Withheld EMR Audit Trail Incites Default Judgement

Judge James O’Hara writes order in full support of the law to release all of patients audit trail information to them. This was in response to the case of Angela Prieto vs. Rush University Medical Center in Chicago.

Cook County Circuit Court Judge James N. O’Hara wrote a Memorandum Order for the case of Angela Prieto vs. Rush University Medical Center (“RUMC”) and other defendants. The 23-page order highlights some important federal statutes, such as HIPAA and the HITECH Act. This established a legal basis for a plaintiff to receive their complete electronic medical record. Judge O’Hara implements a severe sanction that effectively was a default judgement leaving only the dollar amount of financial award to be determined by the jury.

Case Background

Plaintiff, Angela Prieto, on behalf of her son alleged that RUMC “negligently caused [her son] to suffer from hypoxic ischemic encephalopathy and respiratory distress syndrome during birth.” The case was originally filed in 2018. The request for production of electronic health records was originally filed in January of 2019. Plaintiff requested RUMC to produce the complete and unaltered EMR and audit trail. As of January 2022, there were three repeated requests from Prieto for RUMC to produce the complete EMR audit trail. 

Audit Trails in EMR

The use of Electronic Medical Records (“EMR”) also known as Electronic Health Records (“EHR”) is mandatory to comply with requirements that health care providers maintain electronic medical records for patients. Every hospital, doctors office, or any medical practice in the United States must be compliant. The transition to using EMR began in 1992. Electronic medical records became mandatory since the start of 2014 through the American Recovery and Reinvestment Act.

All EMR systems are required by federal law to have an audit trail system built in. Audit trails show any deletions or edits that may not be part of the finalized medical record. A complete EMR audit trail shows all entry, access or modifications made to a patient’s chart. EMR audit trail productions should include all available records from the initial patient encounter until the date of production.

Audit Trail Manipulation

Health care providers often limit their production of audit trail records to the date the patient left the health care facility. However, this practice is problematic. When a patient’s EMR is modified after a Plaintiff files litigation and requests their complete EMR with audit trail records, manipulation of the Plaintiff’s medical records after that date can’t be detected. It is a common practice for healthcare providers to only produce the finalized patient EMR chart. This omits the revision history, a clear indicator of when the patient’s EMR was modified, by whom, from where, what time, and the specific redline changes that were made, as is required by any HIPAA compliant EMR system.

Electronic Health Records and EMR revision history must be retained by any HIPAA compliant EMR software system.

As Judge O’Hara put it in his order, “The term ‘Audit Trail’ refers to the part of the patient’s EHR that displays any person logging in to the record to modify the record, correct the record, add to the record, alter the record, revise the record, complete the record, put finishing touches on the record, and any other entry or access into the medical record, or any other name synonymous with the reflection of who, when and what a person did in relation to the Electronic Health Record.”

Request for ‘a complete, unaltered EHR Audit Trail’

He went on to discuss the EMR audit trail request in this specific case stating, “…requests asked for ‘a complete, unaltered EHR’…Prieto also requested ‘a complete, unaltered Audit Trail… in native format.’” This is a typical wording of requests for EHR or EMR Audit Trails that many healthcare providers fail to produce the first time. Instead, healthcare providers often send incomplete audit trails filtering out certain information.

…inspection revealed many aspects of the audit trail and EHR discovery that were either withheld, misrepresented or otherwise not produced…

Judge James O’Hara

When the Defendant in this case failed to produce the Plaintiff’s complete electronic medical records, including a complete audit trail and EMR revision history as requested, Judge O’Hara granted “a motion for in camera, on-site inspection of the auditing systems at RUMC…” Judge O’Hara actually attended the onsite inspection himself. The date for the on-site inspection with the judge was set and O’Hara wrote of it, “…inspection revealed many aspects of the audit trail and EHR discovery that were either withheld, misrepresented, or otherwise not produced…”

Federal Laws Pertaining to EHR Audit Trail Production

HIPPA

Judge O’Hara listed the federal law governing audit trails. “Congress enacted the Health Insurance Portability and Accountability Act (“HIPAA”) to ‘improve the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information,’” O’Hara quoted from HIPAA. He then continued, “In response to HIPAA, the Department of Health and Human Services (“HHS”) published HIPAA’s right of access rule: ‘Except as otherwise provided… an individual has a right of access to inspect and obtain a copy of protected health information about the individual in a designated record set, for as long as the protected health information is maintained in the designated record set.’”

HITECH & THE Cures Acts

O’Hara went on to quote, “the HITCH Act in 2009, Congress ‘expanded HIPAA to include individuals’ rights to obtain electronic health records and added a stronger privacy and security requirements to protect health information.’” He continued on, “The Cures Act would later respond to a growing concern that healthcare software developers and provided sought to restrict the amount and types of information accessible to individuals by adding ‘information blocking’ provisions – to further encourage the broad access to patients’ own health information.” Healthcare providers often cite the “Designated Record Set” as not including the EMR audit trail or revision history.

U.S. Department of Health and human services (“HHS”)

Judge O’Hara continued to quote the rules of HHS in regards to a patient’s EHR audit trail production, “‘Individually identifiable health information’ is further defined as information created by a health care provider that relates to the provision of health care to an individual, among other things, that can be used to identify the patient. Id. In sum, audit trail information is included in the patient’s right of access if it is created or used by the healthcare provider, can be used to help treat or identify the patient, relates to the provision of health care to the patient, and is maintained in electronic media.” 

Electronic medical records with patient data and health care information stored electronically in tablet. Doctor using digital smart device to read the patient’s EMR chart.

