Most of the two dozen hospital cyberattacks globally in the first half of 2016, including 13 in the U.S., involved ransomware, said a McAfee Labs threats report Wednesday: Those attacks, which largely infected systems through phishing, weren't executed by malicious actors normally seen. "The code and attack was effective but not very sophisticated," the report said. But money can be made quickly through these attacks; the report said ransom paid in Q1 attacks against hospitals was about $100,000 total. The report said most hospitals didn't pay ransom, but those targeted by one threat called "samsam" did seem to pay. McAfee, which is part of Intel Security, said hospitals are easy targets due to a "combination of legacy systems with weak security, a lack of employee security awareness, a fragmented workforce, and the pressing need for immediate access to information." Experts at an FTC event last week on ransomware (see 1609070044) said it's a growing threat that's spreading to sectors beyond healthcare.

One in three Americans was hit with a computer virus, hacked or suffered some other cyberattack over the past year, said a Zogby Analytics survey Tuesday. A news release on the survey, commissioned by Munich Re’s Hartford Steam Boiler Inspection and Insurance, said adults 18 to 24 were the most likely victims. Overall, in one-quarter of the cases, people spent up to $5,000 per incident to recover. About 56 percent spent less than $500. Sixty-six percent said they were concerned about potential cyberattacks, and 62 percent worried about online fraud. The online survey polled 1,500 U.S. adults.

A dramatic increase in commercial and recreational drones -- expected to triple in four years -- will create bigger safety risks from collisions, cyberattacks and terrorism, said insurer Allianz in a report released Tuesday. Use of unmanned aircraft systems (UAS) likely would result in fewer work accidents and worker compensation losses, and speed up insurance claims, it said. But millions more drones in widespread use also could increase risks -- mainly mid-air collisions and loss of control -- resulting in potential multimillion-dollar claims against businesses, operators and manufacturers, Allianz added. Concerns that drones could be used for malicious acts and other "risk scenarios include the prospect of hackers ‘spoofing’ a UAS radio signal, potentially leading to a crash, the potential loss or theft of valuable recorded data when the device is transmitting information to the control station or after the flight by cyber-attack when the data has been stored," the report said. Registering drones and operators, training and educating pilots and using on-board cameras, flight communications and system maintenance are crucial to improving safety, said Allianz. Separately, ABI Research said in a Tuesday news release the small drone commercial market will exceed $30 billion by 2025.

Lack of compelling content and user-experience “issues” are still among the “main impediments” to the mainstream consumer adoption of virtual-reality and augmented-reality products and services, said a Perkins Coie survey report Monday. The law firm teamed with Upload, which runs a San Francisco “collective” dedicated to helping VR and AR startups get off the ground, to canvass 653 startup founders, tech company executives and investors. Thirty-seven percent cited inadequate content offerings as the most significant “obstacle” blocking VR and AR adoption, the report said. “Just as content was the fuel that launched many successful technology products, our respondents clearly believe that high-quality and robust content is key to moving the AR/VR industry forward.” Thirty-eight percent said they see “bulky hardware and technical glitches” as the top industry impediments, the report said. “Mobile VR taps into the continued proliferation of mobile devices to combat some of the barriers identified in the survey related to cost and the need for bulky equipment.”

More than 300 educational technology companies have signed the Student Privacy Pledge, which lists legally enforceable commitments designed to protect K-12 student data, said the Future of Privacy Forum and the Software & Information Industry Association in a Monday news release. Major signatories include Apple, AT&T, Blackboard, Google and Microsoft. FPF and SIIA launched the initiative in 2014 with 14 companies. Companies commit to 12 obligations, including not to sell students' personal information or collect or use such data for anything else other than educational purposes, said the release. “The Pledge’s enforceable provisions have also driven a rapid growth of the privacy-minded culture within companies today that places privacy first in the development process alongside functionality,” said Brendan Desetti, SIIA director-education policy, in the release. In December, the Electronic Frontier Foundation filed a complaint with the FTC against Google, alleging the company has been collecting and data mining personal data of school children in violation of the pledge. Google maintained it does comply (see 1512010068). The FTC didn't comment on the status of the complaint.

