December 2022


Most contractors hired by the Department of Defense over the past five years failed to meet required minimum cyber security standards, posing a significant risk to US national security.

Managed services vendor CyberSheth released a report on November 30 showing that 87% of the Pentagon supply chain fails to meet basic cybersecurity minimums. Those security gaps are subjecting major defense contractors and their subcontractors to massive cyberattacks, putting US national security at risk.

Those risks have been well known for some time without efforts to fix them. According to CyberSheth, this independent study of the Defense Industrial Base (DIB) is the first to show that federal contractors are not properly protecting military secrets.

DIB is a complex supply chain consisting of 300,000 primes and subcontractors. The government allows these approved companies to share sensitive files and communicate securely to get their jobs done.

To keep those secrets safe, defense contractors will soon be required to meet Cybersecurity Maturity Model Certification (CMMC) compliance. Meanwhile, the report warns that nation-state hackers are actively and specifically targeting these contractors with sophisticated cyberattack campaigns.

“Awarding contracts to federal contractors without first validating their cybersecurity controls is a complete failure,” Eric Noonan, CEO of CyberSheth, told TechNewsWorld.

Defense contractors have been mandated to meet cyber security compliance requirements for more than five years. Those terms are embedded in more than a million contracts, he said.

alarming details

The Merrill Research Report 2022, commissioned by CyberSheth, revealed that 87% of federal contractors have a sub-70 Supplier Performance Risk System (SPRS) score. The metric shows how well a contractor meets Defense Federal Acquisition Regulation Supplement (DFARS) requirements.

DFARS has been in law since 2017 and requires a score of 110 for full compliance. Critics of the system considered the 70 to be “good enough”. Yet, the overwhelming majority of contractors still come up short.

Eric Noonan said, “The report’s findings show a clear and present threat to our national security.” “We often hear about threats to supply chains that are more susceptible to cyberattacks.”

The DIB is the Pentagon’s supply chain, and we see how poorly prepared contractors are despite being in the crosshairs of risk actors.

“Our military secrets are not secure, and there is an urgent need to improve the cyber security posture for this group, which often does not meet even the most basic cyber security requirements,” Noonan warned.

more report findings

Survey data came from 300 US-based DOD contractors, with accuracy tested at the 95% confidence level. The study is completed in July and August 2022, with CMMC 2.0 on the horizon.

Roughly 80% of DIB users failed to monitor their computer systems around the clock and lacked US-based security monitoring services. Other deficiencies were evident in the following categories that would be required to achieve CMMC compliance:

  • 80% lack a vulnerability management solution
  • 79% lack a comprehensive multi-factor authentication (MFA) system
  • 73% lack an endpoint detection and response (EDR) solution
  • 70% have not deployed Security Information and Event Management (SIEM)

These security controls are legally required of the DIB, and since they are not met, there is a significant risk to the DoD and its ability to conduct armed defense. In addition to widespread non-compliance, 82% of contractors find it “moderately to extremely difficult to understand government regulations on cyber security”.

Confusion prevails among contractors

As per reports, some of the DIB’s defense contractors focused on cyber security have only been halted by roadblocks.

When asked to rate DFARS reporting challenges on a scale of one to 10 (with 10 being extremely challenging), about 60% of all respondents rated “understanding requirements” a seven out of 10 or more. Also regular documentation and reporting were on top of the list of challenges.

The primary barriers listed include challenges in understanding the steps required to achieve compliance, difficulty in implementing sustainable CMMC policies and procedures, and the overall cost involved.

Unfortunately, these results are in line with what CyberSheth expected, Noonan acknowledged. He said the research confirmed that even fundamental cyber security measures such as multi-factor authentication were largely ignored.

Noonan said, “This research, combined with the False Claims Act case against defense giant Aerojet Rocketdyne, shows that defense contractors both large and small are not meeting contractual obligations for cyber security and that the DoD has access to their supplies.” There is systemic risk in the series.”

no big surprise

Noonan believes the Defense Department has known for a long time that the defense industry is not addressing cyber security. News reporting of never-ending nation-state violations by defense contractors, including large-scale incidents like the SolarWinds and False Claims Act cases, prove that point.

“I also believe that the DoD has run out of patience after giving contractors years to fix the problem. Only now is the DoD going to make cyber security a pillar of contract acquisition,” Noonan said.

