North Dakota Medicaid PHI in dumpster

On May 8, 2017, a workforce member of the North Dakota Department of Human Services (NDDHS) discarded NDDHS Medicaid claim worksheets. The worksheets were found in a dumpster in Bismarck, North Dakota and recovered on May 10, 2017. The worksheets contain Medicaid names, dates of birth, diagnosis codes, Medicaid provider numbers, Medicaid ID numbers, dental work details, etc.

NDDHS is offering one year of free credit/ID monitoring to those affected but they must notify NDDHS before September 5, 2017. NDDHS has set up a toll free number to address any questions regarding the incident, to request free credit/ID theft monitoring, or to obtain a hard copy of the guidance offered by the ND Attorney General’s Office. The toll free contact
number is 1-844-345-8048 (ND Relay TTY 1-800-366-6888) and it will be monitored
until September 5, 2017

Anytime of the year, you can request a fraud alert from one of the three credit bureaus:
Equifax: 888-766-0008 or
Experian: 888-3973742 or
Trans Union: 800-680-7289 or

Feds considering $6M legislation for small biz cyber guidelines

April 20th, 2017, Rep Daniel Webster of Florida introduced a new bill for the National Institute of Standards and Technology (NIST) to disseminate guidance to help reduce small business cybersecurity risks. (NIST already released similar guidelines in November 2016.)  Two Congressional findings stated:

  • 54% of US sales and 55% of US jobs are accounted for by small business
  • 60% of small business cyber attacks close business in 6 months

Requirements of the bill are that the Director (of NIST) should ensure usable, variable, awareness creating, technology neutral, and internally standard resources are disseminated.  Resources would include guidelines, tools, best practices, standards, methodologies, and other ways of providing information.

The Congressional Budget Office (CBO) estimated it to cost approximately $2M for NIST to consult in 2018 and then $4M for maintenance/updates through 2022 – a total cost of $6M for implementation.

Cybersecurity: Home and Small Business

New From: $10.50 USD In Stock

100k FAFSA apps hacked using autopopulate bug

It started with criminals filling out federal application for federal student aid (FAFSA aka federal studnet loan) forms but then circumventing access controls of the website.  The hackers were then able to get other applicants' information used for tax returns and then submit their own phony false tax returns to try to steal refunds.

The hackers were taking advantage of the faulty module in the site called IRS Data Retrieval which auto populates your online federal studnet loan application by using your already known tax return info.

The IRS claimed that in November 2015 they notified the Department of Education about these security concerns (breach) but the IRS didn't actually disable the exposure until March 2017.  The IRS has flagged at least 100,000 accounts as a result.

Individuals can still apply through FAFSA but will need to enter their information manually.

1M+ Aadhaar numbers published on India’s Jharkhand govt website

In India, the Aadhaar is a paperless online anytime-anywhere identity assigned to an Indian citizen to cover his/her entire lifetime. The verification of his identity is uses authentication devices which connect to the Unique Identification Authority of India's (UIDAI’s) Central Identity Repository.  The Repository responds with only a ‘yes’ or ‘no’ response to the basic query-“Is the person who he/she claims to be?” based on the data available with UIDAI.   An Aadhaar Card or e-Aadhaar (electronic copy of Aadhaar) are provided to each enrolled citizen.  

According to the Free Press Journal in India, Aadhaar card holders have had their data exploited to the public domain since November.  Aadhaar data can be used to exploit many things such as post office accounts, rural employment and pension details, and banking information.  It is estimated that there are more than 1.4 million pensioners who are affected.  

According to Section 29 (4) of the Aadhaar Act, publishing Aadhar numbers of consumers is illegal and Hindustan Times reports that the Aadhar numbers were compromised by a programming glitch on the Jharkhand Directorate of Social Security website.  The data exposed includes the names, addresses, Aadhaar numbers and bank account info of beneficiaries of Jharkhand’s old age pension scheme.

Hacking Exposed Web Applications

New From: $49.95 USD In Stock

Federal Air Marshal leaves gun in Delta 221 bathroom

In the wake of September 11, President GW Bush announced on September 20, 2001 a new department in the Department of Homeland Security for a major overhaul of aviation security to dramatically expand the number of air marshalls on domestic flights.  Within one month, the newly created Transportation Security Administration began to hire, train, and deploy 600 Air Marshalls (referred to as FAMs).  Thousands more FAMs have been hired since that time.  The air marshal services was started in 1961 by President Kennedy to protect against hijackings of commercial flight.  TSA's FAM budget is $1B annually which is approximately 10% of the TSA budget.

For applicants, they apply for a TSA position with a goal of being a FAM.  Applicants are then given access to a candidate dashboard or app in the early stages and have an HR hotline to call with questions.  Candidates who make it to the panel interview can expect a 1 in 4 chance of an offer.  Successful applicants typically have a law enforcement or military background with criminal justice or similar degree, a mindset which doesn't fixate on the hours or worries about being away from home, and one who will not end up hating the job once they realize it is boring and has no glamour.

New recruits who make it through vetting to the training have major challenges.  They are expected to be in the top percentage of shooters and to be agile since with no back up what's taught to them on paper doesn't necessarily apply at 30,000 feet in they sky where there are height restrictions and crowded seats.  The FAMs are taught to always search for suspicious behavior such as whether someone is not sleeping, eating their meal or how long they've been out of their seat.  FAMs are expected to be vigilant and adaptable because they have an adversary which continues to make aviation a top terror target and may be using non-metallic improvised explosive devices.

Vigilance is of utmost importance in a job involving the security of others. Viewing a laptop/tablet or listening to music in the course of security duties could seriously impair one from staying on point and or noticing something out of the ordinary – though policy allows for it for FAMs since they are often aboard an 8 hour flight and prohibited from sleeping.

On April 6, 2017, a passenger found a loaded weapon in an aircraft bathroom.  The flight was international flight Delta 221 from Manchester to JFK International.  An air marshall had left her loaded service weapon in the bathroom where the passenger found it and then promptly gave it to flight crew who returned it to the air marshall. The NY Times has reported that the air marshall in question was a new employee and assigned to a flight a few days later.   A loaded weapon unattended constitutes a signficiant security breach which would typically warrant an investigation and possible disciplinary action.  Often, air marshals are forced to resign or are fired for minor transgressions.  

Unsecure Skies

The author gives us an unfiltered account of his personal experience as a Federal Air Marshal. The reader will see how a bureaucracy chartered to protect the flying public frustrates the best recruits by discouraging efforts to excel in physical training and marksmanship. Rigid bureaucratic dress codes and less than secure behavior by some managers risk identifying Air Marshals to terrorists. And even worse, some local supervisors abuse the benefits of their positions to make personal flights on the public’s dime or engage in office romances with subordinates or steal government property. This book shows us the process by which recruits are taught to stifle dissent and learn to just accept and go along. The author eventually finds it impossible to tolerate these abuses. Someone has to do something about it. But can the Federal Air Marshal Service accept criticism from within? Will a whistleblower be successful? Read and find out.
New From: $21.96 USD In Stock

Information Assurance & Cyber Security Research and Education, a 501(c)(3)