http://www.databreaches.net/?p=7700
850,000 doctors could be hit by potential data breach from insurer’s stolen laptop
October 6, 2009 by admin Filed under Breach Incidents, Healthcare Sector, Of Note, Theft, U.S.
Emil Berry reports on a recent breach that was originally described as affecting “tens of thousands” of people. Now it appears that the breach was much bigger:
A file containing identifying information for every physician in the country contracted with a Blues-affiliated insurance plan was on a laptop computer stolen from a BlueCross BlueShield Assn. employee. It is not yet known whether any identity theft has resulted from the data breach.
The file included the name, address, tax identification number and national provider identifier number for about 850,000 doctors, Jeff Smokler, spokesman for the Chicago-based Blues association, said Oct. 6. That number represents every physician who is part of the BlueCard network, which allows Blues members to access networks in other states, Smokler said.
Some 16% to 22% of those physicians listed — as many as 187,000 — used their Social Security numbers as a tax ID or NPI number, Smokler said.
[...]
An unidentified employee downloaded the unencrypted file onto his personal computer to work on it at home, a practice that is against company policy, he said. [But apparently there was no mechanism to actually prevent or detect this violation. Bob]
Read more on amednews.com
[From the article:
Smokler said Oct. 5 that he didn't know exactly when the laptop was stolen. He said the organization "became aware of it" about three weeks ago.
(Related)
http://www.databreaches.net/?p=7708
TN: 68 Blue Cross Blue Shield hard drives stolen
October 6, 2009 by admin Filed under Breach Incidents, Healthcare Sector, Of Note, Theft, U.S.
Yet another Blue Cross Blue Shield breach in the news this week, although it’s not clear yet whether any PII or PHI are involved. Joe Legge reports:
Monday, Blue Cross Blue Shield workers noticed something missing here at their Eastgate offices. Dozens of computer hard drives weren’t where they were supposed to be. 68 drives to be exact.
Authorities say a burglar alarm went off Friday… but Blue Cross didn’t report the possible theft until making a visual inspection days later. Sgt. Jerri Weary with the Chattanooga Police Department says “they could have been taken anytime during the weekend.”
[...]
A Blue Cross spokesperson says she doesn’t know if the missing drives contain private patient information.
Read more on WDEF news. Cross-posted from PHIprivacy.net
[From the article:
Blue Cross tells WDEF News 12 the "alarm" that was triggered was not something that made a *sound.*
Their computer systems generated a notice that there was an issue with the servers. [Not so much a burglar “alarm” as a burglar “Tweet” “I am now breaking into the building...” Bob]
Update: Someone is eventually going to say “Yes”
http://www.databreaches.net/?p=7715
Hannaford breach case not over yet
October 7, 2009 by admin Filed under Business Sector, Commentaries and Analyses, Hack, ID Theft, Of Note, U.S.
Trevor Maxwell reports:
Just as a potential class-action lawsuit against Hannaford Bros. appeared dead, there’s a glimmer of hope this week for consumers who hope to recover damages from the Scarborough-based grocer for a massive electronic data theft in late 2007 and early 2008.
The federal judge overseeing the case plans to ask Maine’s highest court its opinion on a legal question that has no precedent in this state: Do Hannaford shoppers who had to be reimbursed by their banks and went through other hassles associated with stolen account numbers have the right to seek damages for their effort and lost time?
Read more in the Portland Press Herald.
We can, therefore we must! (I can't help it, this article reads like a straight-line generator.)
http://www.pogowasright.org/?p=4413
Airport developments: strip searches, Clear program
October 7, 2009 by Dissent Filed under Govt, Surveillance, U.S.
EPIC.org notes:
The Transportation Security Administration (TSA) has plans to greatly expand its use of whole body imaging machines at airports around the country. The x-ray machines, which each cost over $100,000, capture detailed, graphic images of passengers’ naked bodies. In June, the House of Representatives overwhelmingly passed a measure that would restrict TSA’s use of these machines. The measure is pending in the Senate. The Privacy Coalition has urged the Department of Homeland Security to suspend the program until privacy and security risks can be fully evaluated. EPIC has also filed Freedom of Information Act requests for the contracts with the vendor Rapiscan.
Also affecting airport travelers: Scott Powers reports in the Chicago Tribune that three companies are bidding to take over the Clear Registered Travel program.
But now at least three companies, including FLO Corp., which ran a separate registered traveler program in Reno, Nev., are bidding to buy Clear’s customer lists and re-establish the service. Orlando International, which was the first Clear airport in 2005 and hosted the most registered travelers, may be the location the companies want most.
“It’s the plum,” FLO managing partner Fred Fischer said. “It’s the peach.”
FLO, a Delaware corporation; Henry Inc. of California; and at least one other bidder that has not been publicly identified have made formal pitches to Morgan Stanley, which gained control of the assets after Clear’s parent company, Verified Identity Pass, shut down June 22.
