http://www.databreaches.net/?p=8326
Health Net Loses Information for 450,000 Clients: AG
November 18, 2009 by admin Filed under Breach Incidents, Healthcare Sector, Lost or Missing
Health Net, whose motto is “A Better Decision,” may have made a very very bad decision in not informing consumers of a breach involving their protected health information and sensitive personal information.
Leanne Gendreau reports:
The personal information for almost half a million Connecticut residents could be at risk after a hard drive disappeared from Health Net six months ago.
The hard drive disappeared from Health Net’s Shelton office in May, Attorney General Richard Blumenthal said.
Health Net is a regional health plan and the drive included health information, social security number and bank account numbers for all 446,000 Connecticut patients, he said. The information had been compressed, but not encrypted, although a specialized computer program is required to read it.
Blumenthal said he’s “outraged” that the company never told customers or police and only told the AG on Wednesday.
Read more on NBC.
[From the NBC article:
Health Net officials said they were not able to determine which information was on the disk, so they investigated and learned the information was saved in an image format [Suggests scanned documents Possibly in TIFF format Bob] that cannot be read without special software, but it contained personal information for many past and present Health Net members.
… If customers find suspicious activity between May 2009 and the date the identity protection service starts Health Net will provide assistance. [I'll be very interested in seeing what “assistance” they provide. Bob] They have not received any reports of data misuse. [How would anyone know to “report” a problem to Health Net? More interesting, if someone did report a problem would Health Net have taken any action? (i.e. Did they have a procedure in place from “last May” until they announced the breach?) Bob]
(Related) How quickly the numbers change.
http://www.databreaches.net/?p=8333
UPDATE: 1.5 Million Medical Files At Risk In Health Net Data Breach
November 19, 2009 by admin Filed under Breach Incidents, Healthcare Sector, Lost or Missing, Of Note, U.S.
Matthew Sturvedant reports:
A hard drive with seven years of personal and medical information on about 1.5 million Health Net customers, including 446,000 in Connecticut, was lost six months ago and was first reported Wednesday, state and company officials said.
The insurance company informed the state attorney general’s office and the Department of Insurance Wednesday of the security breach that puts personal medical records at risk in a historic lapse, the first of its kind to be publicly reported.
A portable, external hard drive with Social Security numbers and medical records “disappeared” and is still missing from the insurer’s Northeast headquarters in Shelton, a Health Net spokeswoman said Wednesday.
The hard drive contains Social Security numbers, medical records and health information dating to 2002 for 1.5 million customers — past and present — in Arizona, Connecticut, New Jersey and New York, the spokeswoman said.
Read more in the Hartford Courant.
[From the Courant article:
The missing hard drive at Health Net is the first publicly reported, widespread release of patients' medical records, at least in recent state history. [Sounds like lawyer wording to me. Were there privately reported breaches before? How recent is recent? Bob]
More thought from Canada
http://www.pogowasright.org/?p=5526
Privacy issues and the Smart Grid
November 19, 2009 by Dissent Filed under Other
The Smart Grid brings many benefits – but privacy protection must be built into the design of this new technology before an explosion of personal data erupts, Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, cautioned today in a new white paper.
“The overarching privacy concern associated with Smart Grid technology is its ability to greatly increase the amount of information that is currently available relating to the activities of individuals within their homes – their habits and behaviors,” said the Commissioner.
Intimate details of hydro customers’ habits, from when they cook or take showers, to when they go to bed, plus such security issues as whether they have an alarm system engaged, could all be discerned by the data automatically fed by appliances and other devices to the companies providing electric power.
The Commissioner and co-authors, Jules Polonetsky and Christopher Wolf, co-chairs of the Washington-based Future of Privacy Forum, issued a white paper, Smart Privacy for the Smart Grid: Embedding Privacy in the Design of Electricity Conservation, which emphasizes the importance of building privacy directly into Smart Grid technology, as the default option.
“The smart grid will provide benefits for the economy and the environment and could mean savings for individual consumers,” said Jules Polonetsky. “But the success of the grid will be completely dependent on consumers trusting that their data is being handled responsibly. If companies do not get privacy right from the start, billions will have been spent in vain.”
“The information collected on a Smart Grid will form a library of personal information, the mishandling of which could be highly invasive of consumer privacy,” said Christopher Wolf. “There will be major concerns if consumer-focused principles of transparency and control are not treated as essential design principles, from beginning to end.”
Brian Krebs of Security Fix writes:
In an interview with Security Fix, Polonestsky said some utilities have adopted the stance that existing regulations already prevent them from sharing customer data without prior authorization. But he noted that as power companies transition to the smart grid, those utilities are going to be collecting — and potentially retaining — orders of magnitude more data on their customers than ever before.
“Relatively speaking, [utilities] aren’t big marketing companies with big back end databases ready to handle the tidal wave of data that’s coming,” he said. “But we’re a little worried that without some serious planning now, there’s going to be quite a challenge in a couple of years when people start realizing that maybe should think about developing some solid data retention policies that address what’s going to be done with all of this data.”
“I've got some good news and some bad news.”
http://www.pogowasright.org/?p=5524
NZ: PIs should not be restricted more than public – Sir Geoffrey
November 19, 2009 by Dissent Filed under Legislation, Non-U.S.
Private investigators should not be restricted from taking photos or recording people any more than the general public is, Law Commission president Geoffrey Palmer says.
However, restrictions on the general public were too lax, he said.
There was “no justification” for private investigators to be singled out for restrictions when ordinary members of the public did not face the same ones, Sir Geoffrey told NZPA.
He presented the commission’s briefing on the issue to Parliament’s justice select committee this morning. The committee is considering the Private Security Personnel and Private Investigators Bill.
Read more on the National Business Review.
[From the article:
"The police are different. The police are law enforcement officers. That's a totally different set of policy considerations.
"This is not about that. This is about what surveillance powers do ordinary citizens have and to what degree should they be restricted." [“Police good, citizens scum.” Bob]
Will the cable or telecom providers with monopolies fight this trend to the death?
First Finland, Now Spain Makes Broadband Access a Legal Right.
By Zee on November 19, 2009
Building a Bigger Brother?
Chicago's Camera Network Is Everywhere
Posted by timothy on Wednesday November 18, @06:04PM from the oh-it's-just-you-big-brother dept.
DesScorp writes
"Over the past few years, the City of Chicago has installed video cameras all over the city. Now the Wall Street Journal reports that the city has not only installed its own cameras for law enