in the Food Industry

Rarely do we hear about trade secret theft and misappropriation in the food industry. It happens! Read about this high profile case involving a famous food celebrity chef!

America’s Test Kitchen (ATK) sues Christopher Kimball for Misappropriation of Trade Secrets

Here is another example of trade secret theft. Check out this blog to see how business and personal emails played a role in the misappropriation of trade secrets. Yes, there is trade secret theft in the food industry!

Who isn’t a fan of cooking shows?

Have you ever watched American’s Test Kitchen (ATK) on public television? In addition to the show, ATK is a multimedia company that has holdings in public television programs such as America’s Test Kitchen, Cook’s Country, cooking magazines and books, and several websites? Who knew? We love watching celebrity chefs like Christopher Kimball and other specialized professionals test the great American recipes like meatloaf, roast chicken, and apple pie!

Trade Secret Missappropriation Lawsuit or Foodie Divorce?

Christopher Kimball was the face and personality behind America’s Test Kitchen and Cook’s Country. In November 2015, Kimball left ATK’s program and started his own program called Christopher Kimball’s Milk Street. When two parties split it’s called a divorce, well, you guessed it, ATK sued Christopher Kimball, the co-founder, part owner, celebrity chef, and the former host of its TV shows. Almost a year later, America’s Test Kitchen Inc. filed a lawsuit on October 31, 2016, as the Plaintiff. They wanted Kimball to change his business model. We call this a foodie divorce.

ATK said Kimball duplicated what he did on the show on Milk Street and that he misappropriated its trade secrets and breached his fiduciary duty to the company. In addition, they claimed that while Kimball was working at ATK as he actively created his new company Milk Street. According to ATK, Kimball stole its collection of recipes, TV show ideas, media contacts, and subscriber information. As a result, ATK sought damages against Kimball and wanted a large sum of all profits that he has derived through the use of the trade secrets he allegedly misappropriated from America’s Test Kitchen.  Other defendants named were Melissa Baldino, Kimball’s wife and a former executive director of ATK, Christine Gordon, and Deborah Broide. ATK claimed they aided and abetted Kimball’s breach of his fiduciary duties.

Non-Compete Agreement between ATK and Kimball

It seems that ATK and Kimball did not have a formal non-compete agreement in place. To protect intellectual property, corporations use a non-compete agreement where the employee agrees not to enter into competition with the employer during or after employment. If an employee departs and takes intellectual property without permission that’s considered trade secret theft and misappropriation.

It’s all in the Email!

This case is an example of where most evidence of trade secret misappropriation can be found. It’s all in the email! A variety of emails were attached to the complaint that included notes between Gordon and real estate brokers, between Kimball and an IT consultant covering such issues as how to copy and store tons of recipes. There were emails discovered between Broide and Kimball regarding the media lists; between Gordon and the ATK help desk about whether company scanners would keep copies of documents she scanned.

The Foodie Divorce finally settled!

To all our fellow foodies the good news is that both parties settled. Kimball agreed to return his ATK shares to the company for an undisclosed price. In the end, they agreed to business terms that will allow America’s Test Kitchen and Kimball’s company, Milk Street to co-exist. Giving us foodies the benefit of watching both shows!

Enigma Forensics is a computer forensic company with litigation experts that partner with attorneys to represent plaintiffs and defendants to help prove their case. We dig for evidence of trade secret theft or misappropriation of intellectual property. Most of all we are foodies! We found this story about trade secret theft and misappropriation in the food industry fascinating and wanted to share.

To learn more about Trade Secret Misappropriation

Featured

Electronic Medical Records Manipulated Post Lawsuit

Hiring an expert in electronic medical records (EMR’s) will help uncover record manipulation that will assist law professionals in winning medical malpractice cases for their clients. Check out this blog to see how a Kentucky woman waged a monumental fight against the medical system that failed her!

A site visit by an expert pays off, a Computer Forensic Expert Finds the Smoking Gun in the Electronic Medical Record (EMR) audit trail!

Kim Johnson noticed a lump on her right breast and because her mother died of breast cancer she feared the worst. In January 2015, she went to Fleming County Hospital in Flemingsburg, Kentucky, to get a mammogram. When she received a letter from the hospital that proved she had “no evidence of cancer”, this Kentucky mother of eight breathed a huge sigh of relief. Several months had passed and the lump continued to grow so she decided to get a second opinion. She was horrified to learn she has stage 4 cancer.

Sadly, Fleming County Hospital had sent the wrong letter, giving Johnson the all-clear instead of directing her to return for a follow-up examination. In September 2016, Johnson filed a lawsuit against the hospital claiming doctors misdiagnosed her, and that two employees deleted evidence of the letter saying she didn’t have cancer. How did she know this?

She hired a digital forensic expert!

Ms. Johnson and her lawyer’s hired a digital forensic expert skilled in examining EMR audit trails. During a court-ordered on-site visit, they found employee EMR entries that edited the history and deleted the evidence of the erroneous letter claiming that she was cancer-free.

In the wake of the misdiagnosis by the hospital, Ms. Johnson is left with a long battle with cancer. If her cancer would have been recognized at an earlier stage her quality of life would have been different as a result. She trusted the system and it failed her.

Who protects the patient? The HIPPA law ensures accountability

Required by the Health Insurance Portability and Accountability Act (HIPAA), hospitals and healthcare providers are to maintain an audit trail of all access, entry, and modification of the patient’s EMR to ensure accountability. Hiring a computer forensics expert that has experience with examining Health Information Systems (HIS) and the related EMR audit trails that can make or break your case. Call Enigma Forensics staff today if you think you may have a case requiring similar assistance. 312-668-0333.

To Learn More About EMR Audit Trails

Featured

Top Things That Will Protect Company Trade Secrets

Trade Secret theft = loss in revenue. Use your spider sense when someone from your team departs the company. They can unsuspectedly upload electronic data to the Cloud for later use that will drain your company of future revenue and present an immediate loss! Be aware-hire an expert to forensically image the departed employees hard drive. It will save you money and headaches!

Every company will have an employee leave but how do you protect the company’s trade secrets from leaving with them?

It is more common that you know for employees to leave for a competitor. On their way out the door, they will take with them proprietary data that can result in great harm to an organization including; loss of employees, customers, and important revenue streams. If someone on your team recently left your company and is suspected of having joined a competitor, it is vitally important to take immediate steps to protect your organization’s electronic assets.

What types of data do departed employees take?

Enigma Forensics has seen it all!
1. Client Lists
2. Blueprints
3. Historical quotations
4. Programming files
5. Source Code
6. Rebate levels offered from various vendors
7. Supply Chain information
8. Business protocols that competition can replicate

Hire an Expert!

When investigating departed employees the first step is to create a forensic image of the past employee’s hard drive. We recommend NOT to ask an internal employee to perform this task but most importantly hire a qualified computer expert from outside your company. This avoids any underlying loyalty current employees may have for the departed team member. An expert is trained to ensure the chain of custody is preserved so that it can be presented during a trial. Many have learned that hiring an expert is worth every dime!

What are the benefits?

Enigma Forensics computer experts will look for all types of activity that took place, including websites visited, files accessed, files transferred to external media, files uploaded to DropBox or other cloud accounts, concealment activities; encryption, and deletion of electronic evidence.

If your company is on the other side of a trade secret misappropriation litigation, we encourage you to hire an expert that will perform an initial assessment of the new employee’s activities. This will provide you with the benefit of knowing if the employee did something that could prove harmful to your company. It’s not uncommon that misappropriated trade secrets are done without the new employer’s knowledge. Yet, the new employer can be named in litigation as a co-defendant! Ouch!

Enigma Forensics has worked for both the plaintiff and defendant in trade secret litigation. Our experts are CISSP certified, what is CISSP? Certified Information Systems Security Professional. This advanced level of certification is considered the gold standard in the field of information security. It is a globally recognized certification offered by (ISC)2. (ISC)2 is known to be the world’s leading organization specializing in certifications and training for professionals in the cybersecurity domain. Click here to learn more about ICS2. https://www.isc2.org/

Call Enigma Forensics at 312-668-0333 for a complimentary consultation.

To Learn More about Trade Secret Theft

Featured

Filters Used to Withhold the Complete Electronic Medical Records

The universal implementation of electronic medical records (EMRs) has become the single most important piece of evidence used in medical malpractice litigation. In response to an EMR Discovery request, healthcare providers use various filters to create useless or hard to read data. Hire an expert to help you weed through the audit trail and to present Discovery requests relevant to the case.

Healthcare providers use filters to withhold electronic medical data when complying with a court order and producing EMR audit trails. During the discovery period, EMR audit trails are commonly used as the single most important piece of evidence in medical malpractice litigation. Knowing evidence is in the details, has led to a chess game of filters proving “Not all electronic medical records (EMRs) productions are created equal!” Figuring out how electronic medical records (EMRs) are filtered is a game changer!

Follow the filters!

When counsel requests a patient’s electronic medical records (EMRs) to review for evidence, the production is often delivered in non-electronic limited formats, such as; scan documents, PDF, or image files. Filters provide limited format productions of (EMRs) therefore it becomes extremely difficult to read and find evidence. Are hospitals and healthcare facilities doing this on purpose? Are they filtering their production to include irrelevant information with very little details about the event in question? They are not making it easy that’s for sure. In truth, they are complying with the court order and producing files that include the electronic health records of the plaintiff. They’re just not providing data information in its completeness. Using filters to produce audit trails is fairly common, but for the injured party and representing counsel these tactics are extremely excruciating. Requesting electronic medical records (EMR’s) is now a challenging game of filtering chess!

Forensic Experts know how to request data essential to your case.

It is quite common that hospitals and healthcare facilities use a variety of filters that will result in an incomplete production. When forensic experts study the production headers they uncover filters that were used to produce an incomplete EMR audit trail. Experts know how to ask for relevant data and dig deeper to find evidence.

Filters, Filters, and More Filters!

  1. Date filters that are applied could exclude alteration of records after the event took place. We suggest the best practice is to use the earliest known date prior to the medical event as a starting point and place the end date the same as the current date of the request. Pushing the end date to reflect the current date will show who looked at the record post-event.
  2. Department filters will only return records that are from one particular department, such as radiology or another department.
  3. Employee filters include specific employees of the healthcare facility. If an EMR record only shows entries related to a physician’s user IDs this can be problematic. It’s important to know all of the names and user IDs of all healthcare providers that visited the patient.
  4. Workstation filters are specific to desktops and/or workstations and could be the cause of incomplete production.
  5. Location filters are used by healthcare providers to limit the full scope of production. It is not uncommon for physicians to access important medical records remotely. This could cause manipulation of data by remote access and filter out data after the event in question.

Enigma Forensics has years of experience developing requests for electronic medical records (EMRs). Our experts know how to ask the right question to retrieve the necessary data to be used as evidence. Save yourself time and expense and hire an expert! Our experts are CISSP certified (Certified Information Systems Security Professional) that provide testimony as a professional witness in a court of law.

Please call Enigma Forensics at 312-669-0333 for a complimentary consultation.

Featured

How important are Electronic Medical Records (EMR)?

Have you or someone you know been involved in medical injury or accident? Do you want to win your case? Or…If you’re an attorney and have questions about a case involving medical malpractice, read this blog and contact Enigma Forensics for the “W”.

Were you or a loved one involved in a medical accident or injury? Are you an attorney who is representing an injured client?

If the answer is yes, take immediate action and file a Discovery request or subpoena to access all of your Electronic Medical Records (EMR). Why is this important? In order to prove injury or malpractice and win your case it’s imperative to discover what took place and the actions that caused an event. Your electronic medical records or EMR audit trail will document what transpired. EMR audit trails will include prescriptions, tests, treatments, transfers, operation notes, nurse practitioners and doctors notes and a ton more. Electronic Health Records (EHR) are rich with data information describing the care that was provided and decisions that were made good or bad. Some medical record systems such as Epic have sticky notes that are traditionally not part of the formal patient permanent electronic record. Those sticky notes are required to be stored by the Health Insurance Portability and Accountability Act (HIPPA), but are not part of the discharge report showing the patient electronic medical record history. The data does exist and working with a qualified medical record forensic expert can help you to gain a more complete record of the patient encounter with the health care provider.

What else does Electronic Medical Records (EMR) include?

Electronic Medical Records and the patient medical record audit trail include the original record and will note any modifications. It will also preserve dates, times, who accessed the record and whether the record was printed, viewed, deleted or otherwise modified. Many of the systems today, such as; Epic, Cerner, Meditech, All Scripts and others have reports that can be downloaded to reveal vital information about who has authorization to access and audit electronic health records.

Medical dictations are another vital piece to the puzzle. Dictation files are sometimes sent to third party transcription service providers as raw audio files called WAV files. After the WAV files are received they are typically transcribed to text files and fed back into the electronic health record software system. When modification of the patient medical record occurs after an injury or malpractice took place, comparing the transcription WAV files to the produced chart may help reveal alteration to the patient medical records.

Patient Electronic Medical Charts are often Incomplete. You could lose your case!

When electronic medical record discovery requests are made by plaintiffs to healthcare providers, it is common that the production lacks the complete patient medical record history. Healthcare providers facing litigation commonly provide a minimal amount of data in an often useless format. The form of production is often scanned copies of previously printed our documents or charts. Codewords for health care providers, departments and procedures often make interpretation even more challenging. Having an experience EMR computer forensics expert can help provide a more accurate interpretation of the complete Electronic Health Record (EHR) for the harmed patient.

The Health Insurance Portability and Accountability Act of 1996, or HIPAA is a federal law which requires your medical records to be retained for six years at a federal level. However, most states also have their own medical retention laws which can be more stringent than HIPAA stipulates. Check out this government website to learn about how different states interpret this governance. https://www.hhs.gov/hipaa/for-professionals/privacy/index.html

How important are faxes? This could win your case!

In some cases, Electronic Medical Records (EMR) are faxed to outside providers either to or from your primary physician. Software vendors such as Forward Advantage provide automated faxing capabilities integrating with the existing health care information management systems and patient medical records. It’s vital you request all communication between facilities to help prove or disprove what and when medical knowledge was presented to the provider to make an informative decision relatable to an event.

Let’s say you have already requested an EMR audit trail for a patient. Did you know that the Electronic Medical Records (EMR) audit trail you received contains cryptic codes that you will not be able to comprehend. It’s extremely helpful to request all of the underlying data dictionaries that will provide the definition of the codes used referring to the friendly name, including, the healthcare provider’s name, department, computer used to access the EMR, procedures, treatments, tests ordered, drugs prescribed and lab results.

Did you know that medical data is required to be retained for six years?

Do you want to to win your case! You need Enigma Forensics experts on your team! Hire a professional forensic expert to assist in writing a Discovery request to obtain, preserve and analyze ALL of the electronic medical records and to help you obtain the complete EMR audit trail. We can help uncover the truth of what took place and help tell the court the story about what happened to you or your client.

Call Enigma Forensics at 312-668-0333 to schedule a complimentary phone call to discovery how we can assist.

More about Electronic Medical Records

Featured

Tesla’s Latest Trade Secret Theft Lawsuit

Enigma Forensics experts investigate, preserve and recovery data to prove or disprove Trade Secret Theft. We have assisted many clients in financially recovering what was stolen from them or to help clear their name. Are you interested in learning more about trade secret theft? Check out Tesla’s latest law suit against a former software engineer.

A large portion of our business is forensically recovering and preserving data that is vital in proving or disproving trade secret theft. Enigma Forensics experts love to follow Tesla! We love the look of their beautifully engineered electric cars and we’re very interested in Elon Musk, the controversial character behind the engineering. Who is now labeled the most wealthiest man in the world. Our interest was piqued when we heard about Tesla’s latest lawsuit and that prompted us to write this blog.

On January 22, Tesla filed a lawsuit against Alex Khatilov, a former software engineer over Trade Secret Theft and Breach of Contract. Tesla contends that within days after Khatilov started his position on December 28, 2019, he began stealing thousands of highly confidential software files from Tesla’s secured internal network, transferring them to his personal cloud storage account on Dropbox to which Tesla has no access or visibility.

How did Tesla discover this trade secret theft or misappropriation of data?

On January 6, Tesla’s information security personnel detected Khatilov’s unauthorized download of a complete set of all the automation scripts produce by the Quality Assurance Engineering team for WARP Drive over the last twelve years! He was confronted the next day via Microsoft video chat due to Khatilov working remotely because of COVID-19 restrictions. Khatilov claims he installed a Dropbox desktop application to his Tesla issued laptop to allow him to upload administrative files to his personal Dropbox. He swore over and over that he only transferred administrative documents and then when he finally shared his screen with Tesla investigators he could be seen deleting the Dropbox files while on video chat confirming he had willfully destroyed evidence.

Why all the fuss?

How important are these scripts? These scrips are unique to Tesla and run on WARP Drive, the backend software for much of Tesla’s business. These files consisted of “scripts” of proprietary software code that Tesla has spent years of engineering time to build. When executed, these scripts automate a broad range of functions throughout Tesla’s business and only a few select employees have access to these files. It gets better! This is the good part…Khatilov contends he forgot about downloading thousands of confidential files!

The reality of this trade secret theft or misappropriation of confidential data is that Tesla has no way of knowing whether Khatilov copied the scripts onto a thumb drive, a mobile device, or a cloud based storage or most importantly sent them to another individual. To understand more thoroughly how important these “scripts” or trade secrets are…They map out Tesla’s innovations! Making them extremely valuable and beneficial to any competitor.

What measures ensure against trade secret theft or misappropriation?

  1. Tesla limited the “scripts” access to only members of the Quality Assurance Engineering team in which Khatilov was one of forty employees to have access. The engineers that have access are not permitted to download scripts to the cloud or personal devices. This makes us wonder how Khatilov was able to download data!
  2. Only eight people within the Tesla company are approved to grant access to these scripts.
  3. Each engineer signs an extensive employment agreement and agrees to policy conditions of their employment with includes a non-disclosure agreement (NDA), that holds each employee to the strictest confidence of proprietary information, technical data, trade secrets so on and so forth.
  4. The NDA also states that upon termination or departure each employee will immediately return to the company all original document electronic or hard copies.
  5. Each physical facility has restricted access to only authorized personnel that are monitored by security guards and cameras.
  6. All visitors must check in with security, sign a NDA, submit to a photograph and be escorted by an employee.
  7. Tesla also used password-protected and firewall-protected networks and servers that are only accessible to current Tesla employee with the proper credentials.

Moral of this story is…

Even high level technology companies has issues with trade secret theft. If your company suspects something like this, immediately hire a computer forensics expert to electronically preserve data of soon to be departing or a departed employee that has already left the company. Enigma Forensics can analyze data that was misappropriated or stolen to help clients recover financial loss.

Featured

Has your cell phone been lost or stolen?

Enigma Forensics offers step by step advice on what to do if you cell phone has been lost or stolen.

Enigma Forensics has recently received many calls regarding lost or stolen cell phones. So we put together 7 easy steps on what to do. You may have been involved in a crime where someone stole your phone or you could have lost or misplaced your phone. Either way, you know the feeling, it’s a sinking panic in the pit of your stomach. There’s no doubt it can be devastating! Here are some easy steps you can take to avoid this monumental headache. First a foremost DON’T PANIC. Take a deep breath and think logically through these steps.

Step 1 – You’ve discovered your cell phone has been lost or stolen – ask a friend or someone close to use their phone to call your number. If that doesn’t work try to locate your phone on another device that is connected to your Mobile App. Then text your phone. If it’s lost someone might be a good samaritan and want to return the phone. If you were involved in a crime contact the police department and file a report.

Step 2 – Check out your Mobile App or your phone’s native “find my phone” feature. If you have other devices in your home, log on, and try to use the locator.

Step 3 – Call your cell phone provider to inform them of a lost or stolen phone. They can assist you in what actions you need to take next. If you have insurance on your phone you will be able to replace it with minimal cost.

Step 4 – If you have any banking, or other important financial Apps on your phone contact them immediately to let them know your predicament. Most banks allow you to pause your financial cards while you locate your phone. Notify the credit reporting agencies to put a freeze on new accounts being opened in your name.

Step 5 – Always back up your cell phone. We know, this is easier said than done! You can make it easy on yourself if you schedule a calendar date and set a reminder.

Step 6 – If you lock your phone and rotate your passwords this could help avoid most of the headaches involved.

Step 7 – Have your cell phone carrier revoke your old SIM card to prevent any outside party from texting your contacts from your cell phone or another cell phone they may use with your SIM card.

Finally, keep calm and face each step with determination to resolve the matter.

Featured

Russian Hacker’s Latest Hack Or Did They?

Will 2021 become the year of heightened cyber security? What will it take for the U.S. Government get their act together? Here we are reported yet another cyber attack that gained entry through a supply chain. 2021 Year of Cyber Security!


As a Cyber Security company, Enigma Forensics is always interested in the 4W’s and 1H of a Cyber Attack. We would be remiss if we didn’t write a post about the most recent SolarWinds Hack allegedly by the Russians. Did the Russians time this cyber attack at precisely the moment in time when the United States is preoccupied? Amidst the Coronavirus shutdowns, the election results, the holidays, and the COVID-19 relief plan, it’s almost as if this particular Russian Hack completely flew under the radar.

What happened?

The attackers gained entry by using a software update sent out by Texas-based software company SolarWinds, which counts multiple U.S. government agencies as customers. In early December 2020, the news media reported at least 200 organizations, including U.S. government agencies and other companies around the world, have been hacked as part of this suspected Russian cyber attack.

Government’s response

The New York Times reported on December 13, 2020, “The Trump administration acknowledged on Sunday that hackers acting on behalf of a foreign government almost certainly a Russian intelligence agency, according to federal and private experts — broke into a range of key government networks, including in the Treasury and Commerce Departments, and had free access to their email systems.” We can’t find any reporting on what information was stolen.

Who raised the alarm?

It looks like FireEye, a computer security firm first raised the alarm about the Russian cyber attack after its own systems were compromised back in early Spring of 2020. What perfect timing to stage an attack considering the whole country is preoccupied with the rise of the pandemic! FireEye discovered a supply chain attack that was accessed through SolarWinds Orion business software updates in order to distribute malware that they called “SUNBURST.” Experts agree this is the work of highly-skilled actors and was performed with significant operational security. But, the real issue is why didn’t the government cyber protection agencies that are sworn to protect recognize the breach? It took an outside company to inform them of the cyber attack.

Where was the Cyber Attack aimed?

In this case, the U.S. government agencies seemed to be the target. As noted before, the hack was done through what is called a “supply chain attack,” in which malicious code is hidden in legitimate software updates and meant to target third parties. Could it have been the Chinese masquerading as the Russians? President Trump laid claim that there was potential it could have been the Chinese and not the Russians.

When was the Attack Noticed?

As reported by the New York Times, in a statement after a briefing for committee staff members, Senator Ron Wyden of Oregon, who has often been among the sharpest critics of the National Security Agency and other intelligence agencies, said that the Treasury Department had acknowledged that “the agency suffered a serious breach, beginning in July, the full depth of which isn’t known.” But no one will say just how serious the breach was!

Today, as reported in the Hill, the headline reads, “Intel vice chair says government agency cyber attack ‘may have started earlier’.” Sen. Mark Warner (D-Va.), the vice-chairman of the Senate Intelligence Committee, said on Wednesday, December 30, 2020, that the cyberattacks on U.S. government agencies reported at the beginning of the month may have begun earlier than previously believed.

How did the Hackers Hack?

The hackers used malicious code inserted into legitimate software updates for the SolarWinds Orion software. This allowed the hacker to remotely access the victim’s electronic environment. In order to avoid detection, they used a very small footprint and went to significant lengths to lay low and blend in. Very stealth-like in nature! The malware attacked slowly and moved with precision, covering its tracks and using tools that were hard to detect. Does this sound familiar?

Check out another Enigma Blog

https://www.forbes.com/sites/thomasbrewster/2021/01/26/google-warning-north-korean-hackers-breach-windows-and-chrome-defenses-to-attack-security-researchers/?utm_source=newsletter&utm_

Featured

EMR or EHR what is the difference?

EMR or EHR are synonymous. Both are medical records. The electronic medical records or EMR reveal an audit trail of what transpired during a medical or health visit. Each record is unique and tells a story about the patient. We are experts that can assist you to win your case!

Electronic data records are taking the place of the old school hard copy files and completely revolutionizing the way data is gathered and stored. Electronic Health Records (EHR) or Electronic Medical Records (EMR) are synonymous with each other. (EHR) is data that includes the patient’s vital information such as an address, medical history, allergies, immunizations, lab tests results, radiology images, and vital signs, also, personal statistics like age, weight, sexual orientation, and insurance information. (EMR) is an individual’s private health data that is stored in a protected database only accessible to medical personnel in compliance with The Health Insurance Portability and Accountability Act (HIPAA) regulations. EHR’s or EMR’s make patient charting easier and results in fewer errors and keeps this delicate personal information private and secure.

Medical data can be manipulated!

Medical data can be altered and inserted into EMR systems and made to look like it was there all the time or not there at all. Medical malpractice lawyers rely on EMR audit trails to tell the story of either side of a case; the plaintiff or the defendant. Medical records are marked by metadata or raw data. This data is developed separately from the EMR system making manipulation detection visible by reviewing the raw data and the database logs. Metadata can also be described as underlying data, like a digital footprint that creates an audit trail. In order to analyze raw data, you will need to hire Enigma Forensics; we are experts in the field of electronic medical records (EMR) or (EHR).

During a forensic review of EHR’s or EMR’s, we can authenticate or reveal backdating, back charting, data editing, or falsification of records. We have been on both sides of medical malpractice cases and almost always save our client a considerable sum of money. We work closely with the attorneys involved to help with eDiscovery verbiage and assist with what to look for.

Electronic Medical Records
Electronic Health Records and eDiscovery

Featured

Complete list of eDiscovery Questions For Electronic Medical Records

Enigma Forensics are experts in collecting and understanding electronic medical records or the EMR audit trail. Check out this blog to view our list of EMR Discovery Questions.

Electronic Medical Records (EMR) can be tricky! In most cases, during eDiscovery, you get what you ask for and only what you ask for! Every Discovery request involving a healthcare provider has unique aspects that need to be considered.

Enigma Forensics is an established Computer Forensic Expert Witness firm that has been involved in many medical malpractice cases and specializes in interpreting electronic medical records (EMR) audit trail or audit logs. Our staff has extensive experience with numerous EMR applications and can assist you with navigating through the challenges of EMR Audit Trails and/or Audit Logs. Electronic Medical Record a.k.a., EMR audit trail or log is the answer to who knew what when, in essence, it tells the story about what took place during the treatment of that patient.

The following is a list of important questions to file for the demand for eDiscovery for Electronic Medical Records, in a medical malpractice case.

  1. Provide the name of all medical software applications utilized to store [Patient Name]’s Electronic Medical Records (EMR).
  2. For each medical software application that contains [Patient Name]’s EMR, please provide the specific version of the software as well as the name of the company that produces the software during the relevant time period beginning on [beginning date] through the present date.
  3. For each medical software application that contains [Patient Name]’s EMR, please indicate if any of the specified software applications were migrated off to a new platform and what the current status is of [Patient Name]’s EMR on the original system.
  4. For each medical software application that contains [Patient Name]’s EMR, please provide the application administrators that have full access to the stored data and audit trails.
  5. For each medical software application that contains [Patient Name]’s EMR, please provide all user and administrator manuals for each of the medical software applications.
  6. For each application that contains [Health Care Provider Name]’s EMR, please provide the current retention settings for the audit trail for all patient’s EMR. Are the privacy log retention settings sent to a secondary audit log (e.g., Fair Warning)? Is the secondary audit log retention configurable within the systems and/or applications?
  7. For each application that contains [Health Care Provider Name]’s EMR, please provide the earliest date that [Patient Name]’s EMR appears in the application’s audit trail.
  8. Please provide the complete EMR audit trail for [Patient Name] detailing any health care provider’s access, review, modification, printing, faxing, or deletion activities in a comma-delimited format with any and all corresponding native files that may relate to the Electronic Medical Record for [Patient Name] as required by the Health Insurance Portability and Accountability Act § 164.312(a)(1).  Such an audit trail should include the original values and new values for any alteration of the EMR and shall indicate the user making the change and the date and time of the change.
  9. Please provide the data dictionary for each software application containing  [Patient Name]’s EMR.  Such dictionary shall include the username key that maps the real names of individuals to their unique user login account IDs for each medical software application containing any EMR for [Patient Name] as required by the Health Insurance Portability and Accountability Act § 164.312(a)(2)(i). Additionally, any lab test, codes, or other short-form identifiers included in  [Patient Name]’s EMR Chart or EMR audit trail should be provided as part of the data dictionary production.
  10. Please provide any and all original voice transcription recordings that were made by [Health Care Provider Name], or any other staff that related to [Patient Name].
  11. Please provide any other native electronic files or emails that relate to  [Patient Name] in the native format with an index containing the original unmodified metadata for each of the native files or emails produced.
  12. Please provide any DICOM files that were captured as part of [Patient Name]’s treatment by [Health Care Provider].
  13. Please provide electronic records of any outbound faxes and/or other methods of communication that were utilized by [Health Care Provider Name] to [EMR Recipient], in its native form with a corresponding comma file listing containing all available metadata in a delimited format with the corresponding file path to the native file produced for each record.
  14. Please provide the name and title of the person most knowledgeable for the [Health Care Provider Name]’s software/auditing and compliance system. 
  15. What customizations and settings were active at the time when the plaintiff was admitted into the hospital? What privacy-related logging is in place for each such system and/or application? Are privacy log retention settings in place for each such system and/or audit log?
Featured

COVID-19 Impact on Supply Chain

Was the COVID-19 Pandemic a wake up call for those businesses who are dependant on the world’s supply chain? Let’s face it everyone is dependent in one way or another on the world’s supply chain. But do we really understand what’s going on? Check out this video blog as experts take a look at the supply chain and the impact of COVID-19.

What’s going on with the world’s supply chain?

Enigma Forensics is wondering about the impact the Coronavirus/COVID-19 pandemic has had on the world’s supply chain. Lee Neubecker sits down (virtually) with Geary Sikich from Logical Management Systems. Both agree the spread of Coronavirus/COVID-19 has been a wake-up call for the world.

First of all, we think it’s safe to say everyone is feeling the impact of COVID-19! It has been devastating for every human being on the planet. What have we learned? Supply chains that carry life-saving products were pinched off and that presented a huge shortage sending the medical professionals and government agencies scrambling to provide much-needed protective medical supplies. Many businesses are dependent on global sourcing and have now found themselves facing hard choices amid the supply chain disruptions.

Both Lee and Geary, agree shipping is an under-reported issue that has been negatively impacted by COVID-19. We all know the story of stranded cruise ships that were quarantined at sea and as a result cruise ships became super-spreaders of the virus. But, what about the shipping industry? Specifically, cargo, oil tankers, and container ships. We know these types of goods transports have limited crews, to begin with, and now we have learned that some of these ships have been quarantined at sea. If they make it into port they are quarantined based on the fact the products they are transporting could possibly be infected. Check out this video to learn more about the COVID-19 impact on the supply chain.

Was COVID-19 pandemic a wake up call?

Lee Neubecker (LN): I am here today with who is that? Geary Sikich, you wore your mask.

Geary Sikich (GS): Yes I’ve been completely protected with this mask.

LN: Is that comfortable?

GS: No, it’s hot and it is made out of rubber. So it’s to kind of a, not the greatest mask in the world if you choose to wear one but it’s good for comedy and it’s almost Halloween so.

LN: So how much did that set you back?

GS: $10 on Amazon

LN: Now how’s the breathability of that thing?

GS: Actually the breathability is pretty good. It actually is pretty good. Then, the biggest issue you face with it is just that you’re going to have body heat kind of contained. If you don’t wear it for a long period of time or you don’t have headphones on you should be okay.

LN: So I had you on the show today. I wanted to ask you some questions about what impact the COVID-19 pandemic is having on our trade environment with imports and exports.

GS: So in general, as the pandemic started to evolve, we saw the impact in a number of different areas. There was a lot of impact on the cessation of imports by countries China, for example, ceased and used force measures to stop oil shipments from coming in. The US has had a big backlog on all their ports, because of concern over making sure that what’s coming into the country is not tainted. The bigger impact and this was one that really is kind of been under-reported if you will, has been that the shipping industry., now take cruise lines out of it ’cause they got a tremendous amount of media coverage with cases there. But what we have is a real issue with shipping, the ships that are container ships, bulk ships, cargo ships of all types, including your large oil carriers. There is a limitation of people who serve on those ships, crews. There’s been a lot of crews that because of Coronavirus/COVID-19 infection on a ship have been quarantined out at sea. And so we’re seeing ships being taken off usage because they’re sitting being quarantined. We’re seeing so a disruption in the supply chain because of a key component of the supply chain, not related to the end products or the originating product.

LN: So all the just in time delivery and assembly is really a parenting problem we say can’t rely on the GPS and calculated travel time.

GS: And actually there’s been another issue that’s come up with, with the systems on ships because of cybersecurity obviously, and in a general way, but they’ve had a tremendous impact in those areas because of that. So shipping has been hit majorly as has air transport because airlines have cut back so tremendously on flights.

LN: All right so in terms of some of the supply chain security programs they have out there, what are you seeing that companies are doing to protect their supply chain implementing these programs?

GS: A lot of what I see right now is that companies are trying to find alternative suppliers so that they can have a broader base of supply chain. So from where we were single-source supply, we’re now looking at moving towards multiple source supply so that they can continually keep a feed of supply coming in.

LN: Yeah because I’d imagine if certain regions experienced the COVID-19 outbreak more, that would disrupt the supply either going to or coming from that region.

GS: Yeah, and you think about things like border closures, you think about things like the inspection process, the concern over whether or not there is going to be contamination coming in in a cargo container you know, may have.

LN: Are they having, in some cases are they having the ships quarantined when they arrive?

GS: In a lot of cases

LN: Before they are unloaded?

GS: Yeah and that impacts tremendously because you got to take a look at the shipping industry and the cargo shipping. They have gone from smaller cargo ships to mega cargo ships. And these mega cargo ships can have, you know, a lot of containers, hundreds of containers if not more. And the problem is when you lock in a ship like that, your shipment may be one of many that gets stuck. And when you take that size ship out of service you can’t replace it very quickly because what happens in the industry is very simple. They’ve gone to larger ships to carry greater amounts. So economy of scale, and they’ve taken the smaller ships and as is now the case with the cruise industry they’re in yards in India and various other countries and shipbreaking yards. So they’re completely being taken apart and they’re no longer part of the service of shipping that’s out there. Now so replenishment of the container, the vessel, is going to have an impact. And if you take one out, you don’t have an easy replacement for it.

LN: Geary well, thanks a bunch for being on the show. I really appreciate it.

GS: Thank you Lee I appreciate your time.

To Learn More About Logistical Management Check out this website

http://logicalmanagement.com/

Featured

COVID-19 Precautions on Election Day

What do bacterial wipes, shields, social distancing, gloves, and safe drop boxes have in common? These are some of the COVID-19 precautionary steps Cook County Clerk Karen Yarbrough has implemented for election day on November 3rd.

Cook County Clerk Karen Yarbrough along with her team has worked hard to make many precautions to each polling place in the City of Chicago to guard against COVID-19. Clerk Yarbrough sits down with CEO Lee Neubecker of Enigma Forensics to discuss the COVID-19 precautionary measures that will be put in place to keep the voters safe on election day.

COVID-19 Precautions by Cook County Clerk Karen Yarbrough

Election Day Voting & COVID-19 Precautions

Lee Neubecker(LN): So I’m here today again with Karen Yarbrough Clerk of Cook County. Karen, thanks for being on the show.

Clerk Karen Yarbrough(CY):My pleasure Lee.

LN: And today, we’re going to be talking about election day voting, what you should know what steps the clerk’s taken to help ensure that you’re safe and protected from COVID-19. So Karen, tell us some of the steps you’ve taken to help protect the poll workers and voters for the upcoming election day.

CY: Well Lee, the primary election really gave us a really good bird’s eye view of what we needed to do. What we were unable to do. We had ordered over $30,000 worth of equipment for our poll Watchers and our judges and the public. And it didn’t show up and we get it. They had diverted it to the first responders. So using that as a guidepost, we are prepared for November election. In our warehouse currently, we have gloves we have masks, we have shields, we have the bacterial wipes. We have everything that we need for this election. Additionally, we plan to mark off in the polling places. There’s the six foot we’re going to social distance and the same thing with the machines. We’re going to social distance those. People can feel safe and secure and their vote is going to be the same way.

LN: So what if it rains on election day?

CY: Well, what if it rains? We’re going to do what we always do. We’re going to take an umbrella We’re going to go to the polling place and we’re going to put our umbrella up and we’re going to go and vote.

LN: Well, hopefully enough people early voted, and voted by mails.

CY: We’re hopeful. We’re encouraging people to early vote but what we’re seeing that there’s still some people who want to show up on election day and that’s their right. and we’re going to honor that.

LN: So should people bring their own Sharpie or pen when they come to the polling place?

CY: If they feel more comfortable bringing their own pen by all means, bring it. But I can tell you that we will have a sufficient number of pens. We plan to clean them between each use so that everybody can be safe. I want my workers to be safe as well as the voters.

LN: So what are you doing to help protect people against COVID 19 transmission that comes from being bunched in lines while waiting?

CY: Well, there won’t be any bunching in lines, okay? First of all, they’re going to be socially distance at least six feet apart. So there won’t be any of that bunching that’s…

LN: So you have lines on the floor?

CY: No we’re going to have, we’re going to have yes, absolutely lines on a floor inside the polling place and even outside the polling place even if it rains.

LN: Are they doing temperature checks?

CY: We are not.

LN: So do you think, should we be concerned about a potential spike in cases in Cook County, following election day?

CY: You know we were during the primary, we were concerned about that, but not one person, not one judge and that one person that we know of were affected. And we certainly didn’t have what we’re going to have in November. So I really don’t think so. We’re going to take every precaution to make sure that people are safe. I will be out there all day, election day as I usually am. I go to the polling places, I talk to the judges to see if there are any problems. We have a team of people who will be out there that day to problem solve and troubleshoot. So I fully expect things to go well on election day.

LN: So if people aren’t sure where they vote, how can they find out?

CY: They can go to the best website in the world. And that is cookcountyclerk.com all things election your trusted source.

LN: Great, well thanks so much. This is great, you’ve reassured me, however, I’ll be voting by mail this year, but I’m certainly hopeful that many other people did as well. So that the lines are short and fast for everyone.

CY: We’re suggesting that people come up with their own plan of what you’re going to do. If you’re going to vote early and drop it in the mailbox if you’re going to get your ballot and drop it in one of our safe drop boxes or if you’re going to vote on election day find a plan, make a plan and then exercise your right to vote.

LN: And what should people do before they come in to the election poll?

CY: What should they do? Well, they should wash their hands. They’re going to have to do that. We’re going to have that bacterial stuff that you use on your hands, but we’re going to have gloves too. People are going to be safe. They’re going to feel very very comfortable when they come to the polling place.

LN: And they should wear a mask when they come.

CY: They should absolutely.

LN: And if they forgot their mask?

CY: And if we’re going to give them another one.

LN: Great.

CY: Yes.

LN: So most importantly vote. Thanks for helping keep us safe Karen.

CY: Thank you.

To Learn More about the COVID-19 Precautions Check out Cook County Clerk’s website

https://cookcountyclerk.com/

Featured

GPS Vulnerability of Cyber Attacks in the Shipping Industry

How much would you freak out if your Amazon Prime order would take over a week to be delivered? Check out this discussion to find out more about GPS vulnerabilities and related concerns about the impact on international shipping trade.

Global Positioning System (GPS) Vulnerabilities

GPS Cyber Attacks in the shipping industry would cause billions of dollars in damage to the world’s economy. Just how vulnerable are the GPS systems in the shipping industry? Enigma Forensics CEO Lee Neubecker and Geary Sikich, Principal of Logical Management Systems, report on a GPS Cyber Attacks on maritime shipping lanes. Together, they analyze the vulnerability and offer solutions to thwart cyber attacks.

Check out this video to view a Realtime GPS Cyberattack

Transcripts of Video Follows

Lee Neubecker (LN): Hi. I’m Lee Neubecker and I’m back here with Geary Sikich on my show, thanks for coming back on Geary.

Geary Sikich (GS): Thanks Lee for having me. I appreciate it.

LN: So, what do you want to talk about today?

GS: Well, we can talk about transportation issues, we can talk about Coronavirus issues related to anything and everything.

LN: How about the cyber attacks that you were talking about earlier that took place in some of the cargo shipping.

GS: Yeah, I was just going to mention that we’ve had a number of incidents over, well, since March that I think would’ve occurred regardless of Coronavirus or not, but we’ve seen more and more shipping being attacked in cyber attacks with ransomware, with other types of interference. So, we’ve seen an uptick and there’s a lot of vulnerability and susceptibility within the shipping industry in that regard. They just had one this week.

LN: Yeah. You know, you brought that up and I remembered there’s a video I want to share with you.

GS: Mm-hm.

LN: Back when the USS McCain underwent a cyber attack, well, they had a collision, and I speculated that it was a cyber attack. I want to just show you the clip and see if you see what I saw. Hold on just a second, share screen. Okay. Got the screen on. This is an AIS video which is posted, it shows commercial traffic.

GS: Mm-hm.

LN: And I’m going to jump forward to what we see here at this point in time. This is the USS McCain which is not on the commercial public tracking system, and the blue line here is actually the Alnic which changes course at the last minute and collides. So I’m going to play it real quick. You can see the Alnic.

GS: Ooh.

LN: Okay, what did you notice happen at the precise time of the collision?

GS: Well he went almost directly at the ship. It was like a 90 degree turn.

LN: Yeah, watch it one more time here. And so it was minutes before the course changed. Many of these cargo ships are under, you know, autopilot GPS drive.

GS: Mm-hm.

LN: Now, I want you to look, I want you to look right here. See this ship here? Run Hang 98?

GS: Mm-hm.

LN: That’s a Chinese ship. It’s within, it’s within Bluetooth, Wifi, GPS spoofing range of the Alnic. And now watch at the exact time of collision. It disappears. You see that?

GS: Wow. And–Yeah, that’s kind of…

LN: Yeah, so, anyway, I reported this previously to the Department of the Navy at the time but there were a number of incidents happening that made it look like these vessels under autopilot were having, at the last minute they were suddenly changing course and colliding into ships. So this whole GPS hacking is still, you know, still a real risk, and that’s why now, you know, the military said that this was an issue with the men on deck not paying attention to what’s around them, but at the time, I don’t think that the Navy expected friendly cargo ships to suddenly collide towards them.

GS: Yeah, to veer off course like that.

LN: On short notice. So, I suspect now that the Navy has protocols to help anticipate this type of thing happening and to protect our servicemen.

GS: Mm-hm. That kind of goes along with the studies that they’ve done on the utility side of the house with the generation equipment. Your converters, your, you know, the big boxes that essentially transfer power from power plant to the grid system. And they’ve seen that you can take those over via the cyber for, you know, the cyber window if you will.

LN: We even had the issue with the Boeing Max 8’s when they were having all those problems. And the chip that was inside the plane is a combination hybrid chip that’s both electromechanical and digital, and if you, if you direct sound waves at that chip, at the natural frequency of the chip, you can cause the chip to malfunction or even be damaged. So it’s possible that a sonic attack was launched either while the plane was on the ground, to damage that chip, or it could even happen in air. So I suspect that, you know, the Max 8 is undergoing rigorous testing before they bring those back up.

GS: Yeah, I would think that that’s got to be, I mean, just the entire cyber perspective, it’s got to be an area where private sector and public sector need to coordinate and, you know, share information, but also figure out a way to begin to protect. Now, the interesting aspect with this is that I talked to a couple of colleagues recently, former military, and they’re all saying now that there is a developing new strategy where instead of being reactive that the US may become proactive, if you will, and preempt a lot of attacks. So they may become more aggressive in terms of cyber security in an offensive way versus a defensive way. Which is really interesting because at what point does that become so expansive that we find ourselves, you know, locked in a cyber conflict.

LN: Yeah, like let’s take the GPS, the potential for GPS hacking is there.

GS: Mm-hm.

LN: By having multi-antenna detection systems, you could have on the front of a vessel and the back of the vessel, you could have two antennas attached to a computer, and if it detected a sudden change over in the GPS coordinates that didn’t align with the distance between the two, you could know that that vessel’s in a region where someone’s screwing with GPS. And then, if you have enough vessels with this technology, you could triangulate and locate the source of the emission. And that would be something that could be proactive to identify are there vessels out there on the water that are emitting and trying to overpower the global satellite GPS signals with local signals? And that would be very useful to know because you could track down, you know, the source. And it doesn’t mean that the, the source ship might not even know that their equipment’s compromised. So, it’s a lot more complicated that simply assuming that the vessel generating the signal, that the operators of that vessel are behind the attack.

GS: So, it would be wise to not sync them right away .

LN: That would be good. Well thanks for being on the show. I appreciate it.

GS: Thanks Lee for having me. It’s a great topic. I’m sure that this is going to get much more press over time.

LN: Yep. Take care.

https://www.ics-shipping.org/shipping-facts/shipping-and-world-trade

Featured

How to Vote by Mail in Cook County?

How does voting by mail work? Are you worried about voting mail fraud? Check out this video blog and you will be so much smarter after.

How is voting by mail going to work? Is it safe to vote in-person or should I vote by mail? All of your questions are answered in this video blog with Computer Forensic Expert Lee Neubecker and Cook County Clerk Karen Yarbrough. They will help put your mind at ease!

Vote By Mail

Lee Neubecker (LN): Hi, I’m here again with Karen Yarbrough, the clerk of Cook County and she’s responsible for administering elections and making sure that your vote counts. Karen, thank you for being on the show again.

Clerk Yarbrough (CY): Again, Lee. Thank you.

LN: So, today we’re going to talk more specifically about voting by mail.

CY: Okay.

LN: What do you have to do to vote by mail?

CY: Well, the first thing you have to do is be a registered voter. What a concept, right? Be a registered voter and then have a place where you want your ballot to be mailed to.

LN: Okay. So if you want to get that ballot, how can you get a vote by mail ballot?

CY: You apply at the best website in the world cookcountyclerk.com and you apply there. You will be sent a ballot and hopefully you will review your choices, make your choices, you’ll sign the envelope, it’ll be a postage paid envelope for you and mail it in. Or you have the option of if you don’t want to mail it in, we’re going to have over 60 boxes in which… They will be inside of the early voting places. And you’ll be able to drop those in the box. Now, I want to tell you that they’re inside because some people have suggested that, “Oh, if they’re out in the middle of Michigan Avenue, somebody could just cart it off.” We’ll not be in the middle of Michigan Avenue. They will be inside the polling places and they will be attended to by one of our election judges.

LN: Great. So you can either drop it off at the polling place or you can drop it in the mail?

CY: Yes.

LN: And, what is the deadline on when you can last request a ballot to vote by mail?

CY: Whatever that deadline is, don’t use that deadline to do it today, okay? Today is the day that you should request your ballot. We’ve heard some stories about the post office, although we feel like they’ve been doing a pretty good job and regardless of the noise you’re hearing from Washington, turn it off, fill out your ballot, send it in or drop it off at our locations.

LN: And So as long as it gets postmark stamped by November 4th, it counts, correct?

CY: November 3rd. Yes.

LN: Okay, November 3rd.

CY: Yes, yes.

LN: So as long as it gets stamped by November 3rd, the ballot counts?

CY: That’s absolutely correct.

LN: So drop it off at the post office if you’re concerned, but people should try to drop it off early so there’s time-

CY: We want people to apply now for their ballot. Get their ballot, review their choices, pop it in the mail or else drop it off at one of the drop boxes at our early voting sites.

