The FBI says (PDF) Iran-linked hackers disrupted internet-connected systems used by U.S. oil, gas, and water companies. Even with the recent two-week ceasefire between Iran and the United States and Israel, hackers backing Tehran say they won't end their retaliatory cyberattacks. The Hill reports: The report warned that similar companies across the country should be aware of an increased push by hackers to take over programmable logic controller (PLC) systems, which can be used to digitally control physical machinery from remote locations. Secure internet access for PLCs from one company, Rockwell Automation, were removed by Iran-linked coders who then "maliciously interacted with project files and altered data," according to the report. Hackers first gained access to some of the platforms in January of last year. All access to compromised platforms ended in March, the report said. The FBI said the move resulted in "operational disruption" and "financial loss."

[...] Rockwell Automation wasn't the only company to recently face cyberattacks from Iran-linked hackers. Stryker, a major U.S. medical device maker, was targeted by Iran-affiliated coders in mid-March. It was unclear if physical operations were affected by the security breach. FBI Director Kash Patel was personally impacted by hackers who leaked his emails and records related to his personal travels and business from more than 10 years ago. [...]

The FBI urged companies to adopt network defenders and multifactor authentication to prevent future attacks. Tuesday's report was published alongside the National Security Agency, the Department of Energy, and the Cybersecurity and Infrastructure Security Agency. "Government and experts have been warning about internet connected systems for years, and how vulnerable they are," one source familiar with the federal investigation into the hacks told CNN. Many companies have "ealready removed those systems and followed the guidance," the person added.

schwit1 shares a report from the Kathmandu Post: In Nepal, helicopter rescue on high altitude is, by any measure, a genuine lifesaving operation. At high altitude, where oxygen thins and weather changes without warning, the ability to airlift a stricken trekker to Kathmandu within hours has saved countless lives. But threaded through that legitimate system, exploiting its urgency, its opacity, and its distance from oversight, is one of the most sophisticated insurance fraud networks in the world. Nepal's fake rescue scam is not new. The Kathmandu Post first exposed it in 2018. Months later, the government convened a fact-finding committee, produced a 700-page report, and announced reforms. In February 2019, The Kathmandu Post published a long investigative report. Last year, Nepal Police's Central Investigation Bureau reopened the file, and what they found is that the fraud did not stop -- instead it was growing.

The mechanics of the fake rescue racket are straightforward: stage a medical emergency, call in a helicopter, check a tourist into a hospital, and file an insurance claim that bears little resemblance to what actually happened. But the sophistication lies in how each link in the chain is compensated, and how difficult it is for a foreign insurer -- operating from Australia and the United Kingdom -- to verify events that occurred at 3,000 metres in a remote Himalayan valley. The CIB investigation identifies two primary methods for manufacturing an "emergency." The first involves tourists who simply don't want to walk back. After completing a demanding trek -- an Everest Base Camp trek, for instance, can take up to two weeks on foot -- guides offer an alternative: pretend to be sick, and a helicopter will come. The guide handles the rest. The second method is more troubling. At altitudes above 3,000 meters, mild symptoms of altitude sickness are common. Blood oxygen saturation can drop, hands and feet tingle, headaches develop. In most cases, rest, hydration or a gradual descent is all that is needed. But guides and hotel staff, according to the CIB investigation, have been trained to terrify trekkers at precisely this moment. They tell them they are at risk of dying, that only immediate evacuation will save them. In some cases, investigators found that Diamox (Acetazolamide) tablets, used to prevent altitude sickness, were administered alongside excessive water intake to induce the very symptoms that would justify a rescue call.

In at least one case cited in the investigation, baking powder was mixed into food to make tourists physically unwell. Once a "rescue" is called, the financial choreography begins. A single helicopter carries multiple passengers. But separate, full-price invoices are submitted to each passenger's insurance company, as if each had their own dedicated flight. A $4,000 charter becomes a $12,000 claim. Fake flight manifests and load sheets are fabricated. At the hospital, medical officers prepare discharge summaries using the digital signatures of senior doctors who were never involved in the case. In some cases, these are done without those doctors' knowledge. Fake admission records are created for tourists who were, in some documented instances, drinking beer in the hospital cafeteria at the time they were supposedly receiving treatment. In one case, an office assistant at Shreedhi Hospital admitted that he had provided his own X-ray report taken about a year ago at a different hospital, to be used as a case for treatment of foreign trekkers to claim insurance. The commission structure that holds the network together was described in detail during police interrogations. Hospitals pay 20 to 25 percent of the insurance payment to trekking companies and a further 20 to 25 percent to helicopter rescue operators in exchange for patient referrals. Trekking guides and their companies benefit from inflated invoices. In some cases, tourists themselves are offered cash incentives to participate.