He noted that the planned new DoD doctrine would be “no cyber security, no contract”.

Noonan acknowledged that there is merit to some of the conflicts raised by contractors about difficulties in understanding and meeting cyber requirements.

“It is a fair point as some of the messaging from the government has been inconsistent. In fact, however, the requirements have not changed since 2017,” he offered.

what will happen next

Perhaps the DoD will adopt a stricter policy with contractors. If contractors complied with the legislation required in 2017, the entire supply chain would be in a much better shape today. Despite some communication challenges, the DoD has been incredibly consistent on what is required of defense contractor cybersecurity, Noonan said.

The current research now sits on top of a mountain of evidence that proves federal contractors have a lot of work to do in improving cyber security. It is clear that without enforcement from the federal government the work will not get done.

“Trust without verification failed, and now DoD is moving to enforce verification,” he said.

DoD response still pending

TechNewsWorld submitted written questions to the DoD about the supply chain criticism in the CyberSheath report. A spokesperson for the Cyber/IT/DOD CIO for the Department of Defense responded, adding that it would take a few days to investigate the issues. We’ll update this story with any response we get.

A government standards agency’s crackdown on potential post-quantum cryptographic algorithms will strongly stimulate the PQC market over the next five years, according to an international research and advisory firm.

In its recently released Post-Quantum Cryptography Applications Analysis report, ABI Research predicts PQC revenue to grow 12% from US$196 million in 2022 to $218.6 million in 2023 and 20% from $328.7 million in 2026 to 2027 395.3 million dollars.

The nascent market will kick into high gear once the National Institute of Standards finalizes its choice of PQC algorithm, the report said.

“NIST is the foremost standards development organization leading PQC algorithm development, and depends on the successful completion of this process, after which work on algorithm integration and protocol updates is advanced by other organizations, industry associations, and open source movements.” “ABI Cyber ​​Security Applications Research Director Michaela Menting said in a statement.

“The progress of work in these forums will be a sign of technology maturity, and the goal for vendors will be to introduce ‘plug and play’ type technologies to their respective industries, allowing commercial integration and ease of adoption.”

Ray Harishankar, quantum safe lead at IBM, told TechNewsWorld, “When NIST announced that it has selected four encryption and digital signature algorithms to build quantum-secure standards by 2024, the field took an important step.” Is.”

Preparing for PQC Migration

The ABI’s growth forecast was not surprising to some in the quantum domain. “Since the latest NIST announcement, the cork has partially come out of the bottle,” Ben Packman, senior vice president of strategy at PQShield, a cryptography standards developer in Oxford, UK, told TechNewsWorld.

“They were a lot of people who were waiting to see what NIST would announce to think about their plans for migration to PQC,” he explained.

“I say out of the bottle partly because until those standards are ratified in 2024 – it is just the promise of a standard. Still, it allows people to plan with some certainty, ” They said.

When the standards are finalized, they will have a significant impact on the technology industry because everyone from vendors to standards bodies relying on cryptography will need to adapt to the changes and updated protocols, Samantha Mabe, product marketing management for Entrust Director, an identity solutions provider from Shakopee, Minn., explained to TechNewsWorld.

Post CEO Anderson Cheng said, in addition to vendors and standards bodies, anyone who needs to keep a secret for more than 10 years needs to follow NIST’s work closely, because that time period is at quantum risk. Well within the time limit. Quantum, a quantum-secure encryption, blockchain and digital identity company based in London.

Cheng told TechNewsWorld that the NSA, GCHQ, DOD and MI6 are seeing their encrypted data stolen right now. “From time to time, their internet traffic is being diverted to some Eastern European country for two or three hours at a time and then back to normal. The consensus is that Russia or some adversary is conducting rehearsals to suck up the data and decrypt it later.

NIST is not alone in crafting cryptography standards for the post-quantum era. “Work is also underway at other standards bodies – such as the IETF – to update secure message formats – such as S/MIME email and code signing – and secure protocols – such as TLS – to adopt PQC, which includes hybrid cryptographic data structures. including formalizing systems — such as composite certificates — for those who don’t think they’re ready yet to put all their eggs in the post-quantum basket,” Mabe said.

infrastructure review

Achieving the revenue growth forecast by ABI will require overcoming several challenges. For example, the PQ solution state is likely to remain unstable for some time. Mabe said, “While we move to PQ-safe algorithms today, we must acknowledge that they are a less mature set of algorithms and that it is important to remain agile as they may still need to change in the future. “

The technology demands posed by PQC solutions will be a challenge for both vendors and customers. Mabe pointed out that organizations will need to do a health check on their technology and the cryptography that exists in their infrastructure today to ensure that they have the right scale to support the additional computing power required by these new algorithms. There are other technologies.

