Security and Privacy Blog

TTS's Security and Privacy blog offers news, announcements, and insights on responsible data use and best practices related to security and privacy at Tufts.

Relationship among various categories

A Quick Primer on AI

(Gary Weingarden, Privacy Officer & Director IT Security | Published February 2024)

It seems like everything comes with a fancy “AI” feature these days. I get lots of questions! This post will explain some of the basics; later we’ll explore some of the risks, challenges, and really cool features of AI and related systems.

What is Artificial Intelligence? What is Generative Artificial Intelligence?

AI has been around for a long time, and ChatGPT and other Generative AI are only the most recent, trendy example. A popular definition of AI is: a computer system “that can perform tasks typically requiring human intelligence, such as problem-solving, decision-making, language understanding, and perception.” There are more elaborate definitions, and definitions that are more technical (see discussion of Russell and Norvig), but AI is a broad category that, depending on the definition can include everything from the Antikythera mechanism, to an ATM, to Google’s autocomplete, to Deep Blue (which defeated the chess world champion, Garry Kasparov back in 1997). Frankly, the concept AI is often unhelpful because how much it covers.

 Learn more about AI and Generative AI.

Cyber crime

Unpacking the MOVEit Breach

(Gary Weingarden, Privacy Officer & Director IT Security | Published October 2023)

If you haven't heard about it yet, a software product called MoveIT was compromised by a group called cl0p. Lots of businesses used MoveIT, and many of those businesses provided data related services to other businesses, so the exposure is spread out, and those impacted may be once- or more-removed from the buseinss that whose data was compromised. As a result, you may have already heard about other MoveIT-related breaches. If you're curious about the details, you can learn more here. Tufts has learned that NASCO, which provides technology to health insurers, like BCBSMA, was impacted. If you are a Tufts employee or dependent who is enrolled in our BCBSMA, you may receive a notice from NASCO. The notice will include instructions for how to sign up for 24 months of free credit monitoring and identity theft protection and the number for a toll-free call center. If you need more information, the best source is the call center phone number provided in the notice. 

Learn more about statistics and analysis behind the MOVEit Breach.

PII

Is this Personally Identifiable Information?

(Gary Weingarden, Privacy Officer & Director IT Security | Published September 2023)

Is this PII? I get this question a lot. Or the similar claim “I removed all the PII.” I regret to inform you, that’s not quite how it works. Don’t get me wrong, I know what you mean, but we’re really not talking about Personally Identifiable Information. In fact, the term “PII” doesn’t appear in many laws. PII is shorthand for what lawyers call covered data–any data that’s subject to a law or contract. PII casts a wider net than you’d expect and includes more than things like name, address, and SSN

Learn more about PII, what it is and what to keep in mind.