Rick Richardson's Thoughts On Technology
  • Home
  • Blog

Congressional Probe Finds Tax Prep Companies Shared Private Taxpayer Data with Google and Meta for Years

7/30/2023

0 Comments

 
Picture
A seven-month congressional investigation found that three of the biggest tax preparation firms in the country may have shared Americans' private financial information with Google and Meta for years in a possible violation of federal law. The information, in some cases, was used for targeted advertising.

The investigation's findings reveal a "five-alarm fire" for taxpayer privacy that, according to legal experts, could result in public and private lawsuits, criminal penalties, or even a "mortal blow" for some major industry players like TaxSlayer, H&R Block, and TaxAct.

According to a congressional study, the three tax preparation organizations allegedly transmitted tens of millions of Americans' personal information to the tech industry without their knowledge or proper disclosures using visitor tracking equipment integrated on their websites.

The report states that besides standard personal information like names, phone numbers, and email addresses, the list of data shared also included taxpayer data. This included information about people's filing status, adjusted gross income, the size of their tax refunds, and even information about the buttons and text fields they clicked on while completing their tax forms, which could reveal what tax breaks they may have claimed or which government programs they use.

The research also discovered that every taxpayer who used TaxAct's IRS Free File service when the tracking was enabled would have had their information shared with the tech companies. The analysis was based on congressional interviews and written testimony from Meta, Google, and the tax-preparation firms. According to the research, several tax preparation businesses are still unsure of the status of the data they supplied with tech platforms.

“On a scale from one to 10, this is a 15,” said David Vladeck, a law professor at Georgetown University and a former consumer protection chief at the Federal Trade Commission, the country’s top privacy watchdog. “This is as great as any privacy breach that I’ve seen other than exploiting kids. This is a five-alarm fire, if what we know about this so far is true.” 

It also serves as an illustration, according to Vladeck, of the necessity for federal law, giving every American a fundamental right to data privacy. Although electronic data is becoming an increasingly significant component of the global economy, this subject has been stalled in Congress for years.

According to the article, the tax preparation firms at the focus of the probe informed lawmakers that the acquired data had been scrambled to assist preserve privacy. The study highlighted prior FTC studies that found that even "anonymized" data may be easily reverse-engineered to identify a person, but it also claimed that some tax-prep services themselves were not entirely aware of how much information was being given to the digital platforms.

H&R Block said in a statement that it takes customer privacy "very seriously" and that it has taken precautions to stop information exchange through pixels. According to [the new] report, H&R Block stated they had been used the tracking technology for "at least a couple of years."

A request for comment was not immediately answered by TaxAct or TaxSlayer. According to the research, TaxSlayer started using Meta's tools in 2018 and Google's in 2011, although TaxAct has been using both since around 2014. The research discovered that all three tax preparation businesses had stopped using Meta's pixel because of The Markup's initial investigative article from last November.

The study discovered that Intuit, the firm that produces TurboTax, did not use tracking pixels to the same level as other companies and was not the subject of the most recent report despite receiving an initial inquiry letter from the senators in December.

According to a former FTC official who asked to remain anonymous to talk more freely, the tax-preparation companies may be quickly forced into a legally enforceable settlement depending on the gravity of the claims.
​
“If the facts are really strong, these companies would probably rather settle than go to court. This is very embarrassing,” the former official said. “It could be a mortal blow to the tax prep companies.”

0 Comments

Cyber Insurance Costs on The Rise in Health Care as Attacks Soar

3/26/2023

0 Comments

 
Picture
Health systems having been hit by labor and supply chain costs and broader economic woes have another unwieldy financial problem—the soaring costs of cyber insurance.

Moody's Investors Service notes that, while it’s not sexy, the sheer size of cyber-crimes and insurers' reluctance to cover losses brought on by ransomware attacks are having a very serious impact on hospitals.

"The timing of the insurance price increase is bad for health care. There isn't much room for error, " said Matthew Cahill, a Moody's analyst. There have been double-digit increases in premiums over the past four years, often more than tripling in a single year. According to a recent analysis from Property Casualty 360, the industry's insurance costs have finally started to stabilize in the first quarter of 2023.

In an interview, Omid Rahmani, an associate director at the credit rating company Fitch Ratings, stated: "Costs are decelerating. That tells part of the story. But cyber insurance is becoming unaffordable or unavailable for a lot of small- to medium-sized issuers."