Another challenge facing PQC will be the breadth and diversity of existing commercial cryptographic applications. For example, migrating to something like TLS is relatively simple. You add new cipher suites to the list, and if both peers support it, it is used. Otherwise, you go down the list that both partners support.

“Contrast that with data warehouses containing encrypted data over the last 30 years or with PKI-enabled ID badges, ePassports or gift cards,” Mabe said. “You can upgrade the card to PQ, but what happens when it encounters a terminal that hasn’t been upgraded since 2015?”

Packman said that PQC requires a change in the way people think about implementing cryptography. “In the past, people would cook in something and forget about it,” he explained. “With the advancement of computers, it is now clear that things need to be constantly updated over time. There needs to be some agility in the way people implement cryptography. Different types for different types of scenarios. will have algorithms.”

If you’re looking for a solution for low-end mobile devices that works equally well for portable devices that are usually desk-bound, consider the Poly Sync 20 Speakerphone.

The unit I tested is the limited-edition pink version of the Poly Sync 20. The pink device has all the same features as the gray fabric and frame version, which serves as a personal speakerphone, a portable music speaker, and a smartphone charger.

Aside from the unique pink fabric covering on top of the limited edition, the standard-color gray device pictured above won’t disappoint.

For every Pink Sink unit sold from October 1, 2022 through September 30, 2023, Pauley will donate $10 to the National Breast Cancer Foundation. This is a good incentive to consider purchasing this product.

The gray and pink versions are currently list-priced at $129.95. However, the cost ranges from $89.95 to $149.95 depending on special offers and optional features.

Hassle Free Sound Upgrade

I had no problem connecting the portable multi-purpose speaker to all my devices. These include laptop computers and full-size desktop computer configurations running Windows, macOS, and Linux.

In most cases, the device immediately defaults to the poly speaker when connected. Otherwise, all I had to do was select the sound card or speaker device I wanted to connect in the computer’s system settings.

The 28″ included USB Type-A cable is long enough to reach the host computer’s connection port if placed nearby. A second USB port lets you use a longer cable if needed, or other connectors to interface with devices like Chromebooks. If you don’t need the included USB cable for connection, you can wrap it around the bottom of the base to hide it.

Poly Sync 20 Pink Bluetooth Smart Speakerphone

Poly Sync 20 Pink USB/Bluetooth Smart Speakerphone (Image Credit: Poly)

On the top edge of the front are five touch buttons marked with icons. On the far left is a rocket silhouette indicating buttons for programming. You can program frequently used functions such as play/pause music, last-number redial and voice assistant.

There’s a phone icon on the top right button to answer (flash green) or end (red) a phone call. In the center are buttons for volume down (-), volume up (+), and microphone on/off (the mic icon with a line through it).

To the right of the speakerphone is the Bluetooth pairing button on the left, the second USB port in the middle, and the on/off power button on the right. Speakerphone announces when it connects and disconnects from all devices.

great sound quality

When I’m away from my desktop computer’s terrible soundbar, I spend most of my time suffering through subpar sound reproduction from my portable gear. Thus, I’ve endured countless portable speakers in my travels.

Some were adequate, though rarely more than a little loud. So, testing the Poly Smart Speakerphone was an unexpected treat.

Impressive sound quality bathed my ears with deep bass tones and rich treble sound. I frequently clicked between the tiny laptop speaker and the connected Polly speaker to confirm that my ears weren’t deceiving me. Every time I was more struck by the clear sound gradation, which didn’t wobble when transferred between devices.

Whether I was having a mobile phone conversation, making a video call, or playing audio files or selecting music, the Poly Portable Speaker sounded great.

Useful, Smart Design

The Poly boasts an intelligent design, multiple connectivity options and a bundle of extra features. It’s small with dimensions measuring 1.3″ x 3.7″ x 7.2″, lightweight at 12.7 ounces, and has tons of extra features that bundle the jobs of multiple portable tools into one super handy tool.

