Antonym Projects

of ten

Data Breach Case Studies

Two cases that provide information about significant financial or business losses due to data breaches were found. In the first case study, details are provided of how information for around 500 million guests was compromised in Marriott International and how it led to costs of $28 million and a significant decrease to the number of calls to their call centers. The second case study describes how a data breach in another large organization led to costs of almost $1.4 billion, investigations and dozens lawsuits.




First, our research team looked for case studies that mention data breaches in large companies and their costs in different industry reports including Verizon, IBM, Avast, Radware and other cybersecurity publications. These sources provided us with data about the total global cost of data breaches and how much do they cost companies, but there was no information about financial losses due to data breaches in any large companies.

After that, we scanned various news articles and publications such as Business Insider, Digital Guardian, Wired, ZDNet, Tech Republic and others, where we hoped to find if any enterprise companies experienced significant financial or business loss due to data breach. This approach provided us with a number companies that had great losses due to data breaches but were older than two years, including Yahoo, Epsilon and Exactis and some more recent ones such as Aadhar that only mentioned the number of users affected. There was only one large company found that experienced significant financial losses in the last year. We assume there are still no reports on costs for some companies because the cyber incidents happened recently and also some of them maybe don't want to publicly disclose this information.

Since, there was only one company that meets the criteria, we expanded our scope to include enterprise data breaches in the last two years. We managed to find only one company that met our criteria but was slightly out of the two-year scope. Since it had a huge financial loss as a result of the data breach, we decided to include it in our findings.

of ten

Healthcare Industry Data Integrity

The advancement of technology has brought continued developing in the field of healthcare by providing the industry with more sophisticated tools, better information, and powerful diagnostics. However, with continued advancements, the healthcare industry is facing great challenges in storing and managing large volumes of medical data. The data generated by the healthcare sector is expected to grow faster than other industries over the next six years with a CAGR of 36% through 2025.


  • A report published by the IDC stated that the volume data sets generated in the healthcare industry are predicted to increase faster than all other industries over the next six years (2025). Due to the alarming rate at which data is being created by medical technologies, the healthcare industry will face various challenges in storing, managing, and handling extremely large amounts of data.
  • The healthcare industry is predicted to grow the fastest, even surpassing the industry of Media and Entertainment. This significant growth is reflected in the advancement made in imaging technology and healthcare analytics that required large storage.
  • Since healthcare providers have adopted the use of EHR or electronic health records, this industry faces a common problem of running out of digital storage. Three major advancements that are currently responsible for the continued and increasing amounts of healthcare data are wearables, medical imaging, and telemedicine.
  • Medical images are found to create significantly large file sizes and the digital space needed is overreaching the healthcare providers' current storage capacity. Organizations are actively working on solutions that take into consideration data security, next-generation firewall, cloud access, and understanding the complexity of HIPAA compliance to safeguard, store, and manage large volumes of data.
  • According to the IDC report, there is no simple solution that can address all the challenges that are being faced by the healthcare industry regarding data growth and data security. Each healthcare provider would have to develop a purpose-built solution based on the company's specific requirements such as security needs and data storage.
  • Compared to other industries, the healthcare sector's datasphere growth is expected to grow at a CAGR of 36% during the forecast period 2018-2025, followed by the manufacturing sector at 30%, global datasphere at 27%, financial services at 26%, and media and entertainment at 25%.
  • Research conducted by IDC and a report published by EMC on health data volume states that the overall rise in healthcare data will reach 48% every year. In 2013, 153 Exabytes of healthcare data was recorded and the projected growth is expected to reach 2,314 Exabytes by 2020.


  • According to an article published by FirstLight, with the numerous data storage challenges that the healthcare industry will face in the coming years, there is no single solution that can address all data storage-related issues.
  • It was found that not all HIPAA-regulated practices have the option of cloud-based solutions, but solutions through virtualization is a cost-effective and secure alternative. Data storage virtualization helps healthcare providers to design and develop solutions according to their specific requirements. For example, if an EHR service is running out of storage, the company can utilize a "software to pool leftover space from other servers and workstations to create one huge virtual drive".
  • The largest pain point for healthcare companies is trying to keep up with the storage demands of EHR (Electronic Health Records). Solutions that help with this problem must be flexible and secure to meet both, the needs of the patient and industry regulations.


  • Data brokers and data sharing are two solutions that many healthcare providers are using to ease the demand for data storage. It is found that medical reports data brokers have no regulations in the United States. According to an article published by Diginomica, while doctors are prohibited from sharing patient information, healthcare information that data brokers obtain from third-party groups such as data from over-the-counter drugs is allowed.
  • Data brokers are not held by medical privacy regulations in the United States because their data are developed to be anonymous consisting of only the doctor's name, gender, and year of birth. The HIPAA law is found to govern only the "transfer of medical information that is tied directly to an individual's identity".
  • Data security in the healthcare industry is at extreme risk due to data brokers. An example is Optum, a company that is owned by UnitedHealth Group, which has gathered prescriptions, tests, medical diagnosis, costs, and socioeconomic data belonging to 150 million Americans since 1993. While most of the information gathered cannot be held by HIPAA regulations, the socioeconomic data collection raises a red flag.
  • It was also found that one particular data broker was found selling lists containing information of AIDs patients along with a list of domestic violence shelters, which are usually protected by law. The same broker was found selling a list containing information on individuals with addictive problems towards alcohol and drugs.
  • According to Kaiser Health News, in the United States, thousands of EHRs remain disconnected. Digitizing healthcare data has restricted healthcare providers and at the same time empowered "the $13-billion-a-year industry that sells it".
  • EHR sellers are found inviting doctors to fancy hotels with deals that paid over $3,000 to healthcare professionals to trade in the current records system for a brand new one. For instance, in 2009, Athenahealth offered “invitation only” dinners for doctors at luxury hotels and advise them on "how to use the stimulus to get paid more and capture available incentives".


  • According to a report published by Becker's, most often patient information and records can be found on the black market or the dark web. Data sellers provide patient records by hacking into the payer database or a hospital. For example, a dark web post indicated a seller providing children's healthcare records from a pediatrician while another post advertised data of 397,000 patient records from a Georgia hospital database.
  • Social Security numbers can be bought for as little as a dollar while credit card data is purchased for over $110 and patient records are sold for up to $1,000.
  • Various reports on the subject have revealed that cyberattacks and ransomware are rising with healthcare being their biggest targets. Recently, Israeli researchers announced that they developed a computer virus that could add tumors to MRI and CT scans. This virus was malware designed to lead doctors to misdiagnose high-profile patients, according to The Washington Post.
  • In 2017, thousands of computers across the world were infected with WannaCry cyberattack and "threw the United Kingdom's National Health Service into chaos". The Cybersecurity Task Force of the healthcare industry concluded that cybersecurity for this industry is at a "critical condition" Experts have revealed that the healthcare industry is dangerously lagging in terms of data protection which can lead to serious consequences.
  • According to a report by CBS News, Protenus, a data protection company, revealed that in 2018 there were over 222 hacking incidents that affected over 11 million patient records.
of ten

Takeda & Shire Merger Data Challenges

Although information specific to data merging and data integrity is not publicly available, there are details suggesting that Takeda and Shire may find it challenging to maintain data integrity while merging data. The sizes of these companies in terms of revenue and number of employees suggest that these companies are large companies that own and maintain large amounts of data. Integration between Takeda and Shire is expected to be difficult because the two companies have different cultures, compensation structures, and areas of focus.


  • Several statistics suggest that Takeda and Shire each have huge amounts of data for merging or integration.
  • As of December 31, 2017, prior Takeda's acquisition of Shire, Shire had 23,044 employees, over 40 marketed products, 14 manufacturing sites, and 100 plasma collection centers. It had a commercial presence in over 60 countries, and its therapies were available in over 100 countries. It had a total revenue of $15.2 billion.
  • Before it got acquired by Takeda, Shire had a product portfolio spanning seven therapeutic areas, namely, immunology, hematology, neuroscience, internal medicine, genetic diseases, oncology, and ophthalmics. It had 40 programs in its research and development pipeline, of which 7 were in Phase 1, 10 were in Phase 2, 15 were in Phase 3, 8 were in the registration phase, and 7 were approved.
  • Shire had its group headquarters in Dublin, Ireland, its innovation and commercial hub in Cambridge, Massachusetts, and its commercial hub in Zug, Switzerland.
  • By the end of fiscal year 2017, Takeda had 27,230 employees and a revenue of ¥1,770.5 billion. It had operations in Japan, the United States, Europe and Canada, and the emerging markets, and its areas of focus were oncology, gastroenterology, neuroscience, vaccines, and others.
  • Takeda expects to incur a total of around $3.0 billion in non-recurring integration costs in the three years following the finalization of its Shire acquisition.
  • According to Christophe Weber, president and chief executive officer of Takeda, integrating information technology systems may take around two to three years to complete.
  • An integration team composed of 120 people each from Takeda and Shire was formed in May 2019, and this team has "as many as 1,200 tasks to take care of."


  • As can be seen in the annual report it filed with the SEC in June 2019, Takeda understands that even though integration activities have already started, it "may face significant challenges in integrating the organizations, business cultures, procedures and operations of Takeda and Shire."
  • Potential challenges that Takeda has specified in its report and that relate in some way to data integrity include: (a) challenges in integrating information technology systems, (b) challenges in integrating geographically scattered organizations, (c) challenges arising from conflicts and changes in controls, accounting, procedures, standards, compensation structures, and other policies, and (d) challenges arising from inefficiencies linked to the integration of Takeda and Shire's operations.
  • The fact that Takeda and Shire have very different corporate cultures is likely to pose a challenge as well. Takeda is decentralized, while Shire is relatively centralized.
  • Weber believes that "the scale of the integration" is the biggest challenge the merged company is facing. To start with, the two organizations have very different compensation systems that need to be reconstructed.