The Alleged Burden of Producing the Complete Medical Record

The supposed time burden for the medical facility to produce the EHR Audit Trail and revision history is a major objection provided to the court as a defense to the request for a Plaintiff’s complete electronic medical record. Judge O’Hara addresses that point in stating, “HHS has acknowledged that this imposes a heavy burden on healthcare providers… However, the national policy is that this burden cannot overcome the patient’s right of access… HHS went even further to impose a scheme of penalties for entities that disobey this national policy.” 

Federal law says that audit trail data… is included in the patients right of access

Judge James O’Hara

Judge O’Hara finalized his section on the law by stating, “In sum, federal law says that audit trail data, including metadata associated with a patient’s EHR, is included in the patient’s right of access and that it constitutes information blocking to refuse to produce such data.”

Read the full order here: https://www.famjustice.org/_files/ugd/06ff46_3a6bcab463544b8b97bb10e7249405d8.pdf

NSO Group’s Spyware Affects Everyone’s Right to Free Speech

Spyware being used by governments all over the world infringes on people’s freedoms.

The spyware produced by NSO Group and used by governments should be a concern to all. Everyone should consider the impact it has on human rights. Even if journalists and human rights activists are the effected party, it effects all.


Image from Pexels – CC0 License

Governments using the Pegasus spyware from NSO to silence and attack journalists and activists

Concerned non-profits, news outlets, and more have highlighted NSO Group’s use of spyware to target certain groups. The Pegasus Project is a collaboration of journalists in 10 different countries. Paris-based nonprofit, Forbidden Stories, organized it. They get technical support from Amnesty International. The project has raised the issue of attacking groups most likely to speak out such as journalists and activists. Large companies including Apple and WhatsApp have also addressed the issue, bringing legal cases against NSO Group.

The use of spyware to target journalists and human rights activists is not just something to concern the individuals in question. Everyone should pay attention to how governments are using NSO Group’s spyware and the impact that it has on freedom of speech and expression. Human Rights Watch says governments should “immediately cease their own use of surveillance technologies in ways that violate human rights.” There have been a confirmed dozens of cases so far. They say the number of people targeted by this type of surveillance could be much larger. Reporting from the Pegasus Project was based on a leaked list of 50,000 phone numbers. Human Rights Watch reports some of their staff members appear on this list.

Used to violate the rights of anyone who may be critical of the government

Human Rights Watch and other groups argue that NSO Group and others in their industry have failed to regulate themselves. Many who sell surveillance products, do so to governments that don’t offer transparency or oversight over how the products are used. However, it also has impact on those who may self-censor out of fear of surveillance, including journalists and their sources.

Image from Pexels – CC0 License

Targeting by spyware doesn’t just directly affect journalists and activists. It undermines free expression as well as removing personal security and even threatening lives.

One prominent example of surveillance highlighted by the Pegasus Project was that of the family of the murdered Saudi journalist, Jamal Khashoggi, by Saudi operatives. Selected for targeting shortly before he was killed in 2017 was Cecilio Pinedo, a Mexican journalist. Pegasus has also been used in Azerbaijan and India. The Prime Minister of India bought the spyware as part of a weapons deal with Israel in 2017.

Targeted journalists are from major international publications including CNN, the Associated Press, and the New York Times. This type of surveillance by governments erodes the freedoms and rights of everyone by restricting freedom of information and expression.

GE Engineer sentenced to 2 years for stealing trade secrets

A trade secret theft from General Electric that was in the works for 11 years finally ended in jailtime.

A former General Electric engineer has been sentenced to 2 years in federal prison for stealing trade secrets. Jean Patrice Delia conspired with Miguel Sernas to compete against CE worldwide.


Image from Pexels – CC0 License

Jean Patrice Delia from Montreal pleaded guilty to the charges. Delia admitted that he had worked with another man to use trade secrets from GE to compete against the company. Miguel Sernas, from Mexico City, and Delia went into business together at ThermoGen Power Services. Delia stole the information from GE in Schenectady, between the years of 2001 and 2012.

He was accused of stealing thousands of electronic files from GE. The files included exclusive tools developed to calibrate turbines in GE’s worldwide power plants. Delia has been ordered to jail for 2 years as well as ordered to pay $1.4 million in restitution. His final sentence is shorter than that asked for by prosecutors. They had originally requested a term of 3 years and 1 month. They argued that Delia was the person who stole the materials and was the driving force behind the plan. Prosecutors pointed out that the crime was not victimless. Prosecutors argued that many people were effected and the consequences should reflect that.

On the other hand, Delia’s attorney Paul S. Folk asked for time served, saying that he had accepted responsibility and was trying to make amends. Delia entered his guilty plea almost 2 years ago, in December 2019. Miguel Sernas was sentenced to time served which amounted to about a year in jail. He was also ordered to pay $1.4 million, the same amount as Delia.

Other employees stealing trade secrets in recent cases

Another recent case involving trade secrets theft is that of a former employee at Pfizer. Chun Xiao Li is being sued by her previous employer. Pfizer alleges that Li stole trade secrets including documents relating to their COVID-19 vaccine, as well as other products. They allege that she uploaded over 12,000 documents. Additionally, she allegedly lied about why and where the files were stored on a private Google Drive account. Li had been working as an associate director of statistics. She had already been under investigation by Pfizer when she resigned from the company in November.

Also in recent weeks, the first Chinese spy has been convicted in the US of economic espionage for trying to steal aviation trade secrets. Yanjun Xu has been convicted of two counts of conspiring and attempting to commit economic espionage, conspiracy to commit trade secret theft and attempted theft of trade secrets. He could be fined more than $5 million and receive up to 60 years in prison. Xu targeted several aviation and aerospace companies, including GE Aviation, which is a unit of General Electric. He was first arrested in Belgium in 2018, with his extradition to the US following six months later.

Both large corporations and small businesses could be at risk of intellectual property theft and trade secret misappropriation. These prominent cases in the news could result in organizations taking steps to reduce the risks of this happening.

Pfizer sues departing employee over Google drive downloads

Pfizer launched a lawsuit against a former employee, Chun Xiao Li. They are alleging the theft of thousands of documents relating to some of their products.

Pfizer is suing a recently departed employee on accusations of stealing trade secrets. They allege that Chun Xiao Li downloaded thousands of documents before she resigned. They included documents linked to their COVID-19 vaccine, as well as two other products, Bavencio, and elranatamab, both of which are monoclonal antibody treatments for cancer.


Image from Pexels – CC0 License

Li uploaded more than 12,000 documents and mislead the company about her reasons

The brief for the lawsuit was filed in California on November 23 and published by Bloomberg Law. Pfizer says that Li uploaded more than 12,000 documents from the company to a Google Drive account. She misled the company about her reasons for uploading the files and where they were downloaded. She was the associate director of statistics at the time of her departure. Li had worked at the company since 2006. She first worked in China before moving to the US and working in La Jolla. Pfizer had already been investigating her conduct when she resigned on November 12. Potentially for a job offer elsewhere.

Pfizer says the company presented Li with the chance to explain her actions and where the files were on multiple occasions. However, Li failed to do so, which has led to Pfizer filing a lawsuit against her. They have also filed for a temporary restraining order and for financial relief of the company’s costs.

Pfizer says they do not yet understand the full scale of the alleged intellectual property theft. This is due to the number of files involved. The company says that although Li appeared to cooperate at first, she misled the company about what she did with the files. They also allege that she presented the company with a decoy laptop to derail the investigation. The lawsuit alleges theft of trade secrets and breach of contract, among other things.

Similar cases in the biopharma industry

In another case of trade secret theft in the biopharma industry, ex-employees of Genentech recently pleaded guilty to the act. The US Department of Justice said that Xanthe Lam, who was a principal scientist at Genentech, and her husband Allen Lam pleaded guilty to conspiring to steal trade secrets to aid competitors. The pair stole information relating to several cancer drugs made by the company, Rituxan, Herceptin, and Avastin, as well as a treatment for cystic fibrosis. They gave the stolen intellectual property to JHL Biotech, a Taiwanese firm that has now been renamed Eden Biologics.

The DOJ also set its sights on other parties involved, including two co-founders of JHL Biotech, ex-CEO Racho Jordanov, and former COO Rose Lin. They all were indicted by a federal grand jury in San Francisco. Jordanov and Lin were also Genentech employees. They allegedly began scheming to steal trade secrets from the company as early at 2008. They recruited the Lams in 2009, founding JHL in 2011. The indictment also says that the two former executives of JHL obtained thousands of documents used to “cut corners, reduce costs, solve problems, save time, and otherwise accelerate product development timelines”.

Biopharma is an industry where several prominent cases of trade secret theft have taken place in recent years.

Vehicle Heists Skyrocket – Villains Hack Fobs

As motor vehicle theft rates increase, criminals use of technology to open and start vehicles without breaking in may be accelerating the rate of theft.

Smash and grab is no longer required to open a motor vehicle and drive off.

Vehicle theft over the years has largely been on the decline. Technology has improved, therefore, Anti-Theft Systems have gotten more advanced. Beginning around 1983, keyless entry systems began appearing on American Motors vehicles. By the mid to late 2000s, many fobs enabling remote ignition start became more common place on higher end vehicles. However, as this technology advances, criminals are finding new ways to break through.

Security researchers first reported security vulnerabilities in motor vehicle fobs around 2016. This could allow an unauthorized person to unlock and even start a vehicle by intercepting radio frequency (“RF”) emissions from a driver’s fob. Once intercepted, the unauthorized party could use the intercepted signals to conduct a replay attack. As a result, a successful attack on these identified vulnerabilities can allow the unauthorized person to unlock and start a vehicle.

RF Relay Attack Reported in 2017

On November 28, 2017, Police in West Midlands, UK released video footage showing criminals stealing a car by relaying a signal from the fob key inside the home to the car in the driveway. This fob replay attack effectively allows thieves to unlock a vehicle and start the ignition then are able to drive off with the vehicle undamaged. Later on, the thieves swap out the VINs, and reprogram new key fobs to work with the stolen vehicle.

Defcon Cyber Security and Hacker Conference Focus on Vehicle Exploitation in 2018

In 2018, Defcon, a popular cybersecurity event, attended by black and white hat hackers, featured its first Car Hacking Village. During that convention, a good deal of technology related vulnerabilities on vehicles were shared. Both White and Black Hat hackers attend these events. The Black Hats are the bad guys that seek to use security vulnerabilities to exploit weaknesses and commit crimes.

Motor Vehicle Theft Jumps in 2020

Data obtained from: https://www.iii.org/fact-statistic/facts-statistics-auto-theft

Motor Vehicle Theft data sets have yet to be released for 2021 for the entire United States. Early indicators show these types of crimes are experiencing rapid growth across the US.

High end vehicles are more likely to have keyless entry and remote ignition starting capabilities. They can also fetch a higher dollar amount when resold outside the US. As a result, according to New Jersey state police officer Cory Rodriguez, “Car theft in 2021 is up over 21% year-to-date for total thefts and about 44% for high-end vehicles.” Reports have indicated that thieves are using technology to execute vehicle thefts more efficiently and without immediate detection.

Chicago Motor Vehicle Thefts Climb with Fewer Arrests Made in 2021

Chicago Police Officers have witnessed thieves using laptops and other cyber tools to accelerate their ability to quickly steal locked vehicles. Data compiled from the City of Chicago website shows that “Motor Vehicle Thefts” across the city are accelerating at an alarming rate. The problem isn’t specific to Chicago and vehicle thefts appears to be increasing across the country as well.

Doorbell video: Car thieves use computing device to steal SUV in Metropolitan ChicagolandElmhurst – Video by WGN News

In Chicago, February 2021 crime statistics reported a total of 627 Motor Vehicle Theft incident reports filed. Of those reports, only 26 (4.1%) resulted in an arrest. Comparatively, last month in January 2022, there were 1,073 Motor Vehicle Theft related police reports filed, with only 20 (1.8%) of those resulting in an arrest.

Cyber Motor Vehicle Theft using technology
https://data.cityofchicago.org/Public-Safety/Crimes-Map/dfnk-7re6

Our data analysis of Chicago Crime statistics for the 12 month period beginning February 2021 until January 2022 indicates that there were a total of 10,823. Motor Vehicle Theft incidents reported. This equates to 395 per 100,000 persons based on Chicago’s 2021 estimated population of 2,739,797.

Vehicle thefts on the rise throughout the USA

Vehicle theft isn’t just rising in Chicago. In fact, Chicago doesn’t even rank among the top 20 US cities in vehicle thefts. For example, California, Texas and Florida are continually among the top states in vehicle theft per capita. Bakersfield, California has been the top city in vehicle thefts since 2019 and in the top 10 even longer. The rate of vehicle theft went up almost 25% from 2019 in Bakersfield in 2020.

Other cities are following similar trends. For instance, San Francisco’s rates rose almost 27% while Seattle’s rose almost 26% from 2019 to 2020. Additionally, the city with one of the largest 2019 to 2020 changes being Denver, which rose over 50%.

Conclusion

Above all, it’s important to remain cautious with your vehicle. Furthermore, there are steps you can take to help ensure your vehicle doesn’t get stolen and recovery steps for your vehicles safe return if it does. Despite the overwhelming decrease in motor vehicle thefts throughout the years, this recent upward reversal of the historical trend should be alarming to vehicle owners everywhere.

(Denver statistics filtered for reports coded as any of the following; “burg-auto-theft-busn-no-force”, “burg-auto-theft-busn-w-force”, “burg-auto-theft-resd-no-force”, “burg-auto-theft-resd-w-force”, “robbery-car-jacking “, “theft-items-from-vehicle”, and “theft-of-motor-vehicle”)
California, Texas and Florida lead the states with the greatest number of vehicle thefts and accounted for 37% of all Motor Vehicle Thefts in the nation, based on 2020 National Insurance Crime Bureau statistics.

Ways to Protect Your Vehicle From Theft

Motor vehicle owners face many new cyber challenges. Learn how to keep your vehicle safe from cyber criminals targeting automobiles.

As criminals are getting smarter about Motor Vehicle Theft, you should become more aware of ways to protect your vehicle from falling victim. Vehicle manufacturers are making changes to help combat theft but there are steps individuals can take immediately.

What car companies are doing

When you discover your vehicle is stolen, companies, such as OnStar, have vehicle theft plans in place. OnStar is a system available on certain Chevrolet, Buick, GMC and Cadillac models. The Stolen Vehicle Assistance program allows you “utilize GPS technology designed to locate your vehicle, alert authorities, and in some cases, remotely slow down your vehicle so thieves won’t get far.”

Toyota has also come out with a similar feature on their cars called Safety Connect. When your vehicle is stolen, “agents can assist authorities in locating your vehicle using GPS technology.”

This technology will help to recover your stolen vehicle. Even the knowledge of this technology existing in these vehicles will prevent theft.

Finding Solutions

Companies should consider other options to further the effort to reduce vehicle theft. This could be as simple as an on/off switch on key fobs. Another solution could be to increase the encryption making the data more difficult to duplicate onto outside devices. 

Protecting yourself against Motor Vehicle Theft

To minimize the risk of your vehicle being stolen beyond recovery there are a few things that consumers can do:

  1. Place your key fob in a metal tin, aluminum foil, or in Faraday Bag when not in use. Metals can help to interfere with radio frequencies criminals use to unlock and start your vehicle.
  2. Keep your key fob far away from windows and doors when not in use.
  3. Remove the battery from key fob when not in use.
  4. Use a Steering Wheel Lock to physically secure the steering column and deter potential thieves.
  5. Keep your vehicle in a locked garage when possible.
  6. Subscribe to a vehicle tracking security service that will alert you whenever your vehicle is departing from a location.
  7. Consider adding a tracker (such as Apple AirTag) somewhere inside your vehicle, so if it is stolen, you have the means of identifying where the vehicle was transported to.
  8. Install a video surveillance system (such as the Ring doorbell camera system) that will alert you whenever a person trespasses onto your property.
  9. Park your vehicle in well lit and visible parking lot location.

Summary

Overall, as vehicles get smarter, hackers do too. It’s important to take the necessary precautions to protect yourself from vehicle theft. Before buying a new vehicle, research vehicle models that use higher encryption and have reliable anti-theft systems in place. Consider buying a vehicle that requires insertion of your key in order to start. Even better, go for a vintage automobile that lacks any solid state components and your vehicle should be resistant to any such radio frequency attacks.