LN: So, you could also think of voting by mail as doing your part to help control the spread of COVID-19.

CY: I agree. And we’re suggesting, especially to seniors, seniors are very… They want to be social and that’s what many of them have told me. They like showing up on election day. So I’m suggesting to them to use my website, cookcountyclerk.com order your ballot, review your choices and either mail it in and if you want to be social, drop it off at one of our drop boxes. You’ll be able to wait to our judges that you’re used to seeing on election day, but you’ll be able to not stand in line and pop it in our dropbox.

LN: Good. So, let’s say that someone’s at a situation where they got the ballot, they have it at home, but it’s election day. Is it better for them to drop that vote by mail ballot at a poll box or is it better to go in and vote in person?

CY: They should go ahead and vote in person. Even though that ballot, we know that ballot, they have that ballot and the fact that they lost it or they don’t have it, that’s okay. Come in, vote, but there’ll be voting provisionally. And what we do is that spoiled ballot, as far as we’re concerned, that ballot is spoiled because they’ve already voted. Each and every voter in Cook County has a unique voter code that is you. And anytime it shows up, that’s where you get the one person, one vote. We’re not again, having Mickey Mouse to vote in these elections, okay?

LN: So, you think that there’s any truth to voting by mail leading to a fraudulent outcome of the election?

CY: There’ve been countless studies done on fraudulent voting and elections. And I don’t know why this year this is such a focal point. These studies have suggested that less than one point, whatever percent, it’s just not happening, it’s red herring, it’s not happening. So we’re not going to… Although we’re going to prepare for anything like that, it’s just not true.

LN: All right. And one last thing, can you tell everyone again what the website is they need to go to, to request the vote by mail-

CY: cookcountyclerk.com the best website in the world that you can use to get the real deal. No fake news there.

LN: So you said cookcountyclerk.com?

CY: That’s right, yeah.

LN: Not .gov, but .com?

CY: No, .com. We are your trusted source as it relates to elections in Cook County.

LN: Well, thanks again for being on the show and everyone do your duty and get your ballot, vote by mail, vote early, vote often, as they say in Chicago. So-

CY: We’re only going to be voting one time in Cook County.

LN: Great. Thanks again.

CY: Thanks Lee.

LN: Take care.

Featured

Secure the Voting System from Election Hacking

Cook County Deputy Clerk John Murkovic has worked hard to secure the electronic voting system. He’s made it hard for cyber hackers to throw a wrench in our election process. Learn what measures he has implemented against election hacking.

Cook County Deputy Clerk John Mirkovic focuses on securing the electronic voting systems from election hacking

Enigma Forensics, CEO Lee Neubecker and Cook County Deputy Clerk John Mirkovic discuss election hacking and measures that have been taken to help secure Cook County for the upcoming 2020 Election scheduled for November 3rd, 2020. The two discuss past hacking attempts during to 2016 election cycle on the Democratic National Committee, including phishing attacks that compromised numerous campaign workers.

Protecting the Vote From Cyber Attacks and Election Hacking

Lee Neubecker (LN): Hello, today I have John Mirkovic from the Cook County Clerk’s Office. He’s the deputy clerk and he oversees all the technology and communications working with Karen Yarbrough, and today I’m going to be talking to him about protecting the vote from cyber attacks. First, I wanted to start off by recapping what happened in 2016. Hillary Clinton’s Campaign Chairman, John Podesta, was phished with an email on March 19, 2016. And what had happened is he forwarded an email to a staffer that had replied with a typo. The staffer said this is a legitimate email versus what the staffer should have said is this is an illegitimate email. So he did the right thing by checking first, but he probably should have picked up the phone and not relied on email. So then he went and he clicked through and reset his password. And the type of attacks that are happening right now is such that when you click a link, sometimes it will pretend to be Office365 or Google, and it will want you to put your username and password in so that you can see the document. Well, in fact, those sites are getting your credentials for later cyber attacks, or they’re trying to put malware on your computing device. So what happened after that? In April 2016, hackers created a fake email account and spearfished 30 Clinton staffers. They sent a spreadsheet that had the name Hillary-Clinton-favorable-rating.xlsx and that attachment was designed to make the staffer want to click. So these are social engineering attacks on campaign staff. And then later DCLeaks was registered, and all these emails were published and put out there, which was very damaging and probably changed the outcome of the election in 2016. So I have John here, and John, I want to ask you, what steps has the Cook County Clerk taken to prevent similar attacks here in Cook County?

Securing Electronic Voting

John Mirkovic (JM): Well, I think one is that we don’t make it so easy that you can change credentials via one email that way. So, what happened to Mr. Podesta, it would have required a few more steps in our agency, which is usually good, I guess, but it was such a clever attack. There’s almost no way to stop something that clever, and that relies on someone’s sense of urgency and emotion. So we, in our office, we work with Cook County on our email servers, so we would reach out to a different office to work with that. So the ability to make it hard to change emails, for example, you know, it can be frustrating sometimes but you know, you realize when you build those layers up if they frustrate you that means they’re going to frustrate an attacker as well so that’s one way.

LN: So deployment of frustration, a government staple, right?

JM: Yeah, the old help desk.

LN: Well, having these processes in place though, by design they help protect people and make it more difficult for hackers to get in. So that’s great. There’s been a lot of talks about potential hacks coming on election day, should voters be concerned that their vote’s going to be hacked on election day?

JM: I think they should be more concerned about the disinformation campaign that is going on about hacking voting machines in Illinois, and that we have the misinformation from nebulous foreign state actors, but they’re actually people in this country who are being paid. You know, they think they’re working for a news agency, but it’s some shell and all they’re doing is spreading misinformation, especially in Illinois. You know, we’ve had to refute notions that our ballot marking devices are connected to the internet and that anybody can get in there. So to answer your question, we use a lot of layers of security and some of them, and the main one is we don’t even give ourselves the ability to update these machines on election day or in the field, which again that frustrates us, but we also know that if there’s no way to communicate with those machines by us even, then no one else can, so.

LN: Isn’t there also a simultaneous paper audit trail for the voting machines?

JM: Yeah, so voters in suburban Cook County should be really happy with the system we have in Illinois, which requires a paper backup of every vote. So voters in the suburbs may remember, I don’t know if they had them in the city, but they may remember the sort of receipt paper printers that were built into the machines and they would kind of scroll really quick and show you what you voted for, but it really wasn’t user-friendly, so.

LN: John, just finally, should voters be concerned about election equipment being hacked on election day?

JM: Well, you know, depends where they live. If they live in a state that isn’t as committed to security, I think that people should ask questions and these are the right types of questions to ask, and if you live in a state and you find out your ballot marking device or voting machine is connected to the internet, you should be worried about that. In Illinois, that is not the case and we don’t even use the open internet for any transmission of data, we use secure cellular networks that can work one-way communications and send encrypted data that cannot be tampered with in transit. So voters should ask questions and, but they should also be mindful of who’s causing them to ask questions, and if that person is playing on their emotions.

LN: Great. Do you think that early voting and vote by mail will help reduce the potential impact of election day hacking?

JM: Yeah, I believe so. If you think about centralized versus decentralized targets. You know, an election where you have ballots being cast in 400,000 different locations, as opposed to 1,000, that’s a bigger attack vector and harder to, you know, for a foreign adversary to manipulate really. So it’s really, a mail election sort of really makes it hard for a hacker to find a way to get in there, so I think that vote by mail does make election safer.

LN: Great. Well, thanks a bunch for being on the show, I really appreciate you taking the time to come on.

JM: Thank you, Lee.

Securing Electronic Voting

Check out Cook County’s website!

https://cookcountyclerk.com/

Featured

Early Voting in Cook County

Do you have concerns about voting in person? Cook County Clerk Karen Yarbrough urges everyone to vote early or by mail. Make a plan and plan your vote. It’s easy peasy!

Cook County Clerk Karen Yarbrough sits down with Lee Neubecker, President of Enigma Forensics to discuss the do’s and don’ts of early voting in the Cook County election and how to receive your mail-in ballot.

Early voting begins on October 19.

Early Voting in Cook County

Lee Neubecker (LN): Hi, so I’m here again today with Karen Yarbrough, the Cook County Clerk, and we’re talking about the election that’s coming up. And today’s topic is specifically about early voting. Karen, thanks for being here.

Clerk Karen Yarbrough (CY): It’s always a pleasure, Lee.

LN: We’re actually seated roughly 12 feet apart from each other, practicing social distancing.

CY: Yes we are.

LN: And we can actually look at each other while we talk, which is nice.

CY: Yes we can.

LN: So tell us a little bit more about why people should consider early voting this election.

CY: You know Lee, I used to always pride myself in voting on election day. There’s something exciting about voting on election day. The camaraderie, seeing people you don’t see, you know, particularly every day. However, I got used to voting by mail because it’s convenient. And so people should, with this particular election, they need to make a plan and then plan their vote. I’ve already made that plan. And I plan to, I’ve already requested my ballot. I expect it in the mail any day now. And I plan to review my choices and I plan to drop it in a dropbox.

LN: Great. So when can you vote early in Cook County and the city of Chicago?

CY: So in Cook County, you can early vote on the 19th of October. There are some dates, October 7th, I believe for somebody who’s not registered to vote, they can actually register and vote on the 7th of October. In the city of Chicago, they will be starting that process on October first.

LN: So is there a website that people can go to if they want to get a–

Where to find more voting information

CY: I’m glad you asked Lee. All the information that you’ll ever want to know is at cookcountyclerk.com. Everything is there. Go to that website, click on elections, and you’ll see an array of information there that can answer each and every question that you ever have for elections for this particular election.

LN: And I know that the last election cycle that you told me about that, I actually did it. It only took less than, it was about a minute time–

CY: If it takes that long.

LN: And the ballot came and it was easy. What was nice is I had time to look up the different races. I could use my computer, I could do my research and be thoughtful with access to more than my smartphone. So I could actually read things while I was voting. So it was a nice experience.

CY: Easy peasy, that’s what I say. And, you know, you can give some time to actually looking at your selections. You can go online and research the candidates and make good solid choices.

LN: Yeah, and just so you know, my daughter voted for the first time in this election and we took her to early voting in person. And I asked could I early vote instead because I was there and he said I could but it would be a provisional ballot that wouldn’t get counted until later. So I thought that it seemed, at least, there was a check and balance. Your team knew that I had already requested a mail-in ballot and they had that checkup. But if I wanted to vote in person, I could have, you know, so like, if I lost my ballot, I could still vote. It’s just the provisional ballots don’t get counted until later.

CY: Yeah, and We want people to understand that process too because I’m suggesting to people to go ahead and order a ballot, go ahead, fill out the application. Like you said, it only takes a minute or so to do that. When your ballot comes, make a determination at that point do I plan to, you know, fill this out and mail it in or do I plan to drop it in our dropbox? Or do I plan to maybe do like some others who have suggested to me that they planned the, planned doing that would be their backup plan, just in case they can’t get to the polling place on election day. So I’m encouraging anybody and everybody to please, you know, order your ballot, get your ballot, do your research and obviously vote.

LN: So you can actually take your mail-in ballot and if you’re concerned that it’s going to be held up at the post office, you can drop by any polling place?

CY: We have, right now, over 60 early voting sites. And so if you’ve gotten your ballot and you want to drop it off at a dropbox, you can do that. You do not have to stand in line and we’ll have one of our election workers standing right there.

LN: So outside there’s actually–

Drop Boxes for Mail-In Ballots

CY: Inside, inside there will be a box that you can put your ballot in and there’ll be somebody right in front of that. You will not have to stand in line.

LN: Okay, so what if someone lives outside of Cook County?

CY: Somebody who lives outside of Cook County, you mean that maybe somebody in the military. That’s what absentee voting is all about. And you know, we’ve been doing that since the Civil War. Complete your ballot, send in for your ballot, complete your ballot and mail it in.

LN: Do you have any concerns about people voting more than the once?

CY: We do not because we put a number of things in place to make sure that kind of thing does not happen. One thing, we have election judges that, you know, they’re sworn in and they review every single signature. You know, you have to sign, so they will do that. Each person has a identification number, okay, that’s only germane to you. So that way we know it’s you. So if Mickey Mouse shows up, Mickey Mouse is not going to be able to vote because Mickey Mouse does not have this voter code that we have. Finally, you know, we have a, we’ve just gone through every idea and had people to kind of test, to make sure that we are ready for the November election to make sure that people, you know, do the right thing. And that’s what we’re telling them to do. Do the right thing. At the end of the day, too, we also do, we check out 5% of the ballots to make sure, you know, after the election, that they’re right on target.

LN: And so finally, when is the last time, the last date that you can request, that you can actually go in and vote early?

CY: The last time that you can go in and vote early actually is November 3rd which is election day, okay, They can vote that day, but the day before. So that would be November 2nd. Don’t wait and do it then. Do it early.

LN: Well, thanks a bunch for being on the show. I look forward to talking to you again soon.

CY: Thank you.

LN: And vote.

CY: Oh, absolutely, vote.

For more information go to cookcountyclerk.com

See other related video blogs below

Featured

How Safe is the Divvy Bike Share System Security?

Why doesn’t Divvy Bike Share System use the same GPS technology as Lyft? Isn’t Divvy managed by Lyft? We have more solutions for Divvy Bike Share Security. Check this out!

We were wondering how safe is the Divvy bike-share system security? Enigma Forensics has been following the Divvy bike story. We love the idea of the ease and accessibility to rent a bike but don’t want the criminals to ruin this city-wide opportunity.

Divvy Bike Share System

The Divvy Bike Share System is a great resource that has been open for business 24 hours a day, 7 days a week, and 365 days a year. All different shapes and sizes of people are able to use bike share to commute to work or school, explore the city, attend appointments, meet up with friends, and everything else in between. The beauty of the Divvy bike-share system is that it offers affordable transportation and features bikes that can be unlocked from one station and returned to any other station throughout the city. This all sounds like a great program for the city but the recent looting in Chicago has led to occasional lockdowns on Divvy Bike usage. We thought we would take a deeper dive and discover how safe is the Divvy Bike security.

Divvy Bike Issues

Divvy has been plagued with several issues that not only include difficulty in docking at stations that allow bikes to be obtained when legitimate riders fail to fully dock and lock their bikes. It has also been reported these docking issues lead to a significant amount of stolen bikes used in crimes. To make matters worse, additional ways to obtain access to a Divvy bike can be easily accomplished by using a stolen credit card to unlock a bike. How? There isn’t a two-factor authentication required to unlock a bike and the credit card system doesn’t require the entry of the billing card member’s zipcode. The lack of security allows the ability to use anyone’s credit card which makes it easier for the thief to steal a bike. By adding these two simple changes; a two -factor authentification and zip code requirement Divvy could dramatically improve the situation.

The latest crime that has Divvy in the hot seat with local Chicago Aldermen, happened on the morning of July 27, 2020, when an 82-year-old man was carjacked in Streeterville by a group of Divvy bike riders. After they stole his car they left the Divvy bikes at the scene. We assume these bikes were stolen and if so it makes criminal activity in otherwise safe neighborhoods a lot easier. Additionally, you may have noticed abandoned Divvy bikes while traveling through the city of Chicago. If you see an abandoned Divvy bike, do the last paying rider a favor and dock the bike to prevent racking up hourly charges. These issues have bubbled up to a few Chicago Alderman who have informed Divvy of the complaints brought forth by their constituents.

Stolen Bikes

During our research about current docking station flaws, we found this article from The Chicago Reader. The article’s title, “FOIA’d emails reveal an ongoing citywide epidemic of Divvy thefts.” Chicago Reader wrote the culprit is the hasty decision by Divvy to remove a critical piece of security hardware from Chicago’s docking stations. They reported the security device that was removed had been making it difficult for users to dock bikes at the end of their rides. By removing the device it also made stealing docked bikes easier. https://www.chicagoreader.com/chicago/divvy-bike-thefts-chicago-security-hardware-removed/Content?oid=58659144

Enigma Forensics agrees with a solution to integrate GPS locating technology so that stolen bikes can be disabled remotely. Once the thieves know that are being tracked and the bike will be disabled, it will curtail the problem. Another solution we found that could help improve the situation is alerting users via a phone alarm if they fail to lock their bike properly.

Use GPS Technology

Divvy doesn’t utilize GPS technology to track the bikes down and release the last rider from the costs. Since Divvy Bike Share is supported by Lyft, why can’t they adopt the bikes to include GPS technology and install digital cameras at each station to help record criminal behavior? After all, the Lyft drivers use GPS! We urge Divvy to install a better credit card payment system using two-factor authentication and requiring the billing zip code associated with the credit card to be entered. GPS technology will allow remote locating of lost or stolen bikes with remote brake locking technology that would curtail illicit use of bikes and theft. These are potential solutions that we hope our Alderman will be able to move forward to help keep Divvy bikes a program for all Chicagoans.

Featured

Top Five Cyber Attacks

Phishing, Ransomware, Endpoint Security, IoT Devices and Cloud Jacking. What do they have in common? Top Five Cyber Attacks we are concerned about and you should be too!

The frequency of cyberattacks is growing. The following is Enigma Forensics’ top five cyber attacks that you should be made aware of.

Phishing Attacks are specific forms of email or text messages that are targeting victims to gain access to their personal information. Phishing messages often try to induce the receiver to click a link to a package shipment delivery message or other seemingly legitimate hyperlinks. It acts like a harmless or subtle email designed to get victims to supply login credentials that often become harvested by the attacker for later use in efforts to compromise their target. Sometimes phishing emails spoof the sender to be someone who has already been compromised. Once compromised, often times the compromised user’s mailbox is used to relay other outbound messages to known individuals in their saved contacts. This form of attack earned its name because it masquerades as an email of someone you may know and because you know the sender, you are more likely to nonchalantly open the email and click on the attachment to learn more about the content. With a click of a mouse, BOOM you can be compromised. This is a very easy and effective scam for cybercriminals. Warning: Do not open attachments or forward chain emails!

Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge. The cybercriminal then holds the stolen information for ransom, thus the name! They may ask for a ransom payment in the form of digital currency such as bitcoin. Whether or not the victim pays the ransom depends on what information they have stolen or what criminals have threatened to do with the stolen information. Warning: Do not visit unsecured sites!

Remote Worker Endpoint Cyber attacks are currently the most popular because of the number of employees working from home caused by the Coronavirus. In the month of March, many workers were sent scurrying to their homes without companies placing proper cyber protection protocols. Employees are using their personal devices to conduct work and often are not fully patched, updated, and using encryption to protect their home devices against cybercriminals. Many company executives have been targeted at their homes, where they are much less likely to have commercial-grade firewalls designed to protect endpoints and company trade secrets.

IoT Devices attacks are a popular vehicle used by cybercriminals to establish a beachhead for launching lateral attacks across a home or work network. IoT devices involve extending internet connectivity beyond standard devices, such as desktops, laptops, smartphones, and tablets, to any range of traditionally dumb or non-internet-enabled physical devices and everyday objects. Embedded with technology, these devices can communicate and interact over the internet. They can also be remotely monitored and controlled. IoT Devices should be segmented and on a different network than corporate work from home devices. IoT devices pose a great threat because many of these devices lack automatic update processes and can become a beachhead for cybercriminal attacks in your home.

Cloud Jacking will increase with an estimated growth of cloud computing to be a $266.4 billion dollar industry in 2020. The idea of cloud storage makes one believe it is an improved option rather than the traditional on-premise computing storage. This will and has become a major security concern and has created a strong urgency to increase the creation of cloud security measures. Cybercriminals will up their game and cloud jack data information whenever possible. The race in on to see who does it cloud security better; the good guys or the bad guys. To protect against Cloud Jacking cyber attacks, organizations should enable two-factor authentication options, such as Google authenticator.

Two-factor authentication requires two of the three following means of authentication:

  • Something you know (A password)
  • Something you have (A key fob or cell phone authenticator)
  • Something you are (Retina Scan, Facial recognition, fingerprint)

Featured

Chinese Suspects: Li Xiaoyu and Dong Jiazhi charged with trade secret theft

FBI deputy director David Bowdich said “The sale and scope of the hacking activities sponsored by [Chinese] intelligence services against the US and our international partners is unlike any other threat we’re facing today.”

On July 7th, the United States Department of Justice (DOJ) filed a criminal indictment against Chinese cyber-criminals who acted as both self-employed criminals and employees of the Chinese Ministry of State Security (MSS).

Their names are Li Xiaoyu and Dong Jiazhi both are former classmates and chums. They attended an electrical engineering college in Chengdu, China. Li and Dong worked as a tag team to combine their technical training to hack the computer networks of a wide variety of victims. They included companies engaged in high tech manufacturing; civil, industrial, and medical device engineering. The theft didn’t stop there! They stole and replicated intellectual property and important trade secrets from businesses in the educational, and gaming software development; solar energy; and pharmaceutical sectors. Their stolen booty included information about military satellites and ship to helicopter integration systems, wireless networks, communications systems, high powered microwave systems, laser system technology, counter chemical intelligence, and finally, COVID-19 vaccine bio-development information. They left no stone unturned and literally left their criminal digital fingerprints everywhere.

The United States Department of Justice (DOJ) indictment includes 27 pages of a long laundry list of cyber-criminal attacks starting from 2015. Li and Dong were elevated to the top of the list when they were recently discovered looking for vulnerabilities of certain biotech and pharmaceutical companies who are researching and developing Coronavirus / COVID-19 vaccines.

Basically, China is using their students as cybercriminals to steal, and copy their way to technological advancement instead of developing their own. How did they gain such vital and important information?

Li and Dong used web shells, particularly one called “China Chopper.” This widely available and easy to use hacking tool provided the attackers with remote access to targeted business networks. They would also run credential-stealing software to grab user names and passwords. By creating easy access into a victim’s systems, they would copy the data they wanted to steal into an encrypted Roshal Archive Compressed file (RAR). Like other archives, the RAR file is a data container storing one or several files in compressed form. Windows Operating Systems has a default setting that allows a folder to be created and stored where the “Recycle Bin” is located, making it almost invisible to system administrators. Li and Dong operated within the “Recycle Bin” and create extensions such as “.jpg” to make those files appear as images. Thus, disguising the stolen data. The Ministry of State Security (MSS) allegedly provided the two with Zero Day hacking tools that could be used to penetrate corporate networks.

Once they stole the data they would bring it back to China and either sell it to the highest bidder or as directed and allegedly provide it to the MSS. After they breached a company they would go back and re-victimize the same company or organization they attacked in the first place. In addition to hacking and extorting U.S. technology companies, the two allegedly attacked messaging platform tools favored by Hong Kong protestors. The attackers appear to have motivations other than pure financial extortion strengthening the DOJ’s position that the attackers are connected to the MSS.

Check out Related Blogs

Click here to view FBI Press Conference

https://www.fbi.gov/news/pressrel/press-releases/fbi-deputy-director-david-bowdichs-remarks-at-press-conference-announcing-charges-against-chinese-hackers

Click here to view the Indictment

https://www.justice.gov/opa/press-release/file/1295981/download

Featured

Contact Tracing APPs are they ethical?

Are Contact Tracing APPs ethical? Are you willing to give up your private data to help slow the spread of the Coronavirus? Check out what these experts have to say!

Contact Tracing is it Ethical?

Apple and Google have the capability that allows cell phones to communicate with each other. Contact Tracing Apps use this capability and have been developed to find and alert the contacts of people infected with the Coronavirus / COVID-19. As soon as someone gets sick with Coronavirus, the APP could alert you if this is someone you have been in contact with. Alleviating the length of time it takes for a real live Contact Tracer who is doing the tracing. Basically, this is widespread human GPS tracking, that presents many privacy issues involving potential data breach, information storage, and sharing sensitive personal data. Should sensitive medical information and individual locations be available on an APP? Do you believe this type of electronic contact tracing is ethical?

Check out this video to listen in on experts as they consider the amount of data that is being collected and what it means for your data when you download a Contact Tracing APP.

Video Transcripts Follow

Lee Neubecker (LN): Hi this is Lee Neubecker from Enigma Forensics and I have Debbie Reynolds back on the show, thanks for coming back Debbie.

Debbie Reynolds (DR): Thank you for having me, very nice to be here.

LN: So I’m very interested to hear more of what your research is regarding contact tracing apps, and what you think that means for individuals that might put these apps in their phone. Tell me a little bit about what’s happening right now with the industry and how contact tracing apps are working.

DR: Yeah, so Apple and Google created a capability so that phones can communicate with each-other via beacon. So that they can store information on phones, or have phones bounce off of one another, so that if someone downloads a contact tracing app or registers there, if anyone who also has the app, it will be able to trace back, y’know, how long they spent with certain people and tell them whether they feel like they may have been exposed in some way, and tell them either to quarantine or go seek treatment in some way, or get tested. So it’s pretty controversial, the contact tracing app, for a couple of different reasons. One is, people are very concerned about privacy, like giving their potential medical information to a company that’s not a medical provider, meaning that they’re not protecting the data the same way. Also, as you know, Bluetooth technology isn’t exactly super accurate in terms of the distance that you are from someone, so the delta, in terms of how accurate it can be, may be way off. It may be several meters off, the phone can’t tell if you’re six feet apart or whatever, so I think that they’ve tried to tune that up with this new API that they created, but still, based on the science, we don’t know that it’s actually accurate or not.

LN: So you could still have a situation where, if you put one of these apps on and you’re outside biking, and you bike within 8 to 10 feet of someone who later does have it that you’re getting notified that you have to quarantine on a false basis. That’s a potential outcome of using an app like that, correct?

DR: Yeah, but I think that the way they having it now is that it’s supposed to register you spent more than 15 minutes near that person, so, y’know.

LN: Okay, that’s good to know.

DR: But let’s say you’re parked in your car and someone’s parked next to your car, so you aren’t physically near, y’know, you aren’t in any danger from that person but you wouldn’t know, just because your phone says you’re close to them. They don’t understand the circumstance that you’re in, to be able to tell that, so. I think people are concerned about, a lot about privacy, them taking the data or how the app is actually going to work, and it’s going to work differently in different countries. So what they’ve done is create this API, this capability that’s put on everyone’s phone, and then if you download the app, the app which you use will use that API to actually do this beacon exchange on people’s phones. So, that’s kind of what’s happening right now, is different countries and different places are implementing it in different ways, and some are really pushing back on them because they don’t have really any good guarantees about privacy, or data breach, data breach is a huge issue.

LN: Yeah, I mean, our Government’s never had data in their custody compromised ever, right? wink..wink

DR: Right, that never happened, exactly, so-

LN: You’re having your maps of where you’re walking, your GPS records-

DR: Yeah.

LN:time of day, your movement and that is going to Google and Apple, and under certain conditions they’re passing that data on to the CDC or other entities, law enforcement, enforcement groups.

DR: Well their concern is that data, because it’s at a private company, will get merged with other things, like let’s say your insurance carrier, or your medical, y’know, you get dropped from your insurance because you have this app-

LN: You drive too fast.

DR: No because you have this app, and they think that you may have been exposed, or you’re a higher risk, or a bank doesn’t want to give you a loan or something, because you have this app on your phone. I’ve been hearing a lot of different scenarios people are concerned about. But I’m curious, from your perspective, in terms of how certain things are stored on phones. I know beacons is a really big idea, but maybe you can explain a little bit about how Bluetooth actually works?

LN: Yeah, well Bluetooth is a near band wavelength that allows for peer-to-peer networking. Bluetooth has been exploited in the past to be able to take over devices, so it’s, a lot of people don’t like to have their Bluetooth on continuously because you’re opening your phone up to potential attacks, cyber attacks, via Bluetooth. You’re also broadcasting, when you have Bluetooth on you’re also broadcasting your MAC address identifier, your Bluetooth unique address and there have already been issues where retailers in London at one time, they had kiosks outside that would track the shoppers and they’d know how long they were at certain stores, and they’d use that information to serve custom video ads to people as they’re shopping and walking by.

DR: Right.

LN: So there’s privacy implications and security implications of having Bluetooth on all the time.

DR: Yeah, and that’s a big concern. So I know when I first heard this, about them doing this contact tracing, I was wondering like how exactly would they get the proximity right, and because we have no visibility to that we really don’t know, right?

LN: No.

DR: So we just have to sort of trust the black box and see what happens, to some extent, but I, for me I think my opinion is that contact tracing is a profession, it’s not an app. So, there are people who do this as a profession, only, let’s see, 55% of people in the world don’t even have smart phones, so you’re talking about a capability that’s only for 45% of the people, and not all those people are going to actually volunteer to get these apps.

LN: Yeah.

DR: So it doesn’t really help to contact, for people who do contact tracing, except it adds another layer that they have to work with because they still have to track people whether they have cell phones or not.

LN: It’s interesting stuff, thanks for bringing that to our viewers’ attention and thanks for being on the show again.

DR: All right, thank you so much, I really appreciate it.

LN: Okay.

Check out these related Blogs

Featured

Security Risks When Working From Home

Working from home? Have you been transferring files between work and personal computers? Be aware of the security risks that are out there. Experts talk about how to protect your company’s private data. Where should you start to make sure your remote workforce is secure? Listen to these experts!

Using Your Personal Computer to Work From Home

What are implications when working from home?

Let’s face it, these are weird times! Never before have we had the bulk of the country’s work force sheltering-in-place and working from home. We’re going on four months battling the spread of COVID-19. Workers have resigned, been terminated and furloughed and many have sensitive trade secrets loaded on their personal computers. Experts Lee Neubecker and the Data Dive Debbie Reynolds discuss currents situations and different audits they have performed for companies to retrieve intellectual property and company data. Check out this blog with transcripts.

Video Transcripts Follows

Lee Neubecker(LN): Hi, this is Lee Neubecker from Enigma Forensics. And I have Debbie Reynolds, the data diva back on the show from Reynolds consulting. Thanks for being on. Thank you so much for having me Lee. So what are your thoughts about the shift and changes that have happened over the last couple of months with everyone being stuck at home with their computers?

Debbie Reynolds(DR): I think it’s a interesting issue now, because as you know, even before the pandemic, there were people working at home. But now since there’s so many more people at home, it’s bringing up other security risks, especially with devices. And I’m sure you know, you probably explain more of your experience about working especially a forensic with people who are remote. And some of the challenges with those machines, especially, you know, the same people. They’re either working from home, people are getting furloughed or people are losing jobs where they’re, they’re not in the office. But they still have equipment. So I’m curious to see what you think about all that in terms of the device, the equipment, and some of the risks that come with that.

(LN) We’ve had a number of projects happen during this period where workers either have resigned, they’ve been terminated, or they’ve been furloughed, and there’s a need to get the company data back. And sometimes that data is on their personal computers. Other times the data is on a company issued laptop, but there are companies are just starting to get back to work. And there’s a whole host of issues. If you have sensitive trade secrets, and confidential electronic data on an employee’s personal or work computer, and you don’t have physical custody of that, there’s a real risk of that data getting disseminated to a new employer, maybe leaked online to the web, or maybe even you know, someone’s kid at home installs a game that opens up malware that puts those trade secrets at risk.

(DR) You know, we know a lot of people working from home, and a lot of people are using, I think the statistics said, the majority of people, maybe a slight majority, are using their own computers to, you know, tunnel in via VPN or whatever. But we all know that people still, under a lot of circumstances, let’s say they’re printing, or they have a file they want to, you know, leave locally or something. What is your advice from a forensic perspective? ‘Cause we can, we always see a lot of data co mingle together, unfortunately, where the personal and people’s business stuff maybe, you know, together in some way, so what is kind of your advice for people working at home for stuff like that?

(LN) If an employee’s is being asked to work from home, they should ask for a work issued computer.

(DR) Right

(LN) Also you should be using a virtual desktop of sorts.

(DR) Right. Yeah, exactly. But you’ve seen I’m sure you’ve seen a lot of situations where you’re asked to do forensic work. And there is a lot of personal stuff, even on a company.

(LN) Yeah, we’ve had situations where people have, despite having work issued computers, they’ve still connected their personal computer up to corporate resources, office 365. I’ve seen situations where there’s drives that are syncing to personal, former employees, personal computers, and even though the accounts are severed, so it can’t continue to sync, then all that data might still reside. So we’re doing audits right now for clients to look for, you know, what devices are synchronizing with corporate data stores, and some of those devices. You know, there really needs to be accounting and audit to match up those devices to ensure that only accounts of active employees are syncing and that those devices are company issued devices, not personal devices because it poses a real risk. It’s a problem that could be preempted by issuing, you know, work equipment, not co mingling work and home stuff.

(DR) Are you seeing problems where people are, let’s say they have a phone. And they have like, for example, let’s say they have an Apple phone and they have a iCloud account. And the phone belongs to the company, but their iCloud account is their own personal account where you have problems getting those passwords.

(LN) Yeah, for the most part, we’ve had compliance and I’ve worked to try to help solve the problem, you know, the employee might have stuff they need. And usually what we’re doing in most cases where we have co mingle data, where we’re giving the employee or former employee the opportunity to put all their personal stuff onto a drive that will then do a search against and then we’ll wipe, wipe, completely wipe, the original device. They’ll sign a certification of sorts, and then they’ll only copy the stuff that they, that they copied off that we verified, didn’t contain trade secrets, and they’ll pull that back down to the computer. But that relies on some level of trust that if the employee or former employee signs, a declaration or affidavit saying that they returned everything that they’re being honest.

(DR) Do you have people that are concerned, especially in the legal field about people doing remote document review, and having sensitive documents viewed on their computers at home?

(LN) Well, I think that’s a legitimate question. And you know, if, if companies are outsourcing document review, they should be asking the provider, provider questions about, you know, how, what steps are you taking to make sure that those endpoint reviewers aren’t using computers that are compromised? In many cases, companies are using independent contractors as their reviewers and they’re not issuing corporate equipment. So that that’s a real risk that the whole ediscovery industry really needs to grapple with, because someone’s going to get burned at some point in time, especially during this, this pandemic with, you know, resources taxed and people working from home.

(DR) I have one more burning question for you, actually. And this is about BYOD. What do you think? Because the pandemic, do you think more companies will start to do more or less, bring your own device things as a result? I think we’re going to see a lot of problems come out of BYOD devices where companies see the problem of losing control of their data. And, at least with the larger companies, I think you’re going to see probably more strict, more strict enforcement of using corporate resources. I mean, there were many companies right before Illinois shut down went into effect they were ordering laptops going running out to, you know, retail stores to quickly grab whatever they could, so they can issue laptops to their employees. And, and so I think you’re going to see, I think you’re going to see a movement away from BYOD in the future.

(LN) I agree with that. I think it’s been a long time coming. I don’t know if you remember when they were first doing this, you know, at first companies were giving people devices, then they decided well we’ll save money will be out BYOD Now it seems like a pain in the neck to deal with it. And it’s all these risk issues. So I really feel that they’re going to start to go back the other way.

(DR) Now, well there’s a cost associated with BYOD. And now people are furloughed and all your sensitive data is on former employees, personal computers. So then you’ve got to hire a forensic expert like me to try to work through to get the data back and to solve that problem, which, you know, it might have been much easier to issue a 500 dollar laptop to employee, then to have them synchronize that ’cause they’re going to pay more than $500 dollars to try to solve the problem of getting their data back. So after we get through this next bump in the business cycle where companies are paying out to have to retrieve their data, I think you’ll see that most CFOs will see it’s smart sense to issue corporate laptops and to block access to BYOD devices. But thanks for the question. It was a good one.

(LN) Thank you. Fascinating. Thank you for sharing.

(DR) Thanks

Related Articles

Check out our COVID-19 Statistics – Track your county!

Featured

Social Media and Cell Phone Forensics

Social media and cell phone forensics can play an important role in thwarting criminal activity. Check out this conversation between Cyber Forensic Expert Lee Neubecker and Data Diva, Debbie Reynolds. You will be so much smarter afterwards!

Snap Chat, Twitter, Facebook: Social Media and the Importance of Cell Phone Forensics

Lee Neubecker and Debbie Reynolds, the Data Diva, discuss the role of law enforcement in capturing social media posts when trying to thwart the bad guys coordinating a riot or the more recent looting incidents in Chicago. During this difficult time in our nation, what is the role that cell phone forensics should take? Did you know that Apple phones have the ability to automatically shut down when stolen and have a beacon that will detect the location of the phone making it easy for law enforcement to come knocking on the thief’s door? Check out this video to learn more about the role of social media and cell phone forensics.

Transcripts of Video Follows

Lee Neubecker (LN): Hi, it’s Lee Neubecker, and I have Debbie Reynolds back on the show, Debbie thanks for being on remotely.

Debbie Reynolds (DR): Thank you for having me.

LN: So I asked you to come on so that we could talk a little bit about some of the recent lootings that have happened in Chicago and other areas across the country. And what could be happening, as it relates to cell phone forensics and how law enforcement can be using that to get to the bottom of how these coordinated attacks are being planned and who might be involved.

DR: Most of what I know about this is basically what you told me so, why don’t you just sort of share what your experience has been so far in the current environment, and then we can talk from there?

LN: Sure. Well, right now, I know that some of the looters that were apprehended had cell phones on them. We don’t know exactly how the information is being used by law enforcement, but technically, an example of things that could happen could include, doing forensics on the cell phone, identifying Snapchat handles they have communicated with, looking at text messages, looking for Twitter accounts and postings. And potentially, what I saw happening during the last week, at least in one instance, there was a post made to Twitter by a user that made a reference to doing a gig at Urban Outfitters on the West Side, and roughly a few hours after, that post went out on Twitter, referencing Urban Outfitters, Nike’s, Liquor and other things. Around four hours after that, looting that went on at that store, so that handle that posted and anyone else that reacted to that post could certainly have been alerted to the potential for mass looting in a coordinated way via social media.

DR: Yeah, I think even though the police do have capabilities to do that type of tracking and tracing, they they do heat maps of certain things. The problem is that these incidents, if they are coordinated, they happen pretty quickly so it’s sort of hard for them to kind of preempt it. But as you said, always, they have capabilities, right? To do anything with like cell phones that they capture, but they also have capabilities to do things like geofencing about who was in the area at certain time. So, a lot of what they’re doing is not necessarily preemptive or pre-crime is more of, if something is happening or has happened, they can go back and try to backtrack or trace or… If there are people on the scene they can apprehend whoever is there that’s doing whatever and they sort of build it out from there, right?

LN: Yeah, but just the other day, someone was captured and apprehended in… They got caught because they were posting their raid via social media, and they had a live view of them going to bomb, they were threatening to bomb the place and looted, taking cash registers and the stuff was, this someone that was not from Chicago, I think from downstate, somewhere that came in and came in with a goal to create problems and had a past history of that, but the person had the audacity to post it to Facebook, and the FBI just busted them and they’re indicted now.

DR: I don’t know why people share such things on social media. Because yeah, they do track and trace that. But, a lot of the things especially as I saw, it seemed like a lot of stores that have things like mobile phones have been attacked. And as you know those things are pretty easy to trace back. So I don’t know how far people–

LN: Apple had LoJack, in all their phones at the retail store, and so people who took those phones likely those phones likely got located but-

DR: Oh yeah, definately.

LN: I don’t know that that’s happening at the the cheap cell phone stores, the burner phones.

DR: Well, yeah, those are… No, I mean, they probably… If anything, obviously may have serial numbers and stuff like that but, once you… Whether it’s broken, or people change sims or whatever, it’s harder to track that stuff down. But yeah, the Apple phones, yes. They wouldn’t have very much problem. I think as I heard, I read that what Apple had done is for all the phones that were stolen from them, they were able to lock those down. And then it had a screen on there so that you actually couldn’t use it. So, that’s what I heard was happening with Apple.

LN: Yeah, well, they also have the ability to beacon out and send GPS location so-

DR: Oh, absolutely.

LN: People who are buying stolen Apple phones might find someone knocking on their door, law enforcement.

DR: Yeah, it’s probably not a good idea to buy one off the street at this point. So yeah.

LN: Yeah. Well, any thoughts on your concerns if the privacy issues that might relate to mere surveillance on people and tracking social media posts and actually getting in and subpoenaing phone numbers that were taxed to help try to prevent looting from happening?

DR: Well, okay. I guess that’s a couple of different things rolled up into one. So, obviously I’m concerned with mass surveillance, especially if it is capturing information not accurately or targeting people who may not have even been involved. So for example, a cell phone can’t tell like let’s say for instance, you’re standing at a corner and I’m at the stoplight. It says we’re next each other, but we’re not together. So, a cell phone tracking can’t really tell that so eury people who aren’t involved, who are innocent, who are especially in this regard, peacefully protesting, having them be adjacent to other people doesn’t mean that they were involved so-

LN: Lets just say though, for instance, that they found that there was a string of businesses hit, the Foot Locker, then Denny’s Liquor, CVS and Walgreens.

DR: Yeah.

LN: There were a group of 20 people that all pinged off the four cell phone towers at the same times, and we’re in close proximity to that and a few other people were ID’d, would that be enough to justify surveillance on people where there were four cell phone towers in common across a range that put them all in the vicinity of where looting took place?

DR: I’m not sure if it would justify surveillance, so to speak, but I think that if they have other evidence, it may help them target those people more closely but, in terms of sweeping people up in surveillance exercise, I don’t think that’s going to happen unless they have additional information. So, let’s say they have information just like you said, like, okay, these people are in the vicinity and then they posted a picture on Facebook with some loot gear that they got, that would be enough, I think, to justify surveillance but just the fact, surrounding the vicinity, that’s probably not enough to go on, I don’t think.

LN: I appreciate your opinions and thoughts on this. It’s a difficult time right now and hopefully we’ll have stability and we’ll have people held accountable on all fronts, not just the leaders.

DR: Yep, I agree.

LN: Yeah, thanks Debbie.

DR: You’re welcome.

See Similar Posts

Featured

Top Places in Illinois That Reported Accelerating COVID-19 Weekly Growth

Enigma Forensics has been busy tracking week to week COVID-19 cases in each Illinois county. We are thankful of our Medical Professionals. Thank you to everyone for all you’ve done to reduce the spread!

Illinois as a state has been trending in the right direction. Only 8 counties reported cases in excess of zero the week before last week and more than 20 cases the last week show weekly growth. These counties should continue to ramp up additional testing availability and contact tracing to keep the state on track as a whole. 9 counties showed a reduction in a week over week reported cases. Click through on the County Name to see the time series chart depicting the daily counts and 7 days trended average.

Download COVID-19 Daily Confirmed Positive Cases

The data depicted above was obtained from the John Hopkins GitHub Repository.

Growth of the outbreak can be seen where the daily blue COVID-19 confirmed cases count exceeds the 7 day trailing daily orange average trend line.

View Chart Full Screen Width

COVID-Confirmed Positive Cases Week over Week Comparison

Counties with zero cases the week before last week were excluded.

CountyWeek Before Last Week
Total Cases
Last Week
Total Cases
Week Over
Week Percentage Growth
Cass439875.00%
Stephenson1124118.18%
Rock Island414919.51%
Kane25429415.75%
Will21123712.32%
Lake2682939.33%
Madison90911.11%
Cook227322800.31%
Adams0220.00%
Kankakee6259-4.84%
Kendall3431-8.82%
St. Clair166151-9.04%
Winnebago149135-9.40%
Champaign5447-12.96%
DuPage291234-19.59%
DeKalb3928-28.21%
McHenry9665-32.29%
Peoria6342-33.33%
This chart is based on data obtained daily from the Illinois Department of Public Health Website. The source daily counts are available at: https://enigmaforensics.com/covid-19/us/state/Illinois_Cases_Delta_By_Date.csv

Top Zip Codes in Illinois Reporting Week over Week Growth
(COVID-19 Confirmed Cases)

Zip CodeCityWeek Before Last WeekLast WeekWeekly Growth RatePeople / Square MilePopulation
60088Great Lakes634467%6,78015,761
62691Virginia630400%222,426
60076Skokie725257%6,24133,415
60624Chicago – West Garfield Park620233%10,78038,105
60169Hoffman Estates825213%4,40633,847
60706Harwood Heights / Norridge1031210%7,82223,134
61265Moline721200%2,37945,099
60462Orland Park720186%2,46938,723
60089Buffalo Grove1233175%4,25941,533
60104Belwood922144%8,08819,038
Data captured from IDPH website daily. Data as of 6/24/20.

Great Lakes Naval Station is leading as the top Zip code in Illinois experiencing the highest week over week growth rate of new COVID-19 confirmed cases. Click the Zip Code to view the daily and weekly average trends of new cases. In the City of Chicago, West Garfield Park is the hot zone where cases shot up 233% over the previous week.

Featured

COVID-19 Cases in Cook County Are Abating

Wearing a Mask Could Save Your Life and Others

Illinois Governor JB Pritzker instituted that face masks be worn while inside facilities open to the public beginning on May 1st, 2020. Just a little over 2 weeks later, new cases of COVID-19 plummeted and began a downward descent. Proving that wearing masks helps stop the spread of the Coronavirus / COVID-19.

The other US States that have failed to require a mask to be worn when entering public facilities are experiencing consistent growth of the virus. The data proves that after instituting a mask requirement, roughly 14 days later, cases begin to abate or descent.

Daily Confirmed Positive COVID-19 Cases in Cook County Illinois

Daily Deaths from COVID-19 in Cook County Illinois

Daily Confirmed Positive COVID-19 Cases in Tulsa Oklahoma

Featured

Who’s Who Legal Investigations 2020

We are proud to announce Lee Neubecker was once again nominated by his peers as one of the world’s leading practitioners in the Digital Forensic Expert field. Congratulations Lee!

Congratulations Lee Neubecker!

Enigma Forensic’s President and CEO Lee Neubecker was nominated by his peers as one of the world’s leading practitioners in the field of Digital Forensic Experts and is listed in Who’s Who Legal Investigations 2020 publication as such.

Since 1996 Who’s Who Legal has identified the foremost legal practitioners and consulting experts in business law and investigations based upon comprehensive, independent research.

Who’s Who Legal Investigations publications said, Lee Neubecker, is a “great expert” who receives widespread plaudits from sources who note he is “one of the most visible people in the field”.

Nominees have been selected based on comprehensive, independent survey work with both general counsel and private practitioners worldwide.

Featured

Top Illinois Zip Codes Where COVID-19 Outbreaks Continue

Chicago has entered Phase 3 of the Re-Opening of Chicago Plan. Are you wondering where the recent hot pockets are located? Check out our COVID-19 Statistics to see where the infection continues to grow.

The following top Illinois Zip Codes that are largely Hispanic are continuing to climb with COVID-19 outbreaks. This data is based on the daily changes in total reported confirmed COVID-19 cases by Zip Code obtained from the Illinois Department of Public Health statistics page. The reported counts include data from 6/12/20, 6/13/20 and 6/14/20. These are the top Zip Codes in Illinois where 15 or more cases have been reported between last Friday and last Sunday.

Of those identified, Hispanic majority zipcodes account for 50%+ of the remaining hot pockets where COVID-19 infections continue to grow. Majority White Zip codes follow with 7 out of 26, followed by Black Majority Zip Codes at 6 out of 26 Zip Codes.

[visualizer id=”7896″]

Featured

Small Business and Cybersecurity Attacks

Small businesses are getting hit hard. Starting with government directed closures due to the COVID-19 pandemic and now the most recent looting and protestor damage. Small businesses are more vulnerable than ever. If you own a small business be on the lookout for cybersecurity threats and learn more on how to protect your business.

Small Businesses must on the lookout for cybersecurity threats!

Small businesses have been besieged on all fronts. First, out of left field they were struck by COVID-19 and the loss of business. Then knocked down by the most recent violent protests. All these hits create multiple vulnerabilities to yet another threat; cybersecurity attacks. Now more than ever, small businesses need to be aware of an impending cybersecurity breach. Enigma Forensics focuses on cybersecurity and would like to share what are the most common cybersecurity threats and how small businesses can protect themselves.

What are the most common security threats?