We first scoured articles and reports covering Takeda's acquisition of Shire for information relating to data merging, consolidation, or integration. Our thinking was that potential issues regarding data merging and data integrity may have been mentioned in these sources. After reading through numerous accounts of the acquisition, including those published by reputable media outlets such as The Japan Times, The Asahi Shimbun, The Wall Street Journal, Financial Times, Business Insider, and Bloomberg, we, however, learned that while the acquisition was widely covered by the press, details specific to data merging do not appear to be publicly available. What we found was that the integration of the two companies' operations is expected to be challenging. for reasons related to culture, size, and areas of focus. Our search for challenges and problems arising from the acquisition produced the same results.

To find additional information, we consulted the two companies' websites, presentations, reports, press releases, and other publications. We figured these companies may have provided some information about data merging or data integrity in these sources. Of all the publications we had consulted, the sources that we found most helpful were the companies' annual reports prior the acquisition. From Takeda's latest Form 20-F, Shire's 2017 annual report, and Takeda's 2017 data book, we were able to gather insights about the risks associated with Takeda's acquisition of Shire, the challenges associated with integration, and the potential amount of data the two companies handle. To understand how large each company is, we looked into metrics such as the revenue, the number of employees, the number of products, the number of locations, and the number of programs in the pipeline. We assume that large companies handle large amounts of data as well.

Since data integrity will likely be impacted by differences in standards, procedures, compensation structures, and accounting policies, we conducted another press search. This time, we concentrated on searching for these differences. This strategy, however, led us to the same articles we found with our initial strategy. We were able to note differences in culture, areas of focus, and compensation structure.
of ten

Company Merger Data Integrity, Additional Case Study #1

The merger of CVS and Aetna in the healthcare space would create the second largest company by revenue in the US. Both companies have large amount of data individually, and integrating that data would be challenging in terms of maintaining data integrity, privacy, and accuracy when moving data.


Overview of CVS/Aetna Merger

  • CVS Health and Aetna announced their merger deal in December 2017 and obtained preliminary approval from the US Department of Justice in October 2018.
  • CVS is a huge pharmacy chain and Aetna is a behemoth health insurance company. The resulting company, which would change how drugs are obtained and how healthcare is covered, is projected to have an annual revenue of $240 billion, taking CVS from the seventh largest to the second largest company by revenue in the US after Walmart.
  • CVS Health had revenues of around $185 billion in 2017, and had about 94 million customers. Aetna, had about $60 billion in revenue in 2017 and had 22 million customers using its health plans.

Large Data Pools Of Each Company

  • The combined company from the $69 billion merger is expected to create a new data-driven healthcare model from the massive integrated data pool which is more convenient and customized to the personal needs of individual patients than what is currently available in the industry.
  • Both companies each have "vast, disparate pools and streams of consumer, patient and member data" and industry experts said that the success of the mega merger which is the largest in the history of healthcare will depend on how well they rapidly integrate their data.
  • The merger enables CVS to have access to large healthcare claims datasets to be integrated with pharmacy and retail clinic data.
  • The integration of such data in healthcare, probably more than in any other industry, will create a much bigger data pool than if data were stored separately.

Challenges of Merging Data In Terms of Data Integrity

  • The problem of merging the different, large amount of data would be to create "unique IT systems to access, analyze and deliver that information in innovative and useful ways", mainly to serve and satisfy customers.
  • The challenge of data accuracy and integrity needs to be solved in the merger in order to begin to "unlock the power of health data" in practical applications that can lead to better, safer healthcare.
  • For the deal to work, it requires "technical competence in large-scale system integration" and creativity in the design of new systems which has never been seen before.
  • The data integration process would be tough because both companies are obviously different with a differing customer base, and HIPAA and privacy laws are difficult hurdles to overcome to achieve complete integration.

of ten

Company Merger Data Integrity, Additional Case Study #2

Cigna and Express Scripts merger is another significant consolidation in healthcare, as it led to it become one of the top three organizations controlling over two-thirds of the healthcare insurance and pharmacy benefit market. Individually, the companies held large amounts of data which they managed quite differently. The integration required that they worked closely together on a plan which brought together complementary strengths in data management while avoiding adding existing weaknesses into the mix.

Case Study of Company Merger Data Integrity in Healthcare

Overview of Cigna/Express Scripts Merger

  • An Agreement and Plan of Merger was entered into by Cigna and Express Scripts on March 8, 2018.
  • Cigna Corporation offered a broad range of health benefits and life insurance products in more than 30 countries, servicing over 95 million customers which generated a second quarter net income of $955 million in 2018.
  • As the "largest pharmacy benefit manager" in the US with 80 million patients, Express Scripts generated $100 billion in revenue.
  • The merger will result in the new company's revenue exceeding $140 billion.
  • As a vertical consolidation, the Department of Justice (DoJ) determined the merger did not breach antitrust laws and would be "unlikely to result in harm to competition or consumers", approving the deal in September 2018.
  • By the time the DoJ green lighted the deal, the costs associated with the merger had grown to $200 million.

