Morning Security Brief: Deadly Typhoon Ravages Philippines, HealthCare.gov Project Manager Testifies, and Cybersecurity Report
Typhoon Haiyan devastated the Philippines over the weekend, and now relief workers are warning of a potential health emergency in the nation; the project manager of HealthCare.gov says he was kept in the dark about major security problems with the federal health insurance site; and EY (formerly Ernst and Young) releases a report on businesses and cybersecurity.
► Over 1,700 people are confirmed dead, and up to 10,000 are feared dead after a devastating typhoon battered the Philippines over the weekend. Typhoon Haiyan made landfall six times on Friday, injuring at least 2,487 and leaving thousands without food, safe water, or proper medical care. The United Nations says the storm has displaced 80,000 people. According to a report on CNN.com, the post-typhoon situation could create a health emergency in the nation. “A second round of deaths may be imminent, given limited food and water, along with pools of standing, possibly polluted water amid a breakdown in ordinary sanitation. Relief agencies are worried about outbreaks of disease and infections in the storm's wake,” the report says. Fox News reports that looters are hampering relief efforts , according to the Red Cross, “including some who attacked trucks of food and other relief supplies the agency was shipping from a port city.” Damaged airports and blocked roads are also posing obstacles to the distribution of tents, food, and medical supplies. Meanwhile, the UN has appealed for $301 million to help relief efforts.
► The project manager in charge of HealthCare.gov, Henry Chao , was “apparently kept in the dark about serious failures in the Web site's security,” according to CBS News, which obtained a portion of his testimony that took place behind closed-doors before the House Oversight Committee. Chao testified that he was not made aware of a September 3 memo, written by a colleague at the Centers for Medicare and Medicaid Services (CMS), which outlined two major security vulnerabilities with the HealthCare.gov site. The memo said that “the threat and risk potential (to the system) is limitless,” but Chao testified he was told otherwise, and that the CMS team told him there were “no high findings” from an assessment of the site. While the security vulnerabilities were redacted in the testimony for security purposes, Chao testified that they could have allowed unauthorized access and misrouted data and the theft of personal data that could allow for identity theft.
► In a recently released report, Under Cyber Attack, EY Global information security survey 2013 , EY (formerly Ernst and Young) says cybersecurity has moved among businesses from an operational concern to one of the C-suite and board of executives. The consulting firm reports that “For nearly three-quarters of organizations surveyed, information security policies are now owned at the highest organizational level.” One major highlight of the report is the risk that mobile devices pose to a company’s network. “Cellphones should be thought of as a compromised device,” a company spokesperson told Forbes in an article about the report, adding that “Smart phones are an unfenceable problems and there is an exponential level of risk of attack through them.”