There are three common cybersecurity threats each small business owner must be aware of; Malware, viruses, and phising. Malware is an umbrella name for a software designed to attack and destroy computers, servers, and to obtain client information. Malware can be engineered in many different malicious ways. Viruses are designed as a computer program that replicates itself and inserts code into your system to modify existing programs. It basically creates havoc in your system and is extremely difficult to delete. Phising is inserted by a clicking on or opening an email that presents itself as a legitimate email. It sparks curiosity and plays on the simplest of emotions.

What are some easy tips for small businesses to protect themselves?

Enigma Forensics encourages everyone to purchase cybersecurity insurance. This can help defer costs if you are attacked. We definitely suggest to hire a professional to assess your system and identify risks. Another less costly tip is to change your passwords. Make them as difficult and unique as possible and don’t store them on your systems. Be sure to include mobile device security if you or your employees check emails on mobile devices. Train your employees to recognize cybersecurity threats and how to avoid and report them.

Enigma Forensics related articles

See the link below for The Department of Homeland Security guide

https://www.dhs.gov/sites/default/files/publications/CSD%202018%20Tech_Guide_Web%20Version_508.pdf

Featured

Cell Phone Forensics Key to Ending Looting

How can we put an end to this protest? Cell phone forensics is the key to finding out who is organizing violent protests and looting by checking social media sites. It’s that simple!

Chicago Police Superintendent David Brown recognizes social media contributed to the rise in looting

Is Cell Phone Forensics the key to ending the looting? Chicago is reeling back from the third day of unrest and violent protest. Not only are we healing from a global pandemic we are now faced with the threat of violence in all of our neighborhoods. On Monday, we witnessed the third day of violent protest. It was reported that law enforcement arrested approximately 699 people and sadly, 2 people who were shot and killed in Cicero. Feelings of anger, frustration and despair are common threads that bind all of us. The question on everyone’s mind is when is all this going to stop? The Chicago Police department is dealing with a great deal; protecting the neighborhoods and at the same charged with stopping violence. The same violence that was started by a deadly police action.

Many have heard on mobile scanners that hundreds of people driving in caravans are traveling into the city from outside Chicago. Some believe these caravans are organized on social media and are encouraging violent protest and looting. Forensic technology can stop this type of organized violent protest. Once a bad actor has been apprehended, law enforcement needs to perform remote cell phone forensic analytics to discover social media posts, connect friends and followers to thwart passing of information. This is a new age of technology and our police department needs to be able to trace violent networks of people to respond in real time as to prevent personal attacks an property damage.

Enigma Forensics is an expert cyber forensic company that offers forensic imaging of cell phone, laptop and other electronic devices. We are able to analyze the electronic footprint left behind and provide detailed tracing to assist in litigation.

More about expert technology and cell phone forensics

Mobile Device Investigation Training

https://www.fletc.gov/-program/mobile-device-investigations-program

Chicago Police Department Learn about Real Technology Behind Crime Solving Efforts

Featured

What does post COVID-19 look like for businesses?

Open for Business! Chicago is entering Phase 3 of the re-opening of Chicago plan. Some employees are continuing to work from home and others are no longer employed. How should a company get their devices returned or information removed from an employees device? Hire Enigma Forensics to be the go-between.

How to Retrieve Company Information from Employees no longer with the company?

What does Phase 3 mean for Chicago? Mayor Lori E. Lightfoot just announced Chicago is going to open up on Wednesday, June 3. Hip Hip Horay! Will Chicago be the bustling town ever again? Let’s hope so.

Mayor Lightfoot along with the Chicago Department of Public Health have announced a soft opening for most businesses in the City of Chicago. Check out the City’s reopening guidelines at Https://www.chicago.gov/city/en/sites/covid-19/home/reopening-business-portal.html

Even though many employees will be going back to the office, some employees will continue to work from home. What about the employees who are no longer continuing on with the company and have company information and uncompleted work on their personal electronic devices? How does a company retrieve that information?

These are all valid questions and you can bet that most companies were not prepared to address. How should a company go about getting their devices or information removed from an employees personal device?

Your first step should be to call and arrange a pick up of the electronic devices held by the former employee. If you are having difficulty retrieving your company property Enigma Forensics has the answer. In some instances calling on a third party to be the go-between can smooth out any ill feelings. Enigma Forensics can help retrieve property and perform a diagnostic review of the electronic devices. We can identify if any information has been copied or sent via email to an unauthorized third party.

In the future, companies should develop a confidential agreement outlining key information. It’s necessary to virtually adapt if necessary the off-boarding procedure, disabling e-mail, account access, and confirm inventory. Enigma Forensics emphasizes even though the employee is remote be consistent and conduct an exit interview and always utilize e-signature. Be Safe Chicago and Let’s Open UP!

Featured

Issues When Working From Home

Issues when working from home are bubbling up. Are you working from the dining room table on important company information? We discuss the importance of forming a work from home policy.

We have reached a new era of remote business at levels few companies ever planned for. We all know, COVID-19 has driven businesses and their employees to operate from makeshift home offices. As a result, many issues when working from home have been exposed. In some of our past blogs, Enigma Forensics has provided insight to trade secret theft and given direction on how to protect company trade secrets from cyber attacks. In this blog we will address the current issues that have risen since we are all working from home.

First and foremost, the mass exodus from the business office to the home office was done at the flip of a switch. Working from home took many companies by surprise, sending employees home expecting this to be a short period of time. Most companies didn’t have time to prepare a proper security plan. In an effort to offer more accessibility to their employees some companies loosened their security standards to allow faster and more convenient access for employees. Some encouraged employees to use their own personal devices. These procedures have increased the risks that companies will be cyber attacked and offer opportunities for trade secret theft and loss of business confidential information. To lessen these possibilities companies must develop policies that address the risks.

Enigma Forensics suggests creating a work from home policy to inform employees of their obligations. Companies need to communicate how important it is to stay secure and that the future of the company depends on it. Employers must insist each employee maintain a two-factor authentication process to secure sensitive information. Each employer must restrict unauthorized access to company data. In other words, keep the kids off the company’s computer. It’s also imperative to prohibit the use of unauthorized third party cloud storage sites, and to make sure to apply security software to protect company data. Most importantly, no sharing of company devices.

Some more simple procedures companies can implement to protect their end points include:

  • Ensure endpoints have patch software and security updates applied monthly
  • Audit and enable Windows Defender or other Antivirus Solutions to protect end points
  • Ensure computers accessing company data are set to auto lock after five minutes of intactivity
  • Provide employees with dedicated work only equipment
  • Audit and ensure satellite workers have a firewall protecting their endpoints from potential attackers

Kids at home with not much to do may be interested in installing the latest video game on your computer which could introduce security vulnerabilities at home.

Enigma Forensics also suggests developing an inventory of what employee has access to which files. Know who is printing confidential information, and identify if family members have access to the same devices. Once all this is mapped out, a risk assessment needs to be conducted. Identify which employees have access to sensitive information should be prioritized and secured appropriately.

Eventually we will all be back working in the office but COVID-19 has exposed the need to increase security and to learn more about how your employees are utilizing company owned devices.

To Learn More About Trade Secret Theft Check out our blog below

Featured

Shelter in Place or Open Up?

Where do you stand? Stay sheltered in place or open up? We all have felt the pain of this pandemic. Is it time to open up are restaurants? Enigma Forensics wants to know your thoughts.

Is fear holding us back from moving forward?

Where do you stand? Shelter in place or open up! Is fear holding you back? If you don’t know what’s going on in the world today apparently you have been living under a rock. It seems so long ago when Enigma Forensics Lee Neubecker and Geary Sikich, President of Logistics Management Systems warned of what was to come and further outlined what would be the global impact. Enigma Forensics started posting our first post about COVID-19, Coronavirus: The Global Impact was on March 6.

Mayor Lightfoot announced today that Chicago will not be able to open restaurants for outdoor seating on May 29. It’s different than what the state has outlined. As stated by the City of Chicago, we will be following “Protecting Chicago” framework. The City will be using this guide to govern Chicago’s reopening process amid COVID-19. The framework – organized into five phases in alignment with the State of Illinois’ “Restore Illinois” plan – will advise Chicagoans on how to safely exit from shelter-in-place while continuing to prioritize the health of our most vulnerable residents.

Did we anticipated COVID-19 spread to the U.S. to wreak havoc like it has? Absolutely not. Even though this is a play book that has never been written before, Lee Neubecker drew upon his cyber forensic skills and made it the company’s focus to track information on the rise of positive cases and deaths. Our intention was to save lives!

Illinois is now ranking third for COVID-19 cases behind New Jersey (#2) and New York (#1). According to the Illinois Department of Health, as of 5/21 Illinois has (102,687) Positive Cases and (4,607) Deaths and (672,723 ) Tests performed. Over all, according to the Center of Disease Control reports, the US has (1,581,903) Positive Cases, (93,806) Deaths, and (301,341) Recovered Cases.

Education trumps fear. Wear a mask and wash your hands. Based on these numbers, where do you stand? Stay in shelter in place or open up?

It started when…CDC: Center for Disease Control announced first COVID-19 case in the United States. Jan. 21.

https://www.cbsnews.com/news/coronavirus-centers-for-disease-control-first-case-united-states/

On Tuesday, March 13, we helped Cook County Clerk Karen Yarbrough spread the word on safe voting tips and how to keep yourself safe.

We wondered what was the fastest growing Zip Code in Illinois.Enigma Forensics started tracking COVID-19, on 3/8.

We uncovered the highest growth rate and reached out to the Hispanic Community Leaders

Featured

Today’s Top 10 Growth Zip Codes for COVID-19

The chart below shows new COVID-19 confirmed positive cases in Illinois. This data has been filtered to include only Zip Codes that report 100 or more positive cases and is reversed sorted by the 2 day trailing growth rate, highest to lowest.

Notable top communities outside Chicago include Des Plaines, and new to the top 10 list:

  • Kankakee
  • Willow Brook
  • Bolingbrook

[visualizer id=”7739″]

Featured

COVID-19 Account for 60% of Latino Neighborhoods

In early April, Latino communities in Chicago experienced a fast growing number of COVIS-10 Cases.

As of 4/14/20, the Top Fastest growing Illinois Zip Codes reporting new COVID-19 cases shifted disproportionately to Latino populations based on the ethnic racial makeup of those Zip Codes. The CDC needs to immediately begin releasing detailed data on actual confirmed Coronavirus positive cases and deaths by Zip Code to help effectively target emerging hot pockets. There remains no available data reporting death’s by zip code impacting the Latino community.

Of the 710,648 people that live in the top 10 Zip Codes (2014 Census estimates from https://zipdatamaps.com/), the racial break down of these combined communities is as follows:

Racial Group2014 Population% of Population
White159,87022%
Black or African American76,32311%
Hispanic / Latino428,16960%
All Others46,2867%
All Groups Top 10 Zip Codes710,648
Source data Illinois Department of Public Health compiled daily by Enigma Forensics to report 2 day trailing growth rates of the virus.

This new data suggests that Mayor Lightfoot’s campaign targeting African American and other communities has been highly effective at slowing growth rates in many majority African American and other neighborhoods where English is broadly spoken. The growth rates in majority Latino neighborhoods suggests similar outreach efforts and analysis is needed targeting Latino neighborhoods where the virus is growing at the highest rates across Illinois.

Yesterday, a coalition of Latino leaders issued a press release calling on such a well needed outreach campaign to address the unique cultural and language needs of the Latino communities.

Other observed trends from yesterday’s data is the emergence of University Village into the top position for fastest growing Zip Code statewide at an alarming rate of 27% daily growth over the most recent 2 day period. We speculate that this may be a result of UIC and possibly the increase in availability of rapid testing in that zip code.

[visualizer id=”7708″]

Featured

Coronavirus Case Growth Highest in Hispanic Communities

Hispanic Communities are getting hit hard with COVID-19, they have the fastest growth of all the combined population. See the data.

Using data obtained from the Illinois Department of Public Health’s website on 4/12/20 and the preceding days, we established a regularly updated summary of the fastest growing Zip Codes in Illinois sorted by 2 day growth rate and filtered by Zip Codes that have passed 100 diagnosed COVID-19 / Coronavirus positive cases.

Our analysis of the top fastest growth Zip Codes that all have experienced an average growth rate at or in excess of 10% led us to cross reference the population. Of those fastest growing 19 Zip Codes from 4/10 to 4/12, the combined population is majority Hispanic. This finding doesn’t negate that the black community is being devastated by this pandemic in greater numbers at present in Chicago, but does suggest transmission rates may be greater within the Hispanic community. This information means that communities with rapidly growing Coronavirus cases need to take immediate steps to ensure essential workers are being provided appropriate training, protective equipment and rapid testing. Many businesses in economically struggling communities are failing to protect their workers and customers and this needs to change promptly. Resources need to be prioritized to brown and black communities being disproportionately impacted by this outbreak.

Population Totals for the 19 Fastest Growing Coronavirus Confirmed Positive Zip Codes in Illinois

White369,243
Black or African American203,409
Hispanic678,050
American Indian1,158
Asian59,386
Pacific Islander248
Other2,447
Two or More Races14,668
Click Excel link below to see the complete data

[visualizer id=”7648″]

View the most recent updated Illinois COVID-19 Statistics

Related Articles

Featured

Top 10 Coronavirus Confirmed Positive Growth Zip Codes in Illinois

The following data was compiled using the Illinois Department of Public Health’s daily statistics showing Coronavirus / COVID-19 Confirmed Positive Statistics taken from each of the last three day reports. The ranking is based on the 2 day average daily growth rate. Demographic data has been added from the website illinois-demographics.com to help better understand the communities impacted. The data shows statistics reported as of April 10th, 2020.

Yesterday I spent time driving into some of the Zip Codes that were experiencing the greatest growth rates that reported 100 or more Coronavirus confirmed positive tests. I observed a lack of social distancing with many young African American men not practicing social distancing or wearing protective masks or gloves congregating outside various essential businesses like retail stores and liquor stores. I observed an instance amongst young male Latinos as well. I observed problems at shopping centers with essential staff not having protective clothing or enforcing social distancing at the entrances or inside their stores. Customers entering stores generally are not wearing protective wraps around their faces.

It appears that these locations are economically disadvantaged largely. The residents of these zip codes need help in being educated on prevention measures to curtail the expanding growth rates of the Coronavirus. Businesses operating may need government inspectors to enforce social distancing recommendations through outreach. Ticketing of individuals willfully disregarding social distancing measures in larger groups may be necessary. The State of Illinois should prioritize deployment of the new Rapid 5 minute test equipment to suspected Coronavirus patients in these zip codes to more effectively curtail the growth of the virus to the general surrounding population. Essential service workers need to be wearing protective covering of some sort to help minimize and slow the virus transmission. A ban on shopping to customers not wearing protective coverings may need to be considered in the highest growth areas to protect those residents.

Click the Excel button below to copy the data above into a sortable spreadsheet.

[visualizer id=”7568″]

View all Illinois Zip Codes with 100 or more Coronavirus Confirmed Positive Cases ranked from fastest growing to slowest growing.

Featured

Latino Communities Taking the Lead in COVID-19 Rate of Growth

Fastest Growing Zip Codes with more than 100 confirmed Coronavirus cases

The fastest growing zip code with more than 100 confirmed positive diagnosis for COVID-19 is 60632. Brighton Park is the Chicago Community just East of Chicago Midway Airport. 88% of the population in this Zip Code is Latino. The runner up, 60608 which includes the Pilsen neighborhood and has just over 50% of the population identified as Hispanic or Latino. In third place is 60804 which is Cicero’s Zip Code. 60804 is 85% Hispanic of Latino.

State RankingZip Code4/8/204/9/20Net Change
160632, (East of Midway) Chicago, IL9211019.6%
260608, (Pilsen) Chicago, IL15818718.4%
360804 Cicero, IL12014218.3%
4600168610016.3%
56062316318815.3%
6606169210615.2%
76062415117113.2%
86061411412913.2%
96061215617612.8%
106065115717712.7%

See the latest rankings for all of Illinois

Featured

Top 10 Illinois Zip Codes with Largest Confirmed Corona Positive Cases

The Illinois Department of Public Health has begun publishing zip code level Coronavirus / COVID-19 Confirmed Positive cases. This data was captured as of 4/8/2020 4:15PM from http://www.dph.illinois.gov/covid19/covid19-statistics

The top 10 Zip Codes in Illinois reporting the highest number of Coronavirus / COVID-19 Confirmed Positive Cases

Top Cook County Locations Where Coronavirus / COVID-19 Confirmed Cases have been reported.
Zip CodePositive CasesCity – Neighborhood – CountyPeople per sq mile% of Population in Zip Code Black
60645272Chicago – West Ridge – (Cook)20,05514%
60620269Chicago – Auburn Gresham – (Cook)10,19198%
60619238Chicago – Chatham – (Cook)10,60197%
60628229Chicago – Roseland – (Cook)6,61295%
60617209South Chicago – (Cook)6,07056%
60644184Chicago – Austin – (Cook)13,88594%
60085178Waukegan – (Lake)4,79119%
60643178Beverly – (Cook)6,80075%
60623163Chicago – South Lawndale (Cook)17,19633%
60629162Chicago – Chicago Lawn (Cook)16,72623%
Six out of the top ten zip codes in Illinois with the highest total confirmed Coronavirus confirmed positive cases are majority black / African American population centers. Income, population, density and race appear to be factors in test positive rates. Incarceration rates by zip code we plan to look into as well to see if there appears to be a correlation. African Americans make up a disproportionate part of the prison population. This seems to be impacting them at a much higher rate.

Waukegan may be higher due to it being home to Abbott Laboratories which recently reported availability of Coronavirus rapid 5 minute test units.

Social Distancing Photos in Hot Zones

60644 Chicago Austin Photo Taken @ 4/9/20 9:30AM

60628 Chicago 100 W. 95th @ 4/9/20 10:30AM

60620, Family Dollar, 7927 S Ashland Ave, Chicago, IL 60620 @ 4/9:20 10:30AM

60620 Home Depot taking appropriate measures 200-232 W 87th St Chicago, IL 60620

State Ranking Coronavirus / COVID-19 Zip Codes reporting more than 5 Confirmed Positives as of 4/9/20

State RankingZip Code4/8/204/9/20Net Change
1606202692928.6%
2606452722854.8%
36061923826511.3%
4606282292383.9%
5606172092268.1%
66064418420410.9%
76008517819610.1%
8606431781927.9%
96062316318815.3%
106060815818718.4%
116062916218111.7%
126065115717712.7%
136061215617612.8%
146062415117113.2%
15604111581686.3%
166063914616211.0%
176064914716210.2%
18606341361499.6%
19606181351425.2%
206080412014218.3%
21606371241369.7%
22606591321341.5%
23606251281333.9%
246063611713011.1%
256061411412913.2%
26606571201243.3%
27604021151237.0%
286062211012311.8%
296046611012210.9%
30606521161214.3%
316065310811910.2%
326060910311410.7%
33606131071146.5%
34604431011119.9%
35606329211019.6%
36606151091090.0%
3760638991089.1%
38606401011075.9%
39606169210615.2%
40604099410410.6%
4160076961026.3%
4260435981024.1%
4360025971014.1%
4460104921019.8%
45600168610016.3%
4660901921008.7%
476062694984.3%
486045388969.1%
4960621849614.3%
5060473839413.3%
516064788935.7%
526052786904.7%
536007781888.6%
5460440788610.3%
556082782864.9%
566041978859.0%
576063080845.0%
586064176816.6%
596061078802.6%
606020177770.0%
6160655667716.7%
626003576760.0%
6360153657616.9%
646070774762.7%
656007374751.4%
666060770757.1%
6760426657413.8%
686047868748.8%
6960099637112.7%
706043866717.6%
716009369701.4%
726006862689.7%
736066063664.8%
7460087536522.6%
7560101546316.7%
76604296563-3.1%
7760586556314.5%
786006258615.2%
7960506526117.3%
806009160600.0%
816020258603.4%
8260446495920.4%
836061158591.7%
846063155597.3%
856047155585.5%
866004556571.8%
876006456571.8%
886043054575.6%
896071452567.7%
9060148495512.2%
9160406505510.0%
926015451545.9%
936044151545.9%
946001552531.9%
9560302465213.0%
9660462425121.4%
976005649502.0%
986064648504.2%
996018847494.3%
1006042345498.9%
1016042845498.9%
10260656424916.7%
1036060546484.3%
1046009045474.4%
1056016044464.5%
1066005343454.7%
1076045542457.1%
1086008941447.3%
10960431404410.0%
1106049042444.8%
11160026394310.3%
1126003142432.4%
11360133374316.2%
11460459384313.2%
11560525364319.4%
11660805384313.2%
1176001840425.0%
1186043341422.4%
1196010639415.1%
1206012037408.1%
1216012338405.3%
1226012637408.1%
1236013937408.1%
1246018540400.0%
1256040339402.6%
1266065439402.6%
12760107333918.2%
1286013036398.3%
1296013137395.4%
1306018138392.6%
13160477353911.4%
1326042536385.6%
1336045235388.6%
13460565303826.7%
1356071237382.7%
13660505293727.6%
13760164283628.6%
1386019335362.9%
13960484313616.1%
14060706313616.1%
1416004633356.1%
1426007432359.4%
1436042232359.4%
1446056132359.4%
1456041731349.7%
1466049131349.7%
1476051732346.3%
14860004303310.0%
14960048303310.0%
15060463283317.9%
15160467293313.8%
1526056432333.1%
15360007293210.3%
15460098273218.5%
15560432283110.7%
15660475283110.7%
1576006028307.1%
1586054329303.4%
1596060128307.1%
16060047262911.5%
16160439242920.8%
1626013728280.0%
1636045126287.7%
1646050427283.7%
16560516232821.7%
16660544252812.0%
1676055927283.7%
16860563252812.0%
1696044525278.0%
1706046525278.0%
1716048725278.0%
1726001424268.3%
1736016225264.0%
1746040425264.0%
1756041524268.3%
1766064225264.0%
1776170125264.0%
17860061222513.6%
1796010223258.7%
1806010324254.2%
1816051325250.0%
1826124423258.7%
18360044212414.3%
1846015523244.3%
18560436212414.3%
18660448212414.3%
1876063322249.1%
18860803212414.3%
1896003022234.5%
1906017222234.5%
1916046123230.0%
19260585202315.0%
1936001321224.8%
19460084192215.8%
1956054622220.0%
1966091422220.0%
197628010222200.0%
19860005172123.5%
19960010192110.5%
20060108192110.5%
2016018920215.0%
20261265172123.5%
20360050162025.0%
2046017119205.3%
20560194182011.1%
2066052119205.3%
2076256820200.0%
20862901162025.0%
2096017519190.0%
2106040118195.6%
2116044918195.6%
2126045719190.0%
21360515171911.8%
21460540171911.8%
21562040171911.8%
21660008161812.5%
2176043417185.9%
21860472161812.5%
2196051417185.9%
2206182217185.9%
22162226141828.6%
22262233141828.6%
22362236718157.1%
2246005116176.3%
2256006717170.0%
226601691817-5.6%
2276030416176.3%
2286052317170.0%
2296120117170.0%
2306011516160.0%
23160418141614.3%
23260502131623.1%
2336053216160.0%
2346066116160.0%
2356176116160.0%
2366222116160.0%
23762269141614.3%
2386000214157.1%
23960156131515.4%
2406044214157.1%
2416229814157.1%
2426008313147.7%
24360110101440.0%
2446017414140.0%
24561704121416.7%
24662002121416.7%
24762223111427.3%
2486002213130.0%
2496013413130.0%
250601421413-7.1%
2516017613130.0%
252602031413-7.1%
2536052612138.3%
2546004312120.0%
2556016581250.0%
25660458101220.0%
25760501101220.0%
2586056012120.0%
2596108112120.0%
2606202511129.1%
2616220811129.1%
26260012101110.0%
2636006911110.0%
26460081101110.0%
2656012411110.0%
2666054291122.2%
2676060611110.0%
2686002010100.0%
2696014010100.0%
2706017710100.0%
2716030591011.1%
2726046491011.1%
2736048281025.0%
2746050310100.0%
2756053871042.9%
2766095081025.0%
2776110271042.9%
2786180110100.0%
2796182110100.0%
2806220691011.1%
281622341110-9.1%
2826270281025.0%
28360070990.0%
28460118990.0%
28560163990.0%
286604698912.5%
287605347928.6%
28860558990.0%
28961802990.0%
290626508912.5%
29160136880.0%
292601737814.3%
29360178880.0%
29460301880.0%
29560410880.0%
296604507814.3%
29762278880.0%
2986230508800.0%
29960042770.0%
30060191770.0%
30160192770.0%
30260468770.0%
30360510770.0%
30460545770.0%
30560554770.0%
306609646716.7%
307611096716.7%
30861241770.0%
3096176407700.0%
31062220770.0%
31162258770.0%
31262265770.0%
3136230107700.0%
31462711770.0%
3156011906600.0%
31660143660.0%
31760187660.0%
31860551660.0%
31960555660.0%
3206103206600.0%
3216110306600.0%
32261114660.0%
32361282660.0%
32461853660.0%
32561910660.0%
3266203406600.0%
32762035660.0%
32862959660.0%
329600416 -100.0%
330620956 -100.0%
Featured

Top Counties That Should Consider Lockdown!

Chicago’s Enigma Forensics Data Analytic and Cyber Security Expert Lee Neubecker has identified top counties in the country that should consider going on lock down because of the alarming climbing numbers. Some of these counties may not know they are approaching a dangerous risky situation. Lee has been taking a deeper dive on the most recent Coronavirus stats identifying the most at risk counties. Lee was way ahead of CNBC’s report that President Trump has called for classifying Coronavirus risk county by county!

Check out this video to see if your County is on his list!

Video Transcripts Follows

The Transcripts go here!

Featured

Top Locations in U.S. Where Corona Deaths Are Ramping

These are locations that report 3 or more Corona Related Deaths. Only 1 of these 28 locations has their Daily Growth rate under 30%. Medical supplies are desperately needed at these locations.

Average Daily Growth Rate= ((3/27 Confirmed Cases – 3/23 Confirmed Cases)/(3/23 Confirmed Cases))/Days Elapsed

Estimated Confirmed Positive Cases One Week Out = 3/27 Confirmed Cases * (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)

Note: The average daily growth rate will slow before exceeding the max population. E.G. IN-Marion will not continue at the experienced average 245% daily growth rate.

The Transcript of the Video Follows:

Kitty Kurth (KK): Good morning! Today we’re here with Lee Neubecker from Enigma Forensics. A renowned data analyst, computer forensics expert, and inquisitive mind. Lee’s been thinking about the corona virus and looking into data. The data that’s out there in the world and taking it in, and looking at how we can analyze this data and what we can learn from it. Lee, tell us about what you’ve been doing.

Lee Neubecker (LN): Yes well, like everyone else I’ve been holed up at home in my basement and I’ve been wanting to think about, what can I do to help impact positive change, and what can my team do. And we decided we wanted to use our time to help minimize the spread of the virus and to help minimize death, so that’s my new mission that gives me something to wake up for and do, because certainly in the short term most client work is on hold because the courts are closed.

KK: So what, yesterday you released some data, can you tell us about where you got the data, what it was, and what it means. What you did with it, what it means.

LN: Yes, well like everyone else, I’ve been looking at the John Hopkins data map and they have a really nice visualization tool that lets you see the data as it’s updated. And I was examining their site and I discovered they had a GitHub repository where they’re uploading every day around 7pm central time. And as I looked at the data, I thought, you know there’s some interesting things that probably could be done that aren’t happening yet, such as looking at the penetration rate. If the county data just became available of the reporting, I looked out at the census and found some data from the census that included the population by county. So I started mapping out the population by county so that I could come up with something that I’m calling penetration rate. Which is essentially, what percent of the population has tested positive for the virus. And that information’s useful because it can give us some idea of, you know, how saturated will things be. Unfortunately though, the testing kits aren’t widely available so, it’s difficult to know for certain what’s happening as it relates to testing. More telling though is the data relating to deaths of corona virus, and that’s something that I was looking at this morning. And it has some, you know, really interesting things to talk about.

KK: What did you find when you were looking at that data? And the data you released yesterday, didn’t it show that there are 10 counties that are particularly in dire straits, or will be in dire straits, where the county officials should telling everybody to stay home.

LN: Yeah here’s my data model, are you able to see that? On screen, great. So, what I did is I thought, let’s look at locations that have 10 or more positive tests, and have, what are top 10 locations with 10 or more positive tests, that have the greatest rate of daily growth. And those are areas that no one’s talking about right now but I thought it was important to talk about that because they may think they’re safe. They may not know that someone’s begun passing the virus in the community. And so, you know, I identified places like Jackson, Michigan, which isn’t too far from where my family members are. They may not know there that they have a problem. They may not have public health professionals like Cook County has, dedicated to looking at the data. So, I thought it was important that we get the word out to some of these communities, that they’re emerging very fast with their growth of corona positive tests.

KK: There were some new data that you looked at last night, and some new things that you found, what did you find today?

LN: I wanted to look at where are people actually having deaths reported. So I looked at, where are there three or more deaths in the US. And because the tests are less reliable, you know, the confirmed test because there aren’t enough tests out there. But the places where people are actually starting to die, those are the places that are going to need a lot of medical supplies and help. And so today I published a new list of 29 locations. Let me resort this here by death rate. And death rate is a calculation, you know, how many deaths relative to the population. So for instance, in Dougherty, Georgia. They have the highest death rate, which may mean they’re in dire need of medical supplies. But they’re a very low population area.

KK: Georgia is one of the places that nobody’s been talking about at all. LN: Yeah and you can see there that, their population’s 87,000 roughly. They’ve had six deaths, but in terms of death rate, they’re at the top of it. So, you know, the public needs to look at what’s going on there. Are they keeping their kids at home? Are schools still open? Now those are important questions. Are people cavalier about it? You know, what’s the characteristic of the people who passed away? Are they all in a nursing home? There’s a lot of other things that can be looked into here. KK: Is there a cluster, are they all in one place? Or are they people that are out circulating in the community?

LN: Exactly.

KK: Is one of them the letter carrier? And then Louisiana has a high death rate and we heard about the fact that there are numerous cases there. Washington State it looks like is also high. New York, New Jersey. Connecticut is really growing it looks like. But then Colorado, no one has talked about that this one county in Colorado, El Paso County seems to have a really high rate. And Milwaukee, Wisconsin. People aren’t really talking about that either.

LN: If you look at Cook County, Illinois. What this is showing in my opinion is that despite the fact that we have a lot of cases, our health care system is keeping up, and keeping people from dying. So, you know, looking at how LA’s performing, what’s LA getting in terms of resources, and what’s the quality of their health care versus Dougherty, Georgia, or King, Washington, or some of these other places. You know, it’s very disheartening for instance to see Dougherty, Georgia, they’re at a 71% increase in testing over just a few days. That’s a average daily increase. They’ve actually, you know, more than almost tripled in just a few days.

KK: And again, that’s something that at least in the national media, no one is addressing Georgia. So, you know, we don’t know. I hope Georgia realizes they have a problem but no one else has talked about the fact that Georgia has a problem.

LN: The White House did say yesterday, that they wanted to try to address the counties where the hotspots are. So these are the hotspots. Some would say we should be doing this at the state level, and not focusing just on the county. But these counties definitely need attention.

KK: These counties need attention but what I heard the White House also say was, “we’re going to let counties be free if they’re not affected, then they can open up for business again.” And I don’t know about other states but here in Illinois, people go across the Cook County, Lake County, Cook County, DuPage County, Cook County, Will County borders pretty frequently. And sometimes several times in a day. So I don’t see how a plan to let places quote open up for business on a county by county basis could be helpful.

LN: Yeah but, you know, one of the things that I’ll be looking at as I update data. We’ll be looking at what’s going on in these counties. Are they sending alert out to people? If people aren’t aware that they’re having a daily increase of 128%, like Marion, Indiana. Their increase rate is alarming, 128%.

KK: And I don’t know about today, but historically Marion has been a place with a lot of manufacturing, and if people are working side by side in factories, that could be a huge problem. Thank you very much, and we’ll put up another post tomorrow and the next day as more data becomes available. Thank you Lee Neubecker and Enigma Forensics.

LN: Thank you.

Related Posts

Featured

Coronavirus COVID-19 Confirmed Diagnosis Count by County – Emerging Risk

These US Counties are experiencing fast growth and have surpassed 10 reported cases. They are ranked by daily growth rate and are growing at an alarming rate.

Enigma Forensics is a Chicago based Computer Forensics, eDiscovery and Cyber Security firm that specializes in performing complex data analytics. In an effort to help inform the public, we have developed a data model to perform more meaningful comparisons of the latest data released and compiled by John Hopkins University to their GitHub Repository. Beginning on March 23rd, 2020, more robust reporting by U.S. County became available. We have matched this data up to population estimates by County obtained from the U.S. Census estimated as of July 1, 2019.

Disclaimer: There remain issues with matching up some of the Counties that use a different naming convention in reporting compared to the naming convention used by the U.S. Census. As such, some Counties reflecting no population will be updated as this data is refined. The latest compilation of data shows the average daily rate of increase in Coronavirus confirmed tests. The top ranked Counties should immediately take action to curtail further rampant growth of the virus.

These U.S. Counties Need to take Prompt Action to Curtail the Spread of Coronavirus COVID-19

Updated 3/26/20 8:41PM to include new data for these 10 Counties released 3/26/20 GMT. See below:

Coronavirus Spread by County
State CountyReport DateConfirmedDaily Growth RateAverage 3 Day Growth
AL-Chambers County23-Mar-202
AL-Chambers County24-Mar-205150.00%
AL-Chambers County25-Mar-2010100.00%
AL-Chambers County26-Mar-201330.00%550.00%
AL-Mobile County23-Mar-202
AL-Mobile County24-Mar-206200.00%
AL-Mobile County25-Mar-201066.67%
AL-Mobile County26-Mar-201880.00%800.00%
KS-Sedgwick County23-Mar-202
KS-Sedgwick County24-Mar-207250.00%
KS-Sedgwick County25-Mar-201157.14%
KS-Sedgwick County26-Mar-201645.45%700.00%
MI-Jackson County23-Mar-201
MI-Jackson County24-Mar-206500.00%
MI-Jackson County25-Mar-2012100.00%
MI-Jackson County26-Mar-201741.67%1600.00%
NY-Broome County23-Mar-203
NY-Broome County24-Mar-209200.00%
NY-Broome County25-Mar-201122.22%
NY-Broome County26-Mar-201645.45%433.33%
NY-Ulster County23-Mar-2018
NY-Ulster County24-Mar-203594.44%
NY-Ulster County25-Mar-206585.71%
NY-Ulster County26-Mar-207820.00%333.33%
TX-Nueces County23-Mar-201
TX-Nueces County24-Mar-206500.00%
TX-Nueces County25-Mar-201066.67%
TX-Nueces County26-Mar-201440.00%1300.00%
WA-Kittitas County23-Mar-204
WA-Kittitas County24-Mar-20525.00%
WA-Kittitas County25-Mar-2018260.00%
WA-Kittitas County26-Mar-208-55.56%100.00%
WV-Monongalia County23-Mar-202
WV-Monongalia County24-Mar-205150.00%
WV-Monongalia County25-Mar-2016220.00%
WV-Monongalia County26-Mar-201812.50%800.00%
PA-Dauphin County23-Mar-201
PA-Dauphin County24-Mar-204300.00%
PA-Dauphin County25-Mar-2010150.00%
PA-Dauphin County26-Mar-201330.00%1200.00%

Click here to view the latest more complete list.

https://www.mlive.com/news/jackson/2020/03/10-hospitalized-in-jackson-county-for-coronavirus.html

Featured

Why Don’t Politicians Follow CDC Directives? Coronavirus Social Distancing

Enigma Forensics President Lee Neubecker wonders why politicians are not following the same CDC directives that we have to. Lee interviews Geary Sikich, President of Logical Management Systems. What are your thoughts? Check out this video interview.

The Transcript of the Video Follows.

Lee Neubecker (LN): This is going to be a short segment about why Congress, Senate, the President, why they’re not practicing, even the governor, why they’re not practicing the recommendations to keep separation and they’re doing these press conferences full of people putting everyone at risk when they can use tools like Zoom and still have the communication but not have the personal interaction. I mean, the Senate’s likely going to all have this thing soon and because they have to vote in person, that’s going to be a real problem if they can’t get something passed and they’re all sick.

Geary Sikich (GS): Yeah, you know, they broached that yesterday during one of their news conferences and Trump was saying that he would like to see them be able to operate remotely but he was saying that it might be a constitutional issue where that may preclude them. They may actually have to show up.

LN: But maybe they could debate everything on a tool like-

GS: Yeah.

LN: Zoom or WebEx and then come in to cast their vote one at a time in isolation so that they’re not around each other.

GS: Yeah, I think that’s … They should be investigating a lot of different options, but they’re not

LN: Why is the president standing next to his advisors, you know, within a foot of them. You have the vice president, the president. They’re all standing next to each other. They should be … The need to have everyone crammed into the White House briefing room, they could be using technology and spacing out so that people aren’t on top of one another.

GS: Yeah, I mean, even if you noticed the media on TV, when you’re watching the news and whatnot, like-

LN: So they have one blank seat. But that’s not six feet away.

GS: No, but I’m saying the media on TV has got separation, like this morning I’m watching NBC on morning news, and they’ve got them sitting. You know, it’s just a wider angle for the camera, and it wouldn’t be that difficult because I’ve noticed the same thing in every press briefing I see, whether it’s the president or the governors, or any of them. There is a kind of a cluster of people around them, which is typical of the way it used to be and it’s not advisable now.

LN: Yeah, but it’s certainly something that should be looked at. I think it’s important that we do everything we can to keep the infection rate from spiking quickly. We know in Italy, when it spiked the way it was, the death rate goes up to 10%.

GS: Yeah, Italy is, it’s scary because everything they have done, they, unfortunately, got … got into it a bit late because they kept their borders open way too long and they allowed things to kind of transpire that now puts them into, you know, the situation being number two as far as fatalities and as far as case rate. Once they started, and they’ve shut down the entire country, now they’re actually shutting down the transportation systems within the country to try to contain this.

LN: It’s something else. And then with spring break, all the students coming back from Florida, California. They’re all at the beaches. This is going to transfer, and they’re going to be bringing their family members a special gift home.

GS: Yeah, it scares me about the fact that we allowed the spring break festivities to go on the way they did, that the governors weren’t a little bit more proactive in that regard, and that the people themselves… Granted, you’re young, you feel like you’re invincible. But the reality is, you’re not. And the once-in-a-lifetime spring break is not all that great as it is. Having not gone to any spring breaks when I was in school, other than the trip out West and whatnot, but … the value of it is far offset by the jeopardy you put yourself in from a health standpoint.

LN: Yeah, absolutely. Well, thanks for coming on the show again to talk about this.

GS: Great, enjoyed it. Well, I’m sure we’ll see each other again virtually.

Other Related Videos

View John Hopkins Coronavirus Map

https://coronavirus.jhu.edu/

View CDC Guidelines

https://www.cdc.gov/coronavirus/2019-ncov/faq.html#anchor_1584386949645

View State of Illinois Website

https://www2.illinois.gov/

Featured

Coronavirus Impact on States that Shelter at Home

President and CEO of Enigma Forensics, Lee Neubecker remotely converses with Geary Sikich, President of Logical Management Systems, to discuss the current state of impacts the Coronavirus has brought to citizens taking shelter at home. Data experts Lee and Geary explain statistics state by state and expose interesting facts for those states that have implemented shelter at home policies.

The Transcript of the Video Follows.

Lee Neubecker: I am here today, again with Geary Sikich, reporting from my basement. Geary is the principal of logical management systems. I am the president of Enigma Forensics. We’ve been talking on our show previously about the Coronavirus and the impact. And today we’re going to be talking a little bit about the current data trends and what’s happening. Geary thanks for being on the show remotely.

Geary Sikich: Thanks Lee it’s kind of an interesting way to work.

LN: It’s the new reality probably for a while, huh?

GS: I think for, yes, a little bit more than two weeks that’s for sure.

LN: Yeah, so I want to pull up some of the data that we were talking about earlier. A spreadsheet that we had here. Is that up on the screen for ya?

GS: Yes.

LN: Okay, great. So it’s showing that, this is data that was obtained from the John Hopkins website. They’ve got a place where you can download the historical data. Which I showed you a little earlier. Let me just pull that up. So what you see here, you can go on the map tool. You can actually scroll by clicking on the tab. Internet’s running a little slow. We discussed that previously.

GS: Welcome to the world of not enough pipe.

LN: Yeah so you might not have noticed it but there’s a little section that says admin one. If you hit the right arrows you can scroll through and cycle through and see the data reported differently. First it’s by country, and we’re now at 41,708 in the US. When you click, you can see the total. It’s running very slow today.

GS: Yeah John Hopkins, I know that one of the issues with their website is so many people are using it. That it, by this time of day it starts to slow down a bit. So it’s kind of a challenge to get in there and see the data as it stands. But I just noticed on the statistics for today, that the US stats at noon, when I checked I was doing a webinar today on hospital pandemic planning and drills. And US infection rate has jumped up pretty substantially.

LN: Yeah I want to show you some specifics of concerns as we drill down. I pulled the top 10 states And you can click here, you can see by states and regions. You can see New York is getting devastated right now. Then Washington, and then Cook County Illinois here is running right up next in line. But what I found interesting is as you pull the historical data out, but you can get off, we can see, here is New York. That’s a pretty scary curve, and it’s a trajectory that doesn’t suggest it’s going to get any better any time soon. And then you have Illinois, New Jersey, and what not. But what was real interesting is we had a cross. Illinois is this line right here on the screen there. Illinois is, where is Illinois here. We got, actually what I did is I pulled out New York so I could get more zoned. So excluding New York, you can now see what’s going on. And Michigan, that didn’t have a band until they just announced today that they’re instituting a lockdown. But Illinois, more dense, more likely to get a contagious outbreak than Michigan in my opinion. Because they quarantined early enough, you start to see that at least so far Illinois holding out. Now I think that number’s going to jump up. I think that the number, they haven’t fully reported the count for today yet. But it was interesting to see both Louisiana and Michigan and Florida jump up and surpass. And right now, Florida doesn’t have a ban in place. Georgia doesn’t have a ban in place. What do you think’s going to happen with Georgia?

GS: Well I think what your statistics are showing, and it’s interesting is that the early adopters of shelter in place and working remotely, etcetera, cut the bands, if you will. The early adopters of that are finding that social distancing is actually working. The late adopters who have yet to come to the point of doing shelter in place and what not are finding much like the parallel with Philadelphia and Denver during the Spanish Influenza, Denver closed the city very quickly, very little in terms of issues that they had. Philadelphia on the other hand kept everything open and actually did a parade to try to raise money for bombs for World War One. And as a result they had a significantly higher infection rate. And so I think you’re seeing a parallel in terms of history and what’s happening today. So I would say that those states that are late adopters are probably going to see a higher rate of infection. The other thing it would be, is if we can, you’d have to do some manipulation on data with this but is to look at those states which have large cities. Chicago, New York City, Los Angeles. Some of the bigger cities are going to have a significantly bigger concentration of casualties, if you will. That is going to result, it results from the fact that people are living in close proximity in those cities. The other aspect is that, if you think about it, a lot of downtown populations don’t have the, how do I put it, the infrastructure to do a lot of at home cooking. So it’s either they don’t have the storage facilities for food or they just don’t cook because restaurants are so plentiful. And suddenly we’re finding that with restaurants closed and other things being shut down, as far as businesses and what not, that there’s a greater dependence for people to be a little bit more self-sufficient, if you will.

LN: Yep, it’s certainly going to get interesting here. Well, thanks for coming on the show again and talking about this. I’m sure we’ll have some more things to talk about again soon.

GS: Thank you for having me.

LN: Great, thanks.

Other Related Videos

View John Hopkins Coronavirus Map

https://coronavirus.jhu.edu/

View CDC Guidelines

https://www.cdc.gov/coronavirus/2019-ncov/faq.html#anchor_1584386949645

View State of Illinois Website

https://www2.illinois.gov/

Featured

Business Continuity and COVID-19

Cyber technology and preparedness experts Lee Neubecker and Geary Sikich talked about a business continuity plan way ahead of the COVID-19 virus hitting the US! What does the next couple of weeks look like? Tune in to find out.

Business continuity! It’s official, COVID-19 is upon us and the country is basically on lock down. Government restrictions are everywhere. Just about 15 days ago, Lee Neubecker and Logical Management Systems, President, Geary Sikich talked about what was going to happen when COVID-19 landed on our shores. It’s like they wrote the sequence of events!

Lee and Geary are trained experts in the field of cyber technology and preparedness. They foretold businesses will have employees work from home if they have a job that allows them to telecommute. They discussed different unique challenges businesses will experience when executives and employees take work computers home and remote in. Check out this video interview to learn a few interesting tips on business continuity.

Part 2 of the Coronavirus or COVID-19 & Business Continuity

COVID-19 and Business Continuity

Lee Neubecker (LN): Hi it’s Lee Neubecker, President of Enigma Forensics, and I’m back on the show here with Geary Sikich, President of Logical Management Systems. We’re continuing our discussion on business continuity planning as it relates to the Coronavirus, thanks again for coming back Geary.

Geary Sikich (GS): Thanks Lee for having me.

LN: So, can you tell everyone what other businesses are actually experiencing that are now at the stage where they’re dealing with government restrictions, either in China, or even in Seattle Washington, and what the reality of the challenges faced by businesses in communities where the corona outbreak is magnifying and spreading.

GS: Sure, the big one everybody is surely aware of was China and some of the things they did, in what people were calling “draconian measures”, which is essentially the quarantine that they set up. They literally lock down roughly about 56 million people and it got to the point where it was from the household where you were staying. They would allow one person to go out and buy whatever food you needed for the day. If that person didn’t have a mask on they were sent back, so no food, so that’d be a big impact. The employers for those employees who are now locked in on a quarantine basis set with empty factories and at about two weeks into that a lot of these employers were saying, “I can’t pay my people because my factory is not operating and I’m about to go out of business”. So, the impact is big in that regard. Just recently in France, the Louvre closed, and it’s closed now indefinitely as of this morning in response to a protect the potential of coronavirus expanding. Italy, there’s closing schools in Italy, they closed schools in China, also in South Korea. They’re doing similar things what we’re faced with here in the States is a very similar situation that is yet to unfold in its dramatic effect. But if we start to see the Coronavirus expand in the States, plan on seeing things like school closures plan on seeing things that are not going to be available on the shelf because the grocery stores are going to be emptied.

LN: That introduces a whole other element of risk, because for those parents of kids that have to be home many of those parents are only going to be able to work from home if they have a job that allows them to telecommute, and there’s, you were talking to me earlier about some of the unique challenges that have happened when executives take work computers home and they’re remoting in, and the one example I remember you saying was that with kids home alone and they have time on their hands, they’ve sometimes gotten into their parents’ computers and if those computers aren’t secure and they go to a game site, and they get hit by malware, the corporate network could be taken out.

GS: Yeah and it’s happened we’ve had it with the clients in different parts of the world where the company organization said it’s a great idea. We’ll set up a mini situation where you can work independently from home here’s a secure computer and over a course of time not much is happening and so, the secure computer becomes something of well we don’t let the kids play games on it and nothing’s going on so I’m not too worried, not realizing the potential exposure that they’ve put themselves in from a vulnerability standpoint. One of the key things, and I think this is a point that we need to emphasize, is that the criminal element people who want to do bad things has really taken advantage of the Coronavirus situation in a lot of different ways. By actually being able to interject malware in posing as a legitimate information site so here you want information on the Coronavirus, I’m here, and the next thing you know you’ve got malware downloaded into your system. So huge impact areas and in that regard.