Large Data Pools of Each Company

  • The $54 billion in aggregate or $67 billion deal will see the merged company become an innovative leader in healthcare said Cigna's Chief Executive Officer, David Cordani, driving "improve[d] health outcomes and deliver[ing] a superior customer experience."
  • Express Scripts' Chief Technology Officer, Phil Finucane, noted that the merger was an opportunity for "coordinating care and managing every phase" of the patient journey to deliver improved health outcomes.
  • The formation of the Cigna Corporation will have a "differentiated service-based model" enhanced through actionable insights drawn by bringing their data sets together.
  • Express Scripts' automated home delivery service is a global leader, operating at "incredibly high-quality standards" in shipping "millions of prescriptions" across the US.
  • Cigna uses artificial intelligence to sift through "massive amounts of raw data" to generate real-time information "to save lives through earlier interventions."

Data Integrity Challenges Faced

  • One of the goals of the merger is to create a holistic or 360 degree overview of the patient journey by combining vertical sectors which have previously been siloed to allow the tracking of a person's "medical and pharmaceutical data [in real time to ensure] medication adherence, cut costs and manage the whole person."
  • Finucane stated that integrating the two companies had its "share of difficulties" and described the complexities of bringing the technology of the two "organizations that have historically operated in extremely different ways together," in an interview with Forbes.
  • The merger proposal highlighted the risk of integrating technologies and systems, particularly when managing the "increase in scale and scope of the combined businesses", and the challenge in identifying and removing any duplication.
  • Another challenge they face in creating this patient platform is it may not be as effective as it appears to be on paper. Express Scripts lacks patient outcome data while Cigna lacks the complete clinical picture by not having access to a patient's medical records.

Research Strategy

Your research team began searching for recent mergers of companies in healthcare, finding references to CVS Health and Aetna, Cigna and Express Scripts as well as United and DaVita. In order to determine if there were any challenges experienced when blending data systems, we delved into content published on their websites and in reputable publications and found a recent interview with Express Scripts' Chief Technology Officer, Phil Finucane, which we were able to leverage for this brief. Additional context was drawn from the merger proposal, press releases and news articles.
of ten

Advertising Trading Desks, Zero Identity Knowledge Proof

The articles published by Adoppler, Lowenstein Sandler, and The Globe and Mail provide evidence that there is an issue for advertising trading desks proving that they delivered ads to the target audience, based on privacy laws.



  • The digital advertising industry is primarily concerned about issues such as ad fraud, brand safety, and transparency.
  • According to this article published by Adoppler, a trading desk is a service-based centralized organization that customizes ad placements, administers ad inventory, and executes media buys. However, it is found that advertisers are increasingly concerned about the viability and efficacy of trading desks and this is reflected by aspects such as bias towards publishers, puzzling auction algorithms, and hidden fees.
  • Since the supply chain is very long, publishers' traffic is affected by the absence of administration and control. It is also found that trading desks do not have access to the ad inventory of publishers which results in fraudulent and low-quality inventory by those at the end of the chain.
  • This is also "reflected in the increase in the final price of ad inventory and the fee itself becomes not transparent for the advertiser" which makes current trading desks' model unreliable.


  • Since the trading model is not sustainable, trading desks should work on something new. Trading desks should decrease the number of supply chain elements and obtain better control over the entire supply chain in order to remain competitive and viable.
  • To do so, trading desks would have to introduce its own "curated exchange of medias with tested, high-quality inventory and one-time investment in agile and future-proof technology".



  • On September 12, 2018, a complaint was filed on behalf of Johnny Ryan, Brave Software, Inc.'s Chief Policy and Industry Relations Officer, to the Irish Data Protection Commission looking to start an "EU-wide investigation into certain data practices within the digital advertising industry".
  • The same day, another complaint was filed on behalf of Michael Veale, an academic of the University College London, and Jim Killock, a member of the Open Rights Group, at the UK Information Commissioner’s Office.
  • The two complaints alleged the following,
  • Many organizations participating in the RTB process are believed to be within the extent of the GDPR. The bid requests are sent to several companies, many of which do not interface with the end-user directly. This "presents particular challenges for obtaining consent, providing transparency and choice, and controlling against unauthorized or unlawful processing."
  • The essence of the complaints is that OpenRTB is a "mass data broadcast mechanism" that collects sensitive information on individuals that goes beyond information that is needed to provide relevant adverts and needs to be GDPR-compliant.
  • Another core allegation of the complaints is that OpenRTB does not allow organizations that are participating in the process to “control the dissemination of personal information once broadcast (or at all).”


  • In events where exchanges have been detected in the consent string where no consent has been allowed to a certain DSP to receive a bid request, the exchanges can perform any combination of the following,



  • The Office of the Privacy Commissioner of Canada made an investigation public after an individual complained about ads that were targeted to him based on a certain medical condition. The man revealed that after he looked for a device to assist him with his sleep apnea, he found ads on other websites for similar devices. These ads were delivered by AdSense, a service provided by Google.
  • According to the watchdog, it is noticed that the issue goes well beyond Google where "more decisions such as this one are likely to come".
  • According to Chantal Bernier, the Interim Privacy Commissioner, if a sophisticated organization such as Google has trouble ensuring compliance with its own privacy policy, then other organizations will face the same challenges.
  • Dan Glover said that there are many complaints worldwide about "zombie cookies" and "super cookies" that revive themselves and assist advertisers in targeting even conscientious web users.