In a new 4,000-word article, CNN tells the story of a retired appellate paralegal and grandmother in her early 70s who was treated for depression with psilocybin. CNN notes there's now retreats featuring psilocybin in a few countries — and while psilocybin is illegal under United States federal law, "In Oregon, 5,935 clients received psilocybin services through Oregon's state-regulated program in 2025." High doses of psilocybin are effective in treating depression, a growing body of research suggests, with promise for other conditions, like PTSD and addiction, said Dr. Albert Garcia-Romeu, associate director of the Center for Psychedelic and Consciousness Research at Johns Hopkins University... Some researchers suggest it disrupts entrenched traffic patterns in the brain or grows new neuron connections to change thinking. Others say the results from psilocybin could have to do with its anti-inflammatory effect, Garcia-Romeu said...

Colorado became the second state to make psilocybin legal with a 2023 law and issued its first healing center" last year. A law adopted in New Mexico last year established that state's Medical Psilocybin Program, now in development... Psilocybin seems to be "knocking on the door of FDA approval," said Dr. Lynn Marie Morski, president of the Psychedelic Medicine Association, which educates health care providers on the therapeutic use of psychedelics so they can answer patients' questions through the lenses of clinical evidence and harm reduction. Psilocybin therapy first received a "breakthrough therapy" designation for treatment-resistant depression from the US Food and Drug Administration in 2018, and now psilocybin drug products are on track to be submitted to the FDA for possible approval in the not-too-distant future.

While psilocybin is illegal under United States federal law, more states are creating their own paths for legal use under state laws.

An anonymous reader quotes a report from MarketWatch: ServiceNow announced a deal to acquire cybersecurity company Armis on Tuesday, marking a new milestone in the software giant's artificial-intelligence business strategy. The $7.75 billion all-cash transaction is part of ServiceNow's goal of advancing governance and trust in autonomous AI agents, and the company's largest transaction to date. "The acquisition of Armis will extend and enhance ServiceNow's Security, Risk, and [Operational Technology] portfolios in critical and fast-growing areas of cybersecurity and drive increased AI adoption by strengthening trust across businesses' connected environments," the company wrote in a press release.

While ServiceNow built its foundation IT service management products, the company has positioned itself as an "AI control tower" that orchestrates workflows across HR, customer service and security operations. Organizations today are operating in increasingly complex environments, with assets spanning from laptops and servers to smart grid devices, Gina Mastantuono, chief financial officer of ServiceNow, told MarketWatch on Tuesday. "But at the same time, cyber threats are becoming more sophisticated and more complex," she added.

ServiceNow's Security and Risk business crossed $1 billion in annual contract value earlier this year, and the Armis acquisition is expected to triple ServiceNow's market opportunity in the sector. Armis currently has over $340 million in annual recurring revenue, with growth exceeding 50% year-over-year, according to the press release. The Armis acquisition would allow ServiceNow to create an "end-to-end proactive cybersecurity exposure and operations stack that enables enterprises to see, decide and act across a business' entire technology footprint," Mastantuono said.

"Internal documents have revealed that Meta has projected it earns billions from ignoring scam ads that its platforms then targeted to users most likely to click on them," writes Ars Technica, citing a lengthy report from Reuters.

Reuters reports that Meta "for at least three years failed to identify and stop an avalanche of ads that exposed Facebook, Instagram and WhatsApp's billions of users to fraudulent e-commerce and investment schemes, illegal online casinos, and the sale of banned medical products..." On average, one December 2024 document notes, the company shows its platforms' users an estimated 15 billion "higher risk" scam advertisements — those that show clear signs of being fraudulent — every day. Meta earns about $7 billion in annualized revenue from this category of scam ads each year, another late 2024 document states. Much of the fraud came from marketers acting suspiciously enough to be flagged by Meta's internal warning systems.

But the company only bans advertisers if its automated systems predict the marketers are at least 95% certain to be committing fraud, the documents show. If the company is less certain — but still believes the advertiser is a likely scammer — Meta charges higher ad rates as a penalty, according to the documents. The idea is to dissuade suspect advertisers from placing ads. The documents further note that users who click on scam ads are likely to see more of them because of Meta's ad-personalization system, which tries to deliver ads based on a user's interests... The documents indicate that Meta's own research suggests its products have become a pillar of the global fraud economy. A May 2025 presentation by its safety staff estimated that the company's platforms were involved in a third of all successful scams in the U.S.

Meta also acknowledged in other internal documents that some of its main competitors were doing a better job at weeding out fraud on their platforms... The documents note that Meta plans to try to cut the share of Facebook and Instagram revenue derived from scam ads. In the meantime, Meta has internally acknowledged that regulatory fines for scam ads are certain, and anticipates penalties of up to $1 billion, according to one internal document. But those fines would be much smaller than Meta's revenue from scam ads, a separate document from November 2024 states. Every six months, Meta earns $3.5 billion from just the portion of scam ads that "present higher legal risk," the document says, such as those falsely claiming to represent a consumer brand or public figure or demonstrating other signs of deceit. That figure almost certainly exceeds "the cost of any regulatory settlement involving scam ads...."