LN: Yeah, I think that the whole notion of planning and thinking through how your business would respond if your employees weren’t able to come to the office is something that every organization should be doing now because it certainly is it’s not a question of if the virus will spread, it’s a question of you know how quickly and how large of an impact. We don’t fully know what is going to happen in every community with the weather, whether there will be better treatments available or not but we do know that it’s a risk and it makes sense to prepare for not having to have your workers come into your office, and how would you respond to that?

 GS: If you think about it in this context to leader there’s some real issues that you need to really begin to assess it all in a lot of detail. So, from a risk assessment standpoint, one obviously you want to look at how do I build contingency plans for us to work remotely whether it’s you working at your home or at a remote location that the company hires to have you know staffed. That’s great if you’re in the Information and Technology business or you’re in the financial sector you’re in a nonindustrial sector, how do you close down a steel mill and tell your employees we’ll go to this other place and work because there’s not the same facility. Here’s the real interesting thing that it but I think it’s a critical point and this is where we begin to start to realize risk management needs to begin to look at some things differently. One, you’ve got a facility it goes into lock down because of quarantine, no employees there. What’s your vulnerability for that facilities now sitting vacant. You have people maybe who want to break in? You still got your computers and other systems there that I would assume can still be hacked into in some way shape or form and you’ve got a lot of potential sensitive information.

LN: And physical security becomes important in that case definitely.

GS: But how you do that if you’re under quarantine and you can’t bring in physical security per se.

LN: There’s a whole issue if you have in our next segment, we’ll talk a little bit more about what businesses should be doing now to be cyber ready for having employees where they can work remotely. We’ll talk about some of the strategies that you can take now to help maximize your readiness for such a circumstance where you have to either reduce your workforce and create space, or have people work completely remote. So, thanks for being back on the show.

GS: Thank you Lee, I enjoyed it.

To View Part 1 of the Coronavirus

Other Related Articles

Official Website of Homeland Security and their Business Continuity Plan

https://www.ready.gov/business-continuity-plan

Featured

Keeping Yourself Safe

Keeping yourself safe in these trying times is a tall order. Clerk Karen Yarbrough says to use your common sense and practice social distancing, wash your hands and don’t touch your face.

The Corona Virus COVID-19 is upon us! We knew it was coming and Cook County Clerk Karen Yarbrough says let’s practice common sense. The health and well-being is the utmost importance for Clerk Yarbrough. She recalls lessons from her mother, wash your hands, don’t shake hands instead fist or elbow bump, sneeze into your elbow and don’t touch your face. Clerk Yarbrough sits down with Enigma Forensics CEO & President Lee Neubecker to discuss the safety measures the County has installed to keep the polling places safe. Check out this video blog with transcripts.

Cook County Clerk Karen Yarbrough says the 2020 Election will be safe!

The Video Transcript Follows

Lee Neubecker: Hi. It’s Lee Neubecker. President of Enigma Forensics. We’re a Chicago-based computer forensics and cybersecurity consulting firm. And I have the pleasure, again, of having the Cook County Clerk Karen Yarbrough on our show, to provide some common sense advice on what you should do at home and in the workplace to keep yourself safe from this Corona Virus outbreak concern.

Clerk Karen Yarbrough: Thank you, Lee, for opportunity to be here. I think we need to get across to people if they use their basic common sense and remember what mom used to say, they would probably be just fine. Now, 80% of the people who would even contract this, they’re going to be fine. It’s the folks whose systems are compromised, are the ones that probably are going to have some trouble. But, listen. When you sneeze, don’t sneeze out like that. Do it in your arm. Do it in your arm. Okay? Don’t touch your face. Don’t touch your face. I do it all the time. But, don’t touch your face. Don’t shake hands. We’re doing the bump these days. And the hand-bump. Yeah, we’re doing all of that. You know, some of this is basic. Okay?

LN: It’s space.

CY: Yes.

LN: Normally, you give me a big hug when I come in.

CY: No hugs.

LN: We did the elbow bump.

CY: Yes, that’s right. No hugs right through here, okay? Sorry, I’m a hugger, but I’ve just kind of pushed away. And the other we thing we just implemented today in our office, we usually have our meetings and everybody comes to the meeting, and everybody’s in the room. Everything’s closed up. So today we decided that we weren’t going to do it that way. We’re going to do it remotely. So, wherever you are, you tune into the meeting, and we’re going to have the meeting. So they have a name for that. It’s called social something…

LN: Social distancing.

CY: Distancing! That’s it, That’s it! So, that’s what we’re doing. And, little by little, as people get used to things, we’ll be fine.

LN: I think it makes sense to try to do this stuff before you have no choice.

CY: Yes.

LN: You can work out the kinks.

CY: Yeah, yeah. So far, so good. In our office we’ve had our challenges with some folks who have called off, said they’re not going to vote. I mean, they’re not going to… They can’t participate, they won’t be judges and that kind of thing. But we’ve been able to backfield them in. So I feel real good about March 17th. I think too, everyone should prepare for the likely event that as this thing continues that schools could be closed. That hasn’t happened yet, and it’s been evaluated on a case-by-case basis, but that’s a logical decision but that’s a logical decision that might be necessary in the future. And, so thinking about that now and thinking about if that happens, can I still answer my call at work maybe on my smartphone?

LN: Yeah. I think we’re going to adapt. I think we’re going to adapt to using smartphones

CY: Thank you Lee!

Other related videos in Cook County Clerk Karen Yarbrough Series

View CDC on Coronavirus Symptoms

https://www.cdc.gov/coronavirus/2019-ncov/symptoms-testing/symptoms.html?CDC_AA_refVal=https%3A%2F%2Fwww.cdc.gov%2Fcoronavirus%2F2019-ncov%2Fabout%2Fsymptoms.html

View this website to learn more information on Coronavirus

https://www.hopkinsmedicine.org/health/conditions-and-diseases/coronavirus/coronavirus-social-distancing-and-self-quarantine

Featured

Keeping Offices Safe

Clerk Yarbrough sits down with Lee Neubecker, President & CEO of Enigma Forensics to discuss the current state of affairs. Clerk Yarbrough assures everyone voting on Tuesday, March 17 voters will be met with a clean and safe environment. Come and Vote and March 17!

Cook County Clerk Karen Yarbrough Gives Safe Voting Practices

Cook County Clerk Karen Yarbrough would like voters to know her staff is taking every precaution to make all voting stations a safe and clean environment. On top of her list, everyone should wash your hands! She says all voting staff will continuously wipe down all surfaces and are trained to keep the stations clean. Clerk Yarbrough urges everyone to remember the rules your mother gave you!…Wash your hands, sneeze into your sleeve and if you have a fever stay home from work, don’t go out and stay in and take care of yourself. Clerk Yarbrough sits down with Lee Neubecker, President & CEO of Enigma Forensics to discuss the current state of affairs.

Check out this video interview to find out what precautionary steps the Clerk’s department has taken to make sure each voting office stays safe.

Election Day is on Tuesday, March 17

Clerk Yarbrough says Keep Calm, We are on the Job!

Lee Neubecker: Hi, this is Lee Neubecker, president of Enigma Forensics, computer forensics firm based here in Cook County in Chicago. And I had the pleasure of having our very own Cook County Clerk, Karen Yarbrough, here on the show to talk a little bit about what her office is doing to help keep people safe, in light of the recent corona outbreak. Karen, thanks for being on the show.

Clerk Karen Yarbrough: Thank you, Lee. Well, you know, this is a really busy time for us and we have a number of, we have our regular employees and then we have a lot of people, almost 8,000 people, who will be involved in the election on the 17th. So we want everyone to be safe. So in the office, what we’re doing is, first of all, we’re educating people. Now, some of this stuff is just common sense. I mean, people should know to wash their hands. They absolutely should know that. They also should know that if you have to sneeze, you don’t sneeze out like that, you go like this, okay? I mean, didn’t your mom teach you that? I mean, mine did, so. So the education or bringing it back to people on how we can keep safe. So our people have, they have obviously Purell. They have the gloves if they want to wear them. They also have, they clean their work stations. So we have everything that they need and we have a big influx of people for several reasons and especially in vitals and in elections and so we want everyone to be safe.

LN: So with the election fast approaching, I know that previously you were on the show to talk about early voting, in trying to get people to pull a ballot so that they could vote from home. It’s too late for that now, but what would you advise that people should do as they’re heading to the polls?

CY: Well, hopefully they’ll have a card or some information on who they want to vote for. They’re going to find our brand new voting machines there and it’ll probably take them all of two or three minutes to vote this time. So the ease of voting, they’re going to find friendly faces there and people who are willing to help them. We have the touchscreens and we also have paper ballots if people want to use ’em. But we’re encouraging people to use the touchscreen. If you want to use your finger, then you can wipe your finger off with, and we have everything there. I mean, absolutely.

LN: Like Purell?

CY: Absolutely, we have everything there. They could use a pen to do this, you know. They could use their, bring their own pen if they want to fill out a paper ballot. So, you know, again we’re telling people use some common sense here as it relates to, you know, today and all through the last few days, what I’ve been doing is going to the early voting polling places and so I’ve met all of the judges and I see the way that they’re greeting people. They’re not shaking hands, they’re doing fist bumps or arm bumps. Yeah, like that or whatever, but they are not shaking hands. So, you know, as I’ve looked, and we’ve been looking at, watching what’s coming out of Washington, what’s coming out–

LN: Even here in Chicago

CY: Absolutely.

LN: Yesterday we had the Prudential building had their first case.

CY: Yeah, how about that? How about that? But you know what? For the most part, 80% of the people who contract it in the first place, they’re going to be fine. Children are going to be fine. It’s people who have compromised systems that have the problems. And older people. I get all of that, but people can be safe and they can be competent, use common sense and be safe.

LN: Yeah, like not jumping on an airline when you know you’ve tested positive. I don’t think you should do that if you have Corona Virus.

CY: Don’t come to work sick. We’re sending people home. Anybody’s around there sniffling or what have you or they don’t feel well, if they have a fever. If you got a fever, you ought to be at home. You shouldn’t be with us.

LN: And just because you have a fever, you shouldn’t be flipping out thinking you have Corona Virus.

CY: Not at all, not at all.

LN: They say that you need to have three specific symptoms combined to worry about it. You need body aches, fever, plus respiratory problems. So if you don’t have all of three of those, don’t bug your doctor. The doctors are under control.

CY: Don’t panic.

LN: Unless you, if you have a fever that runs awhile, call but don’t. Then you should assume that you have Corona Virus.

CY: I’m hoping that we get some better information out of Washington, though. There have been mixed messages there, so let’s hope that we can get better information out of Washington as well as what we need. I noticed that out governor was pretty frustrated about his inner workings with the federal government on what we need in Illinois. So let’s hope that they get that together.

LN: Yeah, absolutely. Well, thanks for being on the show again.

CY: Thank you.

Watch related videos to this series with Cook County Clerk Karen Yarbrough

Other Related Videos

Featured

Voting Tips with Clerk Yarbrough

Cook County elections are on Tuesday, March 17. Cook County Clerk Karen Yarbrough assures everyone voting will be efficient and safe Check out these voting tips!

Every Vote Counts

Cook County Clerk Karen Yarbrough says tip number one – be prepared! Tip number two-do your homework on the candidates before you come in and vote. Lastly, it’s ok to bring your notes with you. She ensures that every precaution will be taken to make sure everyone is safe!

Clerk Yarbrough is excited to report, Cook County has all new voting machines that will streamline the voting process. She adds if you would prefer to use the old paper ballot they will have those available too. In addition, the new barcode system will accurately tally and record of voters ballot, which will make counting votes extremely efficient. After the election, Clerk Yarbrough says the office will do a full audit and confirm that every vote is counted She assures everyone voting will be safe and there will be plenty of antiseptic and gloves available! Watch this video as Lee Neubecker interviews Cook County Clerk Karen Yarbrough and asks about voter tips.

Tuesday, March 17 Vote for your Candidate!

The Video Transcripts Follows

Lee Neubecker: Hi, it’s Lee Neubecker, President of Enigma Forensics. I’m a cyber-security and computer forensic expert witness, and our firm’s based here in Chicago within Cook County, Illinois. And I have the pleasure of having our very own Cook County Clerk, Karen Yarbrough, appearing on the show today to talk to all of you about what you should know, what you should do, as you head out to vote in the next few days. Karen, thanks for being on the show and thanks for sharing these tips.

Clerk Yarbrough: Well, thank you Lee. Thank you for the opportunity. We wanted to be able to tell people what they can expect when they come to vote. For people who come to vote each and every time, they usually know. They, you need to be prepared, and one way you can prepare is by having your own notes on who you want to vote for. We have brand new machines this time, and those machines, it’s going to be a whiz. Everybody has told me they love the new machines. For those who are uncomfortable with using touch screens, we’re going to have the regular paper ballots. But, if you’re prepared to vote, it should take you a few minutes to just go straight through that ballot. And, you know, usually people have problems with all of the judges, do your homework before you come in.

LN: Well, it certainly will help speed up the lines and reduce congestion.

CY: Certainly, certainly.

LN: Also wearing gloves, if you’re really concerned, there’s nothing that prevents you from wearing gloves to vote.

CY: Not at all, we’ve seen a few. You can wear glasses. We’ve seen a few people with gloves on. We’ve seen a few people having their own pens because they plan to pull a, you know they want a paper ballot. So we’re going to, you know, bring your own pen if you’d like. We’re going to, at every station, we’re going to have the bacterial .

LN: The Purell?

CY: Yes, we’re going to have that. We wipe down the stations after each.

LN: You must have got yours early.

CY: Yes we did, yes we did.

LN: You were prepared.

CY: Yes, we wanted to be prepared. We wanted to be prepared. We were hearing about what was going on, and we know that we have one day to do the election actually. We have all of these days for early voting, but we have that one day and we got to get it right.

LN: Now, I’ve heard that there were some concerns regarding the barcode on some of the ballots that gets printed that that could be.

CY: I have no concerns about that, okay. The great thing about our new equipment is while you’ll put your ballot through and the barcode is there, but we have a record of each and every one of those ballots. If we have to go back, and we do, we go back and we review to make sure things are right.

LN: So, on paper it’s doing more than just the QR code. It also has the friendly names printed out.

CY: Yes

LN: Is that correct?

CY: Oh absolutely, yes.

LN: So the concerns that some people had were that, I think the concern was that the barcode could be different from what’s printed. But if that were the case, you’d be able to audit that after the fact.

CY: And we do a full-blown audit at the end of every election just to make sure.

LN: So someone voting, they’ll be able to actually see the print out on paper.

CY: They will be able to have that in their hands. They’ll be able to check their choices and then they will cast their own ballot, not us but them.

LN: And so it gets scanned and digitized, but then the physical ballot gets locked in the box, correct?

CY: Yes.

LN: So, there’s a dual system.

CY: Absolutely.

LN: I think that makes a lot of sense.

CY: It does, it does. And it gives people peace of mind. You hear all of these stories about well, my vote may not count, and this. I mean, all kinds of things. So to prevent those kinds of things, we have new equipment, and we have a new process, and I think people are going to like it.

LN: Great, well everyone get out there and vote. And, thanks Karen for all your work on this to help make sure election day goes smooth.

LN: Thanks.

CY: Thank you.

Cook County Clerk.com

https://www.cookcountyclerk.com/agency/2020-elections

Other related articles

Featured

Access to Justice with Jacob Meister

Jacob Meister vows to help those who don’t have access to electronic court communication to enable them to help themselves. He is running for Cook County Clerk of Circuit Court. Access to Justice is what Jacob Meiser stands for!

Election Day March 17

Cook County Clerk of Circuit Court Candidate Jacob Meister vows to bring access to justice. He’s concerned for those who aren’t represented by a lawyer in the system, who don’t have access to electronically file in the court system, who can’t afford internet access, or they simply don’t have a computer or most of all they don’t know how the electronic filing system works. These are folks without financial means and denied access to justice. Jacob Meister has a plan that will ensure everyone has access to justice.

Cook County Clerk of Circuit Court Candidate Jacob Meister, the real deal! Lee Neubecker interviews Jacob Meister to learn more about what makes him tick. Check out this video to learn more. You’ll be glad you did!

Meister says…Access to Justice to those who can’t afford it!

Part 4 of our 4-Part Series on Cook County Clerk of Circuit Court Jacob Meister

The video transcripts of Access to Jacob Meister follows

Lee Neubecker: Hi, I have Jacob Meister back on my show. Jacob, thanks for coming in again.

Jacob Meister: Thank you, Lee.

LN: So Jacob’s running for Cook County Clerk of the Court, which is one of the largest court systems in the U.S. One of the things that you talked about before is bringing about justice and access to resources necessary. What would you do to help those incarcerated have access to the information they need to defend themselves?

JM: Well, you know access to justice is one of the principal themes of my campaign because as Clerk of the Circuit Court, I’d be presiding over the second-largest court system in the country as Chief Operating Officer. And as we’re moving towards, for instance, electronic filing, there are efficiencies that are achieved. But at the same time, for those people who aren’t represented by a lawyer in the system, all of a sudden they find themselves where they used to be able to mail in their court filings, all of a sudden they’re required to file electronically into a system. It’s very bureaucratic and hard to use. So as a result, those individuals, maybe they don’t have internet access, they don’t have a computer, they don’t know how the electronic filing system works. They’re denied this access to justice unless they travel down to a courthouse during business hours, and stand in line for sometimes an hour or two, just to get assistance to file into the system. One of the things that I will do as a clerk is to provide computer filing kiosks in every library in Cook County, so that individuals who are faced with a lawsuit that they have to file a response, can do it on evenings and weekends, they don’t have to take time off of work. They can go down, and we’re going to be training reference librarians who understand the electronic filing system, and will be able to provide assistance, showing individuals how they can upload into the system so that people can file and access 24/7.

LN: So you’ll be partnering with other governments that are there, the City of Chicago, other municipalities, to actually train their staff, so that if someone doesn’t know, they’ll have the convenience of going to their local library, instead of having to take off work to come downtown.

JM: Correct, correct. And we’ve got hundreds of libraries in this county. And they’re all potential points of access to our justice system. And as we move to an electronic system, we can increase the number of points of access, and start allowing people in their own neighborhoods to access justice. And that’s really important.

LN: What about those incarcerated that are in the Cook County jail, and what not, is there access to resources there presently?

JM: Absolutely, well absolutely. You know, one of the big problems we have is that the Illinois Department of Corrections has around 600 prisoner appeals pending in Cook County alone, where prisoners appeal their convictions. Maybe they’re trying to overturn the conviction or change the sentence. And right now, records access is so limited that some of those prisoner’s appeals have been pending for more than a year without the clerk’s office being able to get the record to the appellate court, and the appellate court can’t do anything without a record. That is a travesty. So accessing justice is important. I want to have a robust case management system so that those records are accessible, and can be assembled, and that we’re keeping complete files electronically so that they can be transmitted up to the appellate court, and won’t be getting lost.

LN: Great. Thanks for being on the show, this is really helpful.

JM: Well thank you for having me, Lee.

Watch the whole series on Jacob Meister

Part 3 of our 4-Part Series on Jacob Meister
Part 2 on our 4-Part Series on Jacob Meister
Part 1 of our 4-Part Series on Jacob Meister

To Learn More about Jacob Meister

http://jacobforclerk.com/

Cook County Clerk of Circuit Court New Website

http://www.cookcountyclerkofcourt.org/NewWebsite

Cook County Clerk information on Voting

https://www.cookcountyclerk.com/service/view-all-candidates

Featured

Cloud Cyber Risk

Cloud-based storage of an organization’s data attracts cyber hackers like bees to honey. Hackers take time to study and find flaws to breach, extract and sell personal information data. Data Experts Lee Neubecker and John Blair discuss cloud data compliance and legal regulations put in place to protect cloud-based data.

Compliance and Privacy Laws

Cloud cyber risk goes hand in hand when storing data on the Cloud. New compliance and privacy laws have been enacted to protect this cloud-based private information. The State of Illinois has passed a privacy law that specifically addresses how companies gather and store private data.

The Illinois Policy Group, an independent organization that generates public policy, explained that in 2008, Illinois enacted the BIPA, the most stringent law of any state regarding the consent, notice and disclosure procedures private entities must follow when collecting, storing or using people’s biometric information, such as fingerprints, iris scans and face prints. This law forces companies into compliance and makes them more responsible for the collection and storage of private data ultimately, decreasing exposure to cyber risk.

Data Experts Lee Neubecker and John Blair say because of BIPA companies are now more aware of how they secure and store data. They discuss other data compliance and privacy laws such as; California Consumer Privacy Act (CCPA) and Health Insurance Portability and Accountability Act (HIPAA) and how these laws help regulate the healthcare industry and other organizations when storing consumer data, and vendor data in the cloud ultimately protecting the consumer. Watch this video interview to learn more.

View Part 2 of our 3-Part Series on Cloud Data

Part 2 of our 3-Part Series on Cloud Data

Lee Neubecker: Hi I am back again with John Blair. We’re continuing our discussion on cloud security and helping to minimize your cyber risk of having data in the cloud. And today, we’re going to be talking more about some of the compliance and regulatory issues and legal issues that companies face that are having their data and customer data, vendor data in the cloud. So, John, can you tell me a little bit about some of the regulations that impact the healthcare sector specifically?


John Blair: Yeah, the primary one is going to be HIPAA and associated as subsequent acts like HITECH and things like that that augment HIPAA and some of them more clearly defined some of the rules and regulations, primarily Security Rule and Privacy Rule. So those are going to be the ones that primarily come into play, but there are also individual state versions of healthcare acts that you need to abide by and each state has one so you also need to abide by the state regulations as well.

LN: Interesting. So it really, if a company’s operating in multiple states, they have a lot of issues to be looking at.

JB: They have a lot of regulations to be aware of and to be compliant with, yep.

LN: So I know here in Illinois, we have the Illinois Biometric Information Protection Act, otherwise known as BIPA and that’s been creating a lot of stir with Facebook recently had a settlement.

JB: Yep.

LN: And apparently Illinois Residents that have Facebook accounts might be entitled to around $200 per person.

JB: Yep.

LN: If you are in Illinois and have Facebook, so possibly you will be notified.

JB: Yeah, Illinois is the only one.

LN: And do you think it will be through Facebook Messenger?

JB: I do not but Illinois because of that law, Illinois residents are the only ones that are getting anything out of that lawsuit because of that, specifically because of that law.

LN: Got it.

JB: So I don’t know the details of the law but on the surface, it seems to be headed the right direction.

LN: Right, essentially they took the position that your biometric information, unlike your cell phone or your social security number, you can’t change it.

JB: Right.

LN: So if that data becomes compromised such as your facial vector map,

JB: Yeah.

LN: Or your fingerprint or your DNA, that you can’t swap it, it’s part of who you are.

JB: Right and those, you know, we’re finally headed in the right direction where it’s being considered personal.

LN: Yeah.

JB: So which I totally agree with.

LN: We also had just last month the California Consumer Privacy Act, known as CCPA went into effect and that’s got a huge impact on anyone who does business with California residents.

JB: Yeah, that is yet to, I think people were preparing for that prior to that but it’s going forward, I’m sure there’s going to be a lot of repercussions from that because there’s going to be obviously companies and entities that don’t prepare well for that and are going to get caught up in it because it covers, California is a huge state, a lot of people so there’s going to be some lawsuits.

LN: So it’s also been such that if you’re making medical devices for consumers and you have that information, relaying over 3G, 4G networks, we’ve got CPAP machines, pacemakers, all other types Of information. LN: All kinds of monitors

JB: Yep.

LN: And that information going to the cloud, if you’re a California resident and that information gets breached, it could be used by marketers or it could be used In other ways to target people.

JB: Yeah hospitals are going to need to really step up their game with respect to that particular regulation. Hospitals traditionally are a little bit behind technically speaking from an IT point of view, they’re very much on the bleeding edge from a medical device IT point of view but they tend to lag behind because you can’t, it’s hard to afford both

LN: Yeah.

JB: But this is going to, you know, how they allow individuals or access to their networks, what they allow in and what they allow out because that’s the channel these medical devices use is going to be very, very important that they get more control over those things.

LN: So as it relates to healthcare, what are some of the concerns about when a data incident is discovered to actually turn out to be a data breach, what types of reporting and notification requirements are unique to the healthcare sector?

JB: Well, first and foremost, you need to evaluate the situation and then have in conjunction with your legal team and compliance teams, establish whether or not you do officially declare it a breach which means you need to investigate it, you need to involve any vendors that were involved with that data because it may have been the vendor that you’ve contracted with that actually had the breach of the disclosure and not you but since they’re your vendor, you’re also on the hook and that flows all the way up from business associates, which is what those two entities will be up to the covered entity who actually owns the data. So after a thorough investigation and consultation with legal and compliance, a determination needs to be made whether or not you’ve formally declared a breach. And if so, then there’s all kinds of HIPAA standards that come into play about notification to the government, notification to each individual affected by the breach, what needs to take place with respect to that notification, there’s a timeline involved that needs to be met. So there’s all declaring it a breach is a very formal and arduous task.

LN: Yeah, not a pleasant one.

JB: No.

LN: In our next segment on securing data in the cloud, we’re going to be talking more about when a breach is discovered, some of the issues related to reporting the breach and what that can mean to an entity, especially if it’s not handled correctly. So thanks for being on the show again.

JB: Thanks, Lee.

View Part 1 of our 3-Part series on Data Cloud Storage

BIPPA Laws

To learn more about HIPAA

https://www.hhs.gov/hipaa/index.html

Illinois BIPPA policy

https://www.illinoispolicy.org/

Featured

Coronavirus: The Global Impact

Coronavirus is here and leaving death and destruction in its path. Lee Neubecker and Geary Sikich uncover the Coronavirus and its global impact on businesses worldwide and what it means for us here at home in Chicago.

Coronavirus is here and globally impacting our world. Human beings are dying and the toll keeps rising more and more each day. That is the horrible truth of disease! Besides causing human pain and suffering the Coronavirus is also causing disruption and impacting many businesses that are dependant on each other. What does the impact look like? Forensic Expert Lee Neubecker and President of Logical Management Systems Geary Sikich dissect Coronavirus and the huge global rippling impact. For example; Chicago recently canceled the Housewares Show at McCormick Place which typically draws over 60,000 attendees. Everything associated with that conference will feel a significant downturn. ie. hotels, travel, transportation, local food, and beverage. As a result of this global business disruption, there will also be an increase of vulnerability and these experts anticipate an increase in cyber activity. Watch this video interview to learn more about other global industries impacted by the Coronavirus.

Part 1 of our 2-Part Series on Coronavirus

Coronavirus Series: Part 1 is about The Global Impact

Lee Neubecker: I’m here today with Geary Sikich. He’s the president of Logical Management Systems, a cyber and business continuity consulting expert. And I’m Lee Neubecker, the president of Enigma Forensics. We’re a computer forensics firm that provides investigative assistance with matters involving litigation or otherwise investigations. Today we’re going to be talking about the Coronavirus and the global impacts. Thanks, Geary, for being on the show.
Geary Sikich: Thanks, Lee, for having me back.

LN: So, Geary, can you tell everyone what’s happening right now globally, as it relates to the business environment in impacted nations?

GS: Well, the current state of affairs is that Asia is in a situation where Coronavirus continues to kind of expand. It’s expanding at a lesser pace in China, but it’s accelerated in places like South Korea and in Japan. And we’re starting to see it, obviously, move from those Asian countries into the Middle East. Iran has a huge issue with Coronavirus. Italy has another big amount of people that are confirmed cases versus cases under observation. So there’s a significant amount of human impact there. On the business side, this has disrupted a lot of businesses in just about every way you can imagine. So, the shipping industry? Tremendous disruption there. Airline industry? Tremendous disruption there. A lot of flight cancellations and other things. We’re seeing now sporting events, conferences, conventions, all kinds of things that are essentially money-makers in the normal sense, but also dependent on a tremendous chain of support to bring off. Suddenly a conference is canceled, and now you have hotels affected, you have transportation systems affected, you have all the food services affected. This kind of rippling through a lot of areas is causing a very very big concern with, not only businesses but governments. How do you control it and what do you do in this situation?

LN: So, here in Chicago, we have the Chicago Housewares Show canceled. Recently many vendors were coming from other nations where there’s a travel ban. And that impact certainly impacts the workers that are at the hotels, The audio workers.

LN: And whatnot, their hours get cut.

GS: Yeah, the interesting part about that is that when you begin to look They had on the news the other day, They had on the news the other day, was talking about the cancellation of this convention. 60,000 people come. And obviously there’s a lot of work that’s done: Setting up booths, displays, and all the other things that go along with it. Suddenly, he’s out of work for a period of time until the next convention comes in or maybe doesn’t come in. But that ripples through to hotels, food services, restaurants, your taxi cabs, your Ubers, your Lyft, your everything associated with coming to a place for a conference or a convention. So a huge impact. But then you also have So huge impact.

LN: But then you also have and these deliveries are now delayed because of the dockworkers that load up the equipment

GS: Systems.

LN: And these deliveries are now delayed where they have restrictions in place.

GS: And an interesting sidelight to that is that you look at the shipping industry and the amount of material that’s shipped by the containers those ships carry are what they call 20,000 TEU which is a 22-foot equivalent unit. Or 20-foot equivalent unit. Anyway, it’s a size that they have. If you look at that aspect, one of the things that some companies are starting to encounter, and I think you’re going to see more and more of this, is that because of delays in shipping, suddenly the container supply is not as available because your container, Lee, that you shipped, full of your product is sitting out in the ocean waiting to dock at my port, but it can’t come in because it’s quarantined? And now that container is going to sit. But John’s company needs a container to ship his product. Can’t get it because your container’s the one he would’ve normally gotten. So huge impacts in terms of ripple effects in a lot of it. So the average time that the container holds goods, in terms of the number of days is increased markedly. And the existence of the containers largely

LN: So the average time that the container holds goods, so there’s a shortage. Right. And if you think about this in another context, the number of things in the containers, it’s not just computer chips,

GS: Right. Roughly, and I heard a figure that was kind of astounding to me, but about 80% of all the containers are full of perishable foods.

LN: Oh yeah, certainly.

GS: You’ve got your bananas, and oranges and things that we don’t necessarily get in Chicago in the wintertime ’cause we don’t grow them.

LN: Oh yeah, certainly.

GS: You’ve got your bananas because it’s no longer fresh. I’ve got to decontaminate the container. because we don’t grow them, in terms of how these all are impacted. Which gets us into looking at, from a computer security standpoint. These are tracked. Barcoding systems and whatnot. How easy is it for that to get disrupted because somebody decides it’s an opportunity to hack into a network?

LN: Certainly, when systems are constrained and overworked, it’s the likelihood of a failure or an attack compromising the system goes up. So it creates a real opportunity for a hacker to strike and have a magnified impact, So here in Chicago, we have a lot of companies that are impacted by this. We’ve got Boeing, We’ve got United Airlines. Boeing. Major facilities for companies that, while headquartered elsewhere, operate big hubs out of Chicago. Especially in the airline industry.

GS: United Airlines. still, kind of the shipping center for a lot of the country. And if you look at the Chicago area, if you will, you’ve got then industries in Northwest Indiana, you’ve got industries south of Chicago.

LN: Rail.

GS: A huge amount of rail traffic that goes through. The expressway between Indiana and Chicago, 80, 94, is one of the heaviest traveled expressways in the world. You’ve got a number of other businesses that suddenly have the exposure that they hadn’t realized. A huge amount of rail traffic that goes through. What would happen if you took the casinos in the Chicago area and closed them down for two weeks? It’s not just casino workers. It’s not just the amount of money the casino’s going to lose by not being in operation. It’s the day worker. It’s what we call the gig economy. Those people who live paycheck to paycheck that are dependent. So suddenly, they’re without. How are we going to deal with making sure that there’s a, if you will, an equilibrium or a safety net for those entities? One of the things we’re faced with, starting to see now, the City of Chicago’s just announced they’re just putting together a pandemic taskforce. They’ve had a few months watching it unfold in China. much like the rest of the United States, and, if you will, the rest of the world in some respects. Why has it taken this amount of time, and what do we need to be aware of from a private-sector standpoint as to what the public sector is going to do? So from a planning standpoint, this is critical. If you’re a business and you’re putting together a plan, and your plan suddenly conflicts with the City’s plan or the State’s plan, what happens then? How do you deal with that?

LN: Those are all great points. In our next segment, we’ll be continuing our discussion, and we’ll be talking a little bit more about what it’s been like for businesses that are going through some of these extreme measures that are being put in place to help protect and contain the virus from spreading. Thanks for being on the show.

GS: Thanks, Lee.

Other related articles

City of Chicago’s response

https://www.chicago.gov/city/en/depts/cdph/provdrs/health_protection_and_response/news/2020/march/public-health-officials-announce-new-presumptive-positive-case-o.html

For information about how you can prepare from the Center Disease Control.

https://www.cdc.gov/coronavirus/2019-ncov/community/index.html

Featured

Data Breach Response After the Fact

Your email has been frozen and your company website is down. Your IT department has confirmed a data breach. What do you do next? Incident Expert Lee Neubecker and legal expert Kari Rollins offer easy instructions about your next important steps.

It’s a fact! Your IT team confirmed a Data Breach or incident has occurred. What do you do after the fact? Forensic Expert Lee Neubecker and Legal Expert Kari Rollins say don’t panic! First, convene with your incident response team, start to investigate under privilege, and contact a 3rd Party forensic expert to help preserve vital information. Watch the rest of this video for further recommendations about data breach response after the fact!

View Part 3 of our 3-Part Series on Data Breach

Part 3 of our 3-Part Series on Data Breach

The Video Transcripts of Part 3 of our 3-Part Series on Data Breach follows

Lee Neubecker: Hi I’m back again with Kari Rollins, and she’s here talking with me today about data breach incident response. The Sedona Conference recommends, how an organization should respond to such incidents. And we’re talking in this third part segment about what to do after an incident has been reported. So Kari, please tell me what the initial issues are that come to mind when you get that phone call from a client that says something happened.

Kari Rollins: Sure, so usually, as we were talking about in a prior segment, you may not know whether you’ve had a breach as defined by law. You are just told by your information’s security team, or an employee or a manager that you’ve had, there’s been an attack. Or there’s been, “I can’t get access to my email,” Or, “My account’s frozen.” So you immediately start to investigate. You want your.. according to your incident response plan which we’ll hopefully have in place, you’ll convene your incident response team; you’ll start to investigate under privilege. You’ll call if you need your outside forensic investigator to help you access it. Help you access what’s happened, right? That the facts in an incident are really, really important because they drive the legal conclusions. Have you had a breach, or have you had an incident that has resulted in the acquisition with just the access to personally protected information? Or are you.. did you have an incident where maybe the systems that house the personal information were accessed, but there’s no evidence that the malware ever made it into the room where the family jewels are hidden and they were taken out. And that’s an important part of understanding whether you actually have a legal obligation to notify regulatory authorities or consumers. So the first step is always convening the team, putting it under privilege, calling your experts, and starting to investigate the important facts. Was this an outside threat, was it an insider threat? I know you’ve had experience a lot with investigating internal threats, which are on the rise these days as I would expect.

LN: And a lot of these incidents, it may be reported as a data breach, and the question is well, how did it happen? And sometimes, it’s not too uncommon that IT staff don’t receive the resources they request, and that data incidents happen as a result of being under-resourced. And in circumstances like that, there’s still a lot of pressure on the people managing IT, to not only run the organization ongoing but to deal with this whole new layer of troubles. So having that team in place beforehand where those relationships are there really helps.

KR: Yes

LN: And the other thing too is, you know, if there is a failure internally, it’s more difficult and less likely that you’re going to get the facts quickly if you’re using the team responsible in some way for the breach to report on what happened. I always recommend that after that initial meeting that preservation of key data occurs, and is offloaded outside the organization. You know, log files, certain key computers, email systems to the extent that they were modified so that there’s the ability to do that analysis. Because when an organization has an incident, it’s quite possible that all the data disappears, and the effort to cover the tracks.

KR: Or it’s not even, it may not be as nefarious as that. It could be that the teams are working so quickly a lot of the remediation plans are to thwart the malware and to remove it. But, in a lot of instances, you need to safely remove it and keep a copy of it, because you need to reverse engineer it. And understand how it got there, understand other signatures it might have; so being thoughtful, and we talk about this being thoughtful about evidence preservation is really critical, especially if you get to the point at which you do have a breach that requires notification. And litigation regulatory inquiry ensues, you will have been expected to preserve that evidence and show the chain of custody. Otherwise, you could have allegations of spoliation leveled against your company.

LN: And I’ve seen circumstances too where a legitimate data incident happens and we’re able to get it quickly and identify the impacted individuals. And sometimes it’s just been a few people; in a circumstance like that, it’s much easier to reach out to those individuals, make things right, and resolve the issue. And be able to report to them what happened. It’s much better than having to publish on your website and report to the attorney general that you had some massive data breach. So, not all data incidences are massive data breaches.

KR: That’s true, some of ’em impact you know, one or two individuals, and you may still have an obligation to notify them under the relevant law. But they don’t have to be the big massive breaches. And again, I think the great thing about the Sedona Conference Guide is that it’s, you know, it helps companies navigate small to big breaches. You know, it’s not intended to be the ultimate authority on the law in this area, because the law is ever-changing. But what it does is it helps companies issue spot from a practical perspective so that they know what laws they need to consult, and why and what issues they need to address, like for example, notifying your insurance carrier. One of the big questions we always get is, Well, we’re the victims, here; the company X is a victim of this cyber attack. Who’s going to pay for it?

LN: Yes.

KR: And so, insurance coverage for cyber incidents has is a really hot button issue these days. And so it’s important for companies to know in advance what their policies say, what the notification requirements are. Even if they just have a sniff of an incident – maybe it’s not a breach. So that the third party and first-party costs are covered, and that you’re working with your insurance carrier, and you’re working with your insurance council to ensure that coverage. And to make sure that you’re getting the right information to your insurance carrier about your forensic teams. Are they approved? What rate are they going to be reimbursed? What type of reporting do you have to do from a cost an expense perspective to your insurance carrier? So.

LN: And, it true that if companies use their own internal IT resources to do the investigation, that the insurance carriers usually won’t pay out their own internal resources?

KR: It really depends. It depends on the policy.

KR: It really depends on the policy. There are, in some instances, some policies would cover the first party staffing costs, so for example, if you had to pay staff overtime to work 24 hours a day to try and investigate, you may be able to claim that. But it really depends on your policy. There’s certain.. there’s certainly reimbursement line items for business disruption and business interruption. Or, you know the loss of business, loss profits line items, as a result of ransomware tax. But again, knowing your policy is a critical step in preparing.

LN: Where do you see the benefits of using an outside forensic investigator as opposed to internal IT to investigate when an incident happens?

KR: You know I think it’s two-fold, one, a lot of internal IT teams are taxed as it is with their day to day obligations. And if an incident is one that is medium-high critical, you want to be able to dedicate the resources to the incident to investigate swiftly, and to ensure that there’s no delay. And so pulling in a third-party forensic expert alleviates some of that burden and stress on the IT teams. And then separately and secondly, it also creates a level of objectivity that is.. that benefits the company in the event. Or in the unfortunate event, someone in the IT group may have made a mistake that caused the vulnerability. There’s less likely that that mistake would be covered up. Or there’s going to be more candor from the third party expert, the to management team say like, “Hey, this issue should have been addressed”. And it wasn’t, and now you know what thwarts may be in the event. You have some litigation down the road and you need to defend. But so I would say really sort of time and devotion of resources where needed, and objectivity.

LN: Great, well thanks a bunch for being on this show; this was great.

KR: Absolutely, thank you.

Part 1 of our 3-Part Series on Data Breach

Part 1 of our 3-Part Series

Part 2 0f our 3-Part Series on Data Breach

Part 2 of our 3-Part Series
Data Breach Incident

To Learn More About Sheppard Mullin / Kari Rollins

https://www.sheppardmullin.com/krollins

Featured

Securing Data in the Cloud

Secure Cloud Data! Large organizations buy cloud services that provide storage on servers and other devices and connect with computer networking equipment throughout the world. So, how are they securing the data? Experts Lee Neubecker and John Blair say start with knowing what data is being stored.

What steps do organizations need to take when securing data in the Cloud?

The Cloud is digital storage that is physically secured and stored on big servers owned by big companies and made accessible through the internet. These big companies are connected with other computer networking equipment throughout the world. Does this sound too big to secure? Experts say there’s no time like today to understand where your data is stored and how it’s secured.

Today on the “The Lee Show”, Forensic Expert, Lee, and his guest John Blair who is cyber governance and information technology expert, explores the complexities of cloud-based security and storage. John suggests starting with obtaining a holistic inventory of your organization’s data and most of all be aware that some employees bring their own applications and use their own personal device to store organizational data. Check out this video on securing data in the cloud to learn more about cloud storage and cyber risk.

Part 1 of our 2-Part Series on the Securing Data in the Cloud

Part 1 in our 2-Part Series on Securing Data in the Cloud

The Video Transcripts on Securing Data in the Cloud follows

Lee Neubecker: Hi, I’m here today with John Blair. John is a cyber governance and information technology expert. He’s on the show here today with me to talk a little bit about securing your data in the cloud. Thanks for being on the show again, John.

John Blair: Hi Lee, good to be back, thank you.

LN: So we’re talking about cloud cyber risk. What do organizations need to be looking at to help secure their data in the cloud?

JB: I think first and foremost, you need to understand where is all the data and how do people get data in and out of their environment? There’s a lot of things typically called Shadow IT, where certain departments or certain users might you know, for example, start sending things to Dropbox to sync data amongst themselves to make it easier for themselves. But they might be syncing confidential information that’s not on Dropbox and the organization has no idea about it. You know, that scenario plays itself out over and over and over again, where there might be departments that actually use applications in the cloud that thus obviously, are processing data as well that the organization might not know about either. So you need to get an inventory of data. Where is it from a holistic point of view?

LN: And today you have the Bring Your Own Cloud, BYOC,

JB: Yes

LN: Many employees are bringing various apps with them that they’re used to using from their prior employers, and they’re wanting to use these apps. Sometimes they’re putting them on their smartphones and whatnot.

JB: And that’s driving a lot of the corporate action towards that. The cloud for first and foremost is a cost-savings for the most part. But what people are not realizing is that along with those savings comes certain responsibilities. And, from a user perspective, you know, people are used to as you said, people are used to certain applications, they’re used to certain things on their phone, or on a tablet or they’re used to working in a certain way with certain applications. And then you get in a corporate environment and those applications or that way of working might not be available. And so people start voicing that, and it becomes, you know, somewhat of a problem for corporate to adapt and keep up.

LN: So organizations, especially healthcare-related organizations, as well as financial services and other organizations that depend on intellectual property have a real risk here, don’t they with people bringing apps?

JB: They have a very big risk. Both of those sectors are heavily regulated. Data needs to be very tightly controlled. Breach notifications in the event that it happens become a very big deal, very public. And if you can’t explain where the date is, and where you know, who has it, then you have a problem.

LN: So isn’t there also risk not only faster dissemination of intellectual property and trade secrets, but what if the information becomes compromised by malware or a hacker to morph the data or destroy the data?

JB: Yeah, your only recourse at that point is to have really, really good backups. Because otherwise, you have no actionable direction to take. If you don’t have a backup of that data, you know, you have no ability to recover. It still might be considered a breach, a lot of times, and certain organizations or certain regulations. So you still might have to report it, even though the data has never left your organization, the fact you’ve lost control of it might be considered a breach. So that might be something you’d have to consider with your legal teams. But it’s not, it’s still a very big deal because you no longer are able to use it.

LN: So don’t you have a risk though, that if your backup is online, that the attacker could compromise your primary source and then your backup drive attached to your server?

JB: Well, hopefully, they haven’t gotten that far. But if generally speaking, your backups are always in the separate physical location, and not necessarily on the network.

LN: So you rotate them?

JB: and they’re separate, you know, media and things like that, but yeah, if you’ve gotten to the point where they’ve corrupted your database, they’ve encrypted your database, and they’ve also encrypted or destroyed your backups, you’re, in a very bad way.

LN: So knowing that hard drives sometimes fail, if you’re using a physical hard drive to write the data to, what do you think most organizations should be doing to ensure they have a certain number of versions that they can restore to?

JB: Well, normally backup systems are version controlled and so you do backups based on frequency. You do daily, you do hourly, you do you know, on the spot, so there point in time, a lot of times where there’s a lot of people, organizations, that can afford it have failover data centers, for example, that are mimicking the primary data center. So there is no loss of processing. but that’s very, very expensive to do. But yeah, you should definitely have you know, off-site storage of data. But those are all historical, and things that are not necessarily online that you can immediately refer to those lesser compromised to your point. LN: So when you’re considering bringing in a cloud provider to your organization, is it an official, non-shadow ware operation? What are some of the questions you ask of your vendors and things that you look for to help secure, ensuring those cloud providers are secure?

JB: Right. First and foremost, do they have some sort of testations with respect to the services you’re going to use for that provider? Cloud providers have hundreds and hundreds of services, not all of them are audited by an independent auditor, not that that guarantees anything, but at least if it’s the services you’re going to use or the applications you’re going to use. or the locations you’re going to use with that cloud provider, then you have something to point to say, you know, we did our due diligence, and they have these SOC 2’s or whatever form it might take. But you have to do something on them to ensure that, because the cloud is half their responsibility and half of yours, and you have to make sure they’re doing their half.

LN: So what other things do you think that organization should look for if they’re using data in the cloud, how to maximize the security of that data?

JB: First and foremost, I think they need to within their own organization, block these drop boxes and the Google drives and all that sort of stuff like that, so that people individually can’t make you know, downloads for example, from the database and then upload it to Dropbox or Google Drive or whatever, and then go home and look at the same documents. You know, from a personal perspective, that’s very convenient, it’s very nice to have to be able to sync and you know, you can use one, one central source of the information, but from a corporate perspective, that isn’t your data. It’s a corporation’s data. And so, you know, the corporation needs to be responsible and know where that data is going, and how to prevent it ideally, from getting there. It’s very easy to drop, you know, to block Dropbox at a network level, you know, but the problem is that there are hundreds of those types of things to block. And so you know, you need to do a lot more care from a corporate perspective internally to make sure that your users aren’t putting data someplace where you lose control of it.

LN: And are there any, any other things that you’d recommend adopting if you’re going to use these cloud platforms to help ensure that hackers don’t get access to user accounts?

JB: That’s an interesting one because as yours been, you know, almost all those user accounts have been hacked at one point or another. And so the only thing protecting me at this point is a password. I think multi factors in you know, bio authentication type of actions are the only thing you can do to improve your chances of those accounts not being used by inappropriate people. Because the accounts themselves are basically public knowledge, you know. Your, you know, your username is public knowledge, the only thing protecting it is a password.

LN: And so, you know, the multi-factor authentication actually addresses and requires that you have to have three factors. Something you know, something you are, or something you have.

JB: Right.

LN: So, for instance, many people know their password. They might have a thumbprint or they might have their cell phone.

JB: Right.

LN: That is something that they have. So you know, having that second factor makes it less likely that someone can simply get the password and get in.

JB: Right, where they send like to your point the phone, they send a code to your phone, you enter the code into the application–

LN: Exactly.

JB: And then you gain access. Until then you’re simply at the network border.

LN: So on our next video, we’re going to be talking a little bit more about, again about the cloud, cyber risk security and specifically we’ll talk about some of the legal and compliance issues that arise. Thanks for being on the show.

JB: Thanks, Lee. My pleasure.