You can use Poly Speakerphone to share voices from around the room during a call. It is also a useful battery charger for various types of mobile devices.

Poly Sync 20 speakerphone can be used to charge a smartphone

The Poly Sync 20 can charge a smartphone via USB (Image credit: Poly)

It also comes with a carry case and lanyard. Apart from protecting the speakerphone from dust and dirt while carrying it around, the cloth case has limited utility. The purpose of the lanyard remains a mystery.

The 3200mAh non-replaceable Lithium-Ion battery takes about four hours to fully charge, providing 20 hours of talk time.

Other Notable Specs

Poly has packed this speakerphone with additional impressive components that serve better than expected:

  • Bluetooth 5.1, Multi microphones that track the talker with a frequency response of 100Hz to 6.7KHz and a pickup range of up to seven feet.
  • Dynamic audio makes conference calls smooth and clear despite the speaker’s small size (1.6″), delivering a peak audio output of 86dB SPL at 0.5m.
  • Noise cancellation and echo reduction circuitry drive significant improvements in performance compared to similar portable speaker products.

Poly provides separate procurement device management solutions for enterprise use. But I had a more than satisfactory experience for my one-person office needs.

ground level

The Poly Sync 20 is a change of pace for the Poly line of speakerphone webcams (see my Poly Studio P5 webcam review) that fits in with the company’s focus on the needs of remote and hybrid workers.

For many users, the Poly Sync 20 will prove to be better than wearing a headset, especially during long cell phone calls. It also helps the user not to be seen wearing headgear while participating in a business video call.

Poly Sync is compatible with 20 of the most popular meeting platforms including Microsoft Teams, Zoom, Google Meet, Cisco, RingCentral and more.

As if defenders of the software supply chain didn’t have enough attack vectors to worry about, they now have a new one: machine learning models.

ML models are at the heart of technologies such as facial recognition and chatbots. Like open-source software repositories, models are often downloaded and shared by developers and data scientists, so a compromised model can have effects on multiple organizations at once.

Researchers from machine language security company HiddenLayer revealed in a blog post on Tuesday how an attacker could use a popular ML model to deploy ransomware.

The method described by the researchers is similar to how hackers use steganography to hide malicious payloads in images. In the case of ML models, the malicious code is hidden in the model’s data.

According to the researchers, the steganography process is quite general and can be implemented on most ML libraries. He added that the process need not be limited to embedding malicious code in models and can also be used to extract data from an organization.

machine learning model hijacking

Image Courtesy of HiddenLayer

Attacks can also be operating system agnostic. The researchers pointed out that OS and architecture-specific payloads can be embedded in the model, where they can be loaded dynamically at runtime depending on the platform.

flying under the radar

Tom Bonner, senior director of adversarial threat research at Austin, Texas-based HiddenLayer, said that embedding malware in ML models provides some advantage to an adversary.

“It allows them to fly under the radar,” Bonner told TechNewsWorld. “This is not a technology that is detected by current antivirus or EDR software.”

“It also opens up new targets for them,” he said. “It’s a direct route into data scientist systems. It’s possible to dump machine learning models hosted on public repositories. Data scientists will pull it down and load it, then it’s patched.”

“These models are also downloaded to various machine-learning ops platforms, which can be very scary because they can have access to Amazon S3 buckets and steal training data,” he continued.

“most of [the] Machines running machine-learning models tend to have bigger, fatter GPUs, so bitcoin miners can be very effective on those systems as well,” he said.

HiddenLayer demonstrates how its hijacked pre-trained ResNet model executed a ransomware sample the moment it was loaded into memory by PyTorch on its test machine.

first mover advantage

Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz., often likes to exploit unanticipated vulnerabilities in new technologies.

“Attackers looking for first-mover advantage in these frontiers can enjoy both less preparation and proactive protection by exploiting new technologies,” Clements told TechNewsWorld.

“This attack on machine-language models looks like it could be the next phase of the cat-and-mouse game between attackers and defenders,” he said.

Threat actors will take advantage of whatever vectors they can to carry out their attacks, explained Mike Parkin, senior technical engineer at Vulkan Cyber, a provider of SaaS for enterprise cyber risk remediation in Tel Aviv, Israel.

“It’s an unusual vector that can outperform some common tools if done carefully,” Parkin told TechNewsWorld.

