Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information.
Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Data included hundreds of conversations between customers and chatbots enquiring about cancer drugs, epilepsy medication and Viagra.
It is not known how many patients were in the UAE.
When administrators leave the front door open it's unsurprising attackers walk straight in unnoticed
Cybercrime experts said the blunder could lead to patients inadvertently handing over bank card information to criminals claiming to process bogus prescriptions.
“While name, addresses, and email addresses are not highly sensitive information like birth dates or social security numbers, the conversations could reveal very private medical data,” said Morey Haber, chief technology officer at BeyondTrust, a cyber security company in the UAE.
“The information could easily lead to future spear phishing attacks because the details about an individual would make a potential attack credible.
“Pfizer did not know the data was accessible nor [that] it was obtained.
“It is feasible therefore to assume the data has been accessed in the past as well.”
Phishing is the most common technique used by hackers to extract restricted data or gain access to accounts by encouraging users to relinquish passwords.
Sensitive information about patients, who asked questions online about smoking cessation drug, Chantix, was also obtained by hackers.
The breach was reported to Pfizer and regulators by online security researchers at tech-company vpnMentor.
They said the information remained exposed online for months before action was taken to remove it in September.
It is the fifth similar failure to secure patient information by Pfizer, that has offices in Dubai Media City, following incidents in 2007 and 2019.
"Pfizer is aware that a small number of non-HIPAA data records on a vendor operated system used for feedback on existing medicines were inadvertently publicly available," Pfizer said in response.
"We take privacy and product feedback extremely seriously. To that end, when we became aware of this event we ensured the vendor corrected the issue and notifications compliant with applicable laws will be sent to individuals."
Industry experts said cloud storage is becoming increasingly difficult to secure as hacking techniques become more sophisticated.
In 2014, celebrities including Jennifer Lawrence, Rihanna and Kim Kardashian were among those who had compromising photos leaked online after cloud storage was hacked.
A two-step verification process was then introduced to bolster security around Apple’s iCloud data storage service.
“The recent Pfizer data breach tells us it is extremely difficult for even the largest companies in the world to secure their data every hour, every day and every week,” said Sam Curry, chief security officer at Cybereason, a company working with businesses in the UAE to bolster online defences.
“It's irrelevant whether an internal or external error led to this data breach.
“The digital footprint for enterprises is expanding at such a rapid pace, errors will occur and data will be exposed.
“Customers want transparency and guarantees that the company will continue to make sure data protection is their top priority.”
Read More
Explainer: How to avoid phone and email scams
Phishing scam 'webcam' warning as UAE residents find themselves targets
Passwords no longer enough to protect users from cybercrime, former hackers say
Chat conversations between human and chatbots that give an automated conversation response were some of the information exposed in the leak.
While replies were preprogrammed into the solution, humans would realistically have to answer a series of questions to determine the proper response.
Those questions were designed to provide a high confidence in the results and often forced the exposure of more information to obtain the desired results.
“As no system, or person, is ever perfect, the ability to monitor, detect and respond to unauthorised or malicious access to cloud services can make the difference between a contained security incident and a full-blown breach as being reported at Pfizer,” said Matt Walmsley, a tech industry analyst and director at Vectra AI.
“We performed analysis on Office 365 – the worlds most used software and service cloud – and identified how attackers are using existing tools and services within the cloud to spy and steal.
“When administrators inadvertently leave the front door open it’s unsurprising that attackers walk straight in and out unnoticed.”
How does ToTok work?
The calling app is available to download on Google Play and Apple App Store
To successfully install ToTok, users are asked to enter their phone number and then create a nickname.
The app then gives users the option add their existing phone contacts, allowing them to immediately contact people also using the application by video or voice call or via message.
Users can also invite other contacts to download ToTok to allow them to make contact through the app.
Results:
Men's wheelchair 800m T34: 1. Walid Ktila (TUN) 1.44.79; 2. Mohammed Al Hammadi (UAE) 1.45.88; 3. Isaac Towers (GBR) 1.46.46.