Other related articles about securing data

National Institute of Standards and Technology on Securing Data in the Cloud

https://www.nist.gov/system/files/documents/itl/cloud/SP_500_293_volumeII.pdf

Academia Data Governance Information

https://www.academia.edu/37900938/Information_Governance_Concepts_Strategies_and_Best_Practices.pdf

Featured

Debt Forgiveness with Jacob Meister

“Wipe out court debt!” says Jacob Meister, candidate for the Cook County Clerk of Circuit Court. He has a plan to ease the crushing burden of fines, fees, and forfeitures. Check out this video to learn more about his solutions.

Debt forgiveness is now one of the most popular presidential campaign promises but what does it mean on the local level. What does debt forgiveness mean for the City of Chicago taxpayers?

Enigma Forensics President & CEO Lee Neubecker interviews Jacob Meister, who is running for the office of Cook County Clerk of the Circuit Court. Lee is interested to learn more about what are Jacob’s plans regarding debt forgiveness.

Part 3 of our 4-Part Series on the Cook County Clerk of the Circuit Court, Jacob Meister

Part 3 of our 4-Part Series

Part 3 of our 4-Part Series on Jacob Meister

Lee Neubecker: Hi, I have Jacob Meister back to my show, Jacob thanks for coming.

Jacob Meister: Well, thank you for having me Lee.

LN: Jacob’s running for Cook County Clerk of the court. And we’re going to talk today a little bit about some things that have been trending in the news related to debt forgiveness. From the federal student loan debt, there have been talks about wiping out the debt owned, lots of people are concerned over medical-related debt. But now there’s been some, some calls by one of the candidates running, requesting that we just wipe away the Quartet. And I wanted to get your feedback on what the problem is there, and what do you think the solution is?

JM: Well, for years, I have been an advocate for easing the burden with court fees that are charged to litigants, fines, and forfeitures that go through the clerk’s office. The clerk is required to collect fines, fees, and forfeitures that are implemented usually by statute, or by sometimes by the court rules themselves. But what we see is a tremendous economic cost and social injustice that’s done. So just imagine you’re a single mother who’s been evicted from your apartment or your home. And you in order, you get a summons from the sheriff saying you must appear or you’re going to get a default judgment entered against you. But first, you have to file an appearance and pay a fee. It’s going to be $250 to defend yourself. And if you don’t, you’re going to get defaulted. And this is a crushing burden, you know, single mother, and it can affect that anybody who’s battling an addiction, be it child custody, it could be dealing with a divorce, it could be dealing with any number of things. We need to stop placing a crushing burden on the users of the court systems and make up a system that’s available to everyone.

LN: But who decides what that fee is?

JM: that with that state legislator, and that’s the Supreme Court, and the county board. some of those fees go there too. We have to stop squeezing court users to pay these fees and start paying for it in other ways. But in any event, I have been a supporter of for instance, when people get fines if you have a fine, you know, you would support and post fine and some people can’t pay it and it becomes this burden and you get trapped and sometimes you get imprisoned. Because you can’t pay these fines that you’ve been ordered to by the court. One of the things that we that I worked on in Springfield and we need to expand is allowing people to get credit for community service so that they have if they can’t afford to pay the fines, they have a way that they can provide community service and reduce that fine over time. We have to come up we have to be better about how we handle these things. We know, we have to stop taking away people’s drivers licenses, because they can’t pay their fines because that puts them in a cycle of debt that they can never get out of, because all of a sudden, they can’t drive themselves to work, they lose their jobs.

LN: They can’t get a new job,

JM: they can’t get a new job. Exactly. So we need to ease the burden there. I will continue to work with the folks in Springfield, with the folks in Cook County government, and with the courts. I’ve got very good relations there, And I will work to make sure that social justice is being achieved, and that we’re not putting people in a vicious downward spiral of debt.

LN: So some of the efficiencies you talked about earlier about making the court more efficient. Some of those efficiencies might help to pay for some of this relief on some of the oppressed people that are really being trapped in a cycle.

JM: Absolutely. Absolutely. Absolutely. And that’s the goal is to make sure that our courts are accessible to everyone, that we’re doing justice, and that we’re achieving social justice. We’re not just trapping People in a court system and in burdensome debt.

LN: Well, thanks for being on the show again.

JM: Well, thank you for having me, Lee.

Part 1 of our 4-Part Series on Jacob Meister

Part 2 of our 4-Part Series on Jacob Meister

Part 2 of our 4-Part Series on Jacob Meister, Cook County Clerk of the Circuit Court Candidate

View Jacob Meister’s website

htttp://jacobforclerk.com

To View Internal Related Articles

View Government Debt Forgiveness Programs

https://www.chicago.gov/city/en/depts/fin/supp_info/debt_relief_faqs.html

Featured

Prepare for a Data Breach

Don’t fail to prepare for a data breach! Check out what experts Lee Neubecker and Kari Rollins say are the three strategies to prepare for a data breach.

In the famous words of Benjamin Franklin “By failing to prepare, you are preparing to fail.” Forensic Expert Lee Neubecker and Kari Rollins with Sheppard Mullin agree with our Founding Father and warn that a data breach is inevitable, don’t fail to be prepared!

In her practice, Kari focuses on data privacy, data security and data breach preparedness. Together, they discuss two basic strategies to help you prepare for a data breach; understanding what data you have, where that data resides. Check out our video with transcripts to learn more on how to prepare for a data breach.

Part 2 of our 3-Part Series on Data Breach

The Video Transcripts of How to Prepare for a Data Breach Follows

Lee Neubecker: Hi, I’m back on the show again with Kari Rollins. Thanks for coming back again.

Kari Rollins: Thank you.

LN: We’re continuing our discussion about the Sedona Conference Data Incident Response Guide and some of the best practices of how to prepare for the inevitable data breach and what you should be doing beforehand. So Kari, can you tell me what some of the things are that you advise your clients to do in anticipation of a potential issue?

KR: Sure, and I think planning, in our view, is just as important as the actual response itself and how you investigate. And in the Sedona Response Guide, we’ve pulled together some suggestions for sort of two elements of planning. One is the more technical, understanding what data you have, where that data resides, what your network systems are so that when you do have an incident, and you have to understand what information may have been impacted, to understand whether you have a legal obligation to notify, you have a better understanding and a better map of what those systems are and the information they hold. And a lot of times, using not just counsel and conducting that analysis, but using third party forensic firms to come in and help with that data mapping process is a really important step in getting prepared to understand where are all of the jewels of the company lying within the systems to know what the type of critical impact could be if one of those systems is hit.

LN: And some of the problems I’ve seen is, oftentimes the documents that are distributed and given to legally become outdated, so this is something really that organizations should be periodically updating their network data map and actually using either consultants or tools to help them map out what devices exist on their network.

KR: Right, exactly. And to that point, too, understanding what contracts with those vendors control here. Especially in the event, you have an incident that impacts the system that is managed by a vendor, do you know what information is being controlled by that vendor, and how you all are going to liaise when that incident occurs, who’s going to take control, what the contractual obligations are? Because vendor management is a hot-button issue these days. The FCC itself just came down with a number of guidelines and best practices for vendor management, so being prepared in that sense, knowing where your data is, who your vendors are, who controls it is really important.

LN: Exactly, and I can’t stress enough, it’s important, too, that companies have offline backups of their data because if you have a storage mass go down suddenly, if your company doesn’t have offline documents that describe what the drive geometry for that raid array is, the ability to recover the data becomes compromised and if a hacker gets in and takes out a storage network and the documentation for how to rebuild that storage network is on that drive, that could cause a real problem.

KR: Absolutely.

LN: Do you see that this guide is applicable to companies that are concerned about cryptolocker type malware as well?

KR: Sure, I think this Incident Response Guide can help guide companies through any type of incident, whether it’s a ransomware attack, where their information is being withheld from them, whether for ransom or for other purposes, it could just be useful in investigating the so often seen phishing attacks that seek to attack the email accounts of employees and then further perpetrate other credential harvesting schemes. So it’s useful in the sense that it helps companies prepare for any of those types of attacks. And it does so by helping them with the data mapping, giving them some guidelines on that front. And then also helping them to craft an incident response plan, which I think it’s just as you were talking about, being prepared here with an incident response plan is also the other critical component of preparation and it’s not a one-size-fits-all for the companies. You can’t just, there aren’t these stock-standard off-the-shelf policies that you can then apply because each company has different data systems, and different requirements, and different teams. But this guide provides you with resources and guideposts for how you build that plan that makes sense in the context of your company.

LN: Exactly, and depending on where the company operates, if they operate in Illinois, they might be subject to BIPA, the Illinois Biometric Information Protection Act, which has a whole host of unique requirements. So in our next segment, we’ll be talking more about what should be done after a data incident arises. Just because it’s an incident, does not mean it’s a data breach, but there are certain things you want to do, like have your team in place beforehand. But before we leave, what are your recommendations and what does Sedona say about forming a team to be able to respond in advance of an incident?

KR: I think that is probably one of the most critical elements of an incident response plan is really just knowing who your team is going to be. Who are the individuals that you are going to call when an incident occurs and building that team, it’s important to have the right buy-in? Legal, of course, is extremely important because you want to be able to conduct the investigation under privilege, and in a fashion that gets the facts to your legal counsel in a timely and expedient manner so that you can understand the point at which you have information that suggests you’ve had a breach as defined by law. Because the point at which you learn you’ve had a breach is defined by law as to when your clock starts ticking for notification and that’s in some jurisdictions, that’s a really tight turnaround. So in the incident response plan, in the Sedona Conference Instant Response Guide, we talk about having that team. Having the information security teams, knowing who your third-party experts are going to be if you need third party support to come in and investigate, knowing who your crisis management team from a PR perspective would be. So having all of those individuals listed, with the contact information in the back of your plan so you know who to call, sort of the Ghostbusters, but the privacy busters of an incident, who are you going to call when you get an incident. So I think that’s most important because having the right people mobilized is going to save you time in the end.

LN: It’s important, too, that especially with your forensic experts, you want to make sure you’re working with experienced people that understand the sensitivity around email because as you investigate incidents, your initial impression of what happened or what is going on might change as you learn new information, so it’s important not to begin with the word data breach when you don’t know if it’s a true data breach. Because sometimes, an organization has a security incident but there’s no proof that any data actually exfiltrated or that it was used in any way, so that’s part of at least during that response that we’ll talk about next, those are part of the issues that need to be investigated, but being sensitive to that and making sure that privilege is in place and communications is definitely important.

KR: Yeah, exactly.

LN: Well, thanks and tune in to our next segment where we talk about what to do after the inevitable data breach.

KR: Right.

View Part 1 of our 3-Part Series on Data Breach

Related Articles on How to Prepare for a Data Breach

Prepare for a Data Breach, Secure Your Supply Chain

Learn More About How to Prepare for a Data Breach. Check out Kari Rollins

https://www.sheppardmullin.com/krollins

More About Sedona Conference Data Breach Guide

https://thesedonaconference.org/search/node/data%20breach%20guide

Featured

End of Windows 7

What are some of the potential problems for an organization trying to secure Windows 7? Cyber Security Experts Lee Neubecker and Atahan Bozdag say it’s analogous to owning a home and not maintaining it, eventually something breaks and it’ll cost you a fortune to fix!

Securing Windows 7 Environments

On January 14, 2020, Microsoft announced support for Windows 7 has ended. As reported by Microsoft, “Technical assistance and software updates from Windows Update that help protect your PC are no longer available for the product. Microsoft strongly recommends that you move to Windows 10 to avoid a situation where you need service or support that is no longer available.” It’s official…it’s the end of Windows 7! We have to end our love affair with Windows 7 and move onto Windows 10. What does that mean for the end-user? Well, if you stay on Windows 7, you will deal with constant security threats, and there will be no more updates or support. If you upgrade it’ll cost you approximately $139 for a home computer, $199 for a small to large business and $309 to upgrade a workstation that needs a faster powerful operating system.

Cyber Security & Computer Forensic Expert Lee Neubecker and “Fellow Forensicator” Atahan Bodzdag break down what impact is imposed on cyber security when computers no longer receive service patch updates or support for Windows 7. They discuss the usage of Windows 7 by the Health Care organizations that are resistant to change or have application that have not been ported to work with Windows 10.

Atahan Bodzdag provides an overview of top three items that all organizations dependent on Windows 7 should be undertaking to maintain cyber security resilience.

Window 7 Security Vulnerabilities

The Video Transcript Follows

Lee Neubecker: Hi, I’m here today with Adahan Bozdag. Thank you for being on the show Adahan.

Atahan Bozdag: Thank you for inviting me, Lee.

LN: Atahan is a fellow forensicator and cybersecurity expert. He works within the healthcare sector and works internally to an organization, doing some of the things I do as an expert witness outside an organization. And today we’re going to be talking about Windows 7, the end of the life cycle of Windows 7, and some of the cybersecurity issues relating to organizations that are in Windows 7 and are trying to prevent future data breaches. So, Adahan, could you tell everyone a little bit about what Microsoft did recently as it relates to Windows 7?

AB: Well, as you said, Windows 7 end of life cycle happened. It’s was January 14, 2020. They stop patching Windows 7 environment, so it is vulnerable to any attack after the date. January 14, 2020.

LN: So then when people report their CVEs, detailing vulnerabilities on Windows 7, eventually they’re up there for the hacker world to see. and to exploit because Microsoft’s not patching that operating system.

AB: Very true. It’s a dream come true for the hackers.

LN: Yeah, well, no more data patches means what exactly?

AB: It means that you are more vulnerable to attacks.

LN: So every day the risk of cyber compromise only grows for organizations still on Windows 7.

AB: Very true.

LN: So, what is for the non-technical person out there, could you explain what this is analogous to?

AB: Well, I can give you the house analogy. You buy a house and you don’t do any upgrades. You don’t do any maintenance. Something is going to break. So this is what’s going to happen with Windows 7. Because there’s no more patch, there are no more updates, there’s no more security involved in it. At one point if you still continue using it, you will get breached.

LN: So, it’s kind of like your locks start to fall off the door at a particular time

AB: Exactly, exactly.

LN: And if you consider the contents of a health care provider, to have sensitive data like patient medical records, electronic medical records, protected health care information, or PII, all of that stuff is vulnerable to exfiltration?

AB: Yes, very, yes.

LN: So, why are people still using Windows 7, given this threat?

AB: Well, some applications are not upgraded to work with Windows 10, and what happens. So then a lot of people working in the corporate environment are resistant to change because the applications are not working with Windows 10. So those,

LN: Or they just like the cleanness of Windows 7, relative to Windows 10, which

AB: Yes

LN: It has a lot of bloatware loaded on it if you’re getting the version off the shelf.

AB: True, true.

LN: Who really needs to have all these games on their environment?

AB: Exactly. But at the same time, every healthcare company that, you know, even my company that I’m working for, we have a golden image that we create, which are stripped down from all those games and stuff like that. So we don’t use those. But, to get there, there is always an image needs to be updated in Windows 10.

LN: So what are some of the potential problems for the organization that stays on Windows 7 and just doesn’t get with the program to migrate off?

AB: Well, first thing is, APT.

LN: What’s an APT?

AB: APT is an Advanced Persistent Threat.

LN: That’s like that nation-state, Big Brother lurking on the chips of the computer device, waiting for a moment to attack, right?

AB: They can infiltrate you. They can do nothing, just sit and wait, and look at your data. And we have seen that in many breaches. The time that you found out that the company was breached, they’ve been in the system for more than six, seven months. So they were collecting data slowly by slowly, and at one point they turned the engine on, and then the doomsday attack starts. Suddenly you start losing data. Deletion happens and then, they grab everything out from your system.

LN: “So there’ ve been a lot of nation-states making threats.

AB: Oh, very much so.

LN: This could be a huge opportunity for certain nation-states to get themselves onto hackable systems and merely wait until the opportune time to strike is such that they could magnify the damage.

AB: Exactly.

LN: We have a power outage,

AB: Yes.

LN: And they were to strike at that time, that would probably magnify the damage significantly.

AB: Very, very much. And now you’ve been talking about those in your other videos about these kinds of things. The cyber realm is another way of attacking our national interests. Health care is one of them.

LN: So let’s assume that an APT gets into a health care environment, health care provider’s systems, and they’re able to access electronic medical records, EMR, patient health care information, what might they want to do with that information?

AB: Well, patient records, especially the names, social security numbers, medical records, everything is sellable in the Darkweb.

LN: And it’s worth a lot more than just giving social security numbers.

AB: It is. True. It’s like a single record may go for $35. If you got about 10,000 records, 10,000 records times about $35.

LN: It’s likewise though, that data exfiltrates, and it gets out there in the market, the health care providers are looking at potentially significant financial damages, as well as reputational damage.

AB: Yes, yes. Because when these things happen, suddenly you have to report this either to the government or to the media. And then afterward the penalties will come. And investigations cost a lot of money. Penalties are really severe And doing all of these things, and if you’re still in the Windows 7 environment you’re actually opening yourself to these kinds of attacks.

LN: Yeah so, when these data incidents happen, as you like to call them, what do you see the role of internal IT investigations versus an outside computer forensic firm like myself specializes in data breaches and EMR. What is the typical role and function of the internal versus the outside expert witness?

AB: Internal it’s you know like myself, we do the investigation internally but we would love to hire, I mean we would like to hire an outside investigation, to give unbiased information. Saying that if you go to the legal ways that you will be able to say that hey, I’m not involved with this company I’m doing this…

LN: Sometimes, there’s benefit to having an outside forensic expert that’s independent speak only to the issues that are relevant and not necessarily have a knowledge of who was in IT that got fired or any of that other stuff that isn’t really relevant to the investigation but could create risk for the health care provider.

AB: True. True.

LN: So with regard to reporting obligations, let’s say you find that there was indeed exfiltration of patient data and that information left the organization, what are the reporting obligations?

AB: Well the best way that I can tell right now is if you were at the hhs.gov or consult your attorney it will actually tell you especially the website, will tell you what are the reporting obligations. There are multiple levels. If I go into details over here, it’s not going to last.

LN: Got it. And so, we talked about exfiltration but what can happen if someone gets in and actually deletes patient medical records?

AB: Well, the first thing is in hospital systems that patient who’s going to be either going into surgery or something like that, they will not be able to get, pull out the data.

LN: And so people who have a need for critical life-saving care, might actually die.

AB: Yes.

LN: Or worse yet, if someone were to alter the medical records

AB: That is a threat

LN: And say instead of your left lung having cancer it’s your right lung and you get the wrong lung removed, that’s a real problem

AB: It’s a big problem.

LN: So if you have to say, wrap it up what would be the top three recommendations you make to health care organizations to help defend against the potential future data breach that’s from running Windows 7?

Top 3 Measures to Defend Windows 7

AB:

  1. First is implementing operate plan to leave Windows 7, immediately. That’s a given fact.
  2. Second, isolate Windows 7 legacy into VDIs which we call the Virtual Desktop Environments. Isolate them from the network.
  3. And the third, make sure that your disaster recovery is in place and you do periodic tabletop exercises.

LN: Well thanks so much, that was really informative. I appreciate you coming on the show.

AB: Thank you for inviting me again.

LN: Take care.

Microsoft Windows 7 End of Support

https://support.office.com/en-us/article/Windows-7-end-of-support-and-Office-78f20fab-b57b-44d7-8368-06a8493f3cb9

Other Related Articles

View Microsoft website here

https://www.microsoft.com/en-us/

Featured

Jacob Meister’s First 90 Days

Most voters think the Clerk of the Circuit Court of Cook County’s office is ground zero of what’s wrong ethically in Cook County government. Candidate Jacob Meister vows to clean up the office and deliver much needed ethical reform.

Enigma Forensics President & CEO Lee Neubecker interviews Jacob Meister, who is running for the office of Cook County Clerk of the Circuit Court. Lee is interested to learn more about what Jacob Meister plans to do in his first 90 days in office.

View Part 2 of our 4-Part Series on Jacob Meister, Candidate for Cook County Clerk of the Circuit Court

Part 2 of our 4-Part Series on Cook County Clerk of Circuit Court Candidate Jacob Meister

The Video Transcript follows

Lee Neubecker: Hi, I have Jacob Meister, who’s running for Cook County Clerk of the Court. He’s back on my show today. Jacob, thanks for coming back on.

Jacob Meister: Thank you for having me.

LN: So, as a candidate for Cook County Clerk of the Court, which is one of the largest court systems in the U.S., what do you see as your top priority in your first 90 days in terms of fixing a big problem that needs to be addressed?

JM: Well, the Clerk of the Circuit Court of Cook County’s office is ground zero of what’s wrong ethically in Cook County government, you know? The voters in recent years have elected a new Cook County Assessor, Fritz Kaegi, a new mayor, Lori Lightfoot, and have made clear that they demand ethical reform, in government, and the Clerk of the Circuit Court is ground zero of what needs to be fixed. This is an office that for decades and decades has been plagued with political patronage, political workers getting jobs at the public expense in order to do political work. We have to stop that, and in my first months in office, I want to make sure that we are cleaning up the office to make sure that we are delivering taxpayers value for their money and that employees are dedicated first, foremost and exclusively to serving the public interest in the clerk’s office. We cannot get over the operational problems that this office has until we first clean up the ethical issues. So, I want to make sure that the patronage in the office comes to an end. That we comply, there’s currently a federal decree, it’s called the Shakman Decree, that the office is under that requires patronage to hiring, to not be done by patronage. I want to make sure that people are promoted from within, not given these political jobs where employees are beholden to the party machine.

LN: Great, well, thanks for being on the show, Jacob.

JM: Thank you, Lee.

View Part 1 of our 4-Part Series on Jacob Meister

Part 1 of our 4-Part Series on Cook County Clerk of the Circuit Court Candidate Jacob Meister

Other Related Articles

Featured

Steps Employers Should do Before Using Biometrics

More and more employers are using biometrics. Biometric information and is covered by the Illinois Biometric Information Protection Act or BIPA. Forensic expert Lee Neubecker and Vedder Price Shareholder David Rownd talk about the steps employers need to take so they don’t violate BIPA.

Employers Using Biometrics

What should employers do before collecting biometric information? Biometrics is on the cutting edge of technology and more and more employers are using biometrics in the workplace. Employers use biometrics to activate machinery or computer devices, to track employee time and attendance, and can be used to gain access to specific secured environments. The most common example of employer use of a biometric recognition system is the fingerprint.

Expert Lee Neubecker and Vedder Price Shareholder David Rownd discuss the necessary steps that all employers should do before installing biometrics.

Part 3 of our 3-Part Series on Biometric Data

Part 3 of our 3-Part Series on Biometric Information

The Video Transcript Follows.

Lee Neubecker (LN): Hi, I’m here again with David Rownd. David, thanks for being back on the show.

David Rownd (DR): Oh, thanks for having me again.

LN: So we are continuing our series talking about BIPA, the Illinois Biometric Information Protection Act. And what employers should do, especially those New York employers that have satellite offices in Chicago that track their employees and whatnot and how they should, things they might want to do beforehand so that they don’t get into trouble. With that David, what are some of the concerns and responsibilities employers have under BIPA?

DR: Well, first of all, they have an obligation to notify employees that they are using biometric information. And they have to tell them why they are using biometric information. They have to safeguard the information. They have to have policies in place to safeguard the information. And they are absolutely prohibited from selling the information to third parties.

LN: That would mean if they are using time tracking software they might want to check to see what adaptations those software companies have in terms of how they protect employees’ fingerprints and whatnot.

DR: Absolutely.

LN: And is it a good idea for the employer to actually get the employee to sign a consent form?

DR: Absolutely. In fact, they are required to obtain consent

LN: Okay

DR: before doing this. And this is an important consideration for employers and it should be something that is well thought out and a program put into place that complies with the law before embarking on the use of biometric information.

LN: So employers if you have a trading firm here in New York that has a satellite trading, possibly an option firm, options are big in Chicago. What would you advise them to do just to do a check-up to make sure they are OK?

DR: Well, if you are going to be using your employee’s biometric information in Illinois it would be covered by BIPA. And you need to make sure you are in compliance with the law. And I think it makes sense for your in-house legal team or whatever counsel you rely on to go over what you planned to do and ensure that what you are going to be doing is in compliance with the law.

LN: So I think the intent though of a lot of these tracking features of time tracking software really is to try to protect employees from punching in for, you know, their friend that is running late. But there are other ways that employers can still do that without relying on fingerprints or retina scans.

DR: There are other ways. Smartphones can be used and they can be used without taking any biometric information. And there are other ways of doing it as well. But if you are going to be using biometric information, you certainly should make sure that you are in compliance with BIPA because it’s been a very active, very buried in litigation. There’s been a lot of class actions lately and a lot of companies have had some issues. Most employers would be well advised to make sure they don’t run afoul of the law.

LN: So why are we suddenly hearing so much about BIPA in Illinois? What happened last year that changed things?

DR: Well, there was an Illinois Supreme Court case that really kind of open the floodgates for plaintiffs to be able to sue. Normally in order to bring a lawsuit, you have to be able to show that you suffered some specific harm which is referred to in the law as damages, and that is an element of most civil causes of action. However, under the way, BIPA is written an aggrieved party can bring a private right of action under BIPA. And there’s the Illinois Supreme Court, a case called Rosenbach, last year, basically held that the mere violation of the law with the respect to someone’s biometric information makes that person an aggrieved party. So, the fact that your biometric information has come out of compliance in a program means you’d have the standing to bring a lawsuit. And more importantly, that you could potentially be the lead plaintiff in a class-action lawsuit which ups the ante significantly for employers and exposes them to much more significant liability.

LN: So this could expose any employer using time tracking that has a biometric component in Illinois?

DR: Potentially, yes.

LN: Now are there things that can help protect those employers though from getting in the crosshairs if they are using that software?

DR: Well, I mean, ensuring that you’re in compliance with the law, certainly. Which means making sure you’re getting consent. Making sure that the concent is informed consent and the consent is in full compliance with the requirements of BIPA. Not doing anything that BIPA prohibits such as selling the information to third parties. It sounds pretty obvious but it’s something that’s important to make sure you’re in compliance with the law.

LN: Now there was a case in Illinois involving, it was an athletic gym that had customer information and some of that information was alleged to have gone to outside parties. And I think that case settled, but it certainly not only employers could fall into the snare of BIPA, but consumers as well, people who do business with companies that choose to take their biometric data.

DR: Absolutely

LN: Like possibly even Google and Facebook.

DR: Potentially, yes.

LN: Well, thanks a bunch. In our next segment, we’ll talk a little bit more about what is happening nationally with BIPA. And thanks again for being on the show.

DR: Thanks for having me.

View Part 1 of our 3-Part Series on Biometric Information

Part 1 of our 3-Part Series on Biometric Information

View Part 2 of our 3-Part Series on Biometric Information

Part 2 of our 3-Part Series on Biometric Information

Other Related Articles

View Vedder Price – David Rownd

https://www.vedderprice.com/david-rownd

To learn more about BIPA

http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57

Featured

How ZyLAB Can Help Your Company

ZyLAB is a global company that can help an organization who has to deal with various regulatory authorities spanning the globe. They are dual-headquartered in both Washington, D.C. as well as Amsterdam in the Netherlands. If your dealing with GDPR in the EU or CCPA in the US ZyLAB is equipped to provide service. In this video blog Lee Neubecker and ZyLAB’s Jeffrey Wolff discuss what differentiates them from their competitors.

Cyber Forensic Expert Lee Neubecker and ZyLAB’s eDiscovery Director Jeffrey Wolff discusses how ZyLAB Artificial Intelligence (AI) solutions can help your company. ZyLAB is an eDiscovery provider that works with government entities, corporations and law firms to provide data solutions. ZyLAB assists in extracting value from data, and not just metadata, but also document review that is about looking for entity information. ZyLAB is able to search for key people, places, and organizations that are mentioned in documents and/or emails, and quickly drill down to what is going on in your organization.

Watch this important final part of our 3-Part Series on Artificial Intelligence Solutions and eDiscovery. You will learn about what ZyLAB offers that will help your company with document review and ultimately save time and money.

Part 3 of our 3-Part Series Artificial Intelligence (AI) solutions and eDiscovery

The Video Transcript Follows.

Lee Neubecker (LN): Hi, I have Jeff Wolff, back on the show from ZyLAB. Jeff, thanks for coming back on.

Jeff Wolff (JW): Thank you.

LN: He’s their Director of eDiscovery, and I wanted to ask him some questions as it related to what differentiates ZyLAB from other products out on the market. Some of my clients may want to use this type of artificial intelligence program to help get through their review and see what the results are of using AI versus the traditional e-discovery review process, so.

JW: Sure.

LN: Jeff, could you tell us what sets ZyLAB apart from other competitors in the marketplace.

JW: Sure, sure, so first, I think ZyLAB is uniquely positioned in the fact we understand the corporate space quite well, as well as the law firm space, but we got our start in the corporate world, or in information governance. So we are very vested in search and data science, and that’s really where we’ve put a lot of our focus. We have both on-premise solutions, as well as cloud-based, SaaS solutions like every other next-gen provider. But we really push our interface, our user interface and our user experience, as one of the most unique selling points. And that is, that it is not difficult to start using. Anyone, any legal professional can pick up our product in an hour, from start to finish, and understand really how you utilize it. Drag and drop interfaces for getting data into the system, and immediate color-coding and tagging, easy search, and the ability to really visualize your data and understand what’s in the dataset.

LN: Okay. So, what would you say for a company that has to deal with multiple jurisdictions, they’re in Europe, they’re in the US.

JW: Sure.

LN: There are some unique challenges posed by all the various regulations out there, like GDPR.

JW: Right.

LN: Maybe the have operations in China. How could you help a company that has to deal with various regulatory authorities spanning the globe?

JW: Sure, and that’s another advantage that ZyLAB has, actually, we’re actually a global company, so we’re dual-headquartered in Washington, D.C., here in the US, as well as Amsterdam in the Netherlands, in the EU. And as a result, we have cloud operations in both jurisdictions. So our global customers can actually keep US data in the US, and they can keep European Union in the EU, and not worry about that issue. But we also have the expertise, consulting expertise, in both environments, both geographic locations. For example, I’m doing a lot of work now with corporations, not so much focused on directly just on e-discovery, because e-discovery is a bit reactive, you know? Or corporations go through peaks and valleys with e-discovery, the litigation, something they have it, sometimes they don’t. What they constantly have though, are internal investigations, regulatory responses, in the highly regulated corporations. And more and more now, data privacy concerns. So, my European colleagues have been dealing with GDPR for a while, we’re now starting to feel it here in the US, with CCPA, the California Consumer Privacy Act. And there are a number of states on the horizon that are going to California’s examples, so corporations need to be able to find, and classify all the data that they have in their organization that has customer information because if those customers request it and they can’t provide it, they’re financially in a lot of trouble.

LN: Do you think that the regulations coming down on companies are going to fundamentally change how companies chose to communicate with their vendors, suppliers, and own employees?

JW: Absolutely. If you look at all the recent data breach situations, it’s typically not the organization that has the problem, and I won’t mention any of the large companies that have recently had data breaches, but it’s typically not the original company that had the issue, it’s one of their suppliers, or one of their vendors that had accesses to the database, and wasn’t protecting it properly, and that’s how the trouble began.

LN: Yeah.

JW: Same thing with data privacy.

LN: The supply chain certainly is a huge point of vulnerability for all types of organizations. The governments, the military.

JW: Yep.

LN: and even corporations.

JW: Yes.

LN: So what do you see happening over the next few years with the adoption of AI platforms?

JW: I think the e-discovery market is going to fundamentally change. There’s still always going to be a need for discovery within corporations and law firms, but what you do you with the data is going to become much more important, so it’s going to be about how you can extract value from the data, not just metadata, which we’ve always been able to do for years now, but now more about looking for entity information. People, place, organizations that are mentioned in documents and emails, and collaborative environments, and being able to visualize those, and quickly drill down to what was going on in your organization. You know, if you got people that are going to the dentist three times a week, they’re not doing to the dentist, they’re doing something else, They’re just writing about going to the dentist.

LN: Yeah.

JW: Software like ours that can identify those references in documents are going to be crucial to the success of organizations.

LN: That’s great. So it seems that there’s continued e-discovery service provider consolidation out there.

JW: Mhmm.

LN: The companies that are using tools that are more of a channel partner tool to resell.

JW: Yes.

LN: But as those companies consolidate, do you think that there’s going to be a movement away from those providers where, the company, the firms, directly do their own e-discovery?

JW: Oh, yes. Yeah, very much so. We’ve been seeing that over the last few years. A lot of companies, even small companies that tend to have, in the past, just used outside vendors for e-discovery, are now deciding that they prefer to control, not just the cost, but also their data. They don’t want their data outside of the organization for reasons we’ve already talked about. So they’re purchasing in-house tools that they can use themselves, and then they can invite outside counsel in to make use of, that way they control their costs, they control the efficiency, and they control the data.

LN: Well, this has been great. Thanks a bunch for being on the show.

JW: Thank you again.

LN: Take care.

JW: Bye-bye.

Part 1 of our 3-Part Series on Artificial Intelligence

Part 2 of our 3-Part Series on Artificial Intelligence

View Other Related Articles

View ZyLAB website

https://www.zylab.com/en/company

Learn More About GDPR and the European Union

https://gdpr-info.eu/

Learn More About CCPA the California Consumer Privacy Act

https://oag.ca.gov/privacy/ccpa

Featured

Preventative Measures: Medical Devices

What is a FIPS 140-2 and how does it play a role in medical devices? Are medical devices manufactured with security in mind? Experts Lee Neubecker and Keith Handler discuss medical device security.

What measures are in place to help protect medical devices from cyber compromise? President & CEO of Enigma Forensics, Lee Neubecker gained insight into the latest and greatest preventative measures being developed for medical devices. Lee sat down with the top engineer for Sterling Medical Devices, Keith Handler and explored technical measures applied to the manufacturing process of medical devices. Check out this video to learn all about the tech measures. You will be so much smarter if you do!

Part 3 of our 3-Part Series on Medical Devices

Part 3 of our 3-Part Series on Medical Devices

The video transcript of Preventative Measures: Medical Devices follows.

Lee Neubecker: Hi, I’m back on the show again with Keith Handler from Sterling Medical Devices. Keith, thanks for coming back.

Keith Handler: Hi Lee, thanks for having me.

LN: So in our 3rd segment on medical device security, we’re going to talk a little bit more about some of the hardware elements, how the software gets loaded onto medical devices and what things are in place to help protect medical devices from cyber compromises. So first, Keith, can we start off with telling everyone what FIPS 140-2 is and how that plays a role?

KH: Yeah, absolutely. FIPS is the Federal Information Processing Standard, 140-2 is the specific certification for encryption libraries. That certification means that those encryption libraries are proven to be usable and certified to be usable for federal systems and medical systems.

LN: Most hospitals require FIPS 140-2 for immediate devices if you’re transferring PHI, Patient Health Information. If you’re transferring that information to external storage, they want to make sure you’re using secure storage that meets federal information processing standards.

KH: Correct.

LN: So when you’re evaluating a device for security, what are some of the things that you do to help ensure that the firmware that’s stored on the chips is secure and safe?

KH: Well, an embedded device it’s a challenge, of course, you have limited space, limited capabilities typically, especially on lower power devices. If you’ve got the space and the ability, we can use hardware encryption chips, hard-circuits, those are usually the most reliable and the most performant. If not, there’s plenty of embedded libraries out there that are FIPS 140-2 certified. The main thing being that we never roll our own as far as encryption libs go, we use federally certified ones to ensure that we’re up to the current standards and encryption strength.

LN: Those standards change over time.

KH: Correct, yes.

LN: At one point and time, SHA-1 encryption used to be considered perfectly fine, but now with quantum computing, there’s been a rush to ditch SHA-1 and require SHA-2 as encryption library to help secure things.

KH: Yes, this brings up an important point actually. How do we keep things secure moving forward when new vulnerabilities are found, new attacks are found, libraries are cracked.

LN: Yeah so, what do hospitals and other healthcare providers need to be doing to ensure their devices stay secure once deployed?

KH: Well, hospital healthcare providers need to be making sure that they are up-to-date with the manufacture of all of their devices, that they are keeping apprised of any kind of recalls or anything like that. Manufacturers, the people that we typically deal with, product developers, their responsibility is to maintain a bill-of-materials, a cyber bill-of-materials; their libraries, their encryption circuits, make sure that they’re tracking the versions and things like that so that when a company has a vulnerability exposed, they can become aware and make updates and push them, software especially, as fast as possible.

LN: All right, so if an organization or a healthcare entity were to become compromised, have you been involved with supporting the client that underwent a cyber compromise?

KH: I have not, we’re usually in the earlier stages of developing the products prior to that occurring, and our products hopefully never get compromised.

LN: So I’d imagine though that if there’s a concern about the security of certain medical devices, that there’s a need to actually dump the firmware. Firmware is software stored on an embedded chip. But the firmware will persist after power-down, reboot to whatnot, but there is an ability to go and extract the firmware of the chip with the correct tools, such as a Bus Pirate, or other devices. And then what would you do to examine, if you had access to the firmware on a chip, how would you go about ensuring that that’s authentic?

KH: Well the first thing is if we’re going to push out firmware, things like that, you need to make sure that the device can know that it’s authentic. And we do things again, like digital signing, signature verification encrypting of that firmware package. That way we have a verification process in place to ensure that what we’ve got coming down is good.

LN: So that’s known as a hash.

KH: That’s part of it yes.

LN: So the hash value is the unique encrypted thumbprint generated by a hash algorithm and those hash values can be used to compare against the manufactures release version and what’s on the chip to determine, are they running the most recent up-to-date firmware, or are they running a older version or are the running something that’s rogue that is not known by the manufacturer.

KH: And that’s the real key, to make sure that what we’re running is what we expect it to be and not something that has been tampered with.

LN: How often are hospitals and IT staff actually auditing and checking their firmware?

KH: You know I’m not clear on that, but I would say almost certainly not enough.

LN: Yeah, so that’s one of the things that I know you’ve said earlier, that it’s important that all these entities using the devices, once they’re certified and deployed, there’s still a responsibility on the healthcare delivery organizations to make sure that they’re patching and updating those devices so that they keep the standards.

KH: Ideally. Nowadays, a lot more devices are connected, communicating out with central servers, and that gives them the advantage of being able to receive security updates, so it takes that middleman out, essentially, but that also opens up additional potential security holes that have to be considered and protected against.

LN: Yeah, and anything that comes to mind that you’re concerned about in regard to new threat factors?

KH: Well, you know, again, if I’m distributing firmware by handing it to you on a USB stick, you can be pretty certain that what I’m giving you is likely to be good. If I’m telling you download it from this site, you don’t know. For all you know, it could get tampered with in transit. So it raises a lot of additional risks.

LN: Do you think that there’s something to be said for going back to the old updates on CD, read-only media?

KH: Well, you know, information is what it is, and things mover faster nowadays, so I don’t know that it makes sense to move backward, it just means that we have to have more modern methods of protection.

LN: But thanks a bunch for being on this show. This is great stuff.

KH: You’re very welcome, and thanks for having me.

LN: It’s my pleasure.

View Part 1 of our 3-Part Series on Medical Devices

Part 2 of our 3-Part Series on Medical Devices

Other Related Articles

Overview of the FDA’s Medical Device Regulations

https://www.fda.gov/medical-devices/device-advice-comprehensive-regulatory-assistance/overview-device-regulation

Sterling Medical Devices website

https://sterlingmedicaldevices.com/

Featured

Pitfalls in AI?

Artificial Intelligence (AI) is the fastest-growing eDiscovery solution in the Legal Industry. Just like in Henry Ford’s day, it’s the keen cutting edge shaving away costs by reducing time spent from evidence to production. Use AI and don’t land in the pitfall.

“Competition is the keen cutting edge of business, always shaving away at costs”…Henry Ford

Is there a pitfall if you use AI? Computer Forensic Experts Lee Neubecker interviews Chief Innovation Office with DISCO, Cat Casey both agree the largest pitfall in AI is NOT embracing AI! Artificial Intelligence (AI) is the fastest-growing eDiscovery solution in the Legal Industry. Just like in Henry Ford’s day, it’s the keen cutting edge shaving away costs by reducing time spent from evidence to production.

Cat explains DISCO was born out of the firm’s frustration with conventional eDiscovery tools that were slow and difficult for lawyers to use. Instead of being forced to adapt our work methods to technology, we wanted to invent technology that works the way lawyers work. DISCO was the result, and today we are the fastest-growing eDiscovery solution in North America. Both experts agree implementing AI will help companies gain a competitive edge. Watch this video to hear examples of how AI helps sharpen that edge!

Final Part of our 3-Part Series in Artificial Intelligence: Pitfalls in AI

The Video Transcript Pitfalls in AI Follows.

Lee Neubecker (LN): Hi and welcome back again Cat. Thanks for being on the show again.

Cat Casey (CC): My pleasure.

LN: Cat Casey from CS Disco. She’s a Chief Product Innovation Officer. Did I say that right?

CC: Chief Innovation Officer.

LN: Okay.

CC: Products too, though. It’s fine.

LN: They call her chief.

CC: They should.

LN: So we’re going to talk now, in this last part of our series on artificial intelligence, about some of the challenges of organizations that don’t adapt and don’t get on board. So, what do you see the potential risks and pitfalls for law firms that don’t begin to embrace so sort the form of a technology-assisted review or artificial intelligence to help speed up the review process?

CC: Well, at a very basic level, clients are getting smarter. We’ve got CLOC https://cloc.org/, we’ve got clients talking to each other more, and they’ve raised their expectations of how their firms are going to be competitive. And it used to be if you were big law firm A you would always have this corporate client for every anti-trust case they would always go to you. But now I was getting dozens of RFPs where they’re asking me what technology are you using? How are you driving innovation? How are you driving efficiency? Because there is a higher expectation of competition between outside counsel. That, maybe, wasn’t there a few years ago. And so, the client expectation is driving this appetite to investigate eDiscovery and Artificial Innovation (AI) based innovation in a way that wasn’t here a few years ago.

LN: Has there been any industry research that has attempted to benchmark the cost of a case using an AI platform to speed up review versus not, to your knowledge?

CC: You know. I can speak from Disco, and we see about a 60% reduction in time to evidence to production. And that translated to dollars. And so, I mean, 60% savings on the 80% of a case that is reviewed is substantial. The thing that I think is most important is cost-savings big, but getting evidence quicker.

LN: Yeah. Time is of the essence.

CC: That is the thing that is paramount because of a lot of these companies… I worked at a company that had very big budgets, but no amount of money, no amount of people, was going to be enough to get these insights I needed before the meet and confer. Or before I had a critical filing with a government investigator. And so, getting evidence quicker so I can start building my case, was the differentiator.

LN: Yeah, certainly if you’re working for a company facing a DOJ inquiry.

CC: Yep.

LN: Knowing the good, the bad, the ugly.

CC: Yep.

LN: As soon as possible can help you make better decisions for your clients. Which might involve, you know, settlement. settling. Yeah, yeah. There have been many recent settlements, recently, from big companies that didn’t want to get tied down at least.

CC: Well I’ve had cases where… One of my favorite ones I used tons of different AI and analytic tools. I had a big bank that had been fined billions of dollars and another big bank was, they had hired on people in that same group, and they were wondering if they would be subject to the same investigation. So, I did some social network analysis. Who was talking to who, with what frequency? I parsed Bloomberg’s chat. I parsed audio logs. And I used everything to keep triangulating down until I was able to identify the bad actors, saying the bad things, and the map of the structured data to show they didn’t do the bad things. And my company wasn’t on the front page of the Wall Street Journal. My company wasn’t fined. So it ends up being very compelling, even early in investigations.

LN: Yeah. Certainly responding quickly is important now. Have you seen any success stories as it relates to companies embroiled with data breach incidences, that have used your platform to help get ahead of what was going on?

CC: 100%. I mean PII, so personally identifiable information, is something that you’re going to have to notify if there is a breach. So if someone, say your Equifax, not that I’m naming them, but say you’re a big company with a lot of personally identifiable or health information. You need to identify it quickly, notify these people in their specific timelines. Tools, like Disco’s, help you use algorithms to find that quickly and act upon it. Otherwise, if you’re looking at 100 million records, there’s no amount of humans that could go through that, in a timely manner, where you’re going to comply with time obligations. And so, it’s majorly impactful.

LN: That certainly is. Well, are there any other things you want to say on the show before we wrap up?

CC: You know, adapt. The reality is no one wants to be the buggy whip maker in a Tesla world. The time to start investigating and vetting and ensuring that the tech you’re looking at isn’t hype is now. Because in a year, or three years, or four years, you might be behind the curve. So, find your resident dork, ask questions, dig into the tech. Now is the time.

LN: And it’s probably worthwhile, you know, without being biased towards Lit Funder, why not take a case try out Disco, try out another offering to see what really works. I mean you had the benefit of…

CC: Yeah.

LN: You were on the other side working for the law firm, shopping for vendors.

CC: I did a 55 vendor RFP. I’ve seen everyone. I’ve looked under every hood. I mean there’s a reason I went to Disco. But there are other tools good out there. I think you want a toolbox with lots of different tools. If you’re a hammer, everything looks like a nail. Let’s be honest, litigation is always bespoke, so you want lots of tools that can help you address it.

LN: Great. Well, thanks again for being on the show.

CC: Yeah, my pleasure.

LN: This was great.

Watch the Entire Series on Artificial Intelligence (AI)

Part 1 of our 3-Part Series on AI

Part 1 in our 3-Part Series on AI

Part 2 of our 3-Part Series on AI

Part 2 on our 3-Part Series

Other Related Articles

DISCO’s website

https://www.csdisco.com/about-us

The Association for the Advancement of Artificial Intelligence

http://www.aaai.org/

Featured

What Constitutes Biometric Data?

Facebook’s record-breaking $5 billion settlement, proves the FTC takes consumer privacy very seriously. Will Facebook’s settlement spark other class-action lawsuits based on claims of privacy abuse relating to the Biometric Information Privacy Act (BIPA)? Forensic Expert Lee Neubecker and attorney David Rownd from Vedder Price discuss the ramifications of this settlement and dissect what really constitutes biometric data?

Part 2 of our 3 Part Series on BIPA

The Video Transcript Follows.

Lee Neubecker (LN): I am back again with David Rownd, and David’s going to talk a little bit more about BIPA. We’re talking about in the news recently, Facebook just reached a very large settlement related to claims of abuse relating to BIPA. What does this mean with such a large settlement? Is this inviting all the plaintiff attorneys to file more and more class-action lawsuits?

David Rownd (DR): Well, this has been a very active area of the law, and yes, the answer is yes. There’s a lot of class actions going on in this area, and it’s largely as a result of the low threshold to become a plaintiff in that you don’t have to establish specific damages, and the mere fact that the law has been violated can make you an aggrieved party who has the standing to file a lawsuit.

LN: Just so we can be clear, can you give some examples of what constitutes BIPA biometric data and what isn’t?

DR: Well, fingerprints are biometric data, a retina scanner, the veins in your hands can be evaluated as biometric data, and other things as well.

LN: What about the way you walk or the way you talk?

DR: Their voice recognition has been considered to be biometric data. Handwriting is not biometric data.

LN: So, devices like Siri and Alexa, is there a potential they’re going to fall into that?

DR: I think that that is certainly a possibility.

LN: So are we going to have to sign a contract before we use Alexa or Siri to protect, for them to be protected?

DR: I wouldn’t propose to advise Siri and Alexa as to how to conduct their business.

LN: Very good answer.

DR: I think that there is a possibility, certainly.

LN: So what do you think the future holds for BIPA-related lawsuits?

DR: Well, this is certainly an opening for plaintiffs lawyers to go after, and you see this in a variety of different areas where the law creates a low threshold to get in the courthouse door and potentially high exposure for defendants. You have plaintiffs lawyers who are attracted to that and they go after it, and that’s currently what’s happening now with BIPA in Illinois and why there are so many lawsuits filed.