Traditional anti-malware and endpoint detection and response solutions are designed to detect ransomware based on pattern-based behaviors, including virus signatures and monitoring key API, file, and registry requests on Windows for potential malicious activity , Chief Security Officer Morey Haber explained. BeyondTrust, a developer of privileged account management and vulnerability management solutions in Carlsbad, California.

“If machine learning is applied to the delivery of malware such as ransomware, traditional attack vectors and even detection methods can be changed to appear non-malicious,” Haber told TechNewsWorld.

potential for extensive damage

Attacks on machine-language models are on the rise, said Karen Crowley, director of product solutions at Deep Instinct, a deep-learning cybersecurity company in New York City.

“It’s not critical yet, but widespread damage is likely,” Crowley told TechNewsworld.

“In the supply chain, if the data is poisoned so that when the model is trained, the system is also poisoned, then that model can make decisions that reduce rather than strengthen protection,” he explained.

“In the cases of Log4j and SolarWinds, we saw an impact not only on the organization that has the software, but all of its users in that chain,” she said. “Once ML is introduced, the damage can add up quickly.”

Casey Ellis, CTO and founder of BugCrowd, which operates a crowdsourced bug bounty platform, said attacks on ML models could be part of a larger trend of attacks on software supply chains.

Ellis told TechNewsWorld, “Just as adversaries can attempt to compromise the supply chain of software applications to insert malicious code or vulnerabilities, they can also compromise the supply chain of machine learning models to insert malicious or biased data or algorithms.” can also target.

“This can have a significant impact on the reliability and integrity of AI systems and can be used to undermine trust in the technology,” he said.

Publam for Script Kiddies

Threat actors may show increased interest in machine models because they are more vulnerable to people than they thought.

“People have known this was possible for a while, but they didn’t realize how easy it was,” Bonner said. “It’s fairly trivial to put together an attack with a few simple scripts.”

He added, “Now that people have realized how easy it is, this script is in the realm of children.”

Clements agreed that the researchers have shown that it does not require hardcore ML/AI data science expertise to insert malicious commands into training data that can then be triggered by ML models at runtime.

However, he continued, more sophistication is required than run-of-the-mill ransomware attacks that rely primarily on simple credential stuffing or phishing to launch.

“Right now, I think the popularity of the specific attack vector is likely to subside for the foreseeable future,” he said.

“Exploiting this requires an attacker compromising the upstream ML model project used by downstream developers to download pre-trained ML models to the victim, with embedded malicious commands from an unauthenticated source.” exploits,” he explained.

“In each of these scenarios,” he continued, “it appears that there would be much easier and more straightforward ways to compromise the target than simply inserting entangled exploits into the training data.”

A loophole in the rules governing the advertising of stimulant drugs must be closed, according to a report released on Monday by an international think tank.

Many telehealth companies aggressively market stimulant drugs to users on social media without the typical disclosures found in pharmaceutical ads, according to a 39-page report from the Center for Data Innovation, which data , studies the intersection of technology and technology. public policy.

It clarified that telehealth companies can post advertisements for prescription drugs without including any warnings or information about side effects due to technicalities in drug advertising laws and regulations.

Many ads on social media for stimulant medication target audiences concerned with attention deficit and hyperactivity disorder. The Center for Data Innovation report referenced this November 2021 tweet from Clarity ADHD:

Klarity ADHD Tweet Ad Gets Adderall Prescribed Online for ADHD

Image Source: Clarity ADHD Twitter Feed

“The majority of medical providers who offer treatment for ADHD act in the best interests of their patients and prescribe stimulant medications when medically necessary,” said Morgan Stevens, author of the report.

“But some newer telehealth companies, such as Cerebral and Done, have abused the advertising loophole to market stimulant drugs,” she told TechNewsWorld.

Cerebral declined to comment for this story. Kiya did not respond to a request for comment.

bullets in front of people

The report notes that the consumption of stimulant drugs has increased over the past few decades, following a pattern similar to the opioid epidemic.

Stimulant drug consumption continued to rise during the COVID-19 pandemic, with some telehealth companies taking advantage of lax regulations to offer prescriptions for stimulants with little medical supervision or appropriate care.

However, despite the increased consumption and availability of stimulant drugs, stimulant abuse, and more prescriptions, face less scrutiny than other Schedule II controlled substances, such as opioids, it added.

