"Family and Children's services of Lanark, Leeds and Grenville faces $75 MILLION DOLLAR negligence suit."
Corporate Internet Security
Is it all just programs, passwords and multiple layers of file folders to protect your business computer and client information or is there real hardware involved?
Why yes, there is real hardware. Here's one of the many devises to protect corporate networks and confidential client information.
Juniper Networks ISG Series Integrated Security Gateways are purpose-built, security solutions that are ideally suited for securing enterprise, carrier, and data center environments where consistent, scalable performance is required.
Network segmentation: Security zones, virtual systems, virtual LANS and virtual routers allow administrators to deploy security policies to isolate guests and regional servers or databases.
Optional Integrated IDP:
The ISG Series firewall/VPN with IDP uses the same award-winning software found on Juniper Networks IDP Series appliances.
The IDP security module combines eight detection mechanisms, including stateful signatures and protocol anomaly detection.
The ISG with IDP defends against security threats such as worms, trojans, malware, spyware, unauthorized users and hackers and can provide information on rogue servers and data on applications and operating systems that were inadvertently added to the network. Application signatures enable administrators to maintain compliance and enforce corporate business policies with accurate detection of application traffic.
https://netpoint-dc.com/blog/wp-content/uploads/2015/11/1100036-en.pdf
http://yourlegalrights.on.ca/news/ontarios-childrens-aid-societies-grappling-how-monitor-privacy-breaches
Lemay says the report in question is not "typical" of the work FCSLLG does or the documentation it keeps. He also says the organization has no reason to believe any of its other clients had their personal information compromised.
Lemay says the report in question is not "typical" of the work FCSLLG does or the documentation it keeps. He also says the organization has no reason to believe any of its other clients had their personal information compromised.
Ontario's Family and Children's Services of Lanark, Leeds and Grenville is reporting going over budget $792,292 in what they're calling a budget shortfall due to serious problems with their internet practices and security and sudden unexpected increases in child care costs - then claim to be the victims in a ransomware attack... Their 3rd problem with their internet security in less than a year.
Raymond Lemay, now the head of Family and Children's Services of Lanark, Leeds and Grenville, told CBC News, "The court process will determine whether there was negligence or not. I think that's the ultimate question."
Lemay admits the report was on the FCSLLG's website but says it was hidden behind several layers of security including a password given only to the organization's board of directors (that actually wasn't required.)
Lemay said there was a previous breach of the agency in February which did not involve the release of confidential information (OR SO HE CLAIMS). The person responsible was a children’s aid client who has been embroiled in a campaign against the agency, including posting hours-long YouTube videos of her interactions with members of the staff.
"We suspect it was a hack. It might not have been a sophisticated one," says Mr. LeMay, the organization's executive director and I suspect that is the case," he adds.
"You have to go through the back door. You have to be looking for this," he says. (Mr Lemay just assumes Kelley was looking for "it" when she found the list with her name on it.
IS THERE SUPPOSED TO BE A BACKDOOR?
OR DID SOMETHING FCSLLG DO ON THEIR PRIVATELY OPERATED PUBLIC INFORMATION WEBSITE BYPASS CAS PORTAL SECURITY?
OR DID SOMETHING FCSLLG DO ON THEIR PRIVATELY OPERATED PUBLIC INFORMATION WEBSITE BYPASS CAS PORTAL SECURITY?
https://www.cbc.ca/news/canada/ottawa/family-children-services-facebook-personal-information-1.3546788
Ransomware attacks at two children’s aid societies have spurred the Ontario government to tighten cyber-security around a new, $123-million provincial database for children in care.
One of the agencies — the Children’s Aid Society of Oxford County — paid a $5,000 ransom to regain access to their sensitive data after the malware attack on their local servers on Jan. 18, according to sources with knowledge of the incident.
Officials with the other agency — Family and Children’s Services of Lanark, Leeds and Grenville — saw an English ransom message flash on their computer screens, demanding $60,000, when they tried to access their database in November or so Mr Lemay claims but whether or not they can prove there was a message or a virus remains unknown. Guess we just have to take them at their word, again.