LN: And I think it relates to, the fees are based on each instance of biometric data, so potentially you have multiple videos, multiple pictures, this data is stored, and if you can be aggrieved without the data even getting hacked, it’s a very large potential, which is probably why Facebook settled because what it could be much greater. And they probably weighed their risk and decided it made sense to settle.

DR: I think that’s probably right.

LN: Well, thanks again for being on the show, I really appreciate it.

DR: All right, thanks for having me.

View Part 1 of our 3-Part Series on Biometric Data

Part 1 of our 3-Part Series on Biometric Information

Other Related Articles on Biometric Data

FTC’s Press Release on Facebook’s settlement on Biometric Data

https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions

If you live in Illinois and use Facebook read this story from WGN, about Biometric Data.

https://wgntv.com/2020/01/30/facebook-may-pay-550-million-to-illinois-users-to-settle-lawsuit/

Featured

Optimize eDiscovery With AI

You’re looking for the smoking gun and have tens of thousands of documents to review. Experts Lee Neubecker and ZyLAB’s eDiscovery Director, Jeffrey Wolff say Optimize with AI and make your review easier!

Optimize eDiscovery with AI! Lee Neubecker sets out on a quest to find out what’s happening with Artificial Intelligence as it relates to the eDiscovery review process. Lee visits eDiscovery Director, Jeffrey Wolff from ZyLAB and together they examine how new AI algorithms are coded for priority review and can rank documents for relevance, saving countless hours and dollars for the client. Utilizing new AI will optimize your current eDiscovery process.

Part 2 of 3 Part Series on Smarter Solutions eDiscovery

Part 2 of our 3 Part Series on Smarter Solutions in eDiscovery

Optimize eDiscovery with AI Video Transcript Follows

Lee Neubecker (LN): Hi, I have Jeff Wolff back on the show again from ZyLAB. Jeff, thanks for coming back.

Jeff Wolff (JW): Thank you.

LN: And today we’re going to talk a little bit more about trends in Artificial Intelligence as it relates to eDiscovery and the review process that comes along with that. Jeff, what do you see happening right now with Artificial Intelligence as it relates to the eDiscovery review process?

JW: So what we’ve noticed over time is that, traditionally, Artificial Intelligence was always deemed to be only valid in cases where you had hundreds of thousands or millions of documents. And one of the changes that have happened over the last few years is that the Artificial Intelligence models have gotten so much better than you can now use them for much smaller data sets, and so we evangelize the use of Artificial Intelligence in smaller data sets, even, a thousand documents, you’re going to get a better review, more efficient, and more correct, faster, with AI than you would with a team of reviewers.

LN: So if you have a project and you’re using your platform, let’s say there are a million pages of documents that need to be reviewed. You put a review team on starting that process, and they start categorizing and coding, as they get through the first ten thousand documents, what is your software doing to help make this process more efficient and effective for them?

JW: Sure, so if you’re using traditional, what we call supervised machine learning, that used to be referred to as predictive coding, what our software allows you to do is train a small training batch, so a small sample of the documents, and code them for responsiveness, whether they’re responsive or not responsive. And we’ve made it very easy for users to do that. So, you can create issues, and for each issue, you get two tabs, responsive or not responsive, and you just train, you look through a bunch of training documents and you tag the documents appropriately, and the machine classifier learns, very quickly, what is responsive, what is not responsive. So, maybe after two or at most three training batches, the classifier is now bringing you back almost exclusively responsive documents. It’s already smart enough to do that. And so you only need a few training rounds to get the classifier well over the 80%, typical 80% precision and recall threshold that most attorneys feel is what the human is capable of, but the machine will do 90, 95% precision and recall, so you can be assured, not only are you getting a more efficient and more correct review, but you’re also doing it in a whole lot less time with a whole lot fewer people.

LN: And so, are your algorithms looking for synonyms, and similar phrasing that has equivalent word matches?

JW: It’s a bit of secret sauce. But, yeah, we use a support vector machine-based set of algorithms, kind of the most modern version of machine learning. And it is effective, it understands what our topics that were identified in the document, and what other topics are like them. So that’s how it’s doing an identification. But you’re effectively training in or on that.

LN: So the people using your platform, are they having to necessarily review all of the documents, or are you basically, based on the trained review process, you’re taking that universe of a million, and as they get through it, it’s starting to cluster.

JW: Correct.

LN: There’s a set that, this probably isn’t useful, and you don’t have to look at it, but you can look through it just to see.

JW: Sure.

LN: They have confidence that it’s not excluding relevant stuff, right?

JW: Yeah. What we find from an AI standpoint is that the two primary use cases that attorneys have when they use AI are priority review, so that means hey, I’m going to start teaching the data about, the classifier about my data set, and I’m going to show what responsive documents look like, and then I want it to rank all the remaining documents for me for relevance. And so I’m going to then put eyes on those top-ranking documents. That’s effectively looking for the smoking gun, right? That’s one. But they also use it a lot for QC and this is where I see I’m trying to put a lot more attorneys into utilizing AI, is you’ve already done your tagging, and you had eyes on all of your documents, now go back and use the AI and compare it against what your human reviewers did, and see if you’ve missed things. Because inevitably, your reviewers are not going to be all at the same level. Some people are going to miss-tag documents, and the AI has a really good chance of picking up those mistakes and showing them to you.

LN: So have there been any published studies that document the effectiveness of AI with the review process?

JW: There’s been a bunch of them. I know Law Geeks did one that was pretty interesting. What I’ve read recently is that only about, nationally, about 4% of all cases use Artificial Intelligence officially. But then again, there’s no requirement, in the meet and confer that you identify that you are using Artificial Intelligence in a discovery case. So a lot of attorneys can be used, and just not reporting it. Which is fine, because back when the review was manual, and you went through paper and bankers boxes, you didn’t have to document the process for that review. So why should you have to document the fact that you using a machine to do some of the identification of documents and responsiveness today?

LN: So are there potential problems as a result of using AI for failing to produce relevant documents?

JW: No, I think the case law already demonstrates that AI is an accepted form of using, of identifying reviewed documents, and again, even if you’re just using it for QC purposes, you’re still better off. You’re still less likely to miss things than if you hadn’t used it at all.

LN: Great, well, it’s been great. Thanks a bunch for being on the show.

JW: My pleasure, my pleasure.

View Part 1 of our 3 Part Series on Smarter Solutions in eDiscovery

Part 1 of our 3 Part Series about Smarter Solutions and eDiscovery

Other Articles about Artificial Intelligence (AI)

More related articles

To Learn More about ZyLAB’s Ability to Optimize eDiscovery With AI

https://www.zylab.com/

Featured

FDA Cybersecurity Regulations: Medical Devices

A cardiac pacemaker is a lifesaver for many and is considered an implantable medical device. The FDA imposes regulations to protect these devices. Experts Lee Neubecker and Sterling Medical Devices, top engineer, Keith Handler examine FDA Quality System Regulations, ISO standards, and FDA guidelines used by Sterling Medical Devices that are essential to the manufacturing practices.

FDA Cybersecurity regulations in medical devices is a tough topic! Consider the cardiac pacemaker, probably the most notable life-saving implantable medical device. Did you know that it is operated by a computer chip? Just like any other computer they can be vulnerable to cybersecurity breaches.

Experts Lee Neubecker and Sterling Medical Devices, top engineer, Keith Handler examine the FDA’s Cybersecurity quality system regulations, ISO standards, and guidelines followed by Sterling Medical Devices to ensure cybersecurity for all their devices.

Tune in to Part 2 of our 3 Part Series on Medical Devices

The FDA Cybersecurity Regulations: Medical Devices Video Transcript Follows.

Lee Neubecker (LN): Hi, I’m back on the show today with Keith Handler, Keith, thanks for being back on.

Keith Handler (KH): Thanks again for having me.

LN: And Keith, again, is from Sterling Medical Devices, and today we’re going to talk about what measures are in place, that the FDA imposes to help ensure cybersecurity on medical devices, especially safety of PHI, and safety of the operation of those devices for end-users. Thanks again for being here.

KH: Yeah, thanks for having me. So, cybersecurity. It’s a tough topic, and the FDA is still figuring out how exactly to deal with it. They have issued guidance that attempts to categorize how high the risk is of cybersecurity for a device and the basic standards you need to follow in designing, and testing, and documenting your processes for developing that device. That guidance is currently how we generally implement most of our analysis processes and controls. The FDA has chosen to recognize certain certifications, such as UL 2100-1-2.

LN: And what is UL 2100-1?

KH: 2100-1 is a certification for network-connected systems, as far as cybersecurity is concerned, and 2100-1-2 is a subset of that standard, specifically for medical devices connected to the internet or a network. Mostly that standard follows the 2100-1, with a couple of modifications, based on the fact that medical is safety-related.

LN: Have you seen any changes in the standard since the WannaCry attack that took out a lot of the UK hospitals?

KH: Nothing that I can point to specifically. You know, that really comes down to changing specific vulnerabilities, our knowledge about them, and the attack vectors that we know that are capable of executing these things, cataloging them, making sure that we plan for them in future designs.

LN: So I know Bluetooth is a protocol that’s vulnerable to exploitation. I think at one point in time, there was a warning that everyone should take their pacemaker and get it updated. Were you familiar with that?

KH: Yes.

LN: Can you tell people a little bit more about what happened?

KH: Yeah, well, in that specific case, I’m not actually 100% sure what occurred there, but most of the time your issues are, with a lack of authentication, a lack of encryption, you need to be sure that what the device is talking to on the other end is exactly who they expect it to be, what they expect it to be, and you have to make sure that that communication is secured and unchanged, unaltered. Typically, that’s done by using specific security libraries, integrating them in careful ways, making sure that all communication over the wire is encrypted, things like an asynchronous key generation.

LN: I think, just from my memory of events, one of the problems they discovered is that these protocols, there’s a period of time before authentication occurs, in the preamble when there’s broadcast of the Mac address, the wireless name, and whatnot, where there’s a potential to create an overflow situation, to actually compromise a device before encryption and authentication occurs.

KH: Yes, in certain system designs it is that way.

LN: And, unfortunately, these protocols are, you know, they’re everywhere. So, at the time, I believe that the chip makers and various equipment providers, not just only in the medical area, but across the board, had to create fixes that help protect against these types of cyber-attacks.

KH: Yes.

LN: So, you were talking about UL 2100-1-2, what about TIR57? Can you explain what that is?

KH: So, AAMI TIR57 describes how to marry up the processes of medical safety risk analysis and security analysis. It’s an attempt to show that the security analysis process is actually very similar and very familiar for anybody that’s done the safety risk analysis before. More of less, it takes ISO 14971 and applies security risk management to it with a mix of a little bit of some NIST standards in as well. But the general idea is to really categorize what assets you’re protecting in your system, and the known vulnerabilities that your system has, and then from there, you attempt to determine a list of known attack vectors and categorize the profiles of your possible attackers. With a combination of that type of information, you can assess what the real vulnerabilities and risks are for your system, and design in controls, from the ground up, to make sure that you’ve protected against them.

LN: Yeah, well, this is really fascinating stuff. I appreciate you being on the show, and I look forward to our next segment talking more about cybersecurity and how to keep these devices safe.

KH: Thanks again for having me, Lee.

Don’t Miss Part 1 of this 3-Part Series on Medical Devices

Part 1 of the 3-Part Series on Medical Devices

View Related Articles

To Learn More About Sterling Medical Devices

https://sterlingmedicaldevices.com/company/

FDA Cybersecurity Medical Devices Regulations

https://www.fda.gov/medical-devices/digital-health/cybersecurity

Featured

AI Trends in the Legal Industry

AI trends in the Legal Industry is revolutionizing data, and whittling down the amount of paperwork involved in legal practice. Lee Neubecker and DISCO’s Cat Casey discuss trends in the legal industry.

Paper death! Legal professionals get buried in a mountain of paperwork. Artificial Intelligence (AI) replaces that mountain of paper with cloud-based apps and whittles down costs. What’s new in Artificial Intelligence (AI) as it relates to the legal industry? Check out this video as Forensic Expert Lee Neubecker and DISCO’s Information Officer Catherine “Cat” Casey talk through AI trends in the legal industry.

View Part 2 of our 3 Part Series on Artificial Intelligence (AI) in the Legal Industry

Artificial Intelligence (AI) in the Legal Industry

The video transcript AI Trends in the Legal Industry follows:

Lee Neubecker: Hi, I’m back here again with Cat Casey from CS Disco. Thanks for coming back again.

Cat Casey: My total pleasure.

LN: We’re going to continue our conversation in this multipart series. This time, we’re talking about artificial intelligence and the trends impacting the legal industry and the whole eDiscovery industry as well.

CC: Absolutely, so in my role at Disco, I’m chief innovation officer, and one of the things I’m tasked with doing, both now and in my prior roles, is going out and figuring out what’s going on in the market, and what we’re seeing is AI written everywhere. Sometimes it’s true AI, sometimes it’s not, but what we are seeing is people want to find evidence faster. People want to eliminate those low-hanging tasks that aren’t the practice of law. And so, we’re seeing a lot of tools that are driving efficiency both in practice management and litigation management and in finding evidence.

LN: So where do you see we’ve gone in the last few years with AI in terms of advancements and providing products for the review process?

CC: When we first, I think, announced AI about 2006, seven, eight, nine, I was working as a channel partner with the company that patented the word predictive coding. That was the first AI model in eDiscovery and people liked it. They didn’t really want to use it. They were nervous. What I’ve seen is not only has the process improved instead of TAR 1.0, where you have a sample, you make decisions, and then, the algorithm might learn, we have continual models. So the tools got better, but the appetite to use them has increased dramatically, I think, in the last 18 months, because data’s getting very big, very complicated, and no amount of money or time is enough to actually get through it without using this sort of technology.

LN: So are you seeing that other messaging platforms are starting to become more a part of this process, like Slack?

CC: Oh, yeah.

LN: You’ve got all kinds of other messaging platforms, WhatsApp.

CC: Weird data is the new normal and I noticed it starting, I’ve been at Disco about a year, so starting my last 18 months at Gibson Dunn, where it used to be, okay, email, maybe text. That’s all I got to worry about. No, no, no, now I’m dealing with ephemeral messaging, which is self-destructing text messages. I’m dealing with collaboration tools like Slack and Messenger and Teams and each one of these tools has a challenge in terms of formatting the data, being able to review it, and relating it. Think of a given day. This morning, I was on Slack, then I was answering text messages, then I had a phone call, then I sent an email, then I went back to my Slack channel. That was before I got out of bed and if you want to recreate kind of this digital footprint of what people are doing, you need to have all of that info. And so, finding tools and partners that can deal with it is paramount.

LN: So does your platform at Disco, does it have APIs and import specs that match upon those alternate data streams?

CC: We do to a degree. We also do kind of a middleware layer of parsing and creating a new visualization, like say from a JSON file for Slack, we recreate that in our ecosystem and render it the way you would’ve seen it in the Slack dialogue box. And so, we’re developing more of those direct APIs of a 365 box, but we’ve worked on the visualization and ensuring that the data we receive is reviewable, usable, and easily rendered, so.

LN: Now, it’s interesting when we’ve collected cellphone data, we’ve used some of the popular tools on the market and the output of the data isn’t necessarily always easy for the attorneys to review. And what we’ve done is we’ve often taken the spreadsheet output of text.

CC: Oh yeah, yeah.

LN: So what are some of the challenges you see facing AI and its adoption over the next few years?

CC: Like with everything, it’s fear and desire. People desire the outcome of finding stuff faster, being able to practice law, but no attorney went to law school to play with relational databases and lambda calculus. I didn’t. And so, what ends up happening is there’s a fear of the unknown and a fear of explaining something to a judge who maybe didn’t even use a laptop when he was going to law school, probably didn’t. So there is a fear of using technology that folks don’t understand, a fear of explaining it, and that’s when having the right partner, the right person to testify, the right person to navigate you through this becomes so important.

LN: Have you seen much, part of my practice deals with patient electronic medical records?

CC: Oh yeah, yeah.

LN: And patient audit trails of EMR, electronic medical records.

CC: Oh, yeah.

LN: Usually, those records aren’t quite like an email thread. They’re more cryptic. They’re more accustomed to the specific platform the hospital’s use. Have you seen many of those cases come in where they’re pulling in the charts and various transcripts from the physicians and whatnot?

CC: I haven’t run into that as much at Disco, but when I was at PWC, we were doing very complex multilayer investigations, and so, we would have, sometimes, medical charts. Sometimes we would have trade databases and so, marrying and creating a story between that structured data and the unstructured data was always very challenging and very bespoke, and there’s some tech that’s beginning to create a unified place to do that. We’re looking in to do that as well, but it’s very hard to take that weirdly formatted data and render it in a way that then ties to what the humans are saying and then, help you get those facts to build your case.

LN: That’s great. Well, this has been great. In our next segment, we’ll be talking a little bit more about artificial intelligence and some of the potential challenges and impacts for organizations that don’t get on board. So thanks for coming on again.

CC: My pleasure.

View Part 1 of our 3 Part Series on Artificial Intelligence (AI) in the Legal Industry

Part 1 in our Three-Part Series about Artificial Intelligence (AI) in the Legal Industry

View Other related blogs from Enigma Forensics.com

Artificial Intelligence (AI) Plays an Important Role in EMR Audit Trails
Artificial Intelligence (AI) in Hospitals
Artificial Intelligence (AI) in the Energy Sector

View DISCO’s website and receive a free demo

https://www.csdisco.com/

View Law Technology Today LTT as it reviews AI trends in the Legal Industry

Featured

BIPA: How it May Affect You

Does your employer require your fingerprint when you clock in for work? That fingerprint is considered private biometric information. BIPA is the Illinois law that protects its use. Experts Lee Neubecker and David Rownd share how this law affects employers that have Illinois based employees.

Biometric Information Privacy Act (BIPA) is a law that covers the employer’s use of biometric information of its employees. Biometrics are the physiological means to gather an individual’s uniqueness. The oldest most widely used is a fingerprint but other biometric identifiers may be also used such as; facial recognition, photos, retina scan, voice recognition, ear shape, and hand scans all are considered private biometric information. The Illinois BIPA law is designed to govern, secure, store and prohibit the sale of biometric information. Forensic Expert Lee Neubecker and David Rownd from Vedder Price discuss how BIPA may affect employers that have satellite offices in Illinois.

Part 1 of a 3 Part Series on Illinois’ Biometric Information Protection Act

The Video Transcript on BIPA: How It May Affect Employers in Illinois.

Lee Neubecker (LN): Hi I am here again with David Rownd from Vedder Price. Thanks for being on the show David

David Rownd (DR): Thanks for having me

LN: David is an attorney that specializes in defending class action lawsuits also employment litigation, trade secret theft, and misappropriation. I asked him to come on the show today to talk a little bit about BIPA which is the Illinois Biometric Information Protection Act and specifically he deals with a lot of trading security-related financial services firms and since that law applies to Illinois and many trading firms in New York have satellite offices I wanted him to talk a little bit about the act and some of the concerns that employers should have if they have employees working in Illinois. So, David, can you tell us a little bit about BIPA what it is and what it entails?

DR: Basically it covers the employers use of biometric information of its employees and this can be a retinal scan it can be a fingerprint it can be a number of different things and it can be used for time cards access to the workplace and things like that and employers are using biometric information because its an easy way to keep track of employees. However, it is also a privacy issue and that’s where the BIPA comes in and BIPA is intended to regulate employers ability to utilize biometric information and put certain requirements on them for notifying employees they are using it and notifying employees why they are using it keeping written records of the biometric information and it specifically prohibits the sale of biometric information to third parties.

LN: It’s especially troublesome too because if you lose your biometric unique identifiers you can’t necessarily get those back unlike a social security number you could replace a social security number but if someone is able to copy your retina scan your fingerprints what not it could cause a lot of permanent damage.

DR: That’s true you only get one of those things

LN: So we will be talking later in the series next well be talking a little bit about what employers should do before they land in trouble with BIPA to help protect against finding themselves embroiled in litigation and then finally we’ll talk a little bit about some of the national happenings with Facebook and other entities who have been en snagged in the BIPA trap and we’ll conclude with there so thanks for being on the show today.

DR: Oh thanks for having me.

View related Employment Litigation articles on our website.

EMR or Electronic Medical Records May Contain Private Biometric Information
Forensic Data Collection can be used in cases where ESI is breached or stolen
Private Biometric Information is Electronically Stored Information (ESI) and governed by BIPA
An individual’s photo is considered biometric information.

Employment Litigation articles

Learn More about Illinois BIPA Litigation

http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57

Protection under BIPA

https://www.vedderprice.com/

Featured

AI Smarter Solutions: eDiscovery

Artificial Intelligence (AI) can be used to vastly improve the eDiscovery document review process. Zylab is one of several eDiscovery vendors offering solutions utilizing AI. Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference 2020 in New York. Lee and Jeffrey discuss how AI can be used to conduct more effective eDiscovery.

Artificial Intelligence (AI) technology is everywhere. It’s hard to imagine how it’s being used in the legal industry where legal libraries filled with law books and courts filled with black-robed judges reign. In this formal traditional world, AI is now providing smart solutions for today’s electronically stored information or ESI and is streamlining the way the Legal Industry works.

In this video, Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference in New York. Lee and Jeffrey analyze how Artificial Intelligence (AI) develops smarter solutions in the eDiscovery process. Jeffrey shares with Lee that ZyLAB’s mission is to provide automated full-text retrieval using AI, for both on-premise or cloud-based solutions.

Watch Part 1 of a Three-Part Series on Artificial Intelligence (AI) and eDiscovery.

The video transcript of AI Smarter Solutions: eDiscovery follows.

Lee Neubecker: Hi, I have Jeff Wolff, back on the show from ZyLAB. Jeff, thanks for coming back on.

Jeff Wolff: Thank you.

LN: He’s their Director of eDiscovery, and I wanted to ask him some questions as it related to what differentiates ZyLAB from other products out on the market. Some of my clients may want to use this type of artificial intelligence program to help get through their review and see what the results are of using AI verse the traditional e-discovery review process, so.

JW: Sure.

LN: Jeff, could you tell us what sets ZyLAB apart from other competitors in the marketplace.

JW: Sure, sure, so first, I think ZyLAB is uniquely positioned in the fact we understand the corporate space quite well, as well as the law firm space, but we got our start incorporate, or start in information governance. So we are very vested in search and data science, and that’s really where we’ve put a lot of our focus. We have both on-premise solutions, as well as cloud-based, SaaS solutions like every other next-gen provider. But we really push our interface, our user interface and our user experience, as one of the most unique selling points. And that is, that it is not difficult to start using. Anyone, any legal professional can pick up our product in an hour, from start to finish, and understand really how you utilize it. Drag and drop interfaces for getting data into the system, and immediate color-coding and tagging, easy search, and the ability to really visualize your data and understand what’s in the dataset.

LN: Okay. So, what would you say for a company that has to deal with multiple jurisdictions, they’re in Europe, they’re in the US. JW: Sure. LN: There are some unique challenges posed by all the various regulations out there, like GDPR.

JW: Right.

LN: Maybe the have operations in China. How could you help a company that has to deal with various regulatory authorities spanning the globe?

JW: Sure, and that’s another advantage that ZyLAB has, actually, we’re actually a global company, so we’re dual-headquartered in Washington, D.C., here in the US, as well as Amsterdam in the Netherlands, in the EU. And as a result, we have cloud operations in both jurisdictions. So our global customers can actually keep US data in the US, and they can keep the European Union in the EU, and not worry about that issue. But we also have the expertise, consulting expertise, in both environments, both geographic locations. For example, I’m doing a lot of work now with corporations, not so much focused on directly just on e-discovery, because e-discovery is a bit reactive, you know? Or corporations go through peaks and valleys with e-discovery, the litigation, something they have it, sometimes they don’t. What they constantly have though, are internal investigations, regulatory responses, in the highly regulated corporations. And more and more now, data privacy concerns. So, my European colleagues have been dealing with GDPR for a while, we’re now starting to feel it here in the US, with CCPA, the California Consumer Privacy Act. And there are a number of states on the horizon that are going to California’s examples, so corporations need to be able to find, and classify all the data that they have in their organization that has customer information because if those customers request it and they can’t provide it, they’re financially in a lot of trouble.

LN: Do you think that the regulations coming down on companies are going to fundamentally change how companies chose to communicate with their vendors, suppliers, and own employees?

JW: Absolutely. If you look at all the recent data breach situations, it’s typically not the organization that has the problem, and I won’t mention any of the large companies that have recently had data breaches, but it’s typically not the original company that had the issue, it’s one of their suppliers, or one of their vendors that had accesses to the database, and wasn’t protecting it properly, and that’s how the trouble began.

LN: Yeah.

JW: Same thing with data privacy.

LN: The supply chain certainly is a huge point of vulnerability for all types of organizations. The governments, the military,

JW: Yep.

LN: and even corporations.

JW: Yes.

LN: So what do you see happening over the next few years with the adoption of AI platforms?

JW: I think the e-discovery market is going to fundamentally change. There’s still always going to be a need for discovery within corporations and law firms, but what you do you with the data is going to become much more important, so it’s going to be about how you can extract value from the data, not just metadata, which we’ve always been able to do for years now, but now more about looking for entity information. People, places, organizations that are mentioned in documents and emails, and collaborative environments, and being able to visualize those, and quickly drill down to what was going on in your organization. You know, if you got people that are going to the dentist three times a week, they’re not doing to the dentist, they’re doing something else, They’re just writing about going to the dentist.

LN: Yeah.

JW: Software like ours that can identify those references in documents are going to be crucial to the success of organizations.

LN: That’s great. So it seems that there’s continued e-discovery service provider consolidation out there.

JW: Mmhmm.

LN: The companies that are using tools that are more of a channel partner tool to resell.

JW: Yes.

LN: But as those companies consolidate, do you think that there’s going to be a movement away from those providers where, the company, the firms, directly do their own e-discovery?

JW: Oh, yes. Yeah, very much so. We’ve been seeing that over the last few years. A lot of companies, even small companies that tend to have, in the past, just used outside vendors for e-discovery, are now deciding that they prefer to control, not just the cost, but also their data. They don’t want their data outside of the organization for reasons we’ve already talked about. So they’re purchasing in-house tools that they can use themselves, and then they can invite outside counsel in to make use of, that way they control their costs, they control the efficiency, and they control the data.

LN: Well, this has been great. Thanks a bunch for being on the show.

Lee Neubecker: Thank you again.

LN: Take care.

JW: Bye bye.

View related articles on Artificial Intelligence

Artificial Intelligence (AI): Medical Data
Artificial Intelligence (AI) Re-inventing Legal Technology
Artificial Intelligence (AI) eDiscovery
Litigation & Computer Forensic Experts
Cyber Security & Artificial Intelligence (AI)
Artificial Intelligence (AI) Assists in Cyber Security

View ZyLAB’s for more information on (AI) Smart Solutions: eDiscovery

https://www.zylab.com/en/product/artificial-intelligence

View Law Technology Today’s article on Artificial Intelligence (AI)

Featured

Re-inventing Legal Technology: Artificial Intelligence (AI)

Forensic Experts Lee Neubecker and Cat Casey from DISCO discuss Artificial Intelligence (AI) as it relates to improving Legal technology.

Artificial Intelligence (AI) thinks, learns and problem solves more efficiently than humans. AI is all around us and in almost everything we touch, it is an algorithm that is designed to make our lives easier and is sometimes referred to as machine learning.

In the case of litigation, it can save time and money by streamlining the process of document review, eDiscovery, and preparation for forensic cases. Computer Forensic Expert, Lee Neubecker and Catherine “Cat” Casey who is the Chief Innovation Officer for DISCO discuss how AI works to improve legal technology.

DISCO is a leader in legal technology is a developer of a cloud-native eDiscovery software for law firms designed to automate and simplify error-prone tasks. They provide a myriad of different types of analytics that will supercharge searching data dramatically reducing time and money.

Part 1 of our Three-Part Series on Artificial Intelligence (AI)

Artificial Intelligence (AI) Re-Inventing Legal Technology

The Video Transcript Follows.

Lee Neubecker (LN): Hi, I’m here today with Cat Casey from CS DISCO. Thanks for being on the show.

Cat Casey (CC): My pleasure.

LN: We’re going to talk a little about artificial intelligence as it relates to eDiscovery and document review. Cat, can you tell us just a little bit about what your firm does to help speed up the review process and lower costs for clients.

CC: Absolutely, we’re a cloud-native AI-powered eDiscovery company. And what that means is we’ve got vast amounts of elastic computational power that we can use to run a myriad of different types of analytics on data to supercharge your searching and dramatically reduce the amount of time it takes you to get to that key actionable evidence. So, we’ve kind of flipped everything on its head. Instead of being a question of how quickly can I read through all of this data, it’s how laparoscopically can I surgically find all of that key information. The results that we’re seeing are pretty resounding. Up to 60% reduction in time to get to that key evidence. Freeing up attorneys to get back to what they went to school for, the practice of law. It’s pretty compelling. We’ve had some pretty interesting additions, including even today, we just announced, I think, the first true AI in eDiscovery with AI model sharing. Basically, with each iteration, with each type of case that you conduct with DISCO, our algorithms are getting smarter. We’re extracting insights and building in more robust taxonomy and analytic structure to parse data, which is going to yield better and better results for our clients. It’s truly exciting.

LN: So we’ve come a long way from the early days when the attorneys wanted everything printed and Bates-labeled before they looked at it. To now, moving ahead using TAR, technology-assisted review, like artificial intelligence, which fits into that, correct?

CC: 100%, we have a continual active learning model, so it’s more reinforcement learning than a standard supervised learning model. Basically, from the coding of document one, our algorithm’s getting smarter and making recommendations on highly likely to be similar documents. We battle test the algorithm on an ongoing basis. Whether it is an affirmative or a negative for a suggested document, the algorithm learns more, and because of that, we prioritize the most relevant information quickly and people are able to then accelerate their review speeds by up to, I think we’ve had over 180 docs per hour. So, it’s pretty compelling and this is just the beginning.

LN: So your platform’s all in the cloud, correct? So companies or law firms, they need no infrastructure other than a browser?

CC: 100%, the nice thing, in my prior life, I ran a global discovery program, and I spent hundreds of thousands of dollars a year just to keep pace, just to have storage, just to have basic replication and back up, and all of that. Now, even a small firm, all the way up to an Am Law One firm or a massive Fortune One company, they can have the same robust technology without having to set up a data center, without having to invest a ton of money. It lets everyone level up and has a better experience throughout the discovery process.

LN: One of the challenges a lot of my clients always have is they have a need to understand what the costs are going to be and to be able to communicate to their clients those expectations so they’re not throwing their clients on the eDiscovery rollercoaster of non-controllable bills. How does DISCO help to address those concerns?

CC: Transparency is a major pain point. One of the banes of my existence used to be trying to normalize this pricing model versus this, versus this service provider, versus this technology. We just throw that all out. We charge one flat amount per gig. It includes analytics. It includes processing. It includes everything, and we work with you to get the volume of data that is being applied to that one flat cost per gig down. It eliminates that hide the ball gotcha moment and it gives a lot of transparency. And of course, if someone wants a different model, we’re happy to accommodate that. But in general, straight, simple, honest. It’s really rewarding for our clients.

LN: So, what cases, what types of litigation case matters do you see as having some of the best benefits of being migrated into your platform?

CC: Yeah, I think any case can. If you’re a tiny company, it helps you be David versus Goliath. Even on a small data volume case, you can start getting insights and reduce the amount of time you’re having to spend doing something maybe you can’t chargeback for. For a big massive case, because we are an AWS and we were built on kind of convolutional neural networking, we’re moving, and we have such a robust computational lift, even we’ve had 150 million documents with hundreds of users and we still have sub one second page to page. We are still lightning fast. And so, whether it’s a big case, a simple case, a complex case, there is a value proposition for almost anyone.

LN: In terms of the types of law firms that are using your platform, do you see many smaller, medium-size firms using your–

CC: Tons, actually tons. That was where we got our teeth. Boutique, we started as a boutique law firm. We actually were a bunch of attorneys that were frustrated that all the tools were terrible, and so they built their own. And so, the foundation of DISCO, we had a family of tons of boutique law firms that we were supporting, we still do to this day. The tool we built though, had a longer vision. It was built to be much bigger and more scalable, and as a result, that’s why you’re seeing us with major, the WilmerHales of the world, very large firms and very large corporations because the tool itself can scale up so much.

LN: Great, what are some of the challenges of working, that law firms find that already have entrenched solutions? There are other review products out there and if they really want to make the benefit of your platform, don’t they have to kind of fully use it for the case?

CC: I would say you probably don’t want to split the baby with a case. If you’re processing with another tool, you’re not going to get the same benefit as working with DISCO. But you don’t have to move your entire litigation portfolio to DISCO day one. We’re seeing a lot of people that are sunsetting Legacy Product and Legacy Platforms moving towards DISCO, but it’s not, “I’m going to move every single case today.” It’s going forward, we’re going to start bringing in new cases. There tends to be such an improved experience and improved UI for the attorneys that they start to not want to use the other technology as much.

LN: I know as a computer forensic expert, oftentimes we’re going out initially collecting and forensically preserving the data. But your product sounds like it would be right for a firm that does forensics that needs to collect different data from computers, possibly harvest just an email. Filter the dates and times of the email to a PST and then they can take those PSTs and upload it into your platform, correct?

CC: 100% and we also, we’ve productized some advanced ECA, where we charge a much, much lower rate. So, you get three months no cost hosting. It’s half the usual rate, and you can do ECA for up to three months. And the goal of that is to let’s whittle down to the most surgical, teeny, tiny, laparoscopic piece of data set that you can have. An example was we had a 20 million document case and we were able to run the ECA, get it down to about 5.6 million documents. Run more coaling, run our analytics, get it down to about 200,000 documents. And usually, that would be when you have to review every single one, but we were able to, with our workflow, with CAL, get it down to 140,000 documents. And so, if you think 50 bucks an hour, an attorney can only do 50 docs an hour, the cost savings is monumental.

LN: So as someone uses your platform and they start to tag and prioritize certain documents, your software learns based on that taking. It helps find related concepts to those conversations and what not?

CC: 100%, 100%.

LN: So really, the more that are reviewed as responsive, similar concepts and whatnot so that important links aren’t missed.

CC: 100% and because we do automatic batching, is every new batch of documents a person gets because we’ve applied this artificial intelligence and continual active learning model, it is a more relevant subset of data and people are able to go through it more faster. And sometimes, they will get to a point where they can say, “I’ve hit all my relevant information. “The rest is not relevant. “I’m going to sample it and statistically determine “I don’t have to review those last 100,000 documents “that maybe aren’t relevant,” and it’s pretty cool.

LN: In our next segment, we’re going to be talking What the trends are in the industry impacting law and eDiscovery. And then finally, we’ll talk about some of the pitfalls of what companies, organizations, and law firms face if they don’t embrace artificial intelligence to help make their review process more efficient. Well, thanks for being on the show.

CC: My pleasure.

More Related Articles About Artificial Intelligence (AI) )

Litigation and Forensic Imaging

View DISO’s website to learn more about AI trends in Legal Industry

https://www.csdisco.com

AI is Changing Legal Technology and how they work check out this website.

Featured

Responsible Social Media

Experts Lee Neubecker and Dr. Nicole Konkel make suggestions that will help make your LinkedIn profile look attractive to to an employer.

Prospecting for a new career can be a daunting task. Suddenly, you’re overcome by a huge tsunami of anxiety by just knowing a prospective employer will be looking at your social media presence. Take a deep breath, your new career will be within reach after you watch this video.

President & CEO Lee Neubecker and Human Resource Executive, Dr. Nicole Konkel offer responsible social media tips that will polish your LinkedIn profile and make you stand out. Their tips will help you establish a digital resume that will catapult you to a new career.

Part 3 in our Three-Part Series on Social Media Do’s and Dont’s

Responsible Social Media

The video transcript follows

Lee Neubecker: Hi I’m back again with Dr. Nicole Konkel who’s an organizational development expert. And I asked her to come on to continue our earlier series talking about social media do’s and don’ts as it relates to being an employee. And so thanks for being on the show again, Nicole.

Nicole Konkel: Oh, no problem my pleasure Lee. Thanks for having me.

LN: So we talked a little bit about some of the things that you shouldn’t do. Can you tell people who are in an active job search mode, hoping to maybe work at your firm or some other firm? What are the things that you would suggest that they do as it relates to making their LinkedIn profile look attractive to an employer?

NK: Sure. So I always will tell people when you’re looking, actively searching for employment, make sure your LinkedIn page is open. I would caution you if you’re currently employed not to have a situation where you are shown as actively looking or actively interested in recruiters contacting you because obviously your current employer can see that. But what I want to make sure of is that your page is professional. Professional means no spelling and grammar errors. Professionalism also means outlining what your accomplishments have been. One of the things that people do when they’re looking for jobs is we want to talk about results, and not just job duties, but results. And so to make a big focus on that on your LinkedIn page.

LN: And certainly not having typos.

NK: Please no typos. No typos, no grammatically incorrect sentences, speak about yourself in the first person. You are selling yourself on LinkedIn, essentially and you want people to read that and say, “I want to contact this person.”

LN: And speaking of contact, what would you recommend people do with regard to the contact information tip?

NK: Well, I really, really encourage people to have a professional email address. So nothing with any sort of sexual innuendos. I would also say nothing that’s related to your birthday. Unfortunately age discrimination is is something that is real. And so we don’t want to have that be out there. And so I would just say my email address is Nicole, my former name washingtonphd@gmail. That’s what I wanted people to see. And so that’s what email I use when I’m in a job search.

LN: Now, what about the photo? What are your thoughts on what you’ve seen with LinkedIn photos, what’s worked, what hasn’t worked?

NK: What doesn’t work is a picture of your dog. What doesn’t work are selfies. I think that in this day and age, we all have the opportunity to have a professional headshot. There is no other type of photo that should be on LinkedIn In my opinion, other than a professional headshot. Even if you have to do it with your own iPhone or Android device, we are able to do that. But you should be in professional clothing, you should look like you are going on a job interview in that photo.

LN: And if you’re on a budget, you can use services like Upwork and find a photographer, that if you’re patient and flexible, you should be able to get a professional headsetset.org or even go to, one of the department store.

NK: Absolutely, I mean, you can easily do a professional headshot for $20 easily.

LN: And the other thing too is you can actually hire people who are professionals in HR to help edit your LinkedIn and give you that critique.

NK: Yes. Yes. I do believe there’s value in that. I do think that you should work with people that are reputable. Not everybody that says that they look at LinkedIn profiles and resumes should be and so I think you should look at some examples of work that they’ve done in the past to see if that’s something that will be beneficial to you moving forward. But in no time should you go into that thinking if this person does my resume or does my LinkedIn page, I’m automatically going to get a job. It’s still putting your best foot forward out there with all different types of aspects that are necessary for the job search.

LN: I’d like to see certification.

NK: For sure

LN: Papers, I especially like to see that the person can write.

NK: Right.

LN: That’s not appropriate for all positions, but it’s helpful.

NK: For sure. Even if there is maybe you’re not the perfect grammatical person, you should be in your LinkedIn profile.

LN: You can get someone who has to check your page.

NK: Yes, exactly. And so there’s really not a reason why that should not be happening.

LN: What are your thoughts about, what’s your opinion when you see an employee that has reviews and how would you advise people to approach the review section?

NK: On LinkedIn?

LN: On LinkedIn.

NK: I honestly as an employer, don’t really pay attention much to the review section. But when I have, I’ve looked at the person that’s actually writing the review. I’ve actually gone in and clicked on their profile to see what role they actually have, how that person has interacted in the past. If it’s a former employer, that’s always good, for you to have a former boss or, supervisor or colleague, but it should definitely be a professional review. If you want to go have your friends to review so make sure they’re professional and they’re talking about work.

LN: I agree with that it when I look at the reviews if the reviews are written from people who clearly were a peer review helps as well.

NK: Sure.

LN: If it’s a supervisory review it means more, but I also look at the quality and caliber of the writing of the reviewers. So you don’t want to have someone writing a review on your page that has grammatical doesn’t really speak well.

NK: Right.

LN: But I also look to see if It’s a review swap. Because essentially, the effective way to get a review is to write one. So I’ll look at the profiles to see that as well.

NK: Right. I think that that’s true. I think the most valuable review is from a former supervisor or a current supervisor that’s talking about your current work. When people are reviewing they should be talking about the results that you’ve done. It’s you know, John is a great person, is great, but it doesn’t tell a potential employer anything about how you’re going to be for them if they hire you.

LN: Something like John came in, took over our factory project, realigned the team, achieved a 20% growth and sales and 10% improvement and profitability that’s kind of action-oriented.

NK: Action-oriented is really what is going to get you noticed. When we’re talking about reviews when we’re talking about your resume when we’re talking about LinkedIn.

LN: Are there any other thoughts you have before we wrap up? NK: I just want people to know that LinkedIn is a great tool. But the best tool for actually getting whatever opportunity that you want and keeping it or being successful is being the best you, whether you’re in private or in social media. And so always keep that in mind. We are always under a radar, somebody is always looking at

NK: And so how do you want that to be viewed in the future

LN: Great. Well thank you so much for being on the show.

NK: Thank you for having me, Lee.

Watch Part 1 and 2 of our Social Media Do’s and Don’t Series

Learn more about how to create a LinkedIn profile

https://www.learnhowtobecome.org/career-resource-center/how-to-create-linkedin-profile/

Careerbuilder.com gives advice

http://press.careerbuilder.com/2018-08-09-More-Than-Half-of-Employers-Have-Found-Content-on-Social-Media-That-Caused-Them-NOT-to-Hire-a-Candidate-According-to-Recent-CareerBuilder-Survey

Featured

Social Media Yourself to Your Dream Job!

Hiring Managers are looking at your social media history so candidates should be doing the same. Everyone should be doing their homework. Lee Neubecker and Dr. Nicole Konkel discuss the how to use social media reconnaissance techniques to prepare for your next interview.

Keys to using social media reconnaissance before your interview

Social media is a valuable research tool to discover key hiring decision-makers when preparing to interview for your dream job. Matchmaking for that ideal employer-employee fit is now a two-way street. Hiring managers are looking at your LinkedIn, Facebook and other social media sites. Career seekers should be doing the same to prepare for that next interview. Job seekers are also looking at various websites to get a better understanding of the company’s culture, people and expectations. Performing your own homework including looking at online reviews from current and past employees can provide you a leg up on the day of your interview. Social media sites such as GlassDoor.com, Linkedin.com and even Facebook.com or Twitter.com may provide you with important insights that will enable you to ask thoughtful questions that demonstrate a deeper understanding of the prospective hiring organization.

President & CEO of Enigma Forensics, Lee Neubecker and Human Resource Executive, Dr. Nicole Konkel urge everyone to use all the social media tools to your best ability. Performing advanced social media reconnaissance of your prospective employer’s social media profile as well as your likely interviewers can provide you a leg up when you arrive for your interview. Listen to these important interview prep tips for seasoned experts in HR and online social media reconnaissance.

Preparing For An Interview

Lee Neubecker: Hi I’m back again with Dr. Nicole Konkel who’s an organizational design and development expert.

Nicole Konkel: Sure, yep, hi Lee. Great to be here again.

LN: And glad to have you on. I’ve asked Nicole to provide some insight to people out there on my network, as well as hers, that are looking for a job, in terms of what they should be doing to before they apply to their position, to make sure they’re well-prepared and they get off on the right foot. And that it’s a good fit.

NK: Sure, so Lee, I think it’s really important for you as a job seeker to interview and research the company that you’re applying for or applying to just as much as they’re going to do for you or to you. And so that means looking at social websites which will give you employee reviews and listen and not every review, most people don’t go to reviews to write good things. So we have to look at that and say who is giving this review? But look for patterns, look for employees saying the same things over and over again. That may not be any part of a culture that you would want to be in. Look for trends, look for better business bureau scores. Look for information on their current employees and look them up, look up their leadership teams.

LN: Now, I understand at least from reading that one of the most important determinants of someone’s happiness in a role in the relationship with their supervisor.

NK: For sure. LN: So would you recommend trying to find out who’s hiring for the role you’re applying for?

NK: Absolutely, you should definitely know who your potential supervisor is going to be. You should know if it’s a replacement position, why the last person left. You should ask these questions to every person that you interview with. Because what I can guarantee you is, in job searches that I do, I’m interviewing with multiple executives and companies. And every one of them is going to give you a somewhat different answer. While it may get you to the same place, it’s going to be a different answer and it’s going to give you a lot of insight.

LN: Well, I know too there are premium subscriptions you can sign up for, like in Linked In, that will give you more options where you can do the searching. And it might be helpful for you to know, who’s working at ACME Corp.?

NK: For sure.

LN: If you pay a little bit more you can see the employees you can tell who’s a second-degree connection, a third-degree connection.

NK: Sure.

LN: And if you happen to know someone in common, especially if you reach out to them before

LN: You can get intel on the person or the people working there that can really bolster your chances I’d think.

NK: Right, definitely a connection is going to be a really good step in getting you in the door for an interview. Versus just sending your resume like the other four hundred and ninety-nine people and hope that someone sees it. Most of the time they don’t get past the first 30. So I definitely feel, I don’t necessarily think you have to pay for additional services, I think a lot of that is out there for us to see for free. But definitely some benefits if you have the means to do so to get that additional information.

LN: Well, one of the things that people might not know about is that if you paid for the premium membership then you’ve already applied for a job at ACME Corp. you can see who’s clicking on your profile.

NK: Yes.

LN: And then you can tell who’s likely going to interview you. So without them even having to disclose who’s going to interview you you might be able to find out their interests, what shows they like.

NK: Yes.

LN: There’s a website called PQ, you can dig, you might be able to get details on their social media. The more homework you do, it always impresses people, you just don’t want to creep them out.

NK: Right.

LN: It’s okay to say “I looked online, I’m interested in your company” “I understand you do this and that.”

NK: Right.

LN: But it’s okay to say, “Oh I looked online probably the better that interview will go.

NK: Absolutely, I think it is very important to have details on those individuals are really like, “Oh wow. You looked me up?” Now, I wouldn’t necessarily say, “Hey, I saw it on Facebook “that you and your three kids went on vacation last week.” But I would keep it to the more professional accomplishments. If they have any reviews on Linked In that people have written for them, bring those things up because that only helps you.

LN: I recommend too that everyone consider making their own branded blog, like Dr. Nicole or I’ve got Leeneubecker.com because from time to time you move from company to company or you might sell a firm like I sold my firm, and someone wants to connect with you.
NK:
Exactly.

LN: When that happens, you have to be accessible.

NK: Right.

LN: And sometimes you lose control over your old workplace email, which raises another important point. Do no use your company email on your Linked In account.

NK: Please don’t.

LN: Because you might find yourself suddenly severed from your job and you’ll lose all your connections.

NK: Right, you in any social media that is yours, you should be using your own information, not your company.

LN: That’s right, oh, I think we’ve got a like on our Linked In. Well, thanks a bunch for being on the show, this is great

NK: Well, thank you for having me, Lee.

LN: Thank you.

Featured

Energy Industry Incident Response

Energy is vital to our everyday life. Companies face a competing demand to preserve data and at the same time continue to function. Experts Lee Neubecker and Geary Sikich give advice on how to overcome these challenges.

The Energy Sector provides the global economy with oil, gasoline, electricity, wind and natural gas. An Energy Industry incident could be a physical attack on a power grid or a cyber attack that stops a company from functioning. The properly planned and orchestrated energy sector incident response will minimize or reduce recovery time and loss. Potentially saving lives! Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. strongly urge all companies to create an incident response plan.

This is the final segment in the four-part series on Energy Sector Cyber Insecurity.