The Pandemic Causing Increased Attacks on Corporate Security

Since the start of the pandemic, there has been much disruption in some industries. Many businesses have been challenged during the pandemic as a result of the difficulty of managing cyber and data security. Data breaches relating to remote workers and hacking of corporations continue to escalate at an alarming rate, require prompt response to mitigate the fallout.

There have been several significant shifts in the ways that businesses operate and their reliance on digital systems. Many businesses moved to a largely remote working model. Some have had to focus more on online activities in order to keep their brands active and visible. Businesses in a number of industries began to deliver products and services online for the first time. Meanwhile, those that already existed in online spaces saw an increase in business. All of these changes have meant that various security issues have arisen and become more prominent for businesses everywhere.

Increase in corporate data breaches

Cybercriminals have been taking advantage of the unprecedented circumstances caused by the pandemic, exploiting the vulnerabilities of businesses everywhere. Verizon carried out a recent study called ‘Analyzing the COVID-19 data breach landscape‘, which looks at 36 confirmed data breaches that were directly related to the pandemic. In addition, there was 474 data breaches between March and June 2020. Using this data, they determined that many cybercriminals were using the same methods to obtain data as before the pandemic while exploiting the disruption experienced by many businesses.

Remote Teleworkers facing cyber attacks threatening corporate security

One way in which corporate data breaches have been impacted by the pandemic is through increased use of ransomware. Seven of the nine malware incidents from Verizon’s 36 COVID-19 data breach cases demonstrated a spike in ransomware usage. Another change is in the way that criminals use phishing emails to play on the emotions of users. In a time when stress is high and mental health problems have increased, many people are more susceptible to phishing emails. Phishing was already a popular and often successful form of cyber attack before and even more so now.

Cost of data breaches for companies hit a record high in 2021

The cost of a data breach also hit a record high during the pandemic, according to IBM Security. They revealed the results of a global study showing the average cost of data breaches for companies surveyed was $4.24 million per incident. This is a 10% increase from the previous year. When remote work was a factor in the breach, data breaches cost an average of $1 million more. Stolen user credentials were the most common cause of data breaches. However, the study also showed the use of methods such as AI, security analytics, and encryption helped to reduce costs.

The COVID-19 pandemic has affected corporate data breaches due to a number of shifts in the way businesses are working, user behavior, and more. It’s vital for companies to take the right steps to prevent breaches and protect themselves.


If your company recently fell victim to a cyber attack, such as ransomware, or suspected data exfiltration by an unknown hacker, call Enigma Forensics today. We offer emergency incident response services and can help preserve available data, identify the origins of the attacker, and assist with the restoration of company services. Our experts have experience testifying and helping to mitigate risk and maximize your potential of recovering damages and lost data. Call us today at 312-668-0333 for a complimentary consultation.

Pegasus Apple iPhone Spyware Leads to Litigation

Apple has filed a lawsuit against NSO Group relating to their installation of Pegasus spyware on Apple users’ devices. Apple wishes to hold NSO Group accountable for their surveillance of users.

Apple has taken the significant step to begin notifying individuals about the threat of state-sponsored attacks on their accounts and devices. Apple is suing NSO Group and its parent company to attempt to hold them accountable for surveillance of Apple users. Their lawsuit, filed November 23, 2021, seeks an injunction to ban NSO Group permanently from using any Apple software, services, or devices. It comes after NSO Group has been shown to have infected Apple users’ devices with Pegasus spyware.

Apple’s Actions to Notify Impacted Users

Apple threat notifications are intended to provide warnings to individuals who may have been targeted by state-sponsored attacks. They use two different methods to notify the user through their account. When logging into appleid.apple.com, there will be a Threat Notification displayed at the top of the page. Additionally, the user will receive an email and an iMessage notification to the email addresses and phone numbers associated with their Apple ID account. The notifications offer advice on the steps that they can take to improve their security and protect their devices and personal information.

In a press release, Apple’s senior vice president of Software Engineering, Craig Federighi, said, “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change.”

NSO Group Allegations

The legal complaint from Apple reveals new information about the activities of NSO Group. It highlights FORCEDENTRY, which exploited a former vulnerability to gain access to Apple devices and install the NSO Group’s spyware Pegasus. The lawsuit from Apple intends to both ban NSO Group from having access to Apple products and services and to seek action on the violation of federal and state law by the NSO Group.

WhatsApp Similar Litigation

In 2019, WhatsApp also brought a court case aiming to hold NSO Group accountable for distributing their spyware through the app. A group of other tech companies, including Google and Microsoft, lent their official support to WhatsApp to encourage the ​​United States Court of Appeals for the Ninth Circuit to hold NSO Group accountable.

Apple responds by funding Cyber Threat Research

Apple has also announced a $10 million contribution in support of cyber-surveillance researchers and advocates. Any damages from the lawsuit have also been pledged to organizations in these areas. Apple is also supporting Citizen Lab, a research group at the University of Toronto that originally discovered the exploit that NSO Group used, by providing technical, threat intelligence, and engineering assistance at no charge. They will also provide assistance to other organizations doing work in the same field, where appropriate.

Ron Deibert, director of the Citizen Lab at the University of Toronto said, “Mercenary spyware firms like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors. I applaud Apple for holding them accountable for their abuses, and hope in doing so Apple will help to bring justice to all who have been victimized by NSO Group’s reckless behavior.”In response to the complaint, NSO Group replied, “Thousands of lives were saved around the world thanks to NSO Group’s technologies used by its customers”. They said, “Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments with the lawful tools to fight [them]. NSO group will continue to advocate for the truth.”