“It encrypted most of our servers,” says the Lanark agency’s executive director, Raymond Lemay. “No data was taken out of our system. It was just an attempt by whatever you call these people to get a ransom.”
Lemay says his agency didn’t pay up. He says it used an offline backup of computer files to get the agency up and running again in about eight hours.
Lemay says the ransomware attack cost his agency $100,000 to fix, an expense covered by his agency’s “cyber insurance.”
How does that cost $100 000?
Cybersecurity experts from the province’s Ministry of Children and Youth Services, along with a private internet security firm, swooped into the agency to neutralize the malware in the infected servers.
“It took them about three weeks to find the needle in the haystack,” Lemay says.
The ransomware attack locked the agencies out of local online files that contained private information on the children and families they serve.
The computer virus attacked while the Lanark agency was uploading its data to a centralized database known as CPIN. It will allow societies across Ontario to share information more easily and better track how children in foster care and group homes are doing.
Who was uploading the information and why wasn't the problem detected before or during the upload?
“They might have taken advantage of vulnerabilities that occurred because we were changing over to a new system,” Lemay says of CPIN. That’s one of the hypotheses, but we don’t know for sure.”
https://www.thestar.com/news/insight/2018/02/22/ransomware-attacks-hit-two-ontario-childrens-aid-societies.html
https://www.thestar.com/news/insight/2018/02/22/ransomware-attacks-hit-two-ontario-childrens-aid-societies.html
If "everyone is guilty of an indictable offence and liable to imprisonment for a term of not more than 10 years, or is guilty of an offence punishable on summary conviction who intercepts or ->causes<- to be intercepted, directly or indirectly, any function of a computer system," wasn't FCSLLG guilty of committing an offense when Kelley was inadvertently and without intention able to access the information without logging on to FCSLLG'S public information website or FCSLLG's alleged secure portal OR DOES THE LAW SAY SOMEWHERE - UNLESS THEY'RE GROSSLY INCOMPETENT, NEGLIGENT, AND WORK DIRECTLY FOR THE GOVERNMENT?
WOULD THERE BE A TRIAL OR A CLASS ACTION SUIT IF FCSLLG HAD PROPERLY PROTECTED THEIR FORCIBLY INDUCTED CLIENTS INFORMATION..?
ACCORDING TO THE POLICE INVESTIGATION DID IT AND ACCORDING TO THE PERTH CROWN AND FCSLLG - HOW AND WHERE THE INFORMATION WAS BEING STORED DOESN'T MATTER AND THERE'S NO REASON TO TALK ABOUT THAT.
THERE WAS NO PROBLEM WITH HOW FCSLLG WAS STORING THE INFORMATION UNTIL KELLEY WARNED THE FAMILIES AT RISK AFTER FCSLLG FAILED TO FIX THE PROBLEM AND THE LIBERALS FAILED TO RESPOND TO HER EMAILS.
Kelly Denham has been dropped as a defendant in the class action.
According to the suit, the personal information of the 285 clients was compiled into an electronic file, prepared for the service’s board of directors on new cases arising between April and November of 2015, but was not properly secured on the agency’s network.
The "highly sensitive" personal information of 285 clients and people being investigated by the Family and Children's Services of Lanark, Leeds and Grenville was allegedly stolen by a hacker and posted on Facebook due to "reckless" and "disgraceful" conduct of the organization, according to a $75-million class action lawsuit filed today.
The criminal trial had been previously scheduled to happen through August 8th to the 18th but was canceled after the Perth crown was forced to admit the alleged victim of the hack was unprepared to go to trial and testify after Kelley refused the second of four offers to plead guilty for a slap on the wrist and one request to sign an agreed statement of FCSLLG's version of the facts presented by the crown.
This made the list publicly available to anyone said Denham, and in her affidavit Denham explained how she came into possession of the sensitive and confidential documents.
She said she found and clicked on an unrelated document on the website intended for the public. She deleted a portion of the URL, and she was taken to a directory of folders with documents, within which she found the document with the names of local families.