Part 4 of our Global Energy Sector – Incident Response

Energy Sector Incident Response video transcript follows

Lee Neubecker: Hi I’m here again with Geary Sikich, and we’re continuing with our final fourth part segment in this discussion about global cyber insecurity as it relates to the energy sector. And in this segment, we’ll be telling you a little bit more about some of the things that need to happen, related to the incident response of a data breach, for the energy sector. Geary, thanks for coming back.

Geary Sikich: Thanks Lee for having me. I think this is, probably one of those areas that are challenging to talk about.

LN: Yeah, certainly, and at the forefront, when things first go wrong, there’s a need to immediately take action to help preserve the data, and collect data so that it can be analyzed. But at the same time, there’s a competing demand for wanting the organization to function. And sometimes those two needs, create conflicts.

GS: Yeah, they sort of butt heads if you will. Yeah, I think the issue for a number of organizations, and I’ve experienced being in the kind of command center if you will, of organizations where their website had gone down. And it was, one of these where a lot of stuff was processed through the portals that they had there. Suddenly there was this pressure to get things back up, and then to look at, what is this costing us? Because now our customers cannot execute their orders and whatnot. And that becomes a challenge because it’s the urgency issue. The other aspect is that when we look at incident response, and this is a little bit different from the typical natural disaster incident response. If I’ve been breached in a cyber incident, how long is it before I actually realize that I’ve been breached? It may not happen very quickly, it could be very subtle. And things could be manipulated, and suddenly I’m in a situation like some of the big companies that had data hack, where all the sudden personal accounts of cardholders are exposed. Now, what do I do? So there’s a lot of not the only rapid response that’s needed, but a lot of consequence analysis that’s really needed.

LN: Is it?

GS: How do you do that and yet maintain, as you were saying, and begin to look at that.

LN: Yeah.

GS: From, not really a legal standpoint, but, from a defensive standpoint.

LN: Yeah, well there’s a lot that needs to happen in a short period of time, you have the collection and preservation. Which, forensic professionals are often called in, such as myself. To collect the data. Firewalls, servers, logs. Then you also have the analysis of that data to determine, what are the motivations of the attacker? Was it an attacker? Was it negligence? You know, oftentimes things go down, people assume it’s a cyber attack, external. It could be an internal attack, it could just be something as innocent as, I’ve seen a new system coming online that’s supposed to help back up and provide redundancy, actually reformat a storage NAS array, that it was supposed to help protect. So, these things can happen. And quickly understanding, making sure that data doesn’t disappear that could be used to rebuild is important And that’s where bringing in the outsider’s important because someone new coming in doesn’t have skin in the game. And, you really need that objective party, to help you figure out what’s happening.

GS: But I think that in that respect when you bring in someone from outside, they also have a vested interest in making sure that, from not only a reputation standpoint but also from the standpoint of the viability of their services, making sure that they’re helping to alleviate the issue. And to bring back some, equilibrium if you will. So there’s this issue of consequence management that comes to bear on those–

LN: And you have some conflicts that happen with having the people that were, kind of in charge of watching over the equipment, do the investigation. And that can cause some, serious problems to the organization. And it may be very well that, the attack wasn’t the fault of the people responsible for managing it. But, if for instance there was, an action that took place that might show some carelessness or mishandling of events by the people in charge of IT, there’s a real risk there that, that person might take actions that could result in further data destruction. In an effort to cover up, what had happened.

GS: So now in that respect, we need to protect, we need to begin to look at how we manage the data collection post-incident, or during an incident, if you will. There obviously some legal ramifications.

LN: Yeah well whoever does this might have to testify. And that’s another reason why having a third party come in to do this work is important. Because you may want, legal may want to know, “well before we put an expert up to testify in this, “just tell us what happened and how do we respond? “How do we get ahead of this?” If it was a problem with a vendor, you want to know that. Because the clocks ticking. You know from the time a data breach is confirmed, it is a real data breach and known, to the time it has to be reported, oftentimes its thirty days. So there’s not a lot of time, to wait around If your data breached before you get in your expert, your forensic expert to inspect.

GS: Okay, so we’ve got a legal consideration, that has to be looked at. Insurance today has changed in a lot of respects. So, business interruption insurance. Obviously, that’s a critical area because if you want to file a claim–

LN: Yeah you have to report it to the carrier, or even if you have cyber coverage, it might not be covered if you failed to notify the insurance company of the incident.

GS: So, when I look at that aspect and say, “I’ve got a business interruption policy,” you mention cyber. And now I know that there are other writers to those policies. Like for terrorism and things like that today. If I don’t have a cyber writer, which is a contingent business interruption issue, my business interruption insurance may not cover me, on something like that. So it really becomes more incumbent to have one, the knowledge, two, to be able to look at the legal considerations, three, to begin to understand insurance laws, what do I have from a coverage standpoint? Which is where the traditional risk management group comes into play. But IT’s got to coordinate with them, to ensure all that.

LN: Exactly, and I had Todd Rowe on my show, who’s an insurance cyber attorney, that deals with these coverage issues. So, that’s an excellent video to watch that delves into that more. The other things though with incident response, you know you have the potential PR issues that relate to being data breached. So really, you need to assemble your team, your in-house legal, your HR, your media advisor. Preferably you have a PR firm that has dealt with data breaches before. And then, you’ve got to put together a plan. And all this stuff needs to be going on in parallel. So while that’s happening, your internal people are probably trying to work on, getting their disaster recovery systems restored. You might even have an outside IT provider come in and help bring those systems back up online. The workload that happens when a data breach has occurred, is such that it really isn’t pragmatic or practical to try to have internal IT do all the work. And it also isn’t covered by insurance typically. The outside providers will usually be covered, but not the internal people.

GS: So, if from a structural standpoint, and I’ll draw this to the areas that I worked in many years back after some of the events in the energy industry. Oil spills and things like that. Where industries adopted what they called an incident command system. The United States now has the National Incident Management System. So with cyber though, the composition, in terms of that team, is not necessarily the same that we would see in a typical, incident command system as is generally presented. So from a functional standpoint, I think that there are some things that I would look at. One, somebody’s got to be in charge. Two, somebody’s got to look at planning. What’s going on, and future planning, what do we do? Three, operationally, what’s effected what’s not affected? How do we keep it from cascading? Four, a communications perspective. Internal and external. An administrative function, which looks at the financial aspects. An infrastructure function, which again, internal-external infrastructure. And then, the aspect of, you know, bringing this all together as a team. Your HR people, all these other things. So, yeah.

LN: That was an excellent wrap-up Geary. I really appreciate you being on the show. If you liked this video, please share it. And check out the other segments we did as well. Thanks again Geary for being on the show.

GS: Thank you, Lee. Very challenging to present on this topic. So much.

LN: Be safe.

Watch the other segments in our Cyber Insecurity in the Energy Sector Series.

Energy Sector Detection

Energy Sector Protection

Energy Sector Global Cyber Insecurity

Enigma Forensics related video blogs

Featured

Energy Sector Protection

The Energy Sector must protect the electric power grid system, oil, and natural gas infrastructures from the ever changing cybersecurity environment. Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. cover the many steps necessary in detection and protection against any and all threats.

As global unrest heats up, the Energy Sector has to maintain its cool. What is the energy sector? The oil, electric power grid, natural gas refineries, and pipelines are all part of the intricate web of the energy sector. To avoid a disaster they must wrestle with the ever-changing cyber security environment, protect themselves from internal and external threats in all of the energy sector infrastructures all while keeping up with energy demands. That’s a mammoth task! Both experts agree Energy Sector protection can be achieved if approached with precision. Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. cover the many steps necessary in detection and protection against any and all threats.

Part 3 in the four-part series on Energy Sector Cyber Insecurity.

Part 3 in our Global Energy Sector Insecurity

Lee Neubecker: I’m back again with Geary Sikich and we’re continuing our series discussing cyber global insecurity, as it relates to the energy sector. And in this segment, we’re going to talk more about things that can be done to help protect against these cyber threats.

Geary Sikich: So Lee, when we look at protection, I think there’s a three-level process and I think you can describe some of the things that have to go on in these three levels. Strategically, I put together a business plan for an organization and that organization sets goals and objectives, one would be to have cybersecurity. Now, how do I execute that, what are the things that, at the operational and tactical level, the things that really are going to prevent, what are those things, what are those things that are going to help me?

LN: Well, much like we were talking before about detecting compromises, having a solid inventory on what your digital assets are, what computer devices, what cell phones, if you know what your devices are and you have that information available, you’ll be able to spot when something goes wrong. So, part of protecting is doing the bean-counting work of inventorying your digital assets.

GS: So, it’s not just an audit process, it’s a much more of a detailed look at what those assets consist of?

LN: Yeah and once you know what your assets are, you can figure out, who are they assigned to? If someone leaves your organization, you should have accountability steps in place to retrieve those assets. You should also be inventorying the state of those assets, are they fully patched and up-to-date? If you’re not patching your devices, you’re at great risk of cyber compromise.

GS: So is identity, not only do I have to worry about being compromised from an external source but I also have the internal threat of a disgruntled employee, of someone leaving the company, not with any mal, you know, intent, no malicious intent, if you will but just not following up on what I should have done as they out-process.

LN: Exactly, password rotations, people have weak passwords, people become compromised, people reuse their passwords. As someone reused their password for one of your important infrastructure systems on a popular social media site and that site becomes compromised, guess what, those passwords get loaded up into software for hacking and they do what’s known as “credential-stuffing attack”, they loop through and they fire at every device they can using the username and password, the known username and password and that’s how a lot of people fall prey to attacks.

GS: So, in that context, should you store passwords via one of them, like Google Chrome or some of the other, Internet Explorer, those types of things, should you store passwords that way?

LN: I recommend against storing it in your browser. If you’re going to store them somewhere, I think a password management tool like LastPass, that has two-factor capabilities, two-factor authentication essentially means that you have to know your, it’s something you know, plus something you have or something you are and in the case of LastPass, you’re typically using either your cell phone with an app that has an authenticator, that’s something you have, plus your master password and that helps protect against someone intercepting your password and being able to log on.

GS: So, in essence, protection is not a simplified process, protection is something that we have to, sort of, dedicate ourselves to conscientiously and make sure that we continue to maintain an up-to-date awareness, in order to be able to fully protect ourselves.

LN: Exactly and that brings in your staff, you need to know that your staff are being educated about popular ways that companies become compromised like if a bunch of USB devices are dropped in the parking lot, they might say things like “payroll” or something on it, would your employees plug that into your computer, you know, are you testing for that? You know, there are things you can do, there are services out there where you can have your own organization spearfished by a white-hat hacker, that’s going to tell you who clicked and then you know who you need to educate.

GS: So, we’ve made two points thus far on protection. One is that it needs to be part of the business plan, it has to be audited. In terms of auditing, knowing what you have devices-wise. Second is that you have to have educated employees. Now, both of those aspects present somewhat of a business conundrum, if you will. Education doesn’t necessarily equate to dollars coming in but from a protection standpoint, I think the sales point would be that it prevents dollars going out and the better educated, the more aware so that we can look at the other aspects that we discussed, detecting and protecting being two.

LN: Unfortunately, if you run an organization today, you have a new job, which is to make sure that you’re cyber secure and it’s a serious threat that corporate boards are making their CEOs accountable for so you know and it’s multi-faceted, you got to train your employees, you got to nail what you have, you got to make sure what you have is up-to-date and patched and then you also need to make sure that you have some mechanism to monitor and record events so that you can tell if you become compromised so the protection really requires much more today than it used to, it’s, the number of ways that an organization can become compromised, can be via an employee’s cell phone that becomes compromised and then it launches an attack on your internal systems.

GS: So, in the, it’s kind of like the mindset, if you will, has to be changed, in terms of looking at management and their commitment to cybersecurity protection. In the days past, we looked at protection. “What can I do, put up a wall, what can I do, “I can physically protect my facilities and my operation.” Now, today, that becomes more of a challenge because we’re dependent more on things that are not necessarily in the realm of physical protection per se so we really have to be getting to rethink how we look at protection and then ensure that the process is continuous, not a one-time situation.

LN: Exactly and certainly, you know, a DR, known as disaster-recovery planning and contingency planning can go a long way, you know, a simple act of making an offline backup on a periodic basis and you know, maybe that’s only once a month for some organizations but at least, if you have something offline, if you get hit by a Cryptolocker attack, the risk comes down to “well, what does it cost “for us to rebuild the last month?” Or maybe it’s the last week or maybe it’s last night so thinking through, I think going through the disaster-recovery planning exercise is a really good way to help protect your organization.

GS: Okay, I agree with you on the planning aspect. The caution I would say with that is that all too often, organizations develop disaster-recovery, business continuity, other types of plans to deal with emergencies, the response. The challenge is that those plans need to be kept, as you did say, with the cyber up-to-date and consistently reviewed, we have to have it in the mental work.

LN: And that’s where having someone like you and myself come into audit the business risk and actually inspect to see is the plan being followed, is the C-suite having a false sense of security because there’s this plan that was produced years ago, that no one’s really looked into, you know, it doesn’t take but you know, I think, you and I onsite for one day, we could help poke holes and give a report of, is an organization following their plan or does it look like everything’s far off but you’re not going to get that reporting from your own people internally.

GS: Yeah, I think it’s a challenge for people internally because there’s a vested interest, number one. Number two, they think that, in a lot of respects, they’ve done what needs to get done. The other aspect and I think this is important from what you pointed out, is that when you begin to look at today’s plans, you have to realize, they’re kind of reactive, in many respects, they’re not very proactive so they react to an event happening. That’s good because that helps companies become more resilient but it doesn’t keep them from protecting themselves as they need to.

LN: Exactly but there’s also a financial component to these plans, you know, it’s not uncommon that IT, they’ll go through this exercise and then afterwards, they’ll say “well, I need this subscription, this software, “I need this vendor” and none of that funding comes through but it’s much better and that sometimes gets lost in the minutiae from planning to execution and if that, in fact, is happening, you’ll want to know about it before you need the DR and it’s not there.

LN: So, I think that wraps up our section on protection. In our next segment, we’ll be talking a little bit more about responding to the crisis of a cyber breach, as it relates to the energy sector.

Watch the other segments on Cyber Insecurity in the Energy Sector

Part 1 – Global Energy Sector: Insecurity

Part 1 Global Energy Sector Insecurity

Part 2 – Energy Sector: Intrusion Detection

Part 2 Energy Sector: Intrusion Detection

Watch other related video segments

Energy Sector and Cyber Readiness

To learn more read this government report about Cybersecurity for the Energy Sector delivery system

https://crsreports.congress.gov/product/pdf/R/R44939

Featured

Energy Sector: Intrusion Detection

After the most recent Iranian attacks most people don’t think about the danger to our Energy Sector that lurks in the global underworld. Cyber Security Experts Lee Neubecker and Geary Sikich are on the job! They say we can tighten our security and detect cyber attacks before they happen.

Energy Sector Intrusion Detection is complicated and delicate and necessary to maintain our power grid. The Energy Sector provides energy for the world and must be secured and protected. Many detection tools and resources of expert precision are used to ensure the security of these precious resources. Think about it? What do you do on a daily basis that doesn’t involve energy or some type of energy? Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. put your mind at ease and dissect cyber security and intrusion detection systems that are utilized by the Energy Sector.

This is Part 2 in the four-part series on Energy Sector Cyber Insecurity.

Lee Neubecker (LN): Hi, I’m back on the show again with Geary Sikich, thanks for coming back on the show.

Geary Sikich (GS): Thanks for having me back Lee.

LN: So we’re continuing our series discussing about global cyber insecurity as it relates to energy sector. In the second part of the series we’re talking more about detection of compromise. Um Geary, what’re your thoughts in this area?

GS: I believe that there’s a lot to be looked at in terms of the detection aspect, and this is one of the areas where you from a forensic standpoint, provide sort of a critical juncture, what’re you seeing that the general person, and even the general employee of the utility, might not be seeing? And might not be aware of?

LN: Well we know from reports by Dragos Cyber Security firm, that there’s a number of groups, I think around 11 groups are specifically targeting the energy sector. This report just came out this month, so there is a heightened attack readiness requirement to defend against these attacks. And the key thing that organizations need to be doing is they need to know that they have their firewall actively logging, and they need to be looking at those logs.

GS: Those are all state sponsored groups, right?

LN: Well, we don’t know exactly who they are, there could be terrorist cells, the Dragos report doesn’t give attribution as to the entities behind them. They describe the types of attacks, and the character of the attack methods, but there is a number of them that you can check out, there’s a link that will take you to their report if you’re interested in reading it. But you know, often times organizations fall compromised, and they don’t know it, and these things go on for a long time. There was a credit reporting agency attacked recently, for instance.

GS: So from a detection standpoint, the challenge that industries are faced with, cause our focus is going to be on the energy industry, so we’ll get energy industry. In general, the challenge that they face then, is that it’s not just what we perceive could be state sponsored hacking of their systems, it could be individuals, it could be terrorist cells, it could be pretty much anyone with a desire to infiltrate a system whether it’s to do harm, or whether it’s just to see if they can do it

LN: Exactly. The barrier to entry to launching one of these attacks is much lower. It requires knowledge, but the knowledge could be in the head of a teenager, that got rejected at school and wants to take the power out in his town. So that’s a legitimate problem. Now related to detection, I mentioned the firewall logs, there’s a great product out there called, Canary. Have you heard of it?

GS: No, it’s new to me.

LN: Essentially, it’s a company they tell these little devices, you deploy in your network, and they can pretend to be a payroll mass, health care information system storage database, or you can make it be whatever you want. But it’s essentially trying to lure an attacker. So if someone’s in your network, there going to scan your network to look for resources and it will detect people trying to brute force that item. So these items are a great way to have another way of knowing are you compromised. If organizations that had recently been publicly compromised, that didn’t know it for many years had some of these devices in place, they would probably know pretty quickly, like within a day or so, of someone getting through their firewall.

GS: So the challenge then I guess, from a detection standpoint, and the way we’ve seen it, and in discussions with organizations that I’ve worked with. Is that it’s not a single point of penetration that we have to worry about, it’s become multiple points of penetration, and multiple points that are not necessarily hard wired into the operating system. So utilities in a lot of respects have gone out to do with their status systems, monitoring your water usage, or electric usage, all remotely, and you periodically might see a utility vehicle drive by, and they may have a cellular type phone system, that goes by and scans your homes to see what your energy usage is. So those all become a factor. We get into detection in terms of things, we’ve mentioned today shipping is a big issue, and we mentioned with the current situation with Iran, the concern over the Strait of Hormuz, but shipping in general, navigation systems, have been targeted, not only by state actors, but by other groups. So you have navigation systems which is not just water born shipping. Think of where navigation systems are today. Look into your pocket and see your cell phone.

LN: Well we had the recent issue with the Boeing Max airplane, it turned out the sensors were damaged. Well these sensors they’re called MEMS sensors, they’re a combination of electro-mechanical sensors, and if the chip is hit at the frequency that matches the natural frequency of the component board, it can actually cause the chip to malfunction and report erroneous readings temporarily. Or if the frequency matches and it’s of a great enough amplitude it can actually damage the chip. And there hasn’t been much discussions about whether these chips were cyber-attacked but it’s very possible, if you look up University of Michigan, they have research on MEMS chip sensors and interestingly enough, the patent for these sensors was a Boeing patent. So there’s not a lot of talk about that and I think more likely if the chips were damaged, it’s more likely they were damaged while they were on the ground interestingly enough, the two crashes that occurred were in countries that had a lot of terrorist activity.

GS: I think the other aspect with detection is that when you begin to bring out a point like that, people have a tendency to assume durability of systems when systems can be very sensitive to, if you will, shocks, minor shocks to the system. So it’s not necessarily the physical attack, you could take the example recently Puerto Rico has had an earthquake. What damages were incurred by the, on their systems as a result? That are undetected yet. The sensitivity of systems I think has become really critical in a lot of these aspects.

LN: But like with these chips we’re blending mechanical with computer embedded processors. So like these chips think of an opera singer, that sings the natural frequency of a wine glass. If he sings it loud enough, that glass will shatter. It’s the same concept with this chip. You can fire sound at it, if you’re close enough, or if you have a strong enough amplifier, you could fry it. Now that could happen, a drone could potentially launch a sonic attack, someone onboard, a passenger could do it, cleaning crew coming through could do it. So these are some questions that it’s kind of a new paradigm but we even had issues with military aircraft having this uptick in crashes, and these same types of systems are in the newer military helicopters and planes and whatnot. So I think it was good that the military grounded some of these devices that were having these problems, And you know the investigation, I’m sure, continues and the public may not fully be briefed on this, but it is a threat that needs to be detected before people die.

GS: So the real issue with the situation that we’re in, with this kind of global insecurity if you will, is our ability to detect has been I’ll put it in these terms, if our ability to detect has been compromised by virtue of the disruptive technologies that exist that are making detections more and more of a challenge, because they’re becoming more and more subtle in how they entered in the system. So I can have a system that looks like it’s working perfectly, and yet at a point be compromised like the mechanical system that’s supposed to open a valve, and it’s been doing it for a long time, and then suddenly it either leaves it open, or completely shuts it.

LN: This is where it’s important that these entities have an accurate inventory of what their equipment is, and they also have an accurate inventory of the embedded systems and what that software code should look like. And they should have procedures in place to periodically verify that the embedded firmware chips that do these functions haven’t been altered. Otherwise they won’t even know, and something could happen at a very critical time. So that wraps up our section on detection. In our next segment will be talking about helping to protect against these types of attacks.

GS: Great.

Watch the other segments on Cyber Insecurity in the Energy Sector

Part one of our four-part series on Energy Sector Cyber Insecurity

Learn more about cyber security and data breach from Enigma Forensics.

Check out the government’s directives on cybersecurity as it relates to energy infrastructure.

https://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure

Check out what ComEd is doing.

https://www.comed.com/SiteCollectionDocuments/SmartEnergy/SmartGridAndDataSecurity.pdf

Featured

Cell Phone Privacy

One can’t overstate how much of our personal lives we reveal to our smartphones and that includes criminals too. Watch this three-part series to learn more.

Introduction of our four-part series on Mobile Phone Privacy and Security.

Cell phone privacy is a real concern for both individual users and law enforcement. Literally, everything you do on your smartphone or any other device is vulnerable and completely defenseless against criminals and sometimes the government. Think about what you have on your phone and how it’s used on a daily basis. All of your personal contacts, photos, videos, text messages, emails, online bank or other accounts, GPS locations data, basically, your history of who, what, where, when and how about yourself all exist on your smartphone. We can’t overstate how much of our personal lives are revealed and how much our cell phones are vulnerable if disclosed to unauthorized parties.

Guess what? Criminals have cell phones too, and their information can lead to not only solving a crime but saving lives. Law enforcement agencies continue to call for access to encrypted communications and devices, while tech companies warn that doing this would weaken the protection and allow potential criminals to take advantage of that same access. Leading computer forensics expert Lee Neubecker, CEO & President of Enigma Forensics discusses the issues relating to cell phone privacy and the government’s desire to have a back door into your smartphone with the Data Diva, Debbie Reynolds of Debbie Reynolds Consulting.

Cell Phone Privacy: Part 1 of 4

The video discussion transcript follows.

Lee Neubecker: Hi, it’s Lee Neubecker again, and I have “the Data Diva”, Debbie Reynolds back on my show again.

Debbie Reynolds: Hi!

LN: Thanks for being on.

DR: Thank you, Lee, for having me. I’m happy to be here.

LN: So we’re going to try something new. Instead of doing a big long eight to ten-minute video clip, we’re going to do a multi-part series, and this one’s going to be on the topic of…

DR: Cell phone forensics and recent incidents in the news having to do with the government asking private companies to unlock or create back doors to cell phones.

LN: Yeah, so cell phone privacy is an issue that many people are concerned about There’s a legitimate national interest in being able to investigate when terrorists use cell phones to conduct attacks. But there are also some concerns that every business should be concerned about if there’s a single back door key because we know the government can’t keep their keys in place. At least that’s what happened to the FBI, the NSA, then other agencies that were breached following the OPM breach.

DR: That’s right.

LN: So in the first segment of our four-video series, were going to be talking about what was reported by the Inspector General’s report from the FBI involving the San Bernardino terrorists when they wanted to get into the cell phone.

DR: Right. And next, we are going to talk about the privacy issues related to the FBI or possibly companies creating back doors, the court issues, the key solutions, and also the imperatives of organizations or companies not wanting to create these types of vulnerabilities in their inventions.

LN: Then you’ll get to hear us banter a little bit about what we think should happen

DR: That’s right.

LN: And then finally, in our last segment, the Pensacola Navy Yard station shooting that happened just this week. The FBI again approached Apple wanting help to get into the phone because they haven’t been able to get into the phone, and they’re wanting to know who else was involved, who they were texting with and whatnot so that they can help prevent other such attacks. So, that will be the wrap-up, and we welcome your comments on the website, your likes, and feel free to check out our video and share it.

DR: Thank you.

LN: Thanks a bunch.

Watch the Next Segment on Cell Phone Privacy: Part 2 of 4 continued

More to read about Cell Phone Vulnerabilities

Featured

Understanding EMR Audit Trails

Understanding EMR Audit Trails is important to any company dealing with (PHI). They must have all the necessary security measures in place and follow them to ensure HIPAA Compliance.

Understanding EMR Audit Trails is essential to a patient’s medical history In medical malpractice litigation. The Health Insurance Portability and Accountability Act (HIPAA) requires that the Electronic Medical Records (EMR) maintain an audit trail including all of the metadata. This EMR audit trail is a piece of highly relevant evidence as to who accessed what in the record, what entries were made and/or changed, by whom and when. Computer Forensic experts are key to effective electronic discovery during medical malpractice litigation.

How do hospitals record, protect, and store data? HIPAA sets the guidelines for the most highly sought after information by the world’s best technology hackers. Medical records are worth 4 times more than credit card information. Managing Personal Healthcare Information (PHI) places Healthcare facilities at risk of cyber attack 24/7, 365 days a year.

Check out this video with Enigma Forensics, President & CEO, Lee Neubecker, and John Blair, a noted Healthcare Industry Cyber Security Expert where they discuss the importance of protecting Personally Identifiable Information (PII).

Lee Neubecker and John Blair

Understanding EMR Audit Trails video transcript follows:

This is the third of the last video in the three-part series on Health Care Industry Cyber Threats:
Watch Part 1, Watch Part 2

Lee Neubecker: Hi, I have John Blair, a cyber security expert in the field of healthcare, and John is also involved with understanding patient medical, electronic medical record (EMR) audit trails, so I asked him to come on the show and talk a little bit about that with me. John, thanks for coming back on the show.

John Blair: Thanks, Lee. Glad to be back.

LN: So John, can you tell everyone a little bit about what HIPAA requires of healthcare organizations as it relates to tracking data of caregiving and the patients?

JB: Sure. Most of this is obviously directed at hospitals, but HIPAA also has things called business associates, and any interaction from any entity with, or any user with, PHI is going to be subject to these audit logging. Hospitals use systems called EMRs, so generally those, the audit trails are built into the EMRs by default, but obviously entities can turn those off if they so choose or configure them differently. HIPAA requires that you pretty much log any interaction, whether it’s read-only, view-only, edit, whatever that interaction might be. Identify the user, identify the time, what was done to the record, and that has to be maintained for several years. So it doesn’t matter what a user does with the record. Even if they just view it, that counts as a valid interaction and has to be logged and maintained.

LN: In fact, all of these hospital software systems out there have to be HIPAA compliant, or else the hospitals wouldn’t be able to use the software packages. Isn’t that true?

JB: Right, right. There’s a lot of federal regulations regarding that, that the standards that these systems have to meet in order to get refunds or rebates from the government.

LN: So Medicare funding, reimbursement, obviously is important.

JB: All of that stuff. And audit logs of user activity and interactions, or any interaction with PHI, is a critical component of that.

LN: You know, what I’ve seen is sometimes despite the software packages being EMR, audit trail compliant, that there’s the ability for the software that’s deployed to be altered so that the audit trails aren’t retained as long as required by law.

JB: Yeah, sometimes the storage of the audit logs, it can be overwhelming. So oftentimes they are archived offsite or inappropriate access is given to the audit log itself. And then it possibly can be changed, which ruins the integrity of the log, obviously, and that would be a very bad thing should something come up down the road and you needed that log.

LN: Yeah, and certainly, someone who has the master database administrator password to that back-end system, they could do whatever they wanted.

JB: Yup. But there’s supposed to be logs of that activity, as well, and reviews of those logs, but you’re absolutely right. If you’re an administrator, you can do a lot of damage.

LN: Yeah, I’ve assisted clients before involved in litigation, medical malpractice litigation, with just seeking the truth of what’s there in the records. Most of the time, they think many hospitals are compliant and do have those audit trail records.

JB: Absolutely.

LN: But, they don’t necessarily want to make that data readily available.

JB: No, they don’t. And it depends, it’s a case-by-case scenario, under the advice of counsel and things like that, but it’s very, very sensitive information, and obviously, it’s a public relations nightmare to have a breach of patient data, so they take those things very, very seriously.

LN: Absolutely. So can you tell everyone what PHI stands for?

JB: It’s Protected Health Information, as defined by HHS, there are 18 very specific fields that comprise PHI. PHI is a subset of PII, which is Personally Identifiable Information, but with respect to healthcare, it’s primarily PHI that we’re worried about and those 18 identifiable fields.

LN: Why would hackers want to target health care records?

JB: It’s far more valuable now than several years ago, it was credit card information, basically for year after year. Now, the credit card companies and technology with respect to how quickly a card can be replaced and deactivated. And so, just more money in it to steal medical information. And there’s more flexibility, as well. You can go get drugs, you can do a variety of things, whereas, with the credit card, it’s just money.

LN: If people wanted to launch a targeted scam on individuals, certainly having records that would enable them to filter patients that have Alzheimer’s, might give them an unfair advantage at duping people out of their savings.

JB: Absolutely. Because generally if you get someone’s entire record, you’re getting everything about them: their Soc number, their address, phone numbers, relatives, I mean, all this information is now at your disposal. And loans can be taken out in their names, it’s just a disaster waiting to happen.

LN: So Electronic Medical Records, known as EMR, represent an important target that hackers seek, because of the value of that information, and the uniqueness.

JB: Yup. The price of those records, per record, now varies, but I believe it’s in the $150, $200 range per record if it’s a breach now, and laptops can hold hundreds of thousands of records. So it can be very, very expensive.

LN: But it seems that this is a problem, too, that it isn’t just localized to any one area, it’s universal.

JB: Yeah, it’s across the board. Anyone dealing with PHI has this problem.

LN: How does the cost of a patient medical record compare to a credit card record, compare to the black market?

JB: Yeah, for the last several years, medical records have gained in value every year, while financial records, credit card information have devalued. And it’s to the point now where medical information’s worth four times as much as financial information. And that’s only increasing.

LN: So does that mean that people that work in the healthcare sector in IT and security are going to get paid four times as much as the people of the financial sector?

JB: I wish.

LN: Well, thanks again for being on the show, this was a lot of good stuff. I appreciate this.

JB: Thanks, Lee, appreciate it.

Other related stories about EMR Audit Trails

Other resources to learn more about EMR Audit Trails.

https://www.cdc.gov/phlp/publications/topic/hipaa.html

Featured

Iranian Cyber Threat Readiness

DHS has issued an advisory warning of potential cyber attacks by Iran against the U.S. Organizations should watch this short video detailing the top ways to protect yourself from Iranian Cyber Attacks.

D.H.S. Alert – Iran Cyber Threat Readiness

On January 4, 2020 Department of Homeland Security (DHS) has issued an advisory warning that Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out cyber attacks with temporary disruptive effects against critical infrastructure in the United States. Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S.- based targets. The Iranian Cyber Threat is real and warrants proactive measures to ensure cyber threat readiness and minimize the risk of a successful cyber attack.

Check out Enigma Forensics, Lee Neubecker, President & CEO, and John Blair, noted Healthcare Industry Cyber Security Expert to learn more about what can be done to deter such cyber-attacks and maximum readiness to an Iranian originated cyber attack.

Video Discussion on Iran Cyber Threat Readiness

1st Video in a three-part series with John Blair

This is the first video transcript of a three-part series.

Lee Neubecker (LN): So John, thank you for being on the show.

John Blair (JB): Thanks, Lee.

LN: John is a cybersecurity expert that focuses on the healthcare sector. Can you tell us a little bit about what organizations should be doing right now in response to concerns about potential Iranian cyber strikes on U.S. companies?

JB: Sure. I’m a pragmatist, so I think you should execute the basics first. Make sure your devices, it’s a border level of your network, and the devices are patched. You might want to start increasing your network monitoring for the next few weeks, to monitor the activity coming through, check your firewall rule sets, these types of things, just to make sure that you get a comfort level. I’m a firm believer in executing the basics solidly, and then monitoring. Because if you’re a target, and the people know what they’re doing, there’s not much you can do to prevent it anyway.

LN: So one of the things too, that I would add to that is, I think it’s important that people have a command of what’s on their network, which is basic inventory of your digital assets, so you know what your devices are.

JB: Yes, you do need to know your environment.

LN: Like you said, knowing what’s on your network, monitoring your log files and patching your devices, those three things go a very long way.

JB: A very long way. And they’re just good practice anyway. That’ll prevent most things from going bad.

LN: Great, well thanks for being on the show.

JB: Sure, thank you.

Articles & Resources Related to Cyber Threat Readiness

Resources on the Internet Related to Cyber Threat Readiness

Click here to view the DHS Iranian Cyber Threat Advisory.

Cyber Essentials: Building a Culture of Cyber Readiness– a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
Department of Homeland Security

Cybersecurity for Small Business: The Fundamentals” – a set of training slides and speaker notes to help small business owners educate themselves and their employees about cybersecurity best practices and resources.
National Institute of Standards and Technology

Cyber Readiness Program  – The Cyber Readiness Program is designed to provide practical resources and tools to help organizations like yours take action to become cyber ready. Completing the Program will make your organization safer, more secure, and stronger in the face of cyber threats. (Note: account with login is required.)
Cyber Readiness Institute

Featured

FBI Warning: Smart TV’s may be spying on you.

Smart TV’s may be recording you or your children without your knowledge.

Enigma Forensics, CEO & President, Lee Neubecker talks about the FBI’s warning about Smart TV’s and other smart home devises that are not secure. Lee adds to that warning that a hacker can actually see through to your living space by using the built in camera on your Smart TV. They can also listen to you and record your conversations, or exploit your TV to show content that is not suitable for your children to watch. In fact, most of our smart devises don’t have any security at all. Fortunately, there are a few things you can do to strengthen your security. Tune in to engimaforensics.com to learn more.

The transcript on FBI Warning on Smart TV’s follows:

Lee Neubecker:

Hi, so all of you should be aware that FBI has issued an advisory and warning to consumers purchasing Smart TV’s for your homes.

Specifically, you should be on the lookout for TV’s that have cameras. It could be recording you or your children without your knowledge. One popular measure they recommend is using black electrical tape to cover the top of the camera. If the camera’s physically covered you can’t record.

However, you have to be aware that many of these TV’s are also listening to you and maybe taking up voice commands, recording your conversations and possibly even retransmitting that information to other parties. It’s also possible that a hacker could get into a TV and exploit your TV display inappropriate content that your children might see.

So for more tips on how to secure your home, check out our website, we have a link that gives advice on this and as it relates to your TV, you want to make sure you know what you’re buying and it’s best to buy a TV that doesn’t have a known camera in it if you’re concerned about not being recorded.

Related articles to keeping your home secure

Featured

Cyber Insurance Coverage

Cyber insurance and security protection

Engima Forensics CEO & President Lee Neubecker and Tressler, LLP, Cyber Insurance Coverage Attorney Todd Rowe sit down for a video discussion. These experts stress the importance of understanding the full scope of your data risk in case of a cyber attack. Both agree cyber attacks are getting more and more sophisticated and urge every company no matter the size to take the necessary steps to protect themselves before a date breach occurs. Prepare your company by working with computer forensics experts and legal counsel and create a game plan to lessen the potential threat posed by a cyber attack. Tune in to find out more about cyber insurance and maximizing your potential for coverage when a cyber attack strikes.

Evolution of Cyber Insurance and Security

The transcript on Cyber Insurance Coverage follows:

Lee Neubecker: Hello, today I have Todd Rowe on the show. Todd is a specialist in cyber insurance related litigation and data breach litigation Todd, thanks for being on the show.

Todd Rowe: No, thank you, this is great. I appreciate it.

Lee Neubecker: And so, Todd, can you tell us a little bit about how cyber has evolved over the last five years?

Todd Rowe: It’s wide open, I mean, we’ve seen everything. First, I think, when we look at the threats, and the evolution of a cyber threat or a privacy threat, we’ve seen things from the classic data breach, which would have been the target data breaches move into more of a social engineering component and tricking users that way, by emails and things like that. Getting around the technology safeguards a little bit and getting in there and tricking people is the biggest development I think we’ve seen in the evolution of threats.

Lee Neubecker: And, how has coverage evolved for cyber insurance over the last five years?

Todd Rowe: Yeah, I mean, we’ve seen huge leaps in insurance coverage and what the policies look like and what we would call cyber policies. We’ve seen the developments first in what would be considered first party insurance coverage, which would be actually responding to the damage that happens. And then, the third party liability piece, responding and giving a defense in the case of an incident. While we’ve seen a lot of developments, I think, with cyber insurance, we still don’t see the uniform policy language. So, there’s still a lot of uncertainty there, but we’ve seen some big developments recently.

Lee Neubecker: So, when a company suspects that they have a data breach incident, what’s your first role on the ground, talking with the client in terms of what you’re advising them?

Todd Rowe: Yeah, all things being equal, we would have loved to have been in there before there was an incident. Preparation is always the best scenario, and what preparation should look like is a corporation or a business working with forensics and legal and getting a game plan together, assessing what those threats might be, and what to do if there are those threats. But, afterward, hopefully you have the game plan. If you don’t, it’s pretty much all boots on ground, getting in there with forensics and legal, and understanding what the threat was, and making sure that the threat is extinguished, and moving on and notifying people that were involved in the threat.

Lee Neubecker: I know from experience that companies that take the time to proactively assemble their team before something happens, and bring in legal, forensics, and outside help, are often in a much better situation when something goes down. They face less downtime, their business can be back up and running. I think the biggest challenge I’ve seen is when companies have no idea what is legitimately their, what their devices are, because when you’re trying to assess are we still compromised, you need to know what good looks like. And if you haven’t mapped out your organization’s IT resources, that really creates a problem.

Todd Rowe: From our point, there’s always been, it’s been a tough sell to go in and try to get in before there’s an incident. A lot of corporations don’t want to think about something until it actually happens. But, the sort of, the wisdom in getting in there beforehand is getting that game plan together, figuring out what data you’re storing and what data you can get rid of. And so, the more data you can get rid of, the better you do on cutting down your liability in the end. Also, working on technology safeguards and having those in place. So, working with forensics, legal, and even PR a little bit really helps in the long run, no doubt about it.

Lee Neubecker: So, if you have cyber insurance, does that mean that you don’t have to worry about a cyber incident?

Todd Rowe: The thought right now, I think, and it has been for a number of years, is an incident’s going to happen, and it just, you need to go in and do things to prep. And while we were discussing earlier, the preparation that you need to do to get sort of an inventory, cyber insurance is another piece of that preparation that needs to be in place. Once again, working with professionals, insurance professionals, brokers, forensics, legal, on what that cyber product that best suits your needs, is the best situation to have that in place once something happens. It will happen, it’s just a matter of having all the right pieces in place when it does happen.

Lee Neubecker: So, if a company has, is storing biometric information, which could even include video cam footage of a certain resolution, what are some of the unique challenges that are raised by some of the laws here in Illinois and elsewhere?

Todd Rowe: Really, being in Illinois is, and I don’t want to use a cliche, but is on the cutting edge of biometric data. And we have BIPA, which is the Biometric Information Protection Act. And what that does is it protects a lot of things like face scans, and finger and thumbprint templates. And, I think one of the biggest issues we see is recently, now BIPA’s been around for 10 years or so, it’s been around for a long time. But we’re seeing a huge uptick in BIPA cases right now, because a number of businesses went in and put in timekeeping systems for their employees that work on thumb and finger scans rather than the old punch card systems. So, the law didn’t change, but the technology did, and so now, there was warnings that should have been put in place before you take that biometric data with those systems. So, they put the systems in, and they didn’t necessarily have the law in place. That’s a perfect scenario where we could’ve had forensics and legal all working together beforehand to avoid a lot of liability, so.

Lee Neubecker: So, what do you see happening in the future with the insurance coverage laws? Especially, you know, one of the concerns I have is, you know, there’s this act of war exclusion, and if you have cyber insurance and you’re hacked by someone outside of the country, what happens there, is that covered?

Todd Rowe: It depends, really, on the policy form. So, we’ve seen, once again, Illinois is on the cutting edge of that law as well. A lot of insurance policies, CGL, commercial liability policies, and even some cyber policies to some extent, have terrorism or war exclusions, excluding acts of war. And that was fine when we were looking at Pearl Harbor, perhaps, or something like a real act of war where a government might declare war on a country, and some damage that results of that would be an act of war. But, with privacy and hackers, and hackers sitting in nation states, but maybe not being an agent of that nation state. So, the case that we have right now that gives a good example of this is a Zurich case, insurance case with Mondelez, they’re a snack food maker. And, Zurich denied coverage, and it looks like the hacker may have come from perhaps China or North Korea. So, what do you do with that, as far as, if you’re going to exclude coverage for that, nobody’s declared war on any of those countries, so that’s going to be a struggle. And I think that demonstrates some of the strengths and weaknesses of cyber coverage right now, as it stands.

Lee Neubecker: And, what do you see happening, what’s the likelihood that the federal government stops in, steps up to the plate should a major data breach happen that could be considered an act of war?

Todd Rowe: Yeah, I mean, well first off, the government brings up another point, as far as right now as it stands, privacy and data laws, we just have a patchwork of things here in the U.S. Of course, there’s frameworks that have been adopted in, for example, the E.U. with GDPR, and we don’t really have that in the U.S. So, we first don’t really have a clear idea of who would do the response in the government. Would it be the Federal Trade Commission, or who would handle that type of situation? So, we have a lot of state laws, so we have a lot of problems like that. And, we have California, which is adopting some stronger guidelines as well. So, what would happen there as far, it’s going to be really left to ironing things out with the insurers and the insurance. Once again, what a great opportunity to sort of look at this issue before an incident happens. You really wouldn’t want to get into this complex of an issue when you’re trying to respond to an incident. So, another reason is, to go and prep a little bit, would be exactly what we’re discussing right now.

Lee Neubecker: Yeah, I know from experience that clients of ours that have had data breach incidents, if they’re working with someone that’s experienced litigation professional in the area of cyber and insurance, the likelihood that, you know, my firm’s fees get covered goes way up, and there are, there’s a potential for coverage of that forensic response. But ideally, you want to have your own team. You want to be picking your team. You don’t want the insurance companies assigning your people, if you can avoid it.

Todd Rowe: Yeah, a lot of insurers do have panels, and there are a lot of insurers that prefer that, because they don’t know where to go. So, that actually, if there’s an incident, that helps out. But, the best scenarios, and we’ve been involved in a lot of responses, and the best scenario is when we’ve had an opportunity to sit down, and maybe you and I talk, the forensic side of things and the legal side of things, and figuring out exactly how we can cooperate and what that response would look like. So, absolutely, if you can sit down and chat beforehand, you’re going to really save yourself a lot of stress and pressure.

Lee Neubecker: Well, thanks a bunch Todd, for being on the show. This has been great.

Todd Rowe: Absolutely, thank you so much, I appreciate it.

More articles that relate to data breach response and cyber insurance coverage follow:

https://enigmaforensics.com/blog/secure-home-from-cyber-attacks/
https://enigmaforensics.com/news/wgn-cyber-security-chicago-2018/

https://www.thebalancesmb.com/what-s-covered-under-a-cyber-liability-policy-462459

Featured

Cyber Readiness: Power Grid Outages

Are you ready for a power outage? Check out this video for Cyber Readiness and Power Outages tips.

Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, President of Logical Management Systems, tackle the strategies you need to know to prepare for a cyber attack. Each describes in detail the importance of cyber readiness starting with power outages.

Be prepared for a cyber attack or power outage

The transcript of the video follows:

Lee Neubecker: Hi, I’m here today with Geary Sikich. Geary is the President of Logical Management Systems. Thank you, Geary, for being on the show.

Geary Sikich: Thank you, Lee.

Lee Neubecker: So we’re here to talk a little bit about cyber attacks on the power grid, and what impacts that could have on businesses and individuals alike. All right, Gary, is the future of war likely to be cyber, in your opinion?

Geary Sikich: Well Lee, I think there’s three aspects of that that we need to look at. There’s what I’ll call a strategic aspect, which in effect, we’re already in a cyber war in many respects. Nation states are using cyber in a lot of different ways. Not necessarily as disruptive as it could be, but it’s got the potential to expand. There’s then another level down from there which I’ll call operational, which is targeting specific locales and areas. And then, what I’ll call a tactical level where you’re targeting individual facilities to include even neighborhoods at this stage. And one of the things I think you’re going to see in the future is that there’s going to be more of a reliance on these disruptions because of the great impact they have on businesses as well as the general population.

Lee Neubecker: Yeah so, one of the things that I had lectured on before was some research that came out of Princeton University on a topic called MadIoT, which relates to manipulation of end user demand by attacking insecure Internet of Things, IoT, devices in homes and whatnot. And essentially, what the researchers found was that by taking over enough routers in homes, you could compromise Wi-Fi devices attached to high-wattage appliances like Internet-enabled microwaves, toasters, heaters, things like that that would draw a lot of current, air conditioning systems and that by attacking adjacent neighborhoods, you could manipulate power demand in one neighborhood such that the power’s going off or down low, and then the adjacent neighborhood causing all these appliances to come on, which by only creating a small disturbance in balance of power, Kirchhoff’s law that dictates the flow of electricity could cause faults in lines as electricity moved from one neighborhood to another in spikes, and that that type of attack could effectively knock out parts of the grid. There are a lot of factors, obviously, that could knock out the grid, but what have you been advising your clients to do in advance of such an outage, to help them mitigate the risk and protect themselves?

Geary Sikich: One of the things we look at with that issue, and it’s a very big issue, and it ties into the areas I previously mentioned, the strategic, operational, and tactical, is to begin to look at how you can be resilient as an organization. So, I’ll give you an example. A colleague who was at a firm in Southern Illinois, they were about to move to a larger building. And one of the things he was charged with was developing the plans and then getting the move set up. They didn’t have a generator, and I highly recommended to him that they get a generator. They decided to do it, and to their benefit, once installed and once they got it in the building, they had a localized power outage which, for them, was a non-event so to speak because the generator immediately kicked on. They didn’t lose any power. As a commodities trading firm, they’re very dependent on the ability to communicate electronically for trade. So when we got to analyzing things, I asked, “What did you think?” and he said, “Well, it cost “probably a quarter of a million.” And then I asked the second question, which I think was more relevant and important as he understood it, “What was the cost in lost trades, if you’d have not “had the generator?” He said, “About $2 billion.” So the immediate impact on these things is that organizations really need to think about how can they secure a power supply for themselves so that they can effectively operate independently of the grid in times of a crisis?

Lee Neubecker: So an adversary of a financial services company could actually cause massive harm by targeting and causing a power disruption, knocking out the trading facilities–

GSL Yes. LN:Costing them billions of dollars.

Geary Sikich: Yes. And the interesting part about that is, that when you begin to look at it, it’s not just that immediate impact, it’s the cascading impact that goes throughout the entire system. So you knock out the trading aspect, you suddenly knock out the logistics of movement of products and services, and it cascades throughout the entire system if you will.

Lee Neubecker: So what do you see are the other downstream potential impacts to a prolonged outage?

