Apple is no longer developing a hardware subscription service for iPhones that would let subscribers get a new iPhone every year, according to Bloomberg’s Mark Gurman. Gurman initially reported in 2022 that Apple was working on the service, and while it was apparently supposed to launch that year, the project was delayed due because of “software bugs and regulatory concerns,” Gurman says.

While the hardware subscription service apparently won’t see the light of day, Apple offers installment plans you can use to pay for an iPhone over time. The iPhone Upgrade Program spreads the payments of a loan for a new iPhone (and AppleCare Plus) over 24 months, and you can upgrade to a new phone after you pay the equivalent of 12 months. If you have an Apple Card, you can also pay for a new iPhone (and other Apple products) using Apple Card Monthly Installments.

Authorities in the US are considering a ban on TP-Link internet routers over national security concerns due to their repeated links to Chinese cyberattacks. Investigators at the Commerce, Defense, and Justice departments have all launched probes into the company, according to the Wall Street Journal, with TP-Link reportedly being subpoenaed by an office of the Commerce Department.

The WSJ reports that US authorities may ban the sale of TP-Link routers within the country next year. Action taken against TP-Link would likely fall to the incoming Trump administration.

TP-Link holds roughly 65 percent of the US router market for homes and small businesses, and its internet communications products are used by the Defense Department and other federal government agencies. The company’s market dominance is at least partly driven by the extreme low cost of its routers. The US Justice Department is investigating whether TP-Link sells products for less than they cost to produce in violation of a law that prohibits attempts at monopolies, according to the WSJ. 

The WSJ’s sources also say that TP-Link often fails to address security flaws that are routinely flagged in routers shipped to customers. In October, Microsoft disclosed a network of compromised network devices mostly manufactured by TP-Link that are regularly targeted by a Chinese government-linked hacking campaign.

An unnamed spokeswoman for TP-Link’s California-based business unit told the WSJ that the company assesses potential security risks and takes action to resolve known vulnerabilities. “We welcome any opportunities to engage with the US government to demonstrate that our security practices are fully in line with industry security standards, and to demonstrate our ongoing commitment to the US market, US consumers, and addressing US national security risks.”

Data breaches happen all the time, and while no data breach should be ignored, those involving health care institutions require special attention. 

These breaches can be very damaging and haunt people for life. Recently, hackers leaked the personal data of around 500,000 Americans. 

They breached the databases of the Center for Vein Restoration (CVR), which claims to be “America’s largest physician-led vein center,” stealing not just personal data but also medical records.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

What you need to know

CVR, a clinic headquartered in Maryland, experienced a massive data breach where hackers stole highly sensitive personal information, including lab results and health insurance details, as reported by Cybernews. The breach occurred in early October, with the clinic detecting “unusual activity” in its systems on Oct. 6.

CVR has more than 110 branches across the country, from Alabama to Alaska. This breach has affected hundreds of thousands of individuals. According to a notice filed by CVR with the U.S. Department of Health and Human Services Office for Civil Rights, more than 445,000 people had their personal information compromised.

As the name suggests, CVR specializes in vein restoration, a very specialized procedure aimed at improving the health and function of veins. This means the clinic keeps a very elaborate record of its patients’ health, and now all that is in the hands of hackers, along with copious amounts of personal information.

The full list of exposed data includes addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, diagnoses, lab results, medications, treatment information, health insurance information, provider names, dates of treatment and financial information.

The inside of a health care center (Kurt “CyberGuy” Knutsson)

WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI

The risks associated with the CVR data breach

The risks of data breaches depend on the type of company affected. For instance, breaches involving companies like Ticketmaster are generally more manageable because they often expose information like contact details, addresses and, in some cases, identification documents. Even if financial data is leaked, it can typically be mitigated by replacing or blocking compromised accounts.

Health care data breaches, however, are far more severe. When companies like CVR are targeted, hackers gain access to sensitive medical records that cannot be altered. Your medical history is permanent and highly sought after on the dark web. Cybercriminals can use this information to commit identity fraud, such as obtaining prescription drugs through false insurance claims. Plus, detailed knowledge of medical treatments, lab results and medications allows attackers to create highly targeted phishing scams, exploiting victims’ vulnerabilities with alarming precision.

We reached out to CVR for a comment but did not hear back before our deadline.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

An emergency room sign (Kurt “CyberGuy” Knutsson)

CYBER SCAMMERS USE AI TO MANIPULATE GOOGLE SEARCH RESULTS

7 ways to keep yourself safe from such data breaches

1. Regularly monitor your financial and medical accounts: Periodically review your medical records and health insurance statements for any unusual or unauthorized activity. This can help you quickly identify and address any discrepancies or fraudulent activities.

Use patient portals provided by health care providers to access your medical records online. These portals often have features that allow you to track your medical history and appointments.

2. Use strong passwords and two-factor authentication: Create strong, unique passwords for your online accounts, including health care portals. Avoid using easily guessable information like birthdays or common words. Consider using a password manager to generate and store complex passwords.

3. Enable two-factor authentication (2FA) wherever possible: 2FA adds an extra layer of security by requiring a second form of verification, such as a text message code or authentication app, in addition to your password.

4. Don’t fall for phishing scams; use strong antivirus software: Be mindful of the information you share online and with whom you share it. Avoid providing sensitive personal information, such as Social Security numbers or medical details, unless absolutely necessary. Verify the legitimacy of any requests for personal information. Scammers often pose as health care providers or insurance companies to trick you into revealing sensitive data by asking you to click on links in emails or messages.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

5. Use identity theft protection services: Consider enrolling in identity theft protection services that monitor your personal information and alert you to potential threats. These services can help you detect and respond to identity theft more quickly. Some identity theft protection services also offer insurance and assistance with recovering from identity theft, providing additional peace of mind. See my tips and best picks on how to protect yourself from identity theft.

6. Freeze your credit: A credit freeze prevents anyone from opening new credit accounts in your name without your authorization, reducing the risk of identity theft. Contact the major credit bureaus (Experian, Equifax and TransUnion) to request a credit freeze. This is often free and can be temporarily lifted when you need to apply for credit.

7. Remove your personal data from the internet: After being part of a data breach, it’s crucial to minimize your online presence to reduce the risk of future scams. Consider using a personal data removal service that can help you delete your information from various websites and data brokers. This can greatly diminish the chances of your data being used maliciously. Check out my top picks for data removal services here. 

DON’T LET SNOOPS NEARBY LISTEN TO YOUR VOICEMAIL WITH THIS QUICK TIP

Kurt’s key takeaway

The CVR data breach is deeply troubling, affecting nearly half a million individuals and exposing highly sensitive medical and personal information. What makes this breach particularly concerning is the lasting impact health care data leaks can have on victims, from identity theft to targeted phishing scams. Whether or not you’ve been directly affected, it’s a stark reminder to take proactive steps, such as monitoring your accounts, enabling multifactor authentication and staying alert to phishing attempts.

Do you think companies are doing enough to protect sensitive data, especially in health care? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.