Latest news with #Feroot
Associated Press
27-02-2025
- Business
- Associated Press
Feroot Security Launches HealthData Shield AI to Protect ePHI on Healthcare Websites and Ensure HIPAA Compliance
HealthData Shield AI automates HIPAA compliance and protects sensitive patient data from unauthorized tracking, backed by Feroot's proven threat detection AI. 'HealthData Shield AI transforms the challenge of protecting patient data into a streamlined, automated process. Allowing healthcare providers to focus on what matters most – patient care.' — Vitaliy Lim, CTO of Feroot Security TORONTO, ON, CANADA, February 27, 2025 / / -- Feroot Security, a leader in compliance cybersecurity solutions for business websites, today announced the launch of HealthData Shield AI, a platform designed to protect healthcare organizations' websites that handle sensitive patient data and ensure HIPAA compliance through advanced AI detection, analysis and policy enforcement. HealthData Shield AI automatically discovers and controls tracking technologies that could potentially access Protected Health Information (PHI), providing healthcare organizations with comprehensive visibility and protection across their digital infrastructure. The platform's launch comes at a crucial time as healthcare providers face increasing challenges in protecting patient data while maintaining regulatory compliance. 'Healthcare organizations are under immense pressure to protect patient data while managing complex compliance requirements,' said Ivan Tsarynny, CEO of Feroot Security. 'HealthData Shield AI transforms this challenge into a streamlined, automated process, allowing healthcare providers to focus on what matters most – patient care.' The platform's advanced capabilities include: ● AI-powered automatic discovery and protection of PHI across websites and patient portals. ● Real-time monitoring and blocking of unauthorized data access including search queries. ● Automated Business Associate Agreement (BAA) management. ● Comprehensive compliance support for over 30 regulations and standards including HIPAA, CCPA, CIPA, GDPR and PCI DSS 4. ● Seamless integration with existing security infrastructure. Feroot Security's expertise in detecting hidden threats was recently highlighted when its technology uncovered concealed code in DeepSeek's AI app that is designed to transmit user data to China Mobile's servers. Feroot AI's threat detection capabilities are powering HealthData Shield AI. A Privacy Director from a leading healthcare network reported, 'Automating our HIPAA compliance saved our privacy team countless weeks of work. Now we have complete visibility and control over PHI access.' HealthData Shield AI provides healthcare organizations with: ● Automated compliance reporting for audits. ● Multi-domain monitoring from a single dashboard. ● Easy implementation without disrupting existing operations. ● Continuous protection against persistent and emerging threats. ● Real-time alerts and blocking of unauthorized access attempts. Healthcare organizations interested in strengthening their data protection and streamlining HIPAA compliance can learn more about HealthData Shield AI at Visit Feroot at HIMSS 2025: HIMSS 2025 attendees are invited to visit Feroot at booth #965 to learn how Feroot's solutions can support your organization in achieving a secure and compliant service for your patients and customers on the web. About Feroot Security: Feroot secures business websites and online portals, ensuring they remain compliant and protected. Feroot enables customers worldwide, including Fortune 500 organizations, to detect and eliminate critical risks in their web environments, ensuring compliance with regulations and standards. Feroot Security is a leading cybersecurity and compliance company specializing in protecting sensitive data and ensuring regulatory compliance. The company's innovative solutions help organizations safeguard their digital assets while maintaining operational efficiency. X LinkedIn Legal Disclaimer:
Yahoo
05-02-2025
- Business
- Yahoo
DeepSeek code may send U.S. user data straight to the Chinese government: report