A planning document for the first half of 2023 notes that everyone who worked on the team handling advertiser concerns about brand-rights issues had been laid off. The company was also devoting resources so heavily to virtual reality and AI that safety staffers were ordered to restrict their use of Meta's computing resources. They were instructed merely to "keep the lights on...." Meta also was ignoring the vast majority of user reports of scams, a document from 2023 indicates. By that year, safety staffers estimated that Facebook and Instagram users each week were filing about 100,000 valid reports of fraudsters messaging them, the document says. But Meta ignored or incorrectly rejected 96% of them. Meta's safety staff resolved to do better. In the future, the company hoped to dismiss no more than 75% of valid scam reports, according to another 2023 document.

A small advertiser would have to get flagged for promoting financial fraud at least eight times before Meta blocked it, a 2024 document states. Some bigger spenders — known as "High Value Accounts" — could accrue more than 500 strikes without Meta shutting them down, other documents say.
Thanks to long-time Slashdot reader schwit1 for sharing the article.

Thursday saw the release of Rust 1.89.0 But this week the Rust Foundation also released its second comprehensive annual technology report.

A Rust Foundation announcement shares some highlights: - Trusted Publishing [GitHub Actions authentication using cryptographically signed tokens] fully launched on crates.io, enhancing supply chain security and streamlining workflows for maintainers.

- Major progress on crate signing infrastructure using The Update Framework (TUF), including three full repository implementations and stakeholder consensus.

- Integration of the Ferrocene Language Specification (FLS) into the Rust Project, marking a critical step toward a formal Rust language specification [and "laying the groundwork for broader safety certification and formal tooling."]

- 75% reduction in CI infrastructure costs while maintaining contributor workflow stability. ["All Rust repositories are now managed through Infrastructure-as-Code, improving maintainability and security."]

- Expansion of the Safety-Critical Rust Consortium, with multiple international meetings and advances on coding guidelines aligned with safety standards like MISRA. ["The consortium is developing practical coding guidelines, aligned tooling, and reference materials to support regulated industries — including automotive, aerospace, and medical devices — adopting Rust."]

- Direct engagement with ISO C++ standards bodies and collaborative Rust-C++ exploration... The Foundation finalized its strategic roadmap, participated in ISO WG21 meetings, and initiated cross-language tooling and documentation planning. These efforts aim to unlock Rust adoption across legacy C++ environments without sacrificing safety.
The Rust Foundation also acknowledges continued funding from OpenSSF's Alpha-Omega Project and "generous infrastructure donations from organizations like AWS, GitHub, and Mullvad VPN" to the Foundation's Security Initiative, which enabled advances like including GitHub Secret Scanning and automated incident response to "Trusted Publishing" and the integration of vulnerability-surfacing capabilities into crates.io.

There was another announcement this week. In November AWS and the Rust Foundation crowdsourced "an effort to verify the Rust standard library" — and it's now resulted in a new formal verification tool called "Efficient SMT-based Context-Bounded Model Checker" (or ESBMCESBMC) This winning contribution adds ESBMC — a state-of-the-art bounded model checker — to the suite of tools used to analyze and verify Rust's standard library. By integrating through Goto-Transcoder, they enabled ESBMC to operate seamlessly in the Rust verification workflow, significantly expanding the scope and flexibility of verification efforts...

This achievement builds on years of ongoing collaboration across the Rust and formal verification communities... The collaboration has since expanded. In addition to verifying the Rust standard library, the team is exploring the use of formal methods to validate automated C-to-Rust translations, with support from AWS. This direction, highlighted by AWS Senior Principal Scientist Baris Coskun and celebrated by the ESBMC team in a recent LinkedIn post, represents an exciting new frontier for Rust safety and verification tooling.

An anonymous reader quotes a report from The Guardian: During his latest trip to Washington, OpenAI's chief executive, Sam Altman, painted a sweeping vision of an AI-dominated future in which entire job categories disappear, presidents follow ChatGPT's recommendations and hostile nations wield artificial intelligence as a weapon of mass destruction, all while positioning his company as the indispensable architect of humanity's technological destiny. Speaking at the Capital Framework for Large Banks conference at the Federal Reserve board of governors, Altman told the crowd that certain job categories would be completely eliminated by AI advancement. "Some areas, again, I think just like totally, totally gone," he said, singling out customer support roles. "That's a category where I just say, you know what, when you call customer support, you're on target and AI, and that's fine." The OpenAI founder described the transformation of customer service as already complete, telling the Federal Reserve vice-chair for supervision, Michelle Bowman: "Now you call one of these things and AI answers. It's like a super-smart, capable person. There's no phone tree, there's no transfers. It can do everything that any customer support agent at that company could do. It does not make mistakes. It's very quick. You call once, the thing just happens, it's done."