Where does whistle blower end and “Hacker enabler” begin?
http://www.theregister.co.uk/2009/10/06/paypal_banishes_ssl_hacker/
Man banished from PayPal for showing how to hack PayPal
Some hacking tools more equal than others
By Dan Goodin in San Francisco Posted in Security, 6th October 2009 23:03 GMT
If it quacks like a duck...
Court Rules For Software Ownership Over Licensing
Posted by kdawson on Wednesday October 07, @01:32AM from the broke-it-you-bought-it dept.
valderost writes
"Out-law.com reports on a finding of the US District Court for the Western District of Washington, in favor of an individual reselling Autodesk's AutoCAD software in 'his claim that he owned the software and had the right to sell it on.' The decision hinges on some technicalities in the Autodesk license and conflicting precedents involving a Vanessa Redgrave film, but it's good news for the idea that a software purchase is just that. 'The Court said that it had to follow [the film] case's precedent because it was older than another conflicting ruling, and that it could not choose a precedent based on the most desirable policy. "The court's decision today is not based on any policy judgment. Congress is both constitutionally and institutionally suited to render judgments on policy; courts generally are not," the Court ruled. "Precedent binds the court regardless of whether it would be good policy to ignore it."'" [...and often, good logic. Bob]
Interesting read...
http://news.cnet.com/8301-27080_3-10369070-245.html?part=rss&subj=news&tag=2547-1_3-0-20
Q&A: Amit Yoran talks cybersecurity
by Elinor Mills October 7, 2009 4:00 AM PDT
West Point graduate Amit Yoran went from security work in the Air Force, the Defense Department, and private industry before being tapped as director of cybersecurity for the Department Homeland Security.
He joined DHS in September 2003 and left about a year later, the first of several cybersecurity directors to have a short tenure.
… What is the state of cybersecurity today?
Yoran: The organized crime, the criminal element today, is organized. They've got capability and because there is money on the line they've got phenomenal intent and focus and persistence. Last year, the FBI director said that more money was made using online cybercrime than by drug trafficking in the U.S. It's a mind-boggling number to people who aren't familiar with it... About 30 percent of the cybercrime today uses anti-forensic techniques, so you're literally not going to find them even if you know to look for them... The FBI also said that over 100 foreign governments have structured offensive cyberwarfare organizations as part of their network security and intelligence infrastructure. So the industry and the IT world is getting decimated by the cybercriminals and the nation-state activity is even more advanced than that. The technologies we're using to protect ourselves, that we're relying on, the dirty secret within the IT security world is that they're incapable almost by definition of dealing with the advanced threats of cybercrime or nation states.
The challenge faced by the government departments and agencies is 98 or 99 percent similar to the challenge faced by enterprise IT environments which is very blatantly the IT security industry is not equipped to deal with the advanced threats. If we think we're monitoring systems and if we think we're protecting our systems using the products we have then we're uninformed about the threat, or misleading ourselves or just plain loony.
Passwords are not adequate security, example 4,999,852 How lazy can you be? This is on an unrestricted system. What controls has your organization implemented to prevent useless passwords like this?
http://www.wired.com/threatlevel/2009/10/10000-passwords/
Most Common Hotmail Password Revealed!
By Kim Zetter October 6, 2009 1:15 pm
A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.
Forty-two percent of the passwords used lowercase letters from “a to z”; only 6 percent mixed alpha-numeric and other characters.
Big Brother – the home game! NOTE TO SELF: Reporting a crime might be a crime since it's illegal to look a cameras via the Internet, so can I get TWO rewards?
http://www.pogowasright.org/?p=4401
UK site offers cash for online CCTV snooping
October 6, 2009 by Dissent Filed under Featured Headlines, Internet, Non-U.S., Surveillance
Marc Chacksfield reports:
A new website is offering a £1,0000-a-month reward for spotting crimes captured on live CCTV cameras.
The initiative asks users to monitor random cameras across the country and report back on any dodgy behaviour. If you successfully report a crime, then you could be in for a cash reward.
On the Internet Eyes website (http://interneteyes.co.uk) the online snooping system is described as: “uniquely designed to be proactive in detecting crime as it happens… The general public can watch CCTV camera’s anywhere, and instantly alert the camera owner when a crime is committed.”
Looking at CCTV feeds on the internet breaches the UK’s Data Protection Act. ITPro has handily picked out a piece of legislation which highlights this, explaining that, when it comes to using CCTV images, “it would not be appropriate to disclose images of identifiable individuals to the media for entertainment purposes or place them on the internet.”
Read more on TechRadar.
As the technology make this easier...
http://www.bespacific.com/mt/archives/022499.html
October 06, 2009
Study Says Employers Increasingly Monitoring Outbound Emails
National Law Journal: "The economy has employers extra jittery about company secrets getting out, so nervous that they're hiring staff just to monitor outbound e-mails. That's the conclusion of a recent study by Proofpoint, an Internet security and data loss prevention company, which found that 38 percent of large U.S. employers are monitoring outbound e-mail to prevent data leaks, up from 29 percent in 2008."