Related Posts

Cell Phone Privacy – San Bernardino
Cell Phone and Social Media Forensics

Decoding EMR Logs: Synapse PACS Database Table Names

Where do I start?

TABLE_NAME:

A   B   C   D   E   F  G  H   I   J   K   L   M
N   O   P   Q   R   S   T   U   V   W   X   Y   Z

A

  • ACCESSOR
  • ACCESSOR_ACTIVE_DIRECTORY
  • ACCESS_ITEM
  • ACCESS_RESTRICTION
  • ACR
  • ADD_TO_QUEUE_JOB_STATUS
  • AFFINITY_DOMAIN
  • ALIAS_PATIENT
  • ANATOMIC_REGION
  • AUDIT_INSTALL
  • AUDIT_ROWCOUNT

B

  • BACKFILL_PROCESS_TYPE
  • BACKFILL_QUEUE_PRIORITY
  • BACKFILL_QUEUE_STATUS
  • BACKUP_CONFIG
  • BACKUP_LOG
  • BERMUDA_GSPS_CSPS_CNT_UPD_CTL
  • BERMUDA_STUDY_INS_EUID_UPD_CTL
  • BODY_PART
  • BROADCAST_MESSAGE
  • BUTTON

C

  • CALIBRATE_SEQUENCE
  • CANNED_NOTE
  • CASCADED_DICOM_SR
  • CASCADED_IMAGE
  • CASCADED_SERIES
  • CASCADED_STUDY
  • CASCADED_VISIT
  • CHANGE_NOTIFICATION
  • CODING_SCHEME
  • COMMAND
  • COMMAND_CLASS
  • COMMAND_COL
  • COMMAND_COL_OP
  • COMMAND_COMMAND_CLASS
  • COMMAND_COND
  • COMMAND_FILTER
  • COMMAND_INTERFACE
  • COMMAND_INTERFACE_CLIENT
  • COMPONENT_CLASS
  • COMPRESSION
  • CONFERENCE_WORKFLOW_STATUS
  • CONFIG_JSON

D

  • DASHBOARD_CACHE
  • DATA_AGGREGATION_NAME
  • DATA_GUARD_COMMANDS
  • DATA_MAINTENANCE_LOG
  • DB_CHARACTER
  • DB_MEMORY_SIZING_BREAKUP
  • DB_RECOVERY_CONFIG
  • DB_STATISTICS_CONFIG
  • DB_STATS_APRIL_WK#_1
  • DB_STATS_APRIL_WK#_2
  • DB_STATS_APRIL_WK#_3
  • DB_STATS_APRIL_WK#_4
  • DB_STATS_CBO
  • DB_STATS_CBO_CONFIG
  • DB_STATS_JUNE_WK#_1
  • DB_STATS_MARCH_WK#_2
  • DB_STATS_MARCH_WK#_3
  • DB_STATS_MARCH_WK#_4
  • DB_STATS_MAY_WK#_1
  • DB_STATS_MAY_WK#_2
  • DB_STATS_MAY_WK#_3
  • DB_STATS_MAY_WK#_4
  • DB_STATS_MAY_WK#_5
  • DELETED_DICOM_SR
  • DELETED_IMAGE
  • DELETED_PATIENT
  • DELETED_SERIES
  • DELETED_STUDY
  • DELETION_REJECT
  • DEPARTMENT
  • DIAGNOSTIC_CODE
  • DICOM_BACKFILL_QUEUE
  • DICOM_CONFIG
  • DICOM_DESTINATION
  • DICOM_GROUP
  • DICOM_QR_ATTRIBUTE_INFO
  • DICOM_QR_DATE_CLAUSE_INFO
  • DICOM_QR_MATCHING_INFO
  • DICOM_QR_SELECT_INFO
  • DICOM_RETRIEVAL
  • DICOM_SR
  • DICOM_STORAGE
  • DICOM_STORAGE_BACKUP
  • DICOM_TAG
  • DICOM_VALUE_REP
  • DICT_NOTIFY_BANNER
  • DISPLAY
  • DOCUMENT
  • DOCUMENT_TYPE_CONFIG

E

  • EBF_DASHBOARD_SUMMARY
  • EMAIL_CONFIG
  • EMAIL_TYPE
  • ERBF_SFQ_STAT_TRANS
  • ERF_PROFILE_ACTION_TYPE
  • ERF_PROFILE_VERIF_METHOD
  • ERROR_MESSAGE
  • ERROR_TRACE_LOG
  • EVENT_LOG
  • EVENT_TYPE_CONFIG
  • EXTERNAL_IMAGE
  • EXTERNAL_IMAGE_DELETED

F

  • FCR_CODE
  • FCR_TO_CR_QUEUE
  • FCR_TO_CR_QUEUE_CTL
  • FETCH_QUEUE
  • FOLDER
  • FOLDER_COLUMN_LIST
  • FOLDER_COLUMN_PROPERTY
  • FOLDER_ETAG
  • FOLDER_FILTER
  • FOLDER_GROUP_COLUMN
  • FOLDER_ITEM
  • FOLDER_JSON
  • FOLDER_LOCALE
  • FOLDER_MERGE
  • FOLDER_MIGRATION
  • FOLDER_OBJECT
  • FOLDER_TEMP_OAK_PATCH2
  • FOLDER_TEMP_OAK_PATCH3
  • FOLDER_TEMP_STARBOARD
  • FORWARDING_PROFILE
  • FORWARDING_QUEUE_RESPONSE
  • FORWARDING_QUEUE_STATUS
  • FRAME_BOOKMARK
  • FUJIRDS_LOG