The OpenAI founder then turned to healthcare, making the suggestion that AI's diagnostic capabilities had surpassed human doctors, but wouldn't go so far as to accept the superior performer as the sole purveyor of healthcare. "ChatGPT today, by the way, most of the time, can give you better -- it's like, a better diagnostician than most doctors in the world," he said. "Yet people still go to doctors, and I am not, like, maybe I'm a dinosaur here, but I really do not want to, like, entrust my medical fate to ChatGPT with no human doctor in the loop." [...] At the fireside chat, he said one of his biggest worries was over AI's rapidly advancing destructive capabilities, with one scenario that kept him up at night being a hostile nation using these weapons to attack the US financial system. And despite being in awe of advances in voice cloning, Altman warned the crowd about how that same benefit could enable sophisticated fraud and identity theft, considering that "there are still some financial institutions that will accept the voiceprint as authentication".

ScienceAlert reports: Casino lighting could be nudging gamblers to be more reckless with their money, according to a new study, which found a link between blue-enriched light and riskier gambling behavior. The extra blue light emitted by casino decor and LED screens seems to trigger certain switches in our brains, making us less sensitive to financial losses compared to gains of equal magnitude, researchers from Flinders University and Monash University in Australia found...

The researchers think circadian photoreception, which is our non-visual response to light, is playing a part here. The level of blue spectrum light may be activating specific eye cells connected to brain regions in charge of decision-making, emotional regulation, and processing risk versus reward scenarios.

"Under conditions where the lighting emitted less blue, people tended to feel a $100 loss much more strongly than a $100 gain — the loss just feels worse," [says the study's lead author, a psychologist at the Flinders Health and Medical Research Institute]. "But under bright, blue-heavy light such as that seen in casino machines, the $100 loss didn't appear to feel as bad, so people were more willing to take the risk...." That raises some questions around ethics and responsibility, according to the researchers. While encouraging risk taking might be good for the gambling business, it's not good for the patrons spending their cash.
One professor involved in the study reached this conclusion. "It is possible that simply dimming the blue in casino lights could help promote safer gambling behaviors."

The research has been published in Scientific Reports.

Thanks to Slashdot reader alternative_right for sharing the news.

Health authorities in densely-populated Hong Kong and Singapore have warned that Covid-19 cases are spiking, as a resurgent wave spreads through Asia. Bloomberg: The virus' activity in Hong Kong is now "quite high," Albert Au, head of the Communicable Disease Branch of the city's Center for Health Protection, told local media this week. The percentage of respiratory samples testing Covid-positive in Hong Kong recently reached its highest in a year.

Severe cases -- including deaths -- also reached its highest level in about a year to 31 in the week through May 3, the center's data shows. While the resurgence is yet to match the infection peaks seen in the past two years, rising viral load found in sewage water and Covid-related medical consultations and hospitalizations suggest the virus is actively spreading in the city of over 7 million people.

Rival financial hub Singapore is also on Covid alert. The city-state's health ministry released its first update on infection numbers in almost a year this month, as the estimated number of cases jumped 28% to 14,200 in the week through May 3 from the previous seven days while daily hospitalization rose around 30%. Singapore now only provides case updates when there is a noticeable spike.

A 25-year-old from Santa Clarita has pleaded guilty to hacking a Disney employee's computer using malware disguised as an AI art tool, stealing over 1 terabyte of confidential Disney data and threatening to leak it under the guise of a fake Russian hacktivist group. Variety reports: Santa Clarita resident Ryan Mitchell Kramer, 25, pleaded guilty to two felony charges, including one count of accessing a computer and obtaining information and one count of threatening to damage a protected computer. Each charge carries a maximum sentence of five years in federal prison. According to the plea agreement, in early 2024 Kramer posted a computer program on various online platforms that appeared to be used to create AI-generated art, when it really contained a malicious file to gain access to victims' computers.

Between April and May 2024, a Disney employee downloaded the program, and Kramer gained access to the victim's personal and work accounts, including a non-public Disney Slack channel. Kramer dowloaded approximately 1.1 terabytes of confidential data from thousands of Disney Slack channels. In July, Kramer contacted the victim by pretending to be a member of a fake Russian hacktivist group called "Nullbulge" and threatened to leak their personal information and Disney Slack data. On July 12, Kramer publicly released the data, including the victim's bank, medical, and personal information on multiple online platforms.

A new chapter has begun for two of the world's most popular preprint platforms, bioRxiv and medRxiv, with the launch of a non-profit organization that will manage them, their co-founders announced today. From a report: The servers allow researchers to share manuscripts for free before peer review and have become an integral part of publishing biology and medical research. Until now, they had been managed by Cold Spring Harbor Laboratory (CSHL) in New York. The new organization, named openRxiv, will have a board of directors and a scientific and medical advisory board. It is supported by a fresh US$16-million grant from the Chan Zuckerberg Initiative (CZI), the projects' main financial backer.