The report noted that several regulatory changes designed to promote the use of telehealth during the pandemic allowed more remote services to be delivered than ever before, including prescribing stimulant drugs.

In pursuit of rapid growth, it continued, some telehealth companies prioritize customer retention and satisfaction over ensuring that patients receive appropriate, high-quality care.

The report notes that some companies operating in the telehealth space do not meet the standards for in-person psychiatric care.

The diagnostic process for ADHD usually involves a lengthy evaluation in which a medical provider will review the patient’s clinical history, discuss reported symptoms, and ask for information from the patient’s friends and family. Could Instead, some companies evaluate patients during 30-minute appointments before reaching a diagnosis and prescribing stimulant medications.

‘Assisted Ads’

Companies advertising ADHD drugs were able to avoid more stringent regulations by not mentioning specific drugs by name.

Unlike ads that name specific drugs, the report noted that these ads—classified by the FDA as “help-seeking ads”—discuss a condition or disease but do not refer to a specific medical treatment for it. Let’s give

Instead, these ads would list the symptoms caused by ADHD and encourage viewers to seek treatment from a medical professional if they experience symptoms.

Google Ads search result for Buy Adderall online from ADHD treatment provider turned up

December 5, 2022 — A Google search for “buy Adderall online” brings up the first result which is an ad for Done.

However, the report notes that many of the symptoms listed in the ads are general to the human condition and may not indicate that a person has ADHD.

In disseminating information about ADHD symptoms without providing additional context, these ads run the risk of misleading viewers into thinking they have ADHD and should take medications to treat the condition without understanding the risks.

It states that viewers may identify with one or more of the common symptoms presented in the ad and seek medical treatment for the condition. This may result in some viewers receiving a misdiagnosis and medically unnecessary treatment.

Law enforcement audits of telehealth platforms

Although some telehealth providers offering mental health services may have played a role in a sharp increase in stimulant drug prescriptions during the COVID-19 pandemic, the report urged policymakers to focus on improving oversight of those providers. is — and rather than punishing those who violate the law — seeking retribution for the telehealth industry as a whole.

Among the actions recommended in the report are policy makers having law enforcement agencies regularly audit telehealth platforms to identify bad or negligent actors responsible for unnecessary prescriptions.

However, Dr. Jeffrey Singer, a surgeon and senior fellow at the Washington, DC think tank Keto Institute, sees some problems with law enforcement playing a role in regulating the medical profession.

“I don’t know many law enforcement people who have medical or pharmacological degrees, but they decide what is excessive and what is not,” he told TechNewsWorld.

“Whether doctors are overprescribing, underprescribing or prescribing inappropriately is a medical decision, not a decision for the criminal legal system,” he said.

In a white paper published in November, Singer and Cato Research Fellow Trevor Burruss argued that medical mismanagement of pain, which causes harm to patients, is best addressed through the civil tort system.

,[S]States establish professional licensing boards specifically to enforce the ‘standard of care’ provided by those professionals,” he wrote. “Law enforcement has no medical expertise and no knowledge of narcotics and psychoactive They should have no role in classifying substances.”

doctor crossing the state line

Stevens countered that the Drug Enforcement Administration, Department of Health and Human Services, and state law enforcement agencies are already investigating physicians and organizations in the health care industry, in addition to the regular audits the DEA conducts for controlled substances.

“The DEA, HHS and states have the ability to expand these operations to ensure compliance with more controlled substances,” he added.

The report also recommended that doctors be allowed to treat patients across state lines. She suggested that policy makers increase the number of providers patients can see to receive mental health services. With telehealth, patients can receive remote medical care from providers in various locations.

It states that state policymakers should join licensing compacts that enable medical providers to practice across state lines.

In testimony before Congress, Singer suggested lawmakers go even further. He told the Senate Subcommittee on Communications, Media and Broadband, “Congress should define ‘place of care’ as the state in which the practitioner is located as opposed to the state in which the consumer of the service resides.”

“This change will increase access to care and allow patients to access expertise that may exist in areas of the country that are otherwise beyond their reach,” he explained. “It would also remove protections from out-of-state competitors that health care providers otherwise enjoy. The increased competition would again be to the benefit of patients.”