She said she was never asked a username or password and was never faced with any security measures that impeded her ability to access the documents.
She said she attempted multiple times to advise the agency the confidential documents were available on the public website, beginning in February 2016, but the documents were still publicly available by late April 2016. This is when she decided to post the location of the report on the Facebook group where she posted an image of a hyperlink and no client was published on Facebook, which was deleted by the group’s administrator within hours.
http://www.recorder.ca/2017/12/15/fcs-faces-negligence-suit
M.M. v. Lanark, Leeds and Grenville Children’s Aid Society, 2018 ONSC 5032 (CanLII)
[19] The events of the various actions, which attracted the attention of the media in Perth, Ontario, are of interest to the citizens of the East Region, who have an interest in the operation of their local children’s aid societies, but the events are of little more than of prurient interest to the citizens of Toronto.
[20] Ms. Denman, who is the central actor either as a commendable whistleblower or as a deplorable newsmonger and hacker and leaker of confidential information is seriously inconvenienced and possibly prejudiced by having to defend or prosecute the various proceedings in Toronto, where she has been unable to obtain a lawyer to represent her.
[20] Ms. Denman, who is the central actor either as a commendable whistleblower or as a deplorable newsmonger and hacker and leaker of confidential information is seriously inconvenienced and possibly prejudiced by having to defend or prosecute the various proceedings in Toronto, where she has been unable to obtain a lawyer to represent her.
https://www.canlii.org/en/
A hyperlink by itself, should never be seen as “publication” of the content to which it refers.
Only when a hyperlinker presents contents from the hyperlinked material in a way that actually repeats the content, should that content be considered to be “published” by the hyperlinker;hyperlinks are, in essence, references which are fundamentally different from other acts of publication.
http://harvardlaw74.com/
FCSLLG : Annual Report 2016–2017.Only when a hyperlinker presents contents from the hyperlinked material in a way that actually repeats the content, should that content be considered to be “published” by the hyperlinker;hyperlinks are, in essence, references which are fundamentally different from other acts of publication.
http://harvardlaw74.com/
Over the course of this year, one unexpected challenge the agency is still managing is related to a whistleblower informing the public to unprotected client information on our privately operated PUBLIC INFORMATION WEBSITE hosted on a US server (about as far from an internal server as you can get) that the agency was using as a sharing platform with other unnamed agencies and to make it easier for board members to access without a password. This challenge has remained an ongoing issue.
The costs associated with this breach and a totally unexpected massive increase in the costs of placements in group homes for the 198 children currently in our care led to an un-forecasted shortfall of about $792,292, though most of the increase is in the still mounting costs of stalling tactics, dirty tricks and corrupt lawyer fees in the upcoming $75 million dollar class action lawsuit - and this after many many years of generating enormous surpluses that we feel more than makes up for this unfortunate situation.
We continue to collude and collaborate with appropriate partners in the cover up and will continue to do so until all aspects of this matter are secretly resolved in the months ahead.
Any parties interested in reading the technical reports provided by FCSLLG's own expert on what really happened may not request or view the technical documents and you'll just have to take our word for what happened till it's revealed in the lawsuit.
There has also been much change in our management team with about half of the service managers being recently demoted and transferred away from front line positions.
Our leadership development activities are geared to prepare internal succession after no one answered our job "opportunities" ad, and all new managers have been in direct services with our organization – thus there is change but also continuity.
Over the past year a few employees have retired, some are off on maternity leave or suddenly left extended vacations while others have left to pursue their careers elsewhere like rats fleeing a sinking ship.
About 70% of our Family Services workers have less than 2 years of experience with the organization or anything beyond a general two year diploma in social work. The agency's other service functions have proven more stable though we're unable to say what they are.
Also the agency has preemptively requested that the Ministry of Child and Youth Services conduct a financial review.
FCSLLG : REAL Annual Report 2016–2017:
https://www.fcsllg.ca/wp-content/uploads/2018/02/FCSLLG-Annual-Report-2016-2017.pdf
No comments:
Post a Comment