  • The Privacy Commissioner warns the marketing industry to take greater responsibility in controlling the way ads are targeted based on people's personal information that is disclosed by their use of the Web. The message is directed to companies and marketers that control and run online advertising networks.
  • Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada states that "targeted advertising must avoid using sensitive personal data" like information regarding an individual's health.
  • Dan Glover, a partner at McCarthy Tétrault LLP and technology and intellectual property lawyer, said that having a 'terms of use' or a 'privacy policy' is not enough. A more pro-active approach must be taken to "express consent to serve ads to people that touch on a sensitive area."

of ten

Blockchain & Data Security

Below are four articles related to what has been happening in blockchain and data security this week. Additionally, there is a fifth article that details information about a viral songwriter who has created a song using only celebrity tweets.


  • "IBM Files Patent for Blockchain Web Browser:" IBM, a US-based international tech giant has filed a patent for a blockchain-based browser.
  • "New Hampshire Enacts New Insurance Data Security Law:" New Hampshire has implemented a new insurance data security law, which will impose certain information security on those who have insurance under the state and manage "nonpublic information."
  • "Hy-Vee Investigates Potential Data Security Event:" As of this week, Hy Vee, which is a US-based store is investigating a potential data security breach.
  • "Alibaba Files US Patent for Blockchain Domain Name Management System:" The online Chinese retailer Alibaba has filed a US patent for its blockchain-based domain name management system.


  • "Local Singer Goes Viral for Song Made from Celebrity Tweets:" A Michigan-based singer and songwriter, Liz Bissonette went viral online for creating a song entirely out Noah Centineo tweets.
  • She posted the video on Twitter, and it quickly went viral. It has already been seen more than 70,000 times on Twitter alone.
of ten

Data Integrity 101

Data integrity is crucial to business operations and decision-making. By facilitating recoverability and searchability, traceability (to origin), and connectivity, It helps to minimize cases of lost data, delays in information flow, and ensures smooth operations. Among other factors, the technological innovations and advancements in informatics, have impacted data management and contributed to the shift from data security to data integrity.


  • Data integrity is the consistency (validity) and accuracy of data over its lifecycle. Data integrity involves processes that ensure that data is not compromised during replication, transfer or any form of handling.
  • Data is a crucial resource in business decision-making; its integrity ensures that it remains intact during the time which it undergoes variety of changes and processes to go from its raw form to formats that are more practical for identifying relationships and facilitating informed decisions.
  • Compromised data is useless, and loss of sensitive data presents major security dangers to businesses and individuals. Error checking methods and validation procedures are typically relied on to ensure the integrity of data that is transferred or reproduced, without the intention of alteration.
  • Data protection operations such as backup and replication, validation processes, database integrity constraints, and other protocols are used to achieve data integrity.


  • Data integrity is the driving force of business systems, and is an essential aspect of service delivery at all levels.
  • Data integrity is important as it ensures recoverability and searchability, traceability (to origin), and connectivity. In a business set-up, it helps to minimize cases of lost data, delays in information flow, and subsequently contributes to smooth operations.
  • Protecting the validity and accuracy of data also increases stability and performance, while improving reusability and maintainability.
  • In certain sectors such as healthcare, data integrity is an important requirement and principle applicable at all levels of operation, especially as it relates to patients' information. In such areas, and other service sectors, data integrity has an implication on quality that results in the promotion of high standards in service delivery.
  • In human resource (HR) systems, accurate employee data is beneficial to workforce planning. Data in HR systems are useful tools that help HR managers and business leaders with salary and succession planning, hiring plans, and other aspects of corporate operations.
  • Data integrity is a central focus of many data security programs, being crucial for the accuracy and overall efficiency of business operations and decision-making processes.


  • Data Security is “the protection of data against unauthorized access or corruption and is necessary to ensure data integrity”. As such, data integrity is a result of data security.
  • One of the major reasons for the increased attention towards data integrity is the new wave of technologies that have come with significant threats and risks such as human error, transfer errors, bugs and viruses, among others.
  • The article dubbed “GMP Data Integrity: A New Era of Technological Innovation” noted that, while there was need to secure data (disabling unauthorized access), the need to also ensure that data remains unaltered with the emergence of technological advancement was more eminent.
  • Regulatory requirements by the federal government also led to an increased focus on data integrity. One of such regulations is the U.S. Food and Drug Administration's regulation governing electronic records and electronic signatures, 21 CFR Part 11.
  • Technology has provided new data tools, systems and formats that increase opportunities to advance the cause of data integrity. The rules of data management have also changed, requiring security shifts from servers to the data itself.
  • The increased use of automated systems and cloud services in business have also triggered the need to prioritize data integrity as opposed to security. PWC reported that 73% of companies have at least one cloud-based HR application, and many have moved several HR processes to the cloud.
  • Advances in informatics have facilitated the shift towards data Integrity, where integrated informatics platforms and automation make it easier to ensure data integrity and improve overall efficiency.