Keep a Watchful Eye on Telehealth Providers

The report states that the telehealth startup economy grew due to regulatory changes from the COVID-19 pandemic. These new companies enabled patients to receive medical care from the comfort of their homes and provided medical benefits that would otherwise be unavailable. Still, some telehealth providers have taken advantage of these changes to the detriment of patients.

Given the benefits of telehealth and the ease of access, it continued, policymakers should continue to drive regulatory changes that have helped the companies flourish. However, they must work to ensure that remote patients receive the same level of care as they would during an in-person appointment.

It’s the season of gift giving. I usually take the easy way out with gift cards, but I’ve found that taking the easy way out can have problems. Two Amazon gift cards I purchased did not reach their intended recipients. Amazon quickly replaced one, but the other was stolen and used. I’m still waiting for a resolution on that.

This will likely be the last year until or unless Amazon shifts to store credit. It’s very easy to lose a card, and the postal service is less than reliable these days. I plan on getting cards out to people so they can get whatever they want for Christmas during Black Friday and Cyber ​​Monday, but if they don’t get the cards in time, there’s really no point.

think it through

When giving a gift, it’s important to sit back and think about why you’re giving it. Is it a mutual, friend or family obligation? Do you want to impress the person or just give them a reason to think about you? Is it something that would reflect on your job, your relationships, or your status?

All of these questions will determine how much time you put into the gift, but if you don’t spend most of that time thinking about what the recipient will want, there’s a good chance you’ll both be disappointed with the result.

If you can’t figure out what to give someone, gift cards are a great option. The recipient doesn’t have to return what you bought them if they don’t like it, which can hurt a bit if you’ve had a lot of time choosing a gift.

I avoid highly personalized gifts like perfume, cologne, clothes, or jewelry unless I really know the person’s tastes or they have specifically asked for it. I also avoid personal electronics for the same reason. It never hurts to ask someone what they want for Christmas.

For this guide, I’m going to focus on one vector: the things that people will see and think of you when they do. I’ll break down each gift by price, but the overall theme will be things that will help them remember you.

Under $25 – Supledck 5×7 Picture Frame

For less than $25, I’d go with a talking picture frame and any memorable photos you have of the person you’re giving the gift to.

I found the Supledck 5×7 picture frame on Amazon for $21.99.

SUPLEDCK 5x7 Picture Frame Personalized 20S Voice Recordable Picture Frame

You can record the memory and especially any anecdotes about what happened before, during, or after the picture was taken.

You can create some embarrassing stuff too – and with some Photoshop skills, you can make that photo a lot more memorable.

$50 and Under $100 – Damascus Chef Knife

As we approach the $50 and $100 range, consider shopping on Etsy, a site where makers sell their goods, but you’ll need to know your recipient’s interests. If they’re into cooking, consider these distinctive chef’s knives.

My pick under $50 is the Hand Forged Damascus Steel Blade Custom Chef Knife very well made, affordable at $33, and the Damascus treatment on the blade looks great.

For just under $100—also on Etsy—I found a handmade black chef’s knife set. This set looks amazing too, and is on sale for a massive 70% off on $98 at the time of this writing, making it a bargain.

Hand Forged Damascus Chef's Knife Set of 5

These are good looking knives; They won’t break the bank, and the reviews are strong. I was tempted to grab a set for myself, and I still might.

Soundcore by Anker Space Q45 Headphones – Under $150

We are now in a price range where electronics can make sense. Noise-canceling headphones are a staple for any of us who travel, but a pair you can sleep in can be problematic. You can try earbuds, but when worn for a long time, they make my ears itch, which is not conducive to sleeping.

The most comfortable headphones I’ve tested this year — priced at $149.99 on Amazon — are the Soundcore by Anker Space Q45 headphones.

Soundcore by Anker Space Q45 Noise-Cancelling Headphones

Their noise cancellation is impressive for the price, and they were soft enough to sleep on while wearing them when I last traveled to Europe. I arrived far more comfortably than I otherwise would have – especially considering how iffy airlines are to get you to your destination these days.

Under $250 – Fi Series 3 Pet Collar

If someone has a pet, they are probably worried that the pet will get out and get lost. The best GPS collar I’ve found is the Fi Collar, which is now in its third series. We have the Series 2 for two of our three dogs and we love it. One time, our new little male wandered out into the yard, but I was able to quickly track him down with the Fi collar and my smartphone.