(Related)
http://news.cnet.com/8301-13577_3-10368956-36.html?part=rss&subj=news&tag=2547-1_3-0-20
Survey: Over half of U.S. workplaces block social networks
by Caroline McCarthy October 6, 2009 4:32 PM PDT
A majority of U.S. workplaces block access to social-networking sites like Facebook and Twitter, new survey results commissioned by consulting firm Robert Half Technology indicate. Fifty-four percent block social networks "completely," while another 19 percent only permit it "for business purposes."
Only 10 percent of companies surveyed permit social-network use on the job for any kind of personal use; 16 percent allow "limited" personal use, according to the results released Tuesday.
Interesting in that there is no interpretation or commentary on the laws, just the law itself. Why this update required “many hours of hard work” is beyond me.
http://www.bespacific.com/mt/archives/022501.html
October 06, 2009
Intelligence Community Legal Reference Book 2009
Intelligence Community Legal Reference Book, Office of the Director of National Intelligence (Published Summer 2009 - 949 pages, PDF, declassified), released Summer 2009.
Robert S. Litt, General Counsel: "The Intelligence Community draws much of its authority and guidance from the body of law contained in this collection. We hope this proves to be a useful resource to professionals across the federal government. This new edition is the result of many hours of hard work. I would like to extend my thanks to those across the Community who assisted the Office of General Counsel in recommending and preparing the authorities contained herein. I hope you find this book a valuable addition to your library and a useful tool as you carry out your vital mission."
Wow! I didn't see this one coming... Now my iPhone-phreak buddy can remove his hack.
http://tech.slashdot.org/story/09/10/07/1133243/ATampT-To-Allow-VoIP-On-iPhone?from=rss
AT&T To Allow VoIP On iPhone
Posted by Soulskill on Wednesday October 07, @08:47AM from the writing-on-the-wall dept.
Toe, The writes
"On Tuesday, AT&T announced it will allow Apple to enable Voice over Internet Protocol applications, such as Skype, to run on its 3G wireless data network. Apple stated, 'We will be amending our developer agreements to get VoIP apps on the App Store and in customers' hands as soon as possible.' And Skype, while happy over the move, also stated, 'the positive actions of one company are no substitute for a government policy that protects openness and benefits consumers.'"
Retaliation in the age of the Internet. Lots of good examples of bad lawsuits?
http://www.msnbc.msn.com/id/33179582/ns/technology_and_science-tech_and_gadgets/
Hey, kids! Hate school? Don't tell Facebook!
The First Amendment right to insult one's school increasingly challenged
By Helen A.S. Popkin msnbc.com updated 7:06 a.m. MT, Tues., Oct . 6, 2009
… Even schools you elect to attend, for example, the Salon Professional Academy of Elgin, Ill., can also act as an oxygen vortex. At least that’s the opinion of a Nicholas Blacconiere, an academy student under legal fire for enshrining his negative opinions and those of others on a private page he posted on the world’s most popular social networking site.
Global Warming! Global Warming! Why is everything tied to Global Warming! Wouldn't these log books be interesting by themselves?
Captain Bligh's Logbooks To Yield Climate Bounty
Posted by kdawson on Tuesday October 06, @09:02PM from the ball-bearing-ink-smears dept.
Pickens writes
"The BBC reports that researchers are digitizing the captains' logs from the voyages of Charles Darwin on HMS Beagle, Captain Cook from HMS Discovery, Captain Bligh from The Bounty, and 300 other 18th and 19th century ships' logbooks to provide historical climate records for modern-day climate researchers who will use the meteorological data to build up a picture of weather patterns in the world at the beginning of the industrial era. The researchers are cross-referencing the data with historical records for crop failures, droughts and storms and will compare it with data for the modern era in order to predict similar events in the future. 'The observations from the logbooks on wind force and weather are astonishingly good and often better than modern logbooks,' says Climatologist Dr. Dennis Wheeler from the University of Sunderland. 'Of course the sailors had to be conscientious. The thought that you could hit a reef was a great incentive to get your observations absolutely right!' The logbooks will be online next year at the UK's National Archives."
(Related) One of my students observed that since Al Gore invented the Internet and then discovered Global Warming!, we can safely conclude that the Internet causes Global Warming!
For my Statistics class. Correlation is not causation. (Post hoc, ergo propter hoc?)
http://news.cnet.com/8301-27083_3-10368885-247.html?part=rss&subj=news&tag=2547-1_3-0-20
Are married white men in convertibles doomed to deafness?
by Elizabeth Armstrong Moore October 6, 2009 5:13 PM PDT
I'm not sure how many of my students have iPhones, but some do. Do you suppose Apple would give me one for testing? (Some of these apps run on PCs too)
http://news.cnet.com/8301-17939_109-10368874-2.html?part=rss&subj=news&tag=2547-1_3-0-20
Useful educational iPhone apps for students
by Don Reisinger October 6, 2009 3:46 PM PDT
For the Swiss Army folder, in case I need to type War & Peace in the original Russian.
Just funny
Dilbert's plan to correct inequalities in pay.
No comments:
Post a Comment