Geary Sikich: Oh, prolonged outages are one of the concerns that a lot of organizations have. What do I do to keep my business in business if we’re faced with a long-term outage? Natural disasters have shown us that it can take up to and beyond a couple of years to recover. A lot of organizations literally could go out of business as a result of not being able to have the financial resources to weather a storm like that.

Lee Neubecker: Well, this has been great stuff. I really appreciate you coming on the show, Geary. Thanks a bunch.

Geary Sikich: Thank you, Lee, I appreciate it.

Featured

Cell Phone Forensics

Personal Cell Phone Forensics inlcudes social media, business and personal messages, photos, emails and GPS.

Leading computer forensics Expert Lee Neubecker, discusses the complexities of cell phone forensics with Debbie Reynolds from Debbie Reynolds Consulting. We both agree the litigation involving cell phones becomes personal and proves difficult to gain possession. Personal and business text messages, social media posts, photos, GPS records, emails, are all weaved together and become part of the discovery equation. eDiscovery in today’s era is incomplete without including data from smart phone including text messages, Skype, WhatsApp, Slack, Signal and other messaging platforms. Learn more about eDiscovery as it relates to personal cell phone messaging systems by watching Reynolds and Neubecker discuss the topic in today’s blog video interview.

The video interview transcript follows:

Lee Neubecker: Hi, I’m here today again with Debbie Reynolds, and we’re going to talk about something interesting, which every piece of litigation now is getting into. We’re talking about cell phone forensics. What’s been your experience with litigation involving cell phones and discovery?

Debbie Reynolds: Well, whenever they’re cell phones involved eye-rolling begins because people take their cell phones very personally. As opposed to someone’s laptop, which maybe they don’t want to give up, they will fight tooth and nail not to give up their cell phones. And obviously people, they mix work with pleasure and they’re doing different things. They may not want you to see, even if it’s nothing criminal going on, people just feel very tied to their cell phone. The hardest thing is actually getting possession of it and letting them know that you’re not going to look through their juicy texts or their photographs, especially if it’s not an issue in the case.

Lee Neubecker: I know that whenever you need to get into text messages, it becomes a sensitive topic for people. But there are effective ways to get effective discovery without totally trampling over someone’s privacy in many issues involving contract disputes or other civil litigation, what’s important is to identify the relevant custodians. Let’s say we have your cell phone in the conversation with mine, we can then take that, we can create a single PDF document showing each conversation thread and then you could quickly go through it, if it’s your phone in which your attorney identify relevant, not relevant, and then only take the ones that are between the relevant parties and load that up into the review platform.

Debbie Reynolds: Right. And to one thing, one very effective thing that people are doing now, and that’s something that you do, Lee, is where someone, they don’t want the other side to see their whole cell phone so they’ll have a forensic company collect the phone and say, only give them X. That’s actually a very secure way. It gives people peace of mind knowing that they’re not giving everything over, that the forensic folks can actually do some of this pre-work before people actually start looking at things.

Lee Neubecker: Yeah. And like what I’ve done is, they’re not going to pay me to spend time looking at their photos, nor do I want to look at that stuff.

Debbie Reynolds: No. No one cares. I think that’s what people don’t understand. We’ve been working on cases for over 20 years and I really don’t care what’s on the phone or what you said or what videos on there. It really makes a little difference to us.

Lee Neubecker: What I try to do is I try to quickly create almost a summary index of okay, these are the conversation threads. Tell me which phone numbers are relevant, aren’t relevant, who are the relevant parties, and then we can just pull those specific threads out, put them up into the review platform.

Debbie Reynolds: Exactly.

Lee Neubecker: Now, sometimes there’s issues where photos are relevant specifically, if it’s important that you know the whereabouts or someone on a given date and time. Photos often can establish whether or not someone was really at home sick or out on vacation somewhere. There’s embedded GPS data that is recorded into most photos that are taken with smartphones.

Debbie Reynolds: Unless someone decides to strip it out. I think if you don’t do anything to it, it will collect that data. But there are ways to strip that information out. And also, people can turn off GPS tracking on their phone.

Lee Neubecker: Yeah. Well, thanks for being on the show again today.

Debbie Reynolds: Well, thank you for having me.

Featured

Trade Secret Theft

When employees leave a company, it is common that departing staff may take electronic files belonging to their former employer. Matthew Prewitt, a trade secret litigator shares his experiences pursuing and defending against such litigation. The role of computer forensics and the importance it plays in getting to the truth is discussed in this informative interview.

Leading computer forensics Expert Lee Neubecker discusses trade secret misappropriation by a departing employee and how that can lead to a competitor gaining an unfair competitive edge. The Chair of Schiff Hardin’s trade secret practice, Matthew Prewitt, emphasizes the importance of working with a computer forensics expert to preserve digital evidence and perform effective discovery that can later be used if litigation is necessary. Enigma Forensics staff are experts when investigating a departed employee using computer forensics.

The transcript of the video follows:

Lee Neubecker: Hi, I’m here today with Matt Prewitt. Matt is the chair of Schiff Hardin’s trade secret practice, and is an experienced litigator that focuses on the area of trade secret theft. Matt, thanks for being on the show.

Matthew Prewitt: Thanks for having me, Lee.

Lee Neubecker: We’ve had cases we worked on before involving departed employees. Could you tell everyone a little bit about your experience in this area, dealing with trade secret theft?

Matthew Prewitt: Sure, I mean as a trial lawyer, I’ve litigated both sides, sometimes, defending the departing employee, and/or that employee’s new employer, other times representing as the plaintiff, the company that the employee left.

Lee Neubecker: So, can you tell people generally what happens when you’re on the side of that had the employee that left? What happens at ground zero?

Matthew Prewitt: Well, ideally, the company would already have in place a structure of trade secret protection, and contractual, policy, and technology protections against unfair competition by the departing employee. So, that framework consists of, typically, a confidentiality agreement with the employee, perhaps a set of restrictive covenants, like a non-compete agreement, and then, hopefully, handbook policies that govern the conduct of the employee. Those will be coupled with restrictions, of course, that integrate with the company’s relationships, with its vendors and customers. Basically what the company ideally should be doing, is sitting down with outside counsel, in-house counsel, IT, and thinking about all the places where the company has sensitive, competitive information, trade secrets, or other confidential information, that are at risk when an employee turns out to be disloyal.

Lee Neubecker: So, when a client calls you, and they suspect that someone took stuff, what do you advise them to do, initially?

Matthew Prewitt: Well, I mean the first is to assess the situation and, that consists of identifying, with these days, almost everything is electronic of course, so, the first part of the assessment is to identify the types of electronic information that the departing employee would have access to. Either legitimately, during the course of that employee’s work, or, by exceeding the policy limits or protections that the company had in place. You’re doing, you’re identifying those areas for two reasons, one, preservation of evidence is very very important. And there’s no way to know what you need to preserve if you don’t know what the employee had access to, or potentially could’ve stolen. And then the other reason is to assess the competitive risk, and to begin to develop a plan for the investigation, and perhaps litigation response if it turns out to be warranted.

Lee Neubecker: And, so, typically, I know part of that initial response, when I’ve worked with you in the past, you want a forensic image made of the employee’s computer, before anyone mucks it up.

Matthew Prewitt: That is a, certainly an important starting point. With the changes in technology, for better or for worse, the places where the relevant data reside and the places that need to be preserved are, are multiplying instead of getting narrower, so, the hard drive of the laptop remains a very important source, because, forensically, it is often times the area that is most susceptible to forensic analysis and investigation. But there certainly are other places, as well. Cloud storage, the company’s computer network, personal email account of the employee, personal phone, company-issued phone, it goes on.

Lee Neubecker: I know when I first started in this area many years ago, the misappropriation was on a CD-ROM, and now, you’ve got smart phones, you’ve got USB drives, but the cloud is a whole other area of concern, because, companies can connect to Dropbox, Box.com, various other place, AWS, and move data to the cloud, so that, that becomes another point of concern in a need to be able to collect and preserve data from sources other than the computer.

Matthew Prewitt: You’re absolutely right, Lee.

Lee Neubecker: So can you tell us any war stories about what, what’s happened in the past when you’ve used forensics to pursue a case, and what kind of result you’ve been able to get for your clients?

Matthew Prewitt: Sure. I mean the forensic examination is really a critical part of a trade secrets case, especially if you’re on the plaintiff side, because, in, when you’re in court, trying to enforce restrictions against a departing employee, the, for better or for worse, the court is typically going to start that process with having, with some sympathy to the departing employee. I mean we are in America, and people are supposed to be rewarded for their ingenuity and hard work, and, employee mobility from one company to another is a basic value of our society. So, showing the court that the employee cannot be trusted to do the right thing, to be an honest and ethical employee at the new employer, at the new, at the competitor that she or he’s goin’ to, is really really important for building an effective non-compete case, or trade secrets theft case as a plaintiff.

Lee Neubecker: So for instance, if your client had a policy of no USB drives, and didn’t use USB drives, but yet, your forensic expert reported that a USB device was plugged into the computer the day before they filed their resignation, and that various files appear to have been copied to that drive, that would be something that would be compelling in support of an injunction, correct?

Matthew Prewitt: It’s certainly a brick in the building that you’re trying, or the story that you’re trying to build from court, absolutely.

Lee Neubecker: So there’s other pieces too, have you had situations where you’ve petitioned the court to allow discovery of that departed employee’s home computer, or the new workplace computer?

Matthew Prewitt: Yes, part of the forensic exercise is demonstrating the need for that discovery. And so, what you’ll want to start with as part of your initial investigation, is to have your forensic expert look for evidence that will show that the employee has used her home computer, has used external devices, has copied to the cloud, and once you can show the migration of data, under suspicious circumstances, off the realm of the company-owned hardware or accounts, then that’s the central starting point for demonstrating the court that you need a more invasive approach into the personal devices and accounts of the departing employee.

Lee Neubecker: Great so, let’s say that the plaintiff attorney has established convincingly with their forensic expert that data was misappropriated, and that the data clearly is confidential, and trade secret-type information. If you’re advising the new company that hired the sales person, and you saw the report and you believed the report to be credible, how might you try to help that new employer end the litigation and get things to a peaceful place?

Matthew Prewitt: Hopefully that they, the new employer has already laid the foundation for that scenario by instructing the employee before arriving, that they should not copy or take things with them, from their previous employment, should not load things onto the company network that are… belong to the previous employer, et cetera. And, to have done that in writing. If that’s happened, that puts the new employer in a potentially awkward spot, because you have an employee who not only has, has taken his former, his or her former employer’s stuff, but then has also disregarded the instructions of the new employer as well. That’s the situation where the new employer may be seriously considering terminating its relationship with the new employee.

Lee Neubecker: I’ve seen that happen, I’ve also seen situations where, the employee who departs agrees to have forensic inspections on his computer, and, signs an agreement that pretty much guarantees that if he’s caught doing something with this, that he’s going to have, face massive legal costs, and admit to wrongdoing.

Matthew Prewitt: That’s where that trust factor or credibility factor, that comes, that’s one example of where it becomes really critical. Not only is the court typically going to be inclined to the defendant departing employee’s situation, and want that employee to be able have gainful employment, many courts are also going to want to give that employee a second chance. And the second chance here is the chance to turn over the, turn over the information, and provide exactly the kind of affidavit or certification you’re referring to.

Lee Neubecker: Great well, I appreciate you being on the show and talking about this topic. It’s one that impacts most businesses, so, thanks again for being on the show.

Keys to Investigating Departed Employees using Computer Forensics

  • Forensically preserve the departed employee’s computer storage media before any examination of the contents occurs
  • Look for recently accessed files as reported by shortcuts and other system activity logs
  • Analyze recently deleted files to look for evidence of trade secret theft
  • Investigate recent connections of external storage to the computer
  • Build a timeline of events that led up to the departure to assist in an efficient investigation
  • Hire an experienced computer forensics expert – that’s us

Read More on Trade Secret Theft:

Featured

EMR Audit Trails

An electronic medical record (EMR) audit trail is a log file required by HIPAA of all electronic medical record software systems. The EMR audit trail documents all points of access of a patient electronic medical record system including any actions to modify, view, print or amend the record by replacing or adding new data.

Electronic Medical Record (EMR) Audit Trails are key to effective electronic discovery during medical malpractice litigation. Renowned EMR Computer Forensics Expert, Lee Neubecker interviews Insurance Defense Attorney Bill McVisk who usually helps defend hospitals embroiled in medical malpractice litigation. McVisk discusses common areas of confusion during discovery of patient medical records. Neubecker relays some of his past experiences helping plaintiffs uncover important medical records that are often hidden from plaintiffs during discovery. Enigma Forensics has assisted counsel with conducting depositions relating to Electronic Health Records (EHR) and EMR. The two discuss how electronic medical record systems have often made the process of discovery more difficult and confusing to attorneys and litigants.

The transcript of the interview follows:

The transcript of the interview follows:

Lee Neubecker: Hi. I’m here today with Bill McVisk. He’s a patient medical records expert, a litigator. He works with hospitals that are dealing with EMR-related patient medical records and whatnot. I had him on my show today because I want to talk a little bit about electronic medical records. Bill, they said that electronic medical records were going to revolutionize everything and make everything so much better. What’s the reality of what’s happened since we’ve brought about medical records?

Bill McVisk: A lot of EMR has been great. I mean, there’s an ability of doctors to provide records to other people that they couldn’t have done before. There’s the ability, for instance, of a radiologist to look at a film that was taken, and he can be in San Diego, and the patient can be in New York, and it still works. The problems, though, there are some problems. I mean, the biggest problem I see is that anyone who’s ever gone to a doctor’s… the doctors are focused on their computers instead of focusing on the patient. What they’re doing is hitting all sorts of drop-down menus and stuff, and I think we’re losing something from the standpoint of presenting physicians and nurses in malpractice cases. It creates a situation where you don’t really get a sense of exactly what that nurse or doctor is thinking, and so the records just aren’t quite as helpful in medical malpractice cases as they used to be. On the upside, we can read them now, whereas in the past we had to worry about doctors’ handwriting.

Lee Neubecker: Yeah. I know from experience working as a EMR, a patient medical record expert, that discovery can often become challenging. When an attorney is preparing a witness for deposition related to patient medical records, what are some of the things that you look for and care about in that process?

Bill McVisk: Well, the first thing, quite frankly, is to make sure I have the entire record. I can’t tell you how often I’m getting records where I get part of the record, and for some reason, I don’t know if it’s stored on a different server or what, I’m not getting all of the record. I may get all the physician’s part of the record but not the nurse’s part of the record, and obviously, that’s essential. Other problems, like when I’m preparing a witness for a deposition, the big problem is that they’re not used to seeing these records printed out. I mean, in the past, they would look at the chart, it would be exactly the same as the chart they were looking at in the hospital. Now, they are looking at the chart on a computer screen when they’re in the hospital, but when you’re preparing them for a deposition, you’ve got a paper chart, and the paper chart prints out terribly. Every time there’s a slight change of any kind in the record from one minute to the next, the chart prints out the page again and again and again, so there’s all this stuff, and it’s just getting the nurses and the doctors to know where in the chart their entry is going to be makes it a little bit harder.

Lee Neubecker: Yeah. I have experience working with that, and I know that HIPAA requires that every instance of that medical record, pre-editing and post-editing, that that data be preserved and discoverable, but in reality, a lot of the software packages, they only have reports that run the last version, so to get into the true audit trail, you often have to get into the database backend to get access to that information.

Bill McVisk: Well, and I think audit trails are the other aspect of things that makes it a little bit harder in this situation. In the past, we basically, I could give the original medical record to the plaintiff’s attorney to inspect. If somebody had erased something or done something like that, it’d be pretty obvious. I would hopefully know about it before the plaintiff’s attorney would know about it. Then I’d deal with that. But, it may not be obvious now because people can go in, change records, and now, if an audit trail is suddenly showing me, “Oh, my god, somebody was in and did something “to the record,” and it’s two or three weeks after the treatment was over, or, say, two or three hours after a terrible incident occurred, that’s going to make it look concerning. So I think from our standpoint, it’s a matter of making sure healthcare providers are aware of how to do it in a way that isn’t going to look like you’re trying to fake or lie.

Lee Neubecker: And there’s a big difference between accessing a medical record, and editing it.

Bill McVisk: Right.

Lee Neubecker: That’s where sometimes attorneys on both sides become confused about the significance of what’s happening with the patient record.

Bill McVisk: Right. I mean, records get accessed all the time. Maybe it’s to prepare for a deposition. You have to access the record to look at it. Maybe it’s because there’s followup treatment and you need to access the record. That happens all the time, but sometimes, on these audit trails, it’s not always easy. Is this just an access, or is somebody going in and changing something?

Lee Neubecker: And there’s a whole other layer, too. I know from my experience working with many of the packages that the hospitals often use systems that have something known as sticky notes, where they can put comments about a patient. There’s a wide perception that those notes aren’t discoverable. Just because the software doesn’t have a report that will run it, doesn’t mean that if someone like me is coming in, and I get access to the backend database, those comments about the patient and whatnot become apparent. But unfortunately, it’s difficult to get at that data if you don’t know what you’re looking for.

Bill McVisk: And that creates a real problem if you’re defending the hospital, because if I don’t know about these sticky notes in the beginning, first of all, I’m not going to be thinking, “Oh, my goodness.” Then, if you come and discover them, it obviously is going to be, “Oh. I was trying to hide those notes,” or, “The hospital was trying to hide those notes,” which is always the worst thing you can do as a defendant in litigation. And they’re clearly, if there’s something about a patient in those notes, it’s almost never privileged, it is discoverable, and it should be provided immediately.

Lee Neubecker: Also, you know, there’s a tendency I see for the hospitals to try to cover things up. Do you think that there’s some value in bringing in, when you’re defending a hospital, your own forensic expert to dig around and find out what’s really happening?

Bill McVisk: See, I don’t think the hospitals are intentionally trying to cover stuff up. I really don’t think that’s, I’ve almost never seen that happen. There may be, you know, one or two, but in most of these cases, I think the hospitals are trying to find out what the truth is. That being said, the hospital may not be aware that some of these things, because the risk management for the hospital might not be fully aware of all of the situations that are involved in electronic medical records, and yes, at that point, it may be a good idea for me just to have somebody like you go through those records, let me know. Before I produce them to the plaintiff, I would like to know what’s out there.

Lee Neubecker: It would probably be a lot more useful for you to get just a listing of the changes on the record so you’re not looking at the whole document, but maybe here’s a first instance, and then change one, change two, change three, so you can see before text, after text.

Bill McVisk: Sure.

Lee Neubecker: That’s the type of thing that, unfortunately, there’s not canned reports that are in the software that do that. I think that could be by design of the software makers because they don’t want to make it worse for their clients, the hospitals, but it’s certainly possible that it’s just something that was never asked for.

Bill McVisk: That’s quite possible, and I don’t know any of these software makers, but to me, it would be really helpful to know what those are. Of course, that does make it more discoverable, easily discovered by the plaintiff’s attorneys, but on the other hand, I as a defense attorney need to know about it, and if there’s a change that’s improper, I need to know about it right away.

Lee Neubecker: Yeah. What kind of problems can occur when different providers have different EMR systems?

Bill McVisk: Well, that can create problems of a number of ways. Sometimes, the software of one hospital doesn’t communicate with the software of another. There have been situations, for instance, where a physician enters an order for something to happen, and then because of the software problems, it doesn’t get to the provider who’s supposed to do it, and they don’t know that they’re supposed to do it. That creates serious problems for patient care. And similarly, it’s like, if a hospital is discharging a patient to a nursing home, and they want the nursing home to have a certain specific type of care regimen afterward, that can create problems if they don’t communicate well.

Lee Neubecker: Well, thanks a bunch, Bill, for being on the show. I appreciate it.

Bill McVisk: Lee, thanks so much.

Other Medical Related Posts:

Related Links on the Web:

Related Links on the Web:

Featured

Cook County Clerk on Election Security

Enigma Forensics’ CEO Interviews Cook County Illinois Clerk Karen Yarbrough on election security. The two discuss progress made in securing the vote against cyber attacks over the last several years.

Clerk Yarbrough has been working to streamline and improve the efficiency of the Clerk’s office while ensuring that the next 202o election is protected against rogue nation states that may want to compromise our next election cycle.

Transcript of the interview is as follows:

Lee Neubecker: I am here today with Karen Yarbrough she is our Recorder of Deeds and Clerk in Cook County here in Chicago.

Clerk Karen Yarbrough: Well not quite Recorder of Deeds anymore Lee, I am now the Cook County Clerk and will be taking over the Recorder of Deeds office in about a year. We actually went to the voters and the voters decided that they were going to do a consolidation of the two offices and so I will pick up the Recorders job in about a year.

Lee Neubecker: So you must have a lot of integration going on with technical resources.

Clerk Karen Yarbrough: You can imagine, and yes we do. I have a very capable staff and we’re trying to get our arms around you know in the clerk’s office there are a number of duties and responsibilities we have elections of course, we have vital records and then we also are involved with taxes, and so I’ve been in this job since December. And what I’m trying to do now is get ready for 2020 and the big election for sure. But also we are absorbing the duties of the recorder of deeds. Big undertaking.

Lee Neubecker: So with all the talk of election hacking and whatnot by different nation states and foreign entities. What kind of things are you involved with, with Cook County with helping to defend against the voting system being attacked the next election cycle?

Clerk Karen Yarbrough: Well for starters Lee, our approach is a multi-leveled risk management approach. We know that there’s no system is foolproof. I mean you know it’s not a perfect system. No system is. Knowing that, we tend to look at every aspect of our system. We have these guiding principles. Defend Detect and Recover. What that simply means is we have a plan we have a plan A plan B all the way to Z.

Lee Neubecker: So its more than just putting your head under the covers.

Clerk Karen Yarbrough: Oh, no, no, no. I noticed when we were in the Recorder Deeds office our systems were attacked on a daily basis. People scraping our sites and in all of these kinds of things. So I am aware of this business of you know people trying to steal data and and what-have-you. But the elections are absolutely positively important. People need to understand that their vote does count and it will count. All the noise we’re hearing from Washington DC really makes people nervous.

Lee Neubecker: What kind of hings have happened to help make sure that wasn’t going to happen. Let’s say if the computers all get zapped to make sure that votes that are casted get counted.

Clerk Karen Yarbrough: Well first of all I have a team of experts. On staff. We’re sharing a gentleman with the city of Chicago who is at the top of the food chain when it comes to people who know about this kind of thing. Having those people on board working with the city of Chicago, we also have a two-factor login authentication of course the firewalls VPN and dedicated private data networks. Then we’re going to be able to lock down our systems both on the hardware and software lock them down before and after elections. So those are the kinds of things that we’re doing. And I think we’re going to be ready coming 2020.

Lee Neubecker: I understand that you’re currently doing some projects to seek outside computer forensic experts. What is your office looking for assistance with right now?

Clerk Karen Yarbrough: I think we’re putting something right now, I might want to defer to John Mirkovic who’s with me here today, on how that’s going. John’s been with me since I was actually in Springfield as a legislator and he has been working on the Blockchain Initiative and certainly this, and so, if you would, could you defer to him, so he can talk about what we’re doing there because John keeps up with this more than I do.

Lee Neubecker: Sure absolutely. What, in the event that a data breach were to happen, what kind of things are in place to make sure that you can recover and get back?

Clerk Karen Yarbrough: Sure. Okay having those plans certainly are important. But you know the Cook County just spent 32 million dollars on new voting equipment. That voting equipment that we have it’s almost like going back to the future,you know all the talk about, you know,voting on the internet and all these kinds of things,up come at some time, at some point in the future. But today we need to know that those votes are safe. So with the system that we have now. I don’t know if you remember,but you would have a system where you have on the side this kind of ticker tape thing that would show you how you voted.

Lee Neubecker: Paper audit trail.

Clerk Karen Yarbrough: Okay yeah well nobody noticed it. I mean I shouldn’t say nobody. But many people didn’t notice that with the new equipment, and we piloted it actually in your suburb and a couple of others. So we ran it through, and people loved it. It was so simple. So you know, you vote, you can either vote, the same way you vote now. So you could use your stylus or what have you. You place your vote, but then it’s going to shoot your ballot out to you. You’ll be able to hold that in your hand. You’ll be able to see if everything you voted for is there. And then you, not somebody else, but you will be able to post and cast your ballot.

Lee Neubecker: So the key thing is, well while the votes are being stored electronically there’s also be printed, they’re also being verified in a print out, that people can see. And then they can take it over and feed it and then scan it so you have another level of detection done, you’ve got the paper vote locked up in a box.

Clerk Karen Yarbrough: Exactly. And let’s say you mentioned something about the whole system blowing up. Okay so if the whole system blows up we still have that paper ballot locked away so that if we have to go back and let’s say everything blew up and people are running all around, with what have you. We can go and retrieve those documents and by hand we can actually,you know, count those those votes, so people should feel confident.

Lee Neubecker: It’s a great Improvement.

Clerk Karen Yarbrough: It is.

Lee Neubecker: I was brought in to consider bidding on the suburban voter audit project for the forensic project. At the time, what I was concerned about, is there wasn’t a simultaneous printout. And at certain points in time, the votes only existed electronically in storage media. They would be transferred to a consolidator that would transmit it. There was a potential at the time, that someone could have a USB device preloaded with 118 votes but in a different distribution. They could swap that device out and put it in the consolidator. But that doesn’t doesn’t exist now with the new equipment.

Clerk Karen Yarbrough: Not at all. So we’re happy about that. Let me tell you, we’re happy about that. The voters who voted in the last election, both the voters and our folks who run the elections, the judges, and what have you, just absolutely love the new system. They liked the fact that they were going to have that ballot in their hand. We shared with them, what happens now? I said well your votes are going to be counted. I said well what if? That’s the same questions that you ask. Well what if? Well we’ve taken all those precautions. But, Lee, I know, like you know, while you have a better mousetrap today, you always have to stay on your P’s and Q’s. The young man I was talking about Raoul, is his name, we share with city Chicago, everyday he’s checking our system, right now, we’re just about we’re ready to go. I think if we had to have an election today, we could have that election and have the confidence that we need to know that we’re going to have a good election, it’s going to be safe, people are going to feel good about how they’re gonna be able to cast their ballot. I’m just excited about the whole thing.

Lee Neubecker: I appreciate everything you’re doing to help secure the vote in Cook County and all your effort to streamline the government.
Clerk Karen Yarbrough: Well thank you so much for the invitation to come on. I’m just thrilled and I know that you’re a real geek and you know all of this stuff. But thank you so very much for having me on.

Lee Neubecker: Thank you Karen Yarbrough!

Watch the second part in this two part series on Cook County Election Security here.

Raleigh Housing Authority IT Systems Locked Out

Hackers strike demanding ransom payment

On April 29th, the Raleigh Housing Authority fell victim to a cyber attack that shut down their computer system. The attack disrupted the agency’s ability to access their email, files, and financial records, leaving the organization struggling to conduct their day-to-day operations.

The RHA provides affordable housing for low-income individuals and families in the Raleigh area. The cyber attack has had a significant impact on the agency’s ability to fulfill its mission of providing safe and affordable housing. In the aftermath of the attack, the RHA has been forced to rely on manual processes to complete their work, causing delays in critical services for their clients.

Cyber attacks have become increasingly common in recent years, with hackers targeting organizations of all sizes and industries. These attacks can result in the loss of sensitive data, financial losses, and damage to a company’s reputation. In the case of the RHA, the attack has disrupted the lives of the low-income families who rely on their services.

To prevent cyber attacks, organizations must prioritize cyber security. This includes implementing strong password policies, regularly updating software and systems, and educating employees on how to recognize and report suspicious activity. Additionally, organizations should consider investing in cyber security insurance to mitigate the financial impact of an attack.

When a cyber attack does occur, it’s important to have a plan in place to respond quickly and effectively. This includes identifying and isolating affected systems, restoring data from backups, and conducting a thorough investigation to determine the cause of the attack and prevent future incidents.

In the case of the RHA, they have taken steps to restore their computer systems and minimize the impact of the attack. However, the incident serves as a reminder of the importance of cyber security and the devastating consequences that can result from a successful cyber attack.

In conclusion, the cyber attack on the Raleigh Housing Authority is a sobering reminder of the importance of cyber security for organizations of all types and sizes. By prioritizing cyber security, organizations can protect their data, their financial stability, and the well-being of their clients.

Preoperative Care and Informed Consent: An audit trail’s role in retrospective assessment

Informed consent prior to a procedure should be documented in the patients chart and visible on an audit trail.

by Dr. Aikaterina Assimacopoulos

Informed consent is a must prior to any elective procedure. After all risks, benefits and alternatives (r/b/a’s) are thoroughly explained consent can be given. An informed patient is one who understands the nature and purpose of the procedure as well as postoperative expectations of pain, recovery time, need for physical therapy, and any changes to physical appearance. Signed consent should be found in the patients EMR.

Informed Risk Assessment

Common surgical risks include the risk of infection, bleeding or damage to surrounding organs. If a minimally invasive approach is planned, the possibility to convert to an open procedure should be discussed. If the patient is to have an exploratory surgery, a risk is the possibility that nothing is found on exploration. In some cases, there is a potential the surgeon recognizes additional measures must be taken upon viewing the patient’s anatomy. In these cases, the surgeon is usually aware of this potential and should obtain consent and discuss r/b/a’s.

Doctor Washing Hands Before Operating. Hospital Concept.

The benefit or likelihood of a positive outcome should be clearly and realistically defined. The patient should be aware of any alternative options and their r/b/a’s. This includes both more conservative methods of treatment such as medications, physical therapy, or injections as well as any alternative surgical approaches that may vary in method or invasiveness. For example, a vaginal vs. abdominal approach to hysterectomy or LINX vs. Nissen fundoplication methods for gastroesophageal reflux.

A signed consent form and statement should be uploaded in the chart. For example, “r/b/a’s discussed, patient expressed understanding, all questions asked and answered” should be documented in the chart. However, this does not necessarily mean the patient was properly informed. Often this statement is included as part of a provider’s template, without being consciously documented. Therefore, this raises the question of whether or not the conversation actually took place.

Because this discussion is verbal, it is difficult to use an audit trail to prove whether appropriate informed consent was obtained. However, an audit trail can be used to analyze other aspects of preoperative care which, if deficient, or incomplete, could support the notion informed consent was deficient as well.  

What to look for in an audit trail

If surgical complications arose and the physician was concerned about the preoperative care provided, the physician could enter the patient chart after the fact and make additions to the patient’s chart. This is why it is necessary to get an audit trail that extends through the date the EMR is generated. Providers can alter a patients EMR at any time. These changes might not be visible on the EMR but will be on the audit trail.

In most cases, evidence of the following actions should exist in both the printed patient chart and the audit trail:

  • A clinic visit in which the patient’s need for surgery is assessed.
  • Any attempt to manage symptoms with more conservative first-line measures. For example, prescription orders or referrals to physical therapy or a pain specialist.
  • A diagnosis made prior to surgery and added to the patient’s problem list.
  • In some cases, evaluation of the patient’s personal risk due to any comorbid conditions is done using a ‘risk calculator’ and results should be documented.
  • A preoperative physical/assessment for higher risk patients.
  • A complete history and physical note (H&P) within the 30 days prior to surgery.
  • Procedure-specific labs and imaging which should be viewed by the surgeon prior to surgery.

Lee Neubecker named top expert again in 2022

Congratulations yet again to Lee for being named a global leader by Who’s Who Legal in 2022.

We are proud to announce that Enigma Forensics president and CEO, Lee Neubecker, was nominated again as a Global Leader in Data Experts and Investigations Digital Forensic Experts by Who’s Who Legal in 2022.  Who’s Who Legal has been interviewing experts in the cyber security, computer forensics and eDiscovery industry for over a decade. Nominations are made each year buy established experts. Being honored doesn’t require payment of any kind. Only those nominated by their peers are accepted.

Who’s Who Legal nominates experts based on comprehensive, independent survey work with both general counsel and private practitioners worldwide. Lee was nominated by his peers as one of the world’s leading cyber security and data forensics experts. 

Lee Neubecker provides clients with cutting-edge forensic services and profound expertise in data breach incidents and complex financial investigations.

Lee Neubecker enjoys a strong reputation for his excellent work on cyber-related investigations involving counterfeiting and electronic data.

In 2021, Lee was named a Thought Leader among Investigations Digital Forensics Experts. He was also nominated by his peers as a top ranking Data and E-Discovery Expert and a Digital Forensic Expert in 2021. 

NSO Group’s Spyware Affects Everyone’s Right to Free Speech

Spyware being used by governments all over the world infringes on people’s freedoms.

The spyware produced by NSO Group and used by governments should be a concern to all. Everyone should consider the impact it has on human rights. Even if journalists and human rights activists are the effected party, it effects all.


Image from Pexels – CC0 License

Governments using the Pegasus spyware from NSO to silence and attack journalists and activists

Concerned non-profits, news outlets, and more have highlighted NSO Group’s use of spyware to target certain groups. The Pegasus Project is a collaboration of journalists in 10 different countries. Paris-based nonprofit, Forbidden Stories, organized it. They get technical support from Amnesty International. The project has raised the issue of attacking groups most likely to speak out such as journalists and activists. Large companies including Apple and WhatsApp have also addressed the issue, bringing legal cases against NSO Group.

The use of spyware to target journalists and human rights activists is not just something to concern the individuals in question. Everyone should pay attention to how governments are using NSO Group’s spyware and the impact that it has on freedom of speech and expression. Human Rights Watch says governments should “immediately cease their own use of surveillance technologies in ways that violate human rights.” There have been a confirmed dozens of cases so far. They say the number of people targeted by this type of surveillance could be much larger. Reporting from the Pegasus Project was based on a leaked list of 50,000 phone numbers. Human Rights Watch reports some of their staff members appear on this list.

Used to violate the rights of anyone who may be critical of the government

Human Rights Watch and other groups argue that NSO Group and others in their industry have failed to regulate themselves. Many who sell surveillance products, do so to governments that don’t offer transparency or oversight over how the products are used. However, it also has impact on those who may self-censor out of fear of surveillance, including journalists and their sources.

Image from Pexels – CC0 License

Targeting by spyware doesn’t just directly affect journalists and activists. It undermines free expression as well as removing personal security and even threatening lives.

One prominent example of surveillance highlighted by the Pegasus Project was that of the family of the murdered Saudi journalist, Jamal Khashoggi, by Saudi operatives. Selected for targeting shortly before he was killed in 2017 was Cecilio Pinedo, a Mexican journalist. Pegasus has also been used in Azerbaijan and India. The Prime Minister of India bought the spyware as part of a weapons deal with Israel in 2017.

Targeted journalists are from major international publications including CNN, the Associated Press, and the New York Times. This type of surveillance by governments erodes the freedoms and rights of everyone by restricting freedom of information and expression.

GE Engineer sentenced to 2 years for stealing trade secrets

A trade secret theft from General Electric that was in the works for 11 years finally ended in jailtime.

A former General Electric engineer has been sentenced to 2 years in federal prison for stealing trade secrets. Jean Patrice Delia conspired with Miguel Sernas to compete against CE worldwide.


Image from Pexels – CC0 License

Jean Patrice Delia from Montreal pleaded guilty to the charges. Delia admitted that he had worked with another man to use trade secrets from GE to compete against the company. Miguel Sernas, from Mexico City, and Delia went into business together at ThermoGen Power Services. Delia stole the information from GE in Schenectady, between the years of 2001 and 2012.

He was accused of stealing thousands of electronic files from GE. The files included exclusive tools developed to calibrate turbines in GE’s worldwide power plants. Delia has been ordered to jail for 2 years as well as ordered to pay $1.4 million in restitution. His final sentence is shorter than that asked for by prosecutors. They had originally requested a term of 3 years and 1 month. They argued that Delia was the person who stole the materials and was the driving force behind the plan. Prosecutors pointed out that the crime was not victimless. Prosecutors argued that many people were effected and the consequences should reflect that.

On the other hand, Delia’s attorney Paul S. Folk asked for time served, saying that he had accepted responsibility and was trying to make amends. Delia entered his guilty plea almost 2 years ago, in December 2019. Miguel Sernas was sentenced to time served which amounted to about a year in jail. He was also ordered to pay $1.4 million, the same amount as Delia.

Other employees stealing trade secrets in recent cases

Another recent case involving trade secrets theft is that of a former employee at Pfizer. Chun Xiao Li is being sued by her previous employer. Pfizer alleges that Li stole trade secrets including documents relating to their COVID-19 vaccine, as well as other products. They allege that she uploaded over 12,000 documents. Additionally, she allegedly lied about why and where the files were stored on a private Google Drive account. Li had been working as an associate director of statistics. She had already been under investigation by Pfizer when she resigned from the company in November.

Also in recent weeks, the first Chinese spy has been convicted in the US of economic espionage for trying to steal aviation trade secrets. Yanjun Xu has been convicted of two counts of conspiring and attempting to commit economic espionage, conspiracy to commit trade secret theft and attempted theft of trade secrets. He could be fined more than $5 million and receive up to 60 years in prison. Xu targeted several aviation and aerospace companies, including GE Aviation, which is a unit of General Electric. He was first arrested in Belgium in 2018, with his extradition to the US following six months later.

Both large corporations and small businesses could be at risk of intellectual property theft and trade secret misappropriation. These prominent cases in the news could result in organizations taking steps to reduce the risks of this happening.

Pfizer sues departing employee over Google drive downloads

Pfizer launched a lawsuit against a former employee, Chun Xiao Li. They are alleging the theft of thousands of documents relating to some of their products.

Pfizer is suing a recently departed employee on accusations of stealing trade secrets. They allege that Chun Xiao Li downloaded thousands of documents before she resigned. They included documents linked to their COVID-19 vaccine, as well as two other products, Bavencio, and elranatamab, both of which are monoclonal antibody treatments for cancer.


Image from Pexels – CC0 License

Li uploaded more than 12,000 documents and mislead the company about her reasons

The brief for the lawsuit was filed in California on November 23 and published by Bloomberg Law. Pfizer says that Li uploaded more than 12,000 documents from the company to a Google Drive account. She misled the company about her reasons for uploading the files and where they were downloaded. She was the associate director of statistics at the time of her departure. Li had worked at the company since 2006. She first worked in China before moving to the US and working in La Jolla. Pfizer had already been investigating her conduct when she resigned on November 12. Potentially for a job offer elsewhere.

Pfizer says the company presented Li with the chance to explain her actions and where the files were on multiple occasions. However, Li failed to do so, which has led to Pfizer filing a lawsuit against her. They have also filed for a temporary restraining order and for financial relief of the company’s costs.

Pfizer says they do not yet understand the full scale of the alleged intellectual property theft. This is due to the number of files involved. The company says that although Li appeared to cooperate at first, she misled the company about what she did with the files. They also allege that she presented the company with a decoy laptop to derail the investigation. The lawsuit alleges theft of trade secrets and breach of contract, among other things.

Similar cases in the biopharma industry

In another case of trade secret theft in the biopharma industry, ex-employees of Genentech recently pleaded guilty to the act. The US Department of Justice said that Xanthe Lam, who was a principal scientist at Genentech, and her husband Allen Lam pleaded guilty to conspiring to steal trade secrets to aid competitors. The pair stole information relating to several cancer drugs made by the company, Rituxan, Herceptin, and Avastin, as well as a treatment for cystic fibrosis. They gave the stolen intellectual property to JHL Biotech, a Taiwanese firm that has now been renamed Eden Biologics.

The DOJ also set its sights on other parties involved, including two co-founders of JHL Biotech, ex-CEO Racho Jordanov, and former COO Rose Lin. They all were indicted by a federal grand jury in San Francisco. Jordanov and Lin were also Genentech employees. They allegedly began scheming to steal trade secrets from the company as early at 2008. They recruited the Lams in 2009, founding JHL in 2011. The indictment also says that the two former executives of JHL obtained thousands of documents used to “cut corners, reduce costs, solve problems, save time, and otherwise accelerate product development timelines”.

Biopharma is an industry where several prominent cases of trade secret theft have taken place in recent years.

Vehicle Heists Skyrocket – Villains Hack Fobs

As motor vehicle theft rates increase, criminals use of technology to open and start vehicles without breaking in may be accelerating the rate of theft.

Smash and grab is no longer required to open a motor vehicle and drive off.

Vehicle theft over the years has largely been on the decline. Technology has improved, therefore, Anti-Theft Systems have gotten more advanced. Beginning around 1983, keyless entry systems began appearing on American Motors vehicles. By the mid to late 2000s, many fobs enabling remote ignition start became more common place on higher end vehicles. However, as this technology advances, criminals are finding new ways to break through.

Security researchers first reported security vulnerabilities in motor vehicle fobs around 2016. This could allow an unauthorized person to unlock and even start a vehicle by intercepting radio frequency (“RF”) emissions from a driver’s fob. Once intercepted, the unauthorized party could use the intercepted signals to conduct a replay attack. As a result, a successful attack on these identified vulnerabilities can allow the unauthorized person to unlock and start a vehicle.

RF Relay Attack Reported in 2017

On November 28, 2017, Police in West Midlands, UK released video footage showing criminals stealing a car by relaying a signal from the fob key inside the home to the car in the driveway. This fob replay attack effectively allows thieves to unlock a vehicle and start the ignition then are able to drive off with the vehicle undamaged. Later on, the thieves swap out the VINs, and reprogram new key fobs to work with the stolen vehicle.

Defcon Cyber Security and Hacker Conference Focus on Vehicle Exploitation in 2018

In 2018, Defcon, a popular cybersecurity event, attended by black and white hat hackers, featured its first Car Hacking Village. During that convention, a good deal of technology related vulnerabilities on vehicles were shared. Both White and Black Hat hackers attend these events. The Black Hats are the bad guys that seek to use security vulnerabilities to exploit weaknesses and commit crimes.

Motor Vehicle Theft Jumps in 2020

Data obtained from: https://www.iii.org/fact-statistic/facts-statistics-auto-theft

Motor Vehicle Theft data sets have yet to be released for 2021 for the entire United States. Early indicators show these types of crimes are experiencing rapid growth across the US.

High end vehicles are more likely to have keyless entry and remote ignition starting capabilities. They can also fetch a higher dollar amount when resold outside the US. As a result, according to New Jersey state police officer Cory Rodriguez, “Car theft in 2021 is up over 21% year-to-date for total thefts and about 44% for high-end vehicles.” Reports have indicated that thieves are using technology to execute vehicle thefts more efficiently and without immediate detection.

Chicago Motor Vehicle Thefts Climb with Fewer Arrests Made in 2021

Chicago Police Officers have witnessed thieves using laptops and other cyber tools to accelerate their ability to quickly steal locked vehicles. Data compiled from the City of Chicago website shows that “Motor Vehicle Thefts” across the city are accelerating at an alarming rate. The problem isn’t specific to Chicago and vehicle thefts appears to be increasing across the country as well.

Doorbell video: Car thieves use computing device to steal SUV in Metropolitan ChicagolandElmhurst – Video by WGN News

In Chicago, February 2021 crime statistics reported a total of 627 Motor Vehicle Theft incident reports filed. Of those reports, only 26 (4.1%) resulted in an arrest. Comparatively, last month in January 2022, there were 1,073 Motor Vehicle Theft related police reports filed, with only 20 (1.8%) of those resulting in an arrest.

Cyber Motor Vehicle Theft using technology
https://data.cityofchicago.org/Public-Safety/Crimes-Map/dfnk-7re6

Our data analysis of Chicago Crime statistics for the 12 month period beginning February 2021 until January 2022 indicates that there were a total of 10,823. Motor Vehicle Theft incidents reported. This equates to 395 per 100,000 persons based on Chicago’s 2021 estimated population of 2,739,797.

Vehicle thefts on the rise throughout the USA

Vehicle theft isn’t just rising in Chicago. In fact, Chicago doesn’t even rank among the top 20 US cities in vehicle thefts. For example, California, Texas and Florida are continually among the top states in vehicle theft per capita. Bakersfield, California has been the top city in vehicle thefts since 2019 and in the top 10 even longer. The rate of vehicle theft went up almost 25% from 2019 in Bakersfield in 2020.

Other cities are following similar trends. For instance, San Francisco’s rates rose almost 27% while Seattle’s rose almost 26% from 2019 to 2020. Additionally, the city with one of the largest 2019 to 2020 changes being Denver, which rose over 50%.

Conclusion

Above all, it’s important to remain cautious with your vehicle. Furthermore, there are steps you can take to help ensure your vehicle doesn’t get stolen and recovery steps for your vehicles safe return if it does. Despite the overwhelming decrease in motor vehicle thefts throughout the years, this recent upward reversal of the historical trend should be alarming to vehicle owners everywhere.

(Denver statistics filtered for reports coded as any of the following; “burg-auto-theft-busn-no-force”, “burg-auto-theft-busn-w-force”, “burg-auto-theft-resd-no-force”, “burg-auto-theft-resd-w-force”, “robbery-car-jacking “, “theft-items-from-vehicle”, and “theft-of-motor-vehicle”)
California, Texas and Florida lead the states with the greatest number of vehicle thefts and accounted for 37% of all Motor Vehicle Thefts in the nation, based on 2020 National Insurance Crime Bureau statistics.

The Pandemic Causing Increased Attacks on Corporate Security

Since the start of the pandemic, there has been much disruption in some industries. Many businesses have been challenged during the pandemic as a result of the difficulty of managing cyber and data security. Data breaches relating to remote workers and hacking of corporations continue to escalate at an alarming rate, require prompt response to mitigate the fallout.

There have been several significant shifts in the ways that businesses operate and their reliance on digital systems. Many businesses moved to a largely remote working model. Some have had to focus more on online activities in order to keep their brands active and visible. Businesses in a number of industries began to deliver products and services online for the first time. Meanwhile, those that already existed in online spaces saw an increase in business. All of these changes have meant that various security issues have arisen and become more prominent for businesses everywhere.

Increase in corporate data breaches

Cybercriminals have been taking advantage of the unprecedented circumstances caused by the pandemic, exploiting the vulnerabilities of businesses everywhere. Verizon carried out a recent study called ‘Analyzing the COVID-19 data breach landscape‘, which looks at 36 confirmed data breaches that were directly related to the pandemic. In addition, there was 474 data breaches between March and June 2020. Using this data, they determined that many cybercriminals were using the same methods to obtain data as before the pandemic while exploiting the disruption experienced by many businesses.

Remote Teleworkers facing cyber attacks threatening corporate security

One way in which corporate data breaches have been impacted by the pandemic is through increased use of ransomware. Seven of the nine malware incidents from Verizon’s 36 COVID-19 data breach cases demonstrated a spike in ransomware usage. Another change is in the way that criminals use phishing emails to play on the emotions of users. In a time when stress is high and mental health problems have increased, many people are more susceptible to phishing emails. Phishing was already a popular and often successful form of cyber attack before and even more so now.

Cost of data breaches for companies hit a record high in 2021

The cost of a data breach also hit a record high during the pandemic, according to IBM Security. They revealed the results of a global study showing the average cost of data breaches for companies surveyed was $4.24 million per incident. This is a 10% increase from the previous year. When remote work was a factor in the breach, data breaches cost an average of $1 million more. Stolen user credentials were the most common cause of data breaches. However, the study also showed the use of methods such as AI, security analytics, and encryption helped to reduce costs.

The COVID-19 pandemic has affected corporate data breaches due to a number of shifts in the way businesses are working, user behavior, and more. It’s vital for companies to take the right steps to prevent breaches and protect themselves.


If your company recently fell victim to a cyber attack, such as ransomware, or suspected data exfiltration by an unknown hacker, call Enigma Forensics today. We offer emergency incident response services and can help preserve available data, identify the origins of the attacker, and assist with the restoration of company services. Our experts have experience testifying and helping to mitigate risk and maximize your potential of recovering damages and lost data. Call us today at 312-668-0333 for a complimentary consultation.