The code for DeepSeek, an impressive artificial intelligence model made in China that stunned Silicon Valley and quickly became one of the most downloaded apps in the U.S., has hidden code that can send user information to the Chinese government, according to security experts. Researchers at Feroot Security, a Canada-based cyber firm, examined the browser-based version of DeepSeek and said they uncovered encrypted portions of code capable of sending user data to the online registry for China Mobile, a state telecom company that's been delisted from the New York Stock Exchange and is considered a national security concern by U.S. regulators. The AI app also creates a digital 'fingerprint' of users, tracking their activity on all other websites, according to Feroot. "We see direct links to servers and to companies in China that are under control of the Chinese government. And this is something that we have never seen in the past," Feroot CEO Ivan Tsarynny told ABC News. The Independent has contacted DeepSeek and China Mobile for comment. DeepSeek has previously disclosed user data being stored on servers based in China. Other experts expressed similar dismay over the AI company. The app 'raises all of the TikTok concerns plus you're talking about information that is highly likely to be of more national security and personal significance than anything people do on TikTok,' former Homeland Security and National Security Agency official Stewart Baker told The Associated Press. The free, open-source DeepSeek, which debuted last month, sent shockwaves through the tech world, causing more than $1 trillion in losses on the stock market as the company raised questions about the value of more well-capitalized U.S. competitors like OpenAI, which reportedly spent billions more developing similar capabilities. 'DeepSeek's release of a premium level AI tool, available freely, with a reported (comparatively) miniscule development cost has shaken faith in Silicon Valley and American dominance in the rapidly developing AI market,' Dr. Richard Whittle, an economist from the University of Salford, told The Independent at the time. In addition to posing a potential challenge to U.S. AI might, DeepSeek also raised geopolitical alarm bells in Washington, with Donald Trump describing it as a 'wake-up call' for Americans about the state of Chinese tech power. Senator Josh Hawley of Missouri introduced a bill this week widely seen as a response to DeepSeek, which aims to 'prohibit United States persons from advancing artificial intelligence capabilities within the People's Republic of China, and for other persons'. The bill bars the importation of 'technology or intellectual property' developed in China, with anyone violating the restrictions facing up to 20 years in prison, and fines of up to $1 million for individuals and up to $100m for businesses. Users of the app also quickly noted it equivocated or refused to answer certain questions on topics sensitive to Beijing, like Chinese leader Xi Jinping, the subjugation of China's Uyghur Muslims, or the history of the Tiananmen Square massacre. The app has already been banned across countries like Italy, as well as within institutions like the U.S. Navy and NASA, and it could soon go the way of TikTok in the U.S., which is facing an impending U.S. ban amid similar concerns over Chinese influence unless Donald Trump can reach a promised compromise forcing a sale of its U.S. operations. Fears of Chinese AI dominance seem to have inspired tech companies like Google to change their stance on the technology in recent months. The search giant reportedly altered its AI guidelines recently to allow for use in weapons and security applications. In a recent company blog post, leaders cited 'a global competition taking place for AI leadership within an increasingly complex geopolitical landscape.' Meanwhile, in December, ChatGPT maker OpenAI announced a partnership with fellow tech company Anduril to develop technology for use in military defense against drones. OpenAI had previously barred its technology from military use but changed its policies last year to allow some collaborations.