To provide the required information, we leveraged articles from experts' blogs, as well as industry publications to compile information on the importance data integrity. As required, we also included and referenced articles such as “GMP Data Integrity: A New Era of Technological Innovation” that demonstrate ‘the shift’ from data security to data integrity. We prioritized US-based articles as specified.
of ten

Cyber Extortion Case Studies

Two case studies that illustrate that there is a possible risk of cyber extortion for large companies were found. In the first case study, details are provided of how financial and private data of some of the largest companies can be at risk of cyber ransom. The second study describes how production in a large company can be at risk of cyber extortion.


  • Citycomp is based in Germany and provides servers and other IT equipment to some of the largest companies all over the world, such as Volkswagen, Airbus and Oracle.
  • The hackers managed to gain access to more than 516GB of financial and private data on their clients including Toshiba, British Telecom, Porsche, and many others in April 2019.
  • The hackers claim was they were in possession of "312,570 files in 51,025 folders", which they posted on a website designed to distribute the Citycomp data. One of their posts said that they would release the files on April 31st, 2019, which was strange because April only has 30 days.
  • The hacker, or hackers used the handle "Boris Bullet-Dodger" and sent an email to Citycomp, which stated that they would release the files unless they received $5,000.
  • Citycomp informed their customers about the attack and issued an official statement. The note on their website said they would not comply with any kind of blackmail.
  • Citycomp hired external experts to implement additional security measures for all of their systems. There were no comments about the possibility that the attack could have been prevented by using data security or data integrity protection.
  • The customer data was published since Citycomp didn't meet the hackers demands.


  • Norsk Hydro is a global aluminium producer based in Norway with around 35,000 employees.
  • The hackers infected the Norsk Hydro computer systems with the "LockerGoga ransomware" on March 19, 2019. Later analysis found that their system administration tool was infected by "SOREBRECT" and "Bad Rabbit" and that their network may have been compromised even before the hackers put the ransomware.
  • Norsk Hydro senior executives got a note that said they need to pay a large sum in bitcoin in order to gain access to their files again. The note also stated that their files were "encrypted with the strongest military algorithms" and needed a special decoder to decipher them.
  • After they refused to pay the blackmailers, the hackers launched the attack, which hit around 22,000 computers in 40 countries. Following the attack, their production lines were switched to manual functions or had to completely stop, and their employees had to file paperwork and share documents manually.
  • They had a backup plan, but they first had to shut down more than 20,000 computers before they wiped the systems and restored their data. Some reports indicate that this attack cost them over £45 million, while others say around £60 million.
  • Norsk Hydro is a very large organization and it will take a lot of time for them to completely recover. According to their most recent report, profits were down 82%.
  • There were no comments about the possibility that the attack could have been prevented by using data security or data integrity protection, but there is a statement that says organizations would not Have found themselves in that position if they had a backup plan.


We first started our research by looking for case studies mentioning cyber extortion in various industry reports including Accenture, IBM, Avast, Kaspersky, Radware and other cyber security publications. While we did find that cyber ransom attack are on the rise and that various cities such as Atlanta and Baltimore were blackmailed, there was no information about cyber extortion in any large companies or enterprises in the United States.

Next, we tried scanning different news articles and publications including BBC, Guardian. Fast Company, CNN, ZDNet, Wired, Tech Republic and others, where we wanted to find if there were any large companies mentioned as victims of cyber attacks in the United States. This approach provided us only with some cases of cyber ransom for large companies that were older than 2 years, such as Netflix refusing to meet the demands after hackers stole videos from a production company, the case of involving Uber and cyber incidents without any ransom demanded similar to a recent security breach involving Capital One.

Finally, we decide to expand our search and include companies from all over the world. We changed strategy because there was limited information about the US companies. There was also an article that stated companies sometimes pay the hackers right away and never tell their shareholders or the public which led us to assume that maybe some large enterprises in the United States haven't reported the cyber extortion. This approach let us to several large companies that were victims of cyber extortion including several Canadian banks and the biggest private forensic company in UK, but we found comprehensive information only for two companies. We included Citycomp, because it shows a risk of financial and personal data of large enterprises being exposed to hackers and Norsk Hydro as an example of how an entire network and computer systems can be at risk in a large company and also result in great losses and even completely stopping the production lines.

of ten

Commercial Blockchain this Week

There are eight articles published in the last week pertaining to commercial uses of blockchain.

1. CBP to start live testing blockchain in IPR arena

  • Customs and Border Protection (CBP) recently announced that it is going to test pilots for using blockchain for Intellectual Property Rights and enhance the pilot to work in Automated Commercial Environment.

2. Web3devs joins Blockchain in Transport Alliance

3. Antelope Water Management Taps Data Gumbo’s Blockchain Network for Oil & Gas Smart Contracts

  • Data Gumbo Corp., a Houston based technology company has developed a Blockchain as a Service (BaaS) platform which is used to streamline smart contracts for oil & gas.