Fi Series 3 Dog Collar GPS Pet Tracking Device

The caller itself is free with a one-year service plan for $192. It has a long battery life and will provide great peace of mind if you have a pet that wonders. Granted, it’ll be cool for one year, but it potentially sets up subsequent annual gifts if the recipient loves the collar as much as we do.

Related Tips for Pet Guardians: The Next Door app posts near-daily alerts from people who have lost their pets.

Under $500 – Meta Quest 2 VR Headset

Now we are starting to talk about serious money.

One of the most fun gifts for everyone but the person using it – well, initially, anyway – is the Meta Quest 2 Advanced all-in-one virtual reality headset with 256GB of memory for my favorite Quest 2 games, Bundled with two of Resident Evil and Beat Saber.

Meta - Quest 2 Resident Evil 4 Bundle with Beat Saber - 256GB

The Meta Quest 2 is a boneless headset which makes it more secure than other options. Watching Resident Evil 4 play can be just as entertaining for the people watching it as it is for the player playing the game. Beat Saber remains my favorite sport, and I can work up a sweat playing it, making it an excellent aerobic activity as well.

Best Buy has the Meta – Quest 2 Resident Evil 4 Bundle with Beat Saber – 256GB on sale for $429.99.

Under $1,000 – LG 48″ OLED TV

At $1,000 we’re talking gifts for a spouse or significant other you really want to impress or for a child who has a big event coming up, like graduation, or deserves a significant award. This price point really comes down to knowing what the person wants.

While I wouldn’t normally recommend a TV, LG is having a huge sale on its 48″ OLED TV, which is normally $1,299 but is currently $799.

LG A1 48 Inch Class 4K Smart OLED TV w/ ThinQ A

I have one of these in our bedroom, and it’s Brilliant!, Impressive colors – blacks are very black – and sound is so good I’ve put off using a soundbar with this TV.

If you want something the recipient will see a lot and likely remember you by, the LG 48″ OLED TV is a great choice.

Over $1,000 – HP Dragonfly Folio 13.5″ G3 2-in-1 Notebook PC

I was going to get some crazy stuff like a yacht that’s also a submarine, the Jetsons One flying car, or any man’s dream ride, the Lamborghini Countach LPI 800-4 remake, which I’m still weaning myself off. .

Instead, I’ve decided to introduce my favorite laptop of the year, the HP Dragonfly Folio G3 Notebook. It’s not cheap to date as it costs over $3,000 fully configured, but, to me, it’s the perfect laptop, especially if configured with the optional WUXGA+ and 1000 Nits Low Blue Light touchscreen displays and 5G Are.

HP Dragonfly Folio 13.5″ G3 2-in-1 Notebook PC

The Dragonfly Folio G3 is covered in the best durable leather – not made from cows, but it feels natural – at 3 pounds it feels light though, has good performance (up to an Intel i7), and a whole Daylong battery life, so you can leave the charger in your hotel room, home, or backpack.

It’s got an 8K video camera, auto background blur to hide what’s behind you, some of the most impressive noise cancellation tech I’ve tested yet, and quad speakers, which are great for watching movies in your hotel room. Huh.

Oh, and it has a cantilevered screen that’s perfect for watching TV or movies on a plane or in bed. Perfect for someone like me who travels a lot but wants their entertainment to go wherever they go.

Alternative pick for gamers – Alienware M17 R5 Gaming Laptop

One option for the gamer in your life is the AMD-based Alienware m17 Gaming Laptop, which is the most powerful gaming laptop I’ve tested all year. The M17 can be configured with an AMD Ryzen 9 6900HX processor and either an AMD or Nvidia discrete mobile graphics solution, including the Radeon RX 6850 or Nvidia RTX 3080 TI.

Alienware M17 R5 Gaming Laptop Keyboard View

Fully configured, it’s less expensive than the HPs mentioned above, although you can get up to six hours of battery life when not gaming if you configure it correctly. If you’re gaming, you need a plug and a massive power supply, but for the gamer in your life, the Alienware M17 R5 Gaming Laptop is one you’ll love.

that’s a wrap

There’s no Product of the Week, because really, all of the above are worthy of that designation. So we’ll leave it there with my hope that Santa is good to you this year. Be careful of icy roads. My wife and neighbor were just rear ended in two separate accidents. Happy Holidays!