ICANN’s Competition, Consumer Trust & Consumer Choice Review Team (CCT-RT) is aiming to issue a draft report by the end of 2016 on its ongoing review of consumers’ opinions on the new generic top-level domains (gTLD) program, said ACT | The App Association President Jonathan Zuck, a member of the review group, in a blog post. CCT-RT decided during a meeting last month in Vienna “there is a need to help applicants understand underlying business models” of the new gTLD program, he said Friday. The review team reached that conclusion after reviewing initial survey results, Zuck said. An Analysis Group initial report said registrations of new gTLDs account for 50 percent of overall growth in the gTLD space and that average and median registration process have continued to decline. A Nielsen initial report said the new gTLD program hasn’t eroded consumer trust and consumers are interested in seeing the Domain Name System evolve to make it easier to find businesses by category. Nielsen said about half of surveyed consumers and registrants believe use of new gTLDs that may have an implied meaning should be restricted to certain entities, such as only banks using .bank domain names. CCT-RT plans to seek community input on interim recommendations during ICANN’s Nov. 3-9 meeting in Hyderabad, India, Zuck said.

EvanTube's YouTube channels that provide content to families and children will now include an audio disclosure before new sponsored videos to let viewers, especially children, understand they're about to see advertising, said the Children's Advertising Review Unit (CARU), the ad industry's investigative unit administered by the Council of Better Business Bureaus, in a Monday news release. EvanTube channels, including EvanTubeHD, EvanTubeRAW and EvanTubeGaming, feature videos of a young boy named Evan and his family involved in art projects, field trips, games and other activities. EvanTube generates 85 percent of revenue from pre-roll ads, which run before the family-produced content, said CARU, while 15 percent comes from sponsored product deals made directly with children's marketers. The investigative unit said it determined that sponsored content is both national advertising defined by the Self-Regulatory Program for Children’s Advertising guidelines and native advertising, which means ads look like the editorial content of the channels. In examining 132 sponsored videos on EvanTube, the investigative unit said 84 provided some text disclosure and only 36 included an audio disclosure. Citing FTC guidelines on native ads (see 1512220031), CARU said it didn't agree with EvanTube's arguments that children understand "brought to you by [brand]" or "sponsored by [brand]" nor did EvanTube provide evidence how children understand or interpret such terms. CARU concluded sponsored videos are ads and should be labeled as such with a "prominent audio disclosure" before the sponsored content begins. EvanTube didn't comment, but CARU said EvanTube said it appreciated the review and agreed with the recommendation.

CenturyLink lags behind other U.S. ISPs in Netflix streaming speeds during prime time, but it’s improved slightly, Netflix said in a blog post Monday about its August ISP speed index. CenturyLink’s average monthly speed increased to 1.88 Mbps in August from 1.69 Mbps in July, but remained in last place among U.S. ISPs, Netflix said. Verizon Fios and Bright House led ISPs with 3.62 Mbps in August each, followed closely by Optimum (3.58 Mbps), Cox (3.57 Mbps) and Charter (3.51 Mbps). CenturyLink disputed the methodology of using average speeds and claimed other ISPs have an advantageous relationship with Netflix. "This average does not differentiate between 1.5 Mbps and 1 Gig customers, which factors into our overall ranking," a company spokeswoman said. "This ranking also does not address bandwidth constraints caused indirectly by Netflix due to Netflix’s unwillingness to treat CenturyLink like other large national Internet Service Providers in the United States." CenturyLink hopes to establish negotiate a commercial deal with Netflix to enhance its customer experience on the streaming service, she said.

The Consumer Federation of America and its ID theft working group created a checklist to help organizations that suffered a data breach choose a service provider to mitigate and recover from any potential damage. CFA said in a Tuesday news release the checklist includes asking whether ID theft service providers will provide ways for victims to reduce damage, if services are available round the clock, if monitoring is provided and how quickly alerts are sent. The consumer group said organizations should ask providers if they can handle multiple languages, if personnel are specially trained to help victims and whether they will continue helping victims even after a contract ends. The list also covers state and federal laws that require breach disclosure and whether such recovery services should be acquired in advance or after a breach has been detected. The Identify Theft Resource Center recently reported a total of 638 breaches affecting more than 28.5 million records.

Autonomous cars are "no longer a thing of the distant future,” Pam Fletcher, General Motors executive chief engineer, told a Citigroup technology conference in New York. Not everyone “can operate a car, so autonomous vehicles provide them with an option,” she said Tuesday. “The most important benefit we see is absolutely safety.” More than 35,000 people die yearly on U.S. roads, and more than 90 percent “of those deaths are caused by human error," she said. GM’s $581 million acquisition of Cruise Automation in March (see 1607220003) “provides us with a team of talented software engineers who are creating the algorithms and the code to bring full autonomy to life and deliver autonomous technology in an on-demand ride-sharing service,” Fletcher said. What really attracted GM to Cruise was not only its autonomous-driving capabilities, but also that it was developing them “literally on the downtown streets of San Francisco,” she said. As an autonomous-driving test bed, San Francisco is “one of the most complex environments to try to build and deploy new technology,” she said. “The right answer for deployment of autonomous vehicles is in a ride-shared network." GM invested in Lyft (see 1601040068).