I

  • IMAGE
  • IMAGE_CALCULATION
  • IMAGE_DISPLAY
  • IMAGE_OVERLAY
  • IMAGE_REALLOCATE_ACTIVITY
  • IMAGE_RETRIEVAL_OPTION
  • IMAGE_STORAGE
  • IMAGE_VERSION
  • IMAGE_VERSION_DELETED
  • IMAGE_VERSION_MIGRATE_CTL
  • IOCM_REASON
  • IOCM_REJECTNOTE
  • IOCM_STUDY_LAST_REJECT
  • IPP
  • IPPSET_REF
  • IPP_CURVE

K

  • KEYWORD

L

  • LINK_FOLDER
  • LINK_FOLDER_CONTENT
  • LOCALE
  • LOCALIZATION
  • LOCALIZATION_LOCALE
  • LOCALIZATION_TEMP
  • LOCAL_AE
  • LOCATION
  • LOCK_INFO
  • LOCK_TYPE
  • LOG_ACTIVITY
  • LOG_CATEGORY
  • LONG_TERM_EVENT_LOG
  • LOOKUP

M

  • MANUAL_FOLDER_MIGRATION_LOG
  • MANUFACTURER_MODEL
  • MATCH_WEIGHT
  • MENU_CODE
  • MODALITY
  • MONTHLY_EVENT_VOLUME
  • MPPS

O

  • OAK_FOLDER
  • OAK_FOLDER_COLUMN_PROPERTY
  • OAK_PATCH2_FOLDER
  • OAK_POST_UPGRADE
  • OBJECT_TYPE
  • OBSOLETED_IMAGE
  • OP5_POST_UPGRADE
  • OS_REGION

P

  • PATIENT
  • PATIENT_MERGE_ACTIVITY
  • PERMANENT_DELETED_STUDY
  • POST_PROCESS_QUEUE
  • POST_UPGRADE
  • POWERJACKET_SETTING
  • PREFETCH_CFG
  • PREFETCH_QUEUE
  • PRESET
  • PRIORITY
  • PRIVILEGE
  • PRIVILEGE_COM_COM_CLASS
  • PROCEDURE_INFO
  • PROCEDURE_INFO_FCR
  • PROC_INFO_BODY_PART
  • PROPERTY

Q

  • QBE_FOLDER

R

  • RADIATION_DOSE
  • READING_PROTOCOL_OLD
  • READING_SPECIALTY
  • READING_SPECIALTY_PROC_INFO
  • RECYCLE_BIN
  • RECYCLE_BIN_DELETED
  • REFERENCE_RECONCILE_QUEUE
  • REFERENCE_RECONCILE_STATUS
  • REJECT_DICOM_SR
  • REJECT_IMAGE
  • REJECT_TYPE
  • RELATED_PROCEDURE_SYSTEM
  • RELATED_PROCEDURE_USER
  • REMOTE_AE
  • REMOTE_AE_NET_CONFIG
  • REMOTE_AE_SOP_STORAGE
  • REPORT_STATUS
  • RIS_CONFIG

S

  • SBP0_POST_UPGRADE
  • SCHOONER_POST_UPGRADE
  • SCRIPT
  • SECURE_URL_KEY
  • SECURITY_HIERARCHY
  • SECURITY_KEY_3D
  • SERIES
  • SERIES_DESCRIPTION_DOWNLOAD
  • SERIES_DESCRIPTION_REPORT
  • SERIES_REALLOCATE_ACTIVITY
  • SERVICE_PATH
  • SERVICE_PATH_PARAM
  • SERVICE_TRACELOG
  • SESSION_AGGREGATION
  • SESSION_AGGREGATION_DETAIL
  • SESSION_INFO
  • SFI_TEMP_TABLE
  • SGA_CACHE_TABLES
  • SHORTCUT
  • SITE
  • SOP_CLASS
  • SOP_CLASS_STORAGE
  • SSO_CLIENT
  • SSO_CLIENT_PROPERTY
  • SSO_CLIENT_SECRET
  • SSO_EXTERNAL_PROVIDER
  • SSO_REFRESH
  • SSO_SCOPE
  • SSO_SCOPE_CLAIM
  • SSO_TRANSIENT_DATA
  • STANDARD_PROCEDURE
  • STARBOARD_FOLDER
  • STATUS_CHANGE_QUEUE
  • STORAGE
  • STORAGE_BACKUP
  • STUDY
  • STUDY_ANOMALY
  • STUDY_DISPLAY_HISTORY
  • STUDY_DISPLAY_STATE
  • STUDY_DOCUMENT
  • STUDY_FOLDER_INTERSECTION
  • STUDY_FORWARDING_QUEUE
  • STUDY_IMAGE_SENDER
  • STUDY_MEDICAL_EVENT
  • STUDY_MEDICAL_EVENT_ACTIVITY
  • STUDY_MERGE_ACTIVITY
  • STUDY_OPEN_SESSION
  • STUDY_PRODUCTIVITY
  • STUDY_REALLOCATE_ACTIVITY
  • STUDY_SERIES_DESC
  • STUDY_SESSION_MONITOR
  • STUDY_STATUS
  • STUDY_STATUS_LOCALE
  • STUDY_TAT_HISTORY
  • STUDY_WF_EVENT_ACTIVITY
  • STUDY_WF_EVENT_LOG
  • SUBSCRIPTION
  • SYMON_ALERT
  • SYMON_MA_DEFINITION
  • SYMON_MA_TRIGGER
  • SYMON_SAMPLE
  • SYSMODEL_SERVER
  • SYSTEM_CONFIG
  • SYSTEM_VERSION