Super 30
Produced: Sajid Nadiadwala and Phantom Productions
Directed: Vikas Bahl
Cast: Hrithik Roshan, Pankaj Tripathi, Aditya Srivastav, Mrinal Thakur
Rating: 3.5 /5
The five pillars of Islam
TECH%20SPECS%3A%20APPLE%20WATCH%20SERIES%208
%3Cp%3E%3Cstrong%3EDisplay%3A%3C%2Fstrong%3E%2041mm%2C%20352%20x%20430%3B%2045mm%2C%20396%20x%20484%3B%20Retina%20LTPO%20OLED%2C%20up%20to%201000%20nits%2C%20always-on%3B%20Ion-X%20glass%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EProcessor%3A%3C%2Fstrong%3E%20Apple%20S8%2C%20W3%20wireless%2C%20U1%20ultra-wideband%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ECapacity%3A%3C%2Fstrong%3E%2032GB%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EMemory%3A%3C%2Fstrong%3E%201GB%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EPlatform%3A%3C%2Fstrong%3E%20watchOS%209%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EHealth%20metrics%3A%3C%2Fstrong%3E%203rd-gen%20heart%20rate%20sensor%2C%20temperature%20sensing%2C%20ECG%2C%20blood%20oxygen%2C%20workouts%2C%20fall%2Fcrash%20detection%3B%20emergency%20SOS%2C%20international%20emergency%20calling%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EConnectivity%3A%3C%2Fstrong%3E%20GPS%2FGPS%20%2B%20cellular%3B%20Wi-Fi%2C%20LTE%2C%20Bluetooth%205.3%2C%20NFC%20(Apple%20Pay)%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EDurability%3A%3C%2Fstrong%3E%20IP6X%2C%20water%20resistant%20up%20to%2050m%2C%20dust%20resistant%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EBattery%3A%3C%2Fstrong%3E%20308mAh%20Li-ion%2C%20up%20to%2018h%2C%20wireless%20charging%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ECards%3A%3C%2Fstrong%3E%20eSIM%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EFinishes%3A%3C%2Fstrong%3E%20Aluminium%20%E2%80%93%20midnight%2C%20Product%20Red%2C%20silver%2C%20starlight%3B%20stainless%20steel%20%E2%80%93%20gold%2C%20graphite%2C%20silver%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EIn%20the%20box%3A%3C%2Fstrong%3E%20Watch%20Series%208%2C%20magnetic-to-USB-C%20charging%20cable%2C%20band%2Floop%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EPrice%3A%3C%2Fstrong%3E%20Starts%20at%20Dh1%2C599%20(41mm)%20%2F%20Dh1%2C999%20(45mm)%3C%2Fp%3E%0A
Avatar: Fire and Ash
Director: James Cameron
Starring: Sam Worthington, Sigourney Weaver, Zoe Saldana
Rating: 4.5/5
UK’s AI plan
- AI ambassadors such as MIT economist Simon Johnson, Monzo cofounder Tom Blomfield and Google DeepMind’s Raia Hadsell
- £10bn AI growth zone in South Wales to create 5,000 jobs
- £100m of government support for startups building AI hardware products
- £250m to train new AI models
Teri%20Baaton%20Mein%20Aisa%20Uljha%20Jiya
%3Cp%3E%3Cstrong%3EDirectors%3A%3C%2Fstrong%3E%20Amit%20Joshi%20and%20Aradhana%20Sah%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ECast%3A%3C%2Fstrong%3E%20Shahid%20Kapoor%2C%20Kriti%20Sanon%2C%20Dharmendra%2C%20Dimple%20Kapadia%2C%20Rakesh%20Bedi%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%204%2F5%3C%2Fp%3E%0A
Sole survivors
- Cecelia Crocker was on board Northwest Airlines Flight 255 in 1987 when it crashed in Detroit, killing 154 people, including her parents and brother. The plane had hit a light pole on take off
- George Lamson Jr, from Minnesota, was on a Galaxy Airlines flight that crashed in Reno in 1985, killing 68 people. His entire seat was launched out of the plane
- Bahia Bakari, then 12, survived when a Yemenia Airways flight crashed near the Comoros in 2009, killing 152. She was found clinging to wreckage after floating in the ocean for 13 hours.
- Jim Polehinke was the co-pilot and sole survivor of a 2006 Comair flight that crashed in Lexington, Kentucky, killing 49.
Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.
Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.
“Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.
Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.
“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.
Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.
From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.
Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.
BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.
Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.
Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.
“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.
Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.
“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.
“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”
The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”
Key facilities
- Olympic-size swimming pool with a split bulkhead for multi-use configurations, including water polo and 50m/25m training lanes
- Premier League-standard football pitch
- 400m Olympic running track
- NBA-spec basketball court with auditorium
- 600-seat auditorium
- Spaces for historical and cultural exploration
- An elevated football field that doubles as a helipad
- Specialist robotics and science laboratories
- AR and VR-enabled learning centres
- Disruption Lab and Research Centre for developing entrepreneurial skills
VEZEETA PROFILE
Date started: 2012
Founder: Amir Barsoum
Based: Dubai, UAE
Sector: HealthTech / MedTech
Size: 300 employees
Funding: $22.6 million (as of September 2018)
Investors: Technology Development Fund, Silicon Badia, Beco Capital, Vostok New Ventures, Endeavour Catalyst, Crescent Enterprises’ CE-Ventures, Saudi Technology Ventures and IFC
Abu%20Dhabi%E2%80%99s%20Racecard
%3Cp%3E%0D5pm%3A%20Al%20Bithnah%20%E2%80%93%20Maiden%20(PA)%20Dh80%2C000%20(Turf)%201%2C200m%0D%3Cbr%3E5.30pm%3A%20Al%20Khari%20%E2%80%93%20Hanidcap%20(PA)%20Dh80%2C000%20(T)%201%2C200m%0D%3Cbr%3E6pm%3A%20Al%20Qor%20%E2%80%93%20Handicap%20(PA)%20Dh80%2C000%20(T)%201%2C600m%0D%3Cbr%3E6.30pm%3A%20Wathba%20Stallions%20Cup%20%E2%80%93%20Handicap%20(PA)%20Dh70%2C000%20(T)%201%2C600m%0D%3Cbr%3E7pm%3A%20Al%20Badiyah%20%E2%80%93%20Handicap%20(PA)%20Dh80%2C000%20(T)%202%2C200m%0D%3Cbr%3E7.30pm%3A%20Al%20Hayl%20%E2%80%93%20Handicap%20(TB)%20Dh80%2C000%20(T)%202%2C200m%3C%2Fp%3E%0A
At a glance
- 20,000 new jobs for Emiratis over three years
- Dh300 million set aside to train 18,000 jobseekers in new skills
- Managerial jobs in government restricted to Emiratis
- Emiratis to get priority for 160 types of job in private sector
- Portion of VAT revenues will fund more graduate programmes
- 8,000 Emirati graduates to do 6-12 month replacements in public or private sector on a Dh10,000 monthly wage - 40 per cent of which will be paid by government