4. Future of Supply Chain Management is Bitcoin SV

  • A blockchain project called Bitcoin SV is in development, which allows the business to create a seamless "enterprise resource planning (ERP) applications which integrate all the processes in a single system".

5. Blockchain Platform iCoin Tokenizes Diamond Mining in Sierra Leone

  • Millennium Mining Corp, a Sierra Leon based company is using blockchain for tokenizing diamond mining to certify the diamond mined to make sure it meets all the industry standards.

6. Walmart Plans to Make Blockchain-based Drones the Future of Delivery

  • Walmart filed a patent for blockchain-based drones for delivery and using them in its supply chain.

7. Top Korean bank Shinhan to develop a blockchain-based information security system

  • A Korean bank announces the development of blockchain-based information system.

8. Construction: A Blockchain Use Case


From Part 01
  • "The massive data breach disclosed by Marriott last year has cost the company $28 million to date, most of which has been covered by insurance, the hotel giant revealed last week in its earnings report for the last quarter of 2018."
  • "The company may have only paid a relatively small amount so far, but class actions resulting from cybersecurity incidents have been known to cost major firms tens of millions of dollars."
  • "Most issues can be prevented – the majority of security hacks are successful because a software update has not been applied. So, getting software updates installed quickly can be the best approach to stopping attacks"
  • "Global enterprises should be using vendors and tools with a holistic approach to design a data-first security approach"
  • "Credit reporting giant Equifax has spent nearly $1.4 billion on cleanup costs as well as overhauling its information security program following its massive 2017 data breach."
  • "Equifax's data breach resulted in the exposure of the personal data of 148 million individuals in the U.S., or 56 percent of all American adults - representing nearly half of the total U.S. population."
  • "The breach also exposed information for 15 million U.K. citizens and about 20,000 Canadians."
  • "The breach led to Congressional probes, probes by privacy authorities in the U.K. and Canada, and dozens of lawsuits and formal investigations by state attorneys general."
  • "Costs related to the 2017 cybersecurity incident are defined as incremental costs to transform our IT infrastructure and data security; legal fees and professional services costs to investigate the 2017 cybersecurity incident and respond to legal, government and regulatory claims; as well as costs to provide the free product and related support to the consumer"
  • "It is not possible at this time to estimate the additional possible loss in excess of the amount already accrued that might result from adverse judgments, settlements, penalties or other resolution of the proceedings and investigations related to the 2017 cybersecurity incident based on a number of factors"
  • "Equifax made an error that led to one of the largest and most sensitive data breaches of all time, and the mistake was elementary: The credit bureau failed to patch a vulnerability in Apache Struts - a web application development framework - in a timely manner."
  • "The Equifax breach, an Apache Struts exploit, reinforces what most already know...that companies are vulnerable because they fail to regularly patch their applications."
From Part 02
  • "According to a 2018 report published by IDC, the volume of data in the healthcare industry is projected to grow faster than in any other industry through 2025. As a result, healthcare organizations will face the challenge of managing extremely large data sets."
  • "While Healthcare currently has the smallest share of the global enterprise datasphere among key industries examined in the study, it is primed to grow the fastest, far surpassing the Media and Entertainment sector and matching the Financial Services sector by 2025"
  • "As more medical practices adopt electronic health records (EHR), running out of digital storage is becoming an increasingly common issue. HIPAA-regulated practices don’t always have the option of cloud solutions, but virtualization is a secure and cost-effective alternative."
  • "While healthcare is the smallest of the four industry Dataspheres in this study, it is primed to grow faster than the rest given the advancements in healthcare analytics, increasing frequency and resolution of MRIs, and other image and video-related data being captured in today’s advanced modes of medical care. IDC compares growth of various industry Dataspheres to the overall Global Datasphere growth through 2025 in Figure 18"
  • "Selling Healthcare Data: One might assume that your medical records are private and only used for the purposes of your healthcare, but as Adam Tanner writes in How Data Brokers Make Money Off Your Medical Records: IMS and other data brokers are not restricted by medical privacy rules in the U.S.,"
  • "Following the same playbook used by pharmaceutical companies, EHR sellers courted doctors at fancy dinners in ritzy hotels. One enterprising software firm advertised a “cash for clunkers” deal that paid $3,000 to doctors willing to trade in their current records system for a new one. Athenahealth held “invitation only” dinners at luxury hotels to advise doctors, among other things, how to use the stimulus to get paid more and capture available incentives."
  • "Healthcare data protection company Protenus revealed there were 222 hacking incidents in 2018, up nearly 25 percent from 2017. Of these data breaches, more than 11 million patient records were affected, CBS News reports"
  • "A report from EMC and the research firm IDC offers a few imaginative ways at visualizing the health information proliferation, anticipating an overall increase in health data of 48 percent annually. The report pegs the volume of healthcare data at 153 Exabytes in 2013. At the projected growth rate, that figure will swell to 2,314 Exabytes by 2020."
From Part 05
  • "Today’s headline-making deals involve all facets of the health care sector. This fall, the U.S. Department of Justice (DOJ) and state regulators gave their blessing to the $69 billion merger between the insurer Aetna and CVS Health, whose business includes retail, health clinics, pharmacy services, and pharmacy benefits management."
