Change Healthcare and DeepSeek Data Security
Last year, estimates of the Change Healthcare data breach were that it could cost over $2 billion in incident response alone. Estimates for a while were also that 100 million people were affected. This was all prior to this week, when UnitedHealth announced the number was closer to 190 million.
Still growing, the number will ultimately be reported to the Office for Civil Rights (OCR), though it has already become the largest US healthcare breach to date (although that record will doubtless change hands soon enough). Data from provider names, prescriptions and test results were exposed. The event also displayed the hazards of acquiescing to demands from ransomware gangs; despite the firm paying $22 million in ransom, a different cyber crook gang still ended up in possession of the data and posted it to the dark web.
In other news, new Chinese AI model DeepSeek has already become the subject of data protection controversy. Generative AI has already seen massive swells of influence across all sectors, and the risks are sure to be commensurate. So soon after its meteoric ascension, offering a cost-effective and efficient alternative to OpenAI, Wiz Research has identified critical flaws in the security that allows indiscriminate access to and control of database operations, in addition to internal data. Millions of lines of log streams, operational details, secret keys and other highly sensitive data were exposed, which Wiz discovered within minutes of security recon. According to Wiz, this incident reveals the basic risks inherent in the current infrastructure and tools of AI applications.
This news perhaps puts a slight damper on recent optimism over the cheapness and open-source nature of AI code deployment. Imagine, something going wrong with AI. Who could ever expect such a thing? Nevertheless, these simple risks that can lead to data exposure remain, much as they do in other contexts. Just like recent years saw the growing importance of application security, now that same emphasis must be applied to AI tools and services that handle people’s sensitive data. Nothing changes in that regard.
To protect database operations and their valuable contents, NetLib Security offers its patented Encryptionizer solution to protect stored data across all environments, physical, virtual and cloud. The rapid integration of AI providers into critical infrastructure speeds ahead, often without the proper security standards that are usually the norm. Never mind that’s how Skynet got started, but even on a more mundane level, it presents massive security risks for sensitive data and how people go about their lives.