T

  • TAG_LOOKUP
  • TAT_AGGREGATION_DETAIL
  • TAT_AGG_MODALITY
  • TAT_AGG_MODALITY_PROC
  • TAT_AGG_MODALITY_STAT
  • TAT_AGG_MODALITY_STAT_LOC
  • TAT_AGG_TIME_PERIOD
  • TAT_AGG_USER_RAD
  • TAT_AGG_USER_TECH
  • TAT_AGG_VISIT_CLASS_STAT
  • TAT_AGG_VISIT_LOC_STAT
  • TEMP_LOCALIZATION_NEW
  • TEMP_LOCALIZATION_OLD
  • TEMP_LOCALIZATION_OLD_NEW
  • THINK_LOG
  • THINK_LOG_KEYWORD
  • TIMEZONE
  • TIME_PERIOD
  • TRANSFER_SYNTAX

U

  • USER_DEBUG_LOG
  • USER_DEBUG_LOG_DETAIL
  • USER_INFO
  • USER_PREFERENCES
  • USER_SESSION
  • USER_SESSION_MONITOR

V

  • VISIT
  • VISIT_MERGE_ACTIVITY
  • VISUALIZATION_METRIC
  • VIZ_METRIC_AGGREGATION
  • VIZ_METRIC_AGGREGATION_DETAIL

W

  • WORKFLOW
  • WORKLIST_COL_LOCALE_MODIFIER
  • WORKLIST_FAVORITE
  • WORKSTATION_SPECIAL_PATH
  • WS_PLUGIN
  • WS_PLUGIN_PARAM
  • WS_PLUGIN_TYPE
  • WS_PLUGIN_TYPE_PARAM

X

  • XDS_AUTHOR
  • XDS_AUTHORITY
  • XDS_BODYPART_EVENTCODE
  • XDS_BPPC_EVENTCODE_OPT
  • XDS_BPPC_PRIVACY_OPTION
  • XDS_CODES
  • XDS_CODETYPE
  • XDS_COMMENTS_POLICY
  • XDS_FORMATCODES_FILETYPE
  • XDS_MODALITY_EVENTCODE
  • XDS_PERSONLINK
  • XDS_PERSON_ID
  • XDS_PERSON_NAME
  • XDS_PIX
  • XDS_PROFILE
  • XDS_PROFILE_CONFIDENTIALITY
  • XDS_PROFILE_RECIPIENT_ORG
  • XDS_PROFILE_RECIPIENT_PERSON
  • XDS_PROFILE_SHARINGOPTION
  • XDS_RECIPIENT_ORGANIZATION
  • XDS_RECIPIENT_PERSON
  • XDS_RECIP_PERSON_ORG_MAP
  • XDS_REPOSITORY
  • XDS_REPOSITORY_DOCUMENT
  • XDS_SHARINGOPTION
  • XDS_SUBMISSION
  • XDS_TYPECODES_PROCCODE
  • XDS_USERROLE_MAP

A Cautionary Tale of Audio Forensics and Trade Secrets

One private firm’s artificial-intelligence system is deemed insufficient evidence

ShotSpotter, a gunshot detection firm contracted by police departments nationwide, has recently received criticism for its audio forensics system that, it claims, incorporates “sensors, algorithms, and AI” to identify gunshots and locate their source. While several precincts have praised the company for increasing police response to incidents of gun violence, its accuracy as evidence in court remains questionable.

There are two primary reasons for skepticism: 1) studies have indicated that its algorithm has a propensity for generating false positives, and 2) employees are able to modify the database after alerts come in. Since its system is protected as a trade secret, it has been generally inscrutable from oversight.

As seen in this Associated Press investigation, a State’s Attorney’s Office used ShotSpotter’s data for evidence in a case against a Chicago man. This left him in prison for 11 months before the judge dismissed the case. The report eventually released by ShotSpotter showed that the alert in question was identified differently at first. It alerted to a “firecracker” several blocks away from the alleged scene of the crime — but an employee later revised the identification and location. As a result, prosecutors decided that the “evidence was insufficient to meet [their] burden of proof.”

How could it be improved?

This case emphasizes the importance of accountability in regards to digital evidence on either side of a case. The Health Information Portability and Accountability Act (HIPAA), for example, requires retention of Electronic Medical Records (EMR) stored in Health Information Systems (HIS). Healthcare firms must record a permanent record of all additions, changes and deletions of EMR, including the time and person making those changes.

While ShotSpotter obviously isn’t in healthcare, its system would still benefit from similar transparency. It would help improve the reliability of such information. In this case, such logs would have revealed human intervention earlier on. This would have saved the defendant from the 11 he spent months in prison. In other cases, transparency could support prosecution. Regardless, it would bolster ShotSpotter’s credibility when used as evidence.

It’s possible that we could examine information recorded — when the stored data was originally entered and changes to that stored data — without violating trade secret status to a software provider’s algorithms.  HIS software providers have trade secret protection to their software. Still, they are required to disclose all record EMR, as well as the revision history to those records.

Where we can help.

Asking the right questions and gathering all available digital evidence is important to achieving an equitable outcome. Enigma Forensics has experience auditing and authenticating digitally stored electronic evidence. We can assist with validating such claims as genuine.