"It's just exciting to see this key piece of infrastructure really get the attention that it deserves as a dedicated initiative," says Katie Corker, executive director of ASAPbio, a scientist-driven non-profit organization, which is based in San Francisco, California. Preprints are "the backbone of the scientific publishing ecosystem, maybe especially at the current moment, when there's a lot of worries about who has control of information."

The launch of openRxiv "reflects a maturation of the projects," which started as an experiment at CSHL, says Richard Sever, a co-founder of both servers and chief science and strategy officer at openRxiv. It has "become so important that they should have their own organization running them, which is focused on the long-term sustainability of the servers, as opposed to being a side project within a big research institution," says Sever.

Nearly 190 million Americans were affected by February's cyberattack on UnitedHealth's Change Healthcare unit, almost double initial estimates, the company disclosed Friday. The breach, the largest in U.S. medical history, exposed sensitive data including Social Security numbers, medical records, and financial information.

UnitedHealth said it has not detected misuse of the stolen data or found medical databases among compromised files. Change Healthcare, a major U.S. healthcare claims processor, paid multiple ransoms after Russian-speaking hackers known as ALPHV breached its systems using stolen credentials lacking multi-factor authentication, according to CEO Andrew Witty's testimony to Congress.

An anonymous reader quotes a report from 404 Media: The manufacturer of a machine that costs six figures used during heart surgery has told hospitals that it will no longer allow hospitals' repair technicians to maintain or fix the devices and that all repairs must now be done by the manufacturer itself, according to a letter obtained by 404 Media. The change will require hospitals to enter into repair contracts with the manufacturer, which will ultimately drive up medical costs, a person familiar with the devices said.

The company, Terumo Cardiovascular, makes a device called the Advanced Perfusion System 1 Heart Lung Machine, which is used to reroute blood during open-heart surgeries and essentially keeps a patient alive during the surgery. Last month, the company sent hospitals a letter alerting them to the "discontinuation of certification classes," meaning it "will no longer offer certification classes for the repair and/or preventative maintenance of the System 1 and its components." This means it will no longer teach hospital repair techs how to maintain and fix the devices, and will no longer certify in-house hospital repair technicians. Instead, the company "will continue to provide direct servicing for the System 1 and its components." [...]

In a brochure for hospitals, Terumo advertises both its device and its maintenance program: "Advanced, precision medical equipment requires genuine parts and top-quality, specialized service -- just as getting the best medical care from qualified specialists. Terumo Cardiovascular Service has the unrivaled expertise, experience, equipment, and parts to provide the optimal level of planned service and repairs needed. Use Terumo Cardiovascular Service and avoid exposure to liability issues." A spokesperson for Terumo told 404 Media that the company "saw declining participation in this program and determined that the best way forward was to require servicing through Terumo Cardiovascular's genuine in-house Service team to continue to ensure Terumo devices are properly maintained."

"Terumo Cardiovascular's Biomed Certification Program was originally structured to train non-Terumo personnel (hospital Biomeds) to service Terumo heart-lung machines and associated hardware. Properly maintained medical devices are necessary for optimal performance which is essential for quality of patient care and outcomes," they added. "Hospitals' existing Terumo Cardiovascular Biomed certifications will remain valid through their expiration dates but will not be renewed once they expire." "It's no secret that America's healthcare system is the most expensive, and this is one of the reasons why. These machines are actually highly reliable, we've had a low cost of service for it over the last few years. And when something isn't right, we have people in-house who can fix it," a source familiar with Terumo machine repair said. "But the cost of having a service contract with a manufacturer, you're probably talking 10 times the cost. It's not a big deal having a contract for one device, but when that starts happening across many devices, it adds up in the end. If you took every hospital in America and said for every medical device in the hospital, you need to put it on an OEM [original equipment manufacturer] maintenance contract, it would tank your financial system. You just can't do that."

Chinese social-networking site RedNote became the #1 most-downloaded app in America, reports the Associated Press, with some new users considering it a way to protest America's possible TikTok ban.

So what happened next? They were met with surprise, curiosity and in-jokes on Xiaohongshu — literally, "Little Red Book" — whose users saw English-language posts take over feeds almost overnight. Americans introduced themselves with hashtag TikTok refugees, ask me anything attitude and posting photos of their pets to pay their hosts' "cat tax." Parents swapped stories about raising kids and Swifties from both countries, of course, quickly found each other. It's a rare moment of direct contact between two online worlds that are usually kept apart by language, corporate boundaries, and China's strict system of online censorship that blocks access to nearly all international media and social media services... Xiaohongshu's 300 million monthly active users are overwhelmingly Chinese — so much so that parts of its interface have no English-language version... [Press reports suggest about a million of TikTok's 170 million users tried switching to RedNote this week...]