Al-Ahram Weekly
05-02-2025
- Business
- Al-Ahram Weekly
Researchers say China's DeepSeek chatbot is linked to state telecom, raising data privacy concerns - Tech
The website of the Chinese artificial intelligence company DeepSeek, whose chatbot became the most downloaded app in the United States, has computer code that could send some user login information to a Chinese state-owned telecommunications company that has been barred from operating in the United States, security researchers say. The web login page of DeepSeek's chatbot contains heavily obfuscated computer script that when deciphered shows connections to computer infrastructure owned by China Mobile, a state-owned telecommunications company. The code appears to be part of the account creation and user login process for DeepSeek. In its privacy policy, DeepSeek acknowledged storing data on servers inside the People's Republic of China. But its chatbot appears more directly tied to the Chinese state than previously known through the link revealed by researchers to China Mobile. The U.S. has claimed there are close ties between China Mobile and the Chinese military as justification for placing limited sanctions on the company. DeepSeek and China Mobile did not respond to emails seeking comment. The growth of Chinese-controlled digital services has become a major topic of concern for U.S. national security officials. Lawmakers in Congress last year on an overwhelmingly bipartisan basis voted to force the Chinese parent company of the popular video-sharing app TikTok to divest or face a nationwide ban though the app has since received a 75-day reprieve from President Donald Trump, who is hoping to work out a sale. The code linking DeepSeek to one of China's leading mobile phone providers was first discovered by Feroot Security, a Canadian cybersecurity company, which shared its findings with The Associated Press. The AP took Feroot's findings to a second set of computer experts, who independently confirmed that China Mobile code is present. Neither Feroot nor the other researchers observed data transferred to China Mobile when testing logins in North America, but they could not rule out that data for some users was being transferred to the Chinese telecom. The analysis only applies to the web version of DeepSeek. They did not analyze the mobile version, which remains one of the most downloaded pieces of software on both the Apple and the Google app stores. The U.S. Federal Communications Commission unanimously denied China Mobile authority to operate in the United States in 2019, citing 'substantial' national security concerns about links between the company and the Chinese state. In 2021, the Biden administration also issued sanctions limiting the ability of Americans to invest in China Mobile after the Pentagon linked it to the Chinese military. 'It's mindboggling that we are unknowingly allowing China to survey Americans and we're doing nothing about it,' said Ivan Tsarynny, CEO of Feroot. 'It's hard to believe that something like this was accidental. There are so many unusual things to this. You know that saying 'Where there's smoke, there's fire'? In this instance, there's a lot of smoke,' Tsarynny said. Stewart Baker, a Washington, D.C.-based lawyer and consultant who has previously served as a top official at the Department of Homeland Security and the National Security Agency, said DeepSeek 'raises all of the TikTok concerns plus you're talking about information that is highly likely to be of more national security and personal significance than anything people do on TikTok," one of the world's most popular social media platforms. Users are increasingly putting sensitive data into generative AI systems — everything from confidential business information to highly personal details about themselves. People are using generative AI systems for spell-checking, research and even highly personal queries and conversations. The data security risks of such technology are magnified when the platform is owned by a geopolitical adversary and could represent an intelligence goldmine for a country, experts warn. 'The implications of this are significantly larger because personal and proprietary information could be exposed. It's like TikTok but at a much grander scale and with more precision. It's not just sharing entertainment videos. It's sharing queries and information that could include highly personal and sensitive business information,' said Tsarynny, of Feroot. Feroot, which specializes in identifying threats on the web, identified computer code that is downloaded and triggered when a user logs into DeepSeek. According to the company's analysis, the code appears to capture detailed information about the device a user logs in from — a process called fingerprinting. Such techniques are widely used by tech companies around the world for security, verification and ad targeting. The company's analysis of the code determined that there were links in that code pointing to China Mobile authentication and identity management computer systems, meaning it could be part of the login process for some users accessing DeepSeek. The AP asked two academic cybersecurity experts — Joel Reardon of the University of Calgary and Serge Egelman of the University of California, Berkeley — to verify Feroot's findings. In their independent analysis of the DeepSeek code, they confirmed there were links between the chatbot's login system and China Mobile. 'It's clear that China Mobile is somehow involved in registering for DeepSeek,' said Reardon. He didn't see data being transferred in his testing but concluded that it is likely being activated for some users or in some login methods. Short link:
The Independent
05-02-2025
- Business
- The Independent
Researchers say China's DeepSeek chatbot is linked to state telecom, raising data privacy concerns
The website of the Chinese artificial intelligence company DeepSeek, whose chatbot became the most downloaded app in the United States, has computer code that could send some user login information to a Chinese state-owned telecommunications company that has been barred from operating in the United States, security researchers say. The web login page of DeepSeek's chatbot contains heavily obfuscated computer script that when deciphered shows connections to computer infrastructure owned by China Mobile, a state-owned telecommunications company. The code appears to be part of the account creation and user login process for DeepSeek. In its privacy policy, DeepSeek acknowledged storing data on servers inside the People's Republic of China. But its chatbot appears more directly tied to the Chinese state than previously known through the link revealed by researchers to China Mobile. The U.S. has claimed there are close ties between China Mobile and the Chinese military as justification for placing limited sanctions on the company. DeepSeek and China Mobile did not respond to emails seeking comment. The growth of Chinese-controlled digital services has become a major topic of concern for U.S. national security officials. Lawmakers in Congress last year on an overwhelmingly bipartisan basis voted to force the Chinese parent company of the popular video-sharing app TikTok to divest or face a nationwide ban though the app has since received a 75-day reprieve from President Donald Trump, who is hoping to work out a sale. The code linking DeepSeek to one of China's leading mobile phone providers was first discovered by Feroot Security, a Canadian cybersecurity company, which shared its findings with The Associated Press. The AP took Feroot's findings to a second set of computer experts, who independently confirmed that China Mobile code is present. Neither Feroot nor the other researchers observed data transferred to China Mobile when testing logins in North America, but they could not rule out that data for some users was being transferred to the Chinese telecom. The analysis only applies to the web version of DeepSeek. They did not analyze the mobile version, which remains one of the most downloaded pieces of software on both the Apple and the Google app stores. The U.S. Federal Communications Commission unanimously denied China Mobile authority to operate in the United States in 2019, citing 'substantial' national security concerns about links between the company and the Chinese state. In 2021, the Biden administration also issued sanctions limiting the ability of Americans to invest in China Mobile after the Pentagon linked it to the Chinese military. 'It's mindboggling that we are unknowingly allowing China to survey Americans and we're doing nothing about it,' said Ivan Tsarynny, CEO of Feroot. 'It's hard to believe that something like this was accidental. There are so many unusual things to this. You know that saying 'Where there's smoke, there's fire'? In this instance, there's a lot of smoke,' Tsarynny said. Stewart Baker, a Washington, D.C.-based lawyer and consultant who has previously served as a top official at the Department of Homeland Security and the National Security Agency, said DeepSeek 'raises all of the TikTok concerns plus you're talking about information that is highly likely to be of more national security and personal significance than anything people do on TikTok," one of the world's most popular social media platforms. Users are increasingly putting sensitive data into generative AI systems — everything from confidential business information to highly personal details about themselves. People are using generative AI systems for spell-checking, research and even highly personal queries and conversations. The data security risks of such technology are magnified when the platform is owned by a geopolitical adversary and could represent an intelligence goldmine for a country, experts warn. 'The implications of this are significantly larger because personal and proprietary information could be exposed. It's like TikTok but at a much grander scale and with more precision. It's not just sharing entertainment videos. It's sharing queries and information that could include highly personal and sensitive business information,' said Tsarynny, of Feroot. Feroot, which specializes in identifying threats on the web, identified computer code that is downloaded and triggered when a user logs into DeepSeek. According to the company's analysis, the code appears to capture detailed information about the device a user logs in from — a process called fingerprinting. Such techniques are widely used by tech companies around the world for security, verification and ad targeting. The company's analysis of the code determined that there were links in that code pointing to China Mobile authentication and identity management computer systems, meaning it could be part of the login process for some users accessing DeepSeek. The AP asked two academic cybersecurity experts — Joel Reardon of the University of Calgary and Serge Egelman of the University of California, Berkeley — to verify Feroot's findings. In their independent analysis of the DeepSeek code, they confirmed there were links between the chatbot's login system and China Mobile. 'It's clear that China Mobile is somehow involved in registering for DeepSeek,' said Reardon. He didn't see data being transferred in his testing but concluded that it is likely being activated for some users or in some login methods. ___