  • "Among other recently announced vertical tie-ups are insurers such as Cigna and pharmacy benefit managers like Express Scripts and insurers and providers—United and DaVita. "
  • " 2018 was an active year for dealmaking as health organizations made critical moves outside their traditional business areas to consolidate larger segments of the health value chain. Examples of the trend include the just-finalized merger between CVS Health and the insurer Aetna, and Cigna’s purchase of the pharmacy benefits manager Express Scripts."
  • ""Our combined company will enhance Cigna's differentiated service-based model, fueled by actionable insights and analytics, to drive innovation and meaningful growth in a highly dynamic market environment. As a result, we will build more effective partnerships, further improve health outcomes and deliver a superior customer experience," said David M. Cordani, president and CEO of Cigna."
  • "Cigna said the terms of the deal include $48.75 in cash and 0.2434 shares of stock of the combined company per Express Scripts share, or $54 billion in the aggregate. When the deal is done, Cigna shareholders will own approximately 64 percent of the combined company and Express Scripts shareholders will own approximately 36 percent."
  • "Cigna reported second quarter net income of $955 million, an increase of $205 million over the same quarter last year."
  • "Express Scripts was founded in St. Louis in 1986 as a result of a joint venture between a retail chain of more than 79 pharmacies called Medicare Glaser Inc. and Sanus Corp. Health Systems. Today, it is the nation’s largest pharmacy benefit manager, with revenues topping $100 billion annually."
  • "Cigna is a worldwide health services organization based in suburban Bloomfield, Connecticut. Its insurance subsidiaries are major providers of medical, dental, disability, life and accident insurance."
  • "Greaney, who is also a professor emeritus of Saint Louis University School of Law, did have a note of caution. He said when the Cigna-Express Scripts and CVS-Aetna mergers are completed, they, along with UnitedHealth Group's Optum, will control more than 70 percent of the pharmacy benefit market and 80 percent of the insurance market."
  • "The application of machine learning algorithms to diverse big data sets means we can deliver the evidence at the point of care. As we combine genomic data, published literature, and other clinical data to guide therapies, we can radically and dramatically transform the patient experience and clinical outcomes. "
  • "At Cigna, we’re focused on turning massive amounts of raw data and often, unstructured data, into actionable information in real-time to help our customers get the solutions they need with the outcomes they deserve. "
  • "We’re turning data into information that delivers better, personalized outcomes for customers, providers, and clients. And by using artificial intelligence and machine learning techniques, we’re successfully leveraging big data to save lives through earlier interventions, with the right care in the right setting. "
  • "Richards says the combined entities will have [a] key focus area: to harness the breadth and depth of our combined data to better predict and identify conditions or behaviors, and improve connectivity between our customers, patients and healthcare providers. "
  • "Ideally, Cigna and Express Scripts can begin to connect the dots between patients’ office visits, hospital stays, medications and other care. By joining the disparate systems, Henry says, the merger has the potential to lower costs, improve care and treat patients in a more holistic manner."
  • "The challenge for these initiatives, which admittedly look good on paper, is there still may not be enough data to fully understand the whole patient picture."
From Part 09
  • "Hackers have broken into an internet infrastructure firm that provides services to dozens of the world’s largest and most valuable companies, including Oracle, Volkswagen, Airbus, and many more as part of an extortion attempt"
  • "Boris claimed they were inside Citycomp's systems for just over a month, and that they targeted Citycomp specifically because they have an [sic] totally awful security system."
  • "When asked if they planned to extort the client companies as well, Boris wrote, no, these companies are not guilty of awful work of citycomp."
  • "We did not yield to the extortion demands and our analysts are conducting a profound technical and forensic analysis on the attack,"
  • "As a trustworthy and professional service provider, CITYCOMP does not comply with blackmail and works with law enforcement whenever a crime has been committed."
  • "Due to this cyber-attack CITYCOMP has implemented further technical and organizational measures to increase its security in order that such an attack will not occur again in the future."
  • "But organisations wouldn’t find themselves in that position if they had a backup plan."
  • "Norsk Hydro’s CEO, Eivind Kallevik, announced that the company would be able to recover quickly because it had recently backed up its systems."
  • "Backups enable organisations to wipe the infected systems and restore a previous version. This can take anywhere from a few hours to a few days, but if you act quickly, the delays won’t be any longer than if you were waiting for your filed to be decrypted."
  • "Imagine the excitement when hackers gained a foothold in the computer system of Norsk Hydro, a global aluminium producer."
  • "When they eventually launched their ransomware attack, it was devastating - 22,000 computers were hit across 170 different sites in 40 different countries."
  • "Your files have been encrypted with the strongest military algorithms... without our special decoder it is impossible to restore the data."
  • "The entire workforce - 35,000 people - had to resort to pen and paper."
  • "Sources in the information security industry have described multiple occasions when large, well-known companies have paid out thousands of pounds - in some cases hundreds of thousands - to hackers and not told the public or even shareholders."