On the platform, two versions of the TikTok refugee hashtag have over 24 million posts, with related posts appearing at the top of many users' feeds. A large number of American users say they've received a warm welcome from the community, with #TikTokrefugee. "Welcome the global villagers" remains the top one trending topic on Xiaohongshu, with 8.9 million views on Thursday. Users from both countries are comparing notes on grocery prices, rent, health insurance, medical bills and the relationship between mother-in-law and daughter-in-law. Parents talk about what the kids learn in school in two countries. Some have already joined book clubs and are building up a community. American users asked how Chinese see the LGBTQ community and got warned that it was among sensitive topics, Chinese users taught Americans what are sensitive topics and key words to avoid censorship on the app. Chinese students pulled out their English homework, looking for help.

Chinese state media, which have long dismissed U.S. allegations against TikTok, have welcomed the protest against the ban. People's Daily [the official newspaper of the Central Committee of the Chinese Communist Party], said in an op-ed about TikTok refugees on Thursday that says the TikTok refugees found a "new home," and "openness, communication, and mutual learning are the unchanging themes of mankind and the heartfelt desires of people from all countries."
Making the most of the moment is Jianlu Bi, who is apparently a senior content producer for Beijing's state-run China Global Television Network, which Wikipedia describes as "under the control of the Central Propaganda Department of the Chinese Communist Party". Friday Jianlu Bi crafted an article claiming "surprising" and "stark contrasts" were revealed: While the United States is often portrayed as a land of limitless opportunity, many American netizens have shared their struggles with high living costs, particularly in urban areas. One common theme is the exorbitant cost of healthcare. "I just got a simple bill for a routine checkup and it was over $500," shared one American user. "I can't imagine what a serious illness would cost! I feel like I'm constantly on the brink of financial ruin due to medical expenses." In contrast, Chinese netizens often express surprise at the affordability of many goods and services in their home country. For instance, the cost of housing, particularly in smaller cities, is often significantly lower in China compared to the United States.... This disparity is often attributed to factors such as government policies, economic development, and cultural differences...

Traditional media narratives often present simplified and often biased portrayals of China and the United States. For example, the U.S. is often portrayed as a land of opportunity with limitless possibilities, while China is sometimes depicted as a country with limited freedoms. Xiaohongshu, on the other hand, provides a platform for ordinary people to share their authentic experiences and perspectives... A Chinese student studying in the U.S. shared, "I was surprised to learn that many of my classmates are working part-time jobs to cover their tuition and living expenses. This is very different from the image of affluent American students I had in my mind. It really opened my eyes to the realities of life for many young people in the U.S."
"As social media continues to evolve, these platforms will undoubtedly play an increasingly important role in shaping global perceptions..." the article concludes.

Article suggested by long-time Slashdot reader hackingbear.

UK ministers are considering allowing private companies to profit from anonymized NHS data as part of a push to leverage AI for medical advancements, despite concerns over privacy and ethical risks. The Guardian reports: Keir Starmer on Monday announced a push to open up the government to AI innovation, including allowing companies to use anonymized patient data to develop new treatments, drugs and diagnostic tools. With the prime minister and the chancellor, Rachel Reeves, under pressure over Britain's economic outlook, Starmer said AI could bolster the country's anaemic growth, as he put concerns over privacy, disinformation and discrimination to one side.

"We are in a unique position in this country, because we've got the National Health Service, and the use of that data has already driven forward advances in medicine, and will continue to do so," he told an audience in east London. "We have to see this as a huge opportunity that will impact on the lives of millions of people really profoundly." Starmer added: "It is important that we keep control of that data. I completely accept that challenge, and we will also do so, but I don't think that we should have a defensive stance here that will inhibit the sort of breakthroughs that we need."

The move to embrace the potential of AI rather than its risks comes at a difficult moment for the prime minister, with financial markets having driven UK borrowing costs to a 30-year high and the pound hitting new lows against the dollar. Starmer said on Monday that AI could help give the UK the economic boost it needed, adding that the technology had the potential "to increase productivity hugely, to do things differently, to provide a better economy that works in a different way in the future." Part of that, as detailed in a report by the technology investor Matt Clifford, will be to create new datasets for startups and researchers to train their AI models.

Data from various sources will be included, such as content from the National Archives and the BBC, as well as anonymized NHS records. Officials are working out the details on how those records will be shared, but said on Monday that they would take into account national security and ethical concerns. Starmer's aides say the public sector will keep "control" of the data, but added that could still allow it to be used for commercial purposes.