Associated Press
05-02-2025
- Business
- Associated Press
Researchers say China's DeepSeek chatbot is linked to state telecom, raising data privacy concerns
WASHINGTON (AP) — The website of the Chinese artificial intelligence company DeepSeek, whose chatbot became the most downloaded app in the United States, has computer code that could send some user login information to a Chinese state-owned telecommunications company that has been barred from operating in the United States, security researchers say. The web login page of DeepSeek's chatbot contains heavily obfuscated computer script that when deciphered shows connections to computer infrastructure owned by China Mobile, a state-owned telecommunications company. The code appears to be part of the account creation and user login process for DeepSeek. In its privacy policy, DeepSeek acknowledged storing data on servers inside the People's Republic of China. But its chatbot appears more directly tied to the Chinese state than previously known through the link revealed by researchers to China Mobile. The U.S. has claimed there are close ties between China Mobile and the Chinese military as justification for placing limited sanctions on the company. DeepSeek and China Mobile did not respond to emails seeking comment. The growth of Chinese-controlled digital services has become a major topic of concern for U.S. national security officials. Lawmakers in Congress last year on an overwhelmingly bipartisan basis voted to force the Chinese parent company of the popular video-sharing app TikTok to divest or face a nationwide ban though the app has since received a 75-day reprieve from President Donald Trump, who is hoping to work out a sale. The code linking DeepSeek to one of China's leading mobile phone providers was first discovered by Feroot Security, a Canadian cybersecurity company, which shared its findings with The Associated Press. The AP took Feroot's findings to a second set of computer experts, who independently confirmed that China Mobile code is present. Neither Feroot nor the other researchers observed data transferred to China Mobile when testing logins in North America, but they could not rule out that data for some users was being transferred to the Chinese telecom. The analysis only applies to the web version of DeepSeek. They did not analyze the mobile version, which remains one of the most downloaded pieces of software on both the Apple and the Google app stores. The U.S. Federal Communications Commission unanimously denied China Mobile authority to operate in the United States in 2019, citing 'substantial' national security concerns about links between the company and the Chinese state. In 2021, the Biden administration also issued sanctions limiting the ability of Americans to invest in China Mobile after the Pentagon linked it to the Chinese military. 'It's mindboggling that we are unknowingly allowing China to survey Americans and we're doing nothing about it,' said Ivan Tsarynny, CEO of Feroot. 'It's hard to believe that something like this was accidental. There are so many unusual things to this. You know that saying 'Where there's smoke, there's fire'? In this instance, there's a lot of smoke,' Tsarynny said. Stewart Baker, a Washington, D.C.-based lawyer and consultant who has previously served as a top official at the Department of Homeland Security and the National Security Agency, said DeepSeek 'raises all of the TikTok concerns plus you're talking about information that is highly likely to be of more national security and personal significance than anything people do on TikTok,' one of the world's most popular social media platforms. Users are increasingly putting sensitive data into generative AI systems — everything from confidential business information to highly personal details about themselves. People are using generative AI systems for spell-checking, research and even highly personal queries and conversations. The data security risks of such technology are magnified when the platform is owned by a geopolitical adversary and could represent an intelligence goldmine for a country, experts warn. 'The implications of this are significantly larger because personal and proprietary information could be exposed. It's like TikTok but at a much grander scale and with more precision. It's not just sharing entertainment videos. It's sharing queries and information that could include highly personal and sensitive business information,' said Tsarynny, of Feroot. Feroot, which specializes in identifying threats on the web, identified computer code that is downloaded and triggered when a user logs into DeepSeek. According to the company's analysis, the code appears to capture detailed information about the device a user logs in from — a process called fingerprinting. Such techniques are widely used by tech companies around the world for security, verification and ad targeting. The company's analysis of the code determined that there were links in that code pointing to China Mobile authentication and identity management computer systems, meaning it could be part of the login process for some users accessing DeepSeek. The AP asked two academic cybersecurity experts — Joel Reardon of the University of Calgary and Serge Egelman of the University of California, Berkeley — to verify Feroot's findings. In their independent analysis of the DeepSeek code, they confirmed there were links between the chatbot's login system and China Mobile. 'It's clear that China Mobile is somehow involved in registering for DeepSeek,' said Reardon. He didn't see data being transferred in his testing but concluded that it is likely being activated for some users or in some login methods.