Early in the century, when cyber insurance first appeared, it was frequently incorporated into other policies. According to Rob Rosenzweig, senior vice president and head of the National Cyber Risk group at brokerage company Risk Strategies, when losses grew because of the assaults' growing frequency and sophistication, insurers were forced to develop stand-alone policies. In other words, the coverage was not priced appropriately for the level of risk assumed.

Insurance companies have been increasing the standards that health systems need to meet to strengthen their defenses and secure coverage. The new standards include strict data backup policies, the usage of tools like multi-factor authentication, personnel security training, and network segmentation.

"Social engineering attacks, such as phishing, remain one of the most effective ways to breach a hospital system. The workforce remains the weakest link," said Soumitra Bhuyan, a professor at Rutgers University and expert on heath care’s evolving cyber insurance landscape. Social engineering is often treated as a separate policy extension by insurers.

Other limitations have also been added to the coverage, such as the exclusion of cyberattacks supported by nation-states. This is being required because of a new requirement by Lloyds of London. Lloyds now requires all insurance groups that take part in its international insurance and reinsurance marketplace to exclude state-sponsored cyberattacks from their policies.

"With the increased rates and limited coverage, small independent and rural hospitals are at a significant disadvantage in obtaining cybersecurity insurance," Bhuyan said.

"The gap between those with adequate resources to protect their information systems continues to increase," Bhuyan said. "Many of these hospitals are critical access hospitals or hospitals in rural areas. They don't have enough resources to secure their IT systems and may be unable to recover if a breach happens."

Moody’s Cahill said that even though cyber insurance is becoming more expensive, the cost of a successful ransomware attack is still far worse. He pointed to an Illinois system that listed one such attack as a contributing reason for the temporary shutdown of two of its rural hospitals in January as evidence.

In January, the pro-Russian group Killnet took credit to taking down portions of systems of more than a dozen U.S. hospitals, including Stanford Healthcare, Duke University Hospital and Cedars-Sinai.

According to Fitch Ratings, these cyberattacks are unlikely to result in downgrades for not-for-profit health institutions, but the use of more advanced cyber-weapons that damage a hospital's financial profile and compromise service could.
​
While some health systems are doing well, for a majority, there is still very little wiggle room to have to operate a month or two on manual records, divert services, and deny claims. And if the attack results in a closure, rural communities simply can’t afford to have no emergency services.

0 Comments

    Author

    Rick Richardson, CPA, CITP, CGMA

    Rick is the editor of the weekly newsletter, Technology This Week. You can subscribe to it by visiting the website.

    Rick is also the Managing Partner of Richardson Media & Technologies, LLC. Prior to forming his current company, he had a 28-year career in technology with Ernst & Young, the last twelve years of which he served as National Director of Technology.

    Mr. Richardson has been named to the "Technology 100"- the annual honors list of the 100 key achievers in technology in America. He has also been honored by the American Institute of CPAs with two Lifetime Achievement awards and a Special Career Recognition Award for his contributions to the profession in the field of technology.

    In 2012, Rick was inducted into the Accounting Hall of Fame by CPA Practice Advisor Magazine. He has also been named to the 100 most influential individuals in the accounting profession in America by Accounting Today magazine.

    In 2017, Rick was inducted as a Marquis Who’s Who Lifetime Achiever, a registry of professionals who have excelled in their fields for many years and achieved greatness in their industry.

    He is a sought after speaker around the world, providing his annual forecast of future technology trends to thousands of business executives, professionals, community leaders, educators and students.

    Picture
    Picture
    Picture
    Picture
    Picture

    Archives

    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015

    Categories

    All
    Artificial Intelligence
    Audit
    Back Up
    Back-Up
    Blockchain
    Chemistry
    Climate
    Cloud
    Collaboration
    Communication
    Coronavirus
    COVID 19
    COVID-19
    Cyber Crime
    Digital Assistant
    Display
    Drone
    Edge Computing
    Education
    Enterprise
    Hardware
    Home Automation
    Insurance
    International
    Internet Of Things
    Law
    Medicine
    Metaverse
    Mobile
    Mobile Payments
    Networking
    Open Source
    Personalization
    Power
    Privacy
    Quantum Computing
    Remote Work
    Retail
    Robotics
    Security
    Software
    Taxes
    Transportation
    Wearables
    Wi Fi
    Wi-Fi

    RSS Feed

    View my profile on LinkedIn
Powered by Create your own unique website with customizable templates.