NPR remembers when the world "prepared for the impending global meltdown" that might've been, on December 31, 1999 — and the possible bug known as Y2K: The Clinton administration said that preparing the U.S. for Y2K was probably "the single largest technology management challenge in history." The bug threatened a cascade of potential disruptions — blackouts, medical equipment failures, banks shutting down, travel screeching to a halt — if the systems and software that helped keep society functioning no longer knew what year it was... Computer specialist and grassroots organizer Paloma O'Riley compared the scale and urgency of Y2K prep to telling somebody to change out a rivet on the Golden Gate Bridge. Changing out just one rivet is simple, but "if you suddenly tell this person he now has to change out all the rivets on the bridge and he has only 24 hours to do it in — that's a problem," O'Riley told reporter Jason Beaubien in 1998....

The date switchover rattled a swath of vital tech, including Wall Street trading systems, power plants and tools used in air traffic control. The Federal Aviation Administration put its systems through stress tests and mock scenarios as 2000 drew closer. "Twenty-three million lines of code in the air traffic control system did seem a little more daunting, I will say, than I had probably anticipated," FAA Administrator Jane Garvey told NPR in 1998. Ultimately there were no systemwide aviation breakdowns, but airlines were put on a Y2K alert....

Some financial analysts remained skeptical Y2K would come and go with minimal disruption. But by November 1999 the Federal Reserve said it was confident the U.S. economy would weather the big switch. "Federal banking agencies have been visited and inspected. Every bank in the United States, which includes probably 9,000 to 10,000 institutions, over 99% received a satisfactory rating," Fed Board Governor Edward Kelley said at the time.
The article also remembers a California programmer who bought a mobile home, a propane generator, and a year's supply of dehydrated food. (They were also considering buying a handgun — and converting his bank savings into gold, silver, and cash.) And "Dozens of communities across the U.S. formed Y2K preparedness groups to stave off unnecessary panic..."

But the article concludes that "the aggressive planning and recalibration paid off. Humanity passed into the year 2000 without pandemonium..."

And "People like Jack Pentes of Charlotte, N.C., were left to figure out what to do with their emergency stockpiles."

Nebraska's attorney general has sued Change Healthcare over a massive data breach that exposed sensitive medical information of more than 100 million Americans following a February ransomware attack. The lawsuit alleges the UnitedHealth-owned company failed to implement basic security measures, including multi-factor authentication, allowing hackers to breach its systems using credentials from a customer support employee that were posted on Telegram.

The Russian-speaking ALPHV ransomware group accessed personal health records, financial data and treatment information across Change Healthcare's poorly segmented network, according to the complaint filed by Attorney General Mike Hilgers.

UnitedHealth Group said a ransomware attack in February resulted in more than 100 million individuals having their private health information stolen. The U.S. Department of Health and Human Services first reported the figure on Thursday. TechCrunch reports: The ransomware attack and data breach at Change Healthcare stands as the largest known digital theft of U.S. medical records, and one of the biggest data breaches in living history. The ramifications for the millions of Americans whose private medical information was irretrievably stolen are likely to be life lasting. UHG began notifying affected individuals in late July, which continued through October. The stolen data varies by individual, but Change previously confirmed that it includes personal information, such as names and addresses, dates of birth, phone numbers and email addresses, and government identity documents, including Social Security numbers, driver's license numbers, and passport numbers. The stolen health data includes diagnoses, medications, test results, imaging and care and treatment plans, and health insurance information -- as well as financial and banking information found in claims and payment data taken by the criminals.

The cyberattack became public on February 21 when Change Healthcare pulled much of its network offline to contain the intruders, causing immediate outages across the U.S. healthcare sector that relied on Change for handling patient insurance and billing. UHG attributed the cyberattack to ALPHV/BlackCat, a Russian-speaking ransomware and extortion gang, which later took credit for the cyberattack. The ransomware gang's leaders later vanished after absconding with a $22 million ransom paid by the health insurance giant, stiffing the group's contractors who carried out the hacking of Change Healthcare out of their new financial windfall. The contractors took the data they stole from Change Healthcare and formed a new group, which extorted a second ransom from UHG, while publishing a portion of the stolen files online in the process to prove their threat.

There is no evidence that the cybercriminals subsequently deleted the data. Other extortion gangs, including LockBit, have been shown to hoard stolen data, even after the victim pays and the criminals claim to have deleted the data. In paying the ransom, Change obtained a copy of the stolen dataset, allowing the company to identify and notify the affected individuals whose information was found in the data. Efforts by the U.S. government to catch the hackers behind ALPHV/BlackCat, one of the most prolific ransomware gangs today, have so far failed. The gang bounced back following a takedown operation in 2023 to seize the gang's dark web leak site. Months after the Change Healthcare breach, the U.S. State Department upped its reward for information on the whereabouts of the ALPHV/BlackCat cybercriminals to $10 million.

The Financial Times: In the paediatric centre at one of London's largest hospitals, doctors are confounded each day by a ward computer that is not connected to a printer. The computer is used for managing the daily list of patients. Doctors can only access and update the list, using one shared account. So twice a day, two doctors on the ward said one of them had to log in to this computer, update the patient list, send the list to themselves via NHS email, and then log in to another nearby computer to print it off for the team. "I am at a top London hospital and yet at times I feel as though we are operating in the Stone Age," said one paediatrician on the ward.

Tackling the frustrating delays caused by outdated technology [Editor's note: non-paywalled link] is one of health secretary Wes Streeting and Prime Minister Sir Keir Starmer's core missions, having vowed to shift the service "from an analogue to a digital NHS." The monumental task of moving the world's largest publicly funded health service into the digital age is not lost on doctors working on the frontline of the NHS. While many sectors of the economy have been "radically reshaped" by technology in recent years, a landmark report into the state of the health service in England last month concluded that the NHS stood "in the foothills of digital transformation."

But doctors and nurses point out that the basic infrastructure needs to be brought up to a minimum standard, given significant regional variations between hospitals, before politicians extol the virtues of cutting-edge tech. "Some of us just want the printers to work," noted one NHS hospital doctor. "The complete flip-a-coin nature of how equipped your hospital is is mind-boggling," they added. "I have worked in hospitals that are at least 12 years behind others." A report published in 2022 by the British Medical Association, the UK's main doctors' union, estimated that doctors in England lost 13.5mn working hours a year as a consequence of "inadequate IT systems and equipment." One reason for the outdated infrastructure is that the country has spent almost $48bn less than its peers -- such as Germany, France, Australia -- on health assets since the 2010s, according to a government-commissioned study by Lord Ara Darzi last month.

The one-and-done nature of 23andMe is "indicative of a core business problem with the once high-flying biotech company that is now teetering on the brink of collapse," reports NPR. As 23andMe struggles for survival, many of its 15 million customers are left wondering what the company plans to do with all the data it has collected since it was founded in 2006. An anonymous reader shares an excerpt from the report: Andy Kill, a spokesperson for 23andMe, would not comment on what the company might do with its trove of genetic data beyond general pronouncements about its commitment to privacy. "For our customers, our focus continues to be on transparency and choice over how they want their data to be managed," he said. When signing up for the service, about 80% of 23andMe's customers have opted in to having their genetic data analyzed for medical research. "This rate has held steady for many years," Kill added. The company has an agreement with pharmaceutical giant GlaxoSmithKline, or GSK, that allows the drugmaker to tap the tech company's customer data to develop new treatments for disease. Anya Prince, a law professor at the University of Iowa's College of Law who focuses on genetic privacy, said those worried about their sensitive DNA information may not realize just how few federal protections exist. For instance, the Health Insurance Portability and Accountability Act, also known as HIPAA, does not apply to 23andMe since it is a company outside of the health care realm. "HIPAA does not protect data that's held by direct-to-consumer companies like 23andMe," she said.

Although DNA data has no federal safeguards, some states, like California and Florida, do give consumers rights over their genetic information. "If customers are really worried, they could ask for their samples to be withdrawn from these databases under those laws," said Prince. According to the company, all of its genetic data is anonymized, meaning there is no way for GSK, or any other third party, to connect the sample to a real person. That, however, could make it nearly impossible for a customer to renege on their decision to allow researchers to access their DNA data. "I couldn't go to GSK and say, 'Hey, my sample was given to you -- I want that taken out -- if it was anonymized, right? Because they're not going to re-identify it just to pull it out of the database," Prince said.

Vera Eidelman, a staff attorney with the American Civil Liberties Union who specializes in privacy and technology policy, said the patchwork of state laws governing DNA data makes the generic data of millions potentially vulnerable to being sold off, or even mined by law enforcement. "Having to rely on a private company's terms of service or bottom line to protect that kind of information is troubling -- particularly given the level of interest we've seen from government actors in accessing such information during criminal investigations," Eidelman said. She points to how investigators used a genealogy website to identify the man known as the Golden State Killer, and how police homed in on an Idaho murder suspect by turning to similar databases of genetic profiles. "This has happened without people's knowledge, much less their express consent," Eidelman said.

Neither case relied on 23andMe, and spokesperson Kill said the company does not allow law enforcement to search its database. The company has, however, received subpoenas to access its genetic information. According to 23andMe's transparency report, authorities have sought genetic data on 15 individuals since 2015, but the company has resisted the requests and never produced data for investigators. "We treat law enforcement inquiries, such as a valid subpoena or court order, with the utmost seriousness. We use all legal measures to resist any and all requests in order to protect our customers' privacy," Kill said. [...] In a September filing to financial regulators, [23andMe CEO Anne Wojcicki] wrote: "I remain committed to our customers' privacy and pledge," meaning the company's rules requiring consent for DNA to be used for research would remain in place, as well as allowing customers to delete their data. Wojcicki added that she is no longer considering offers to buy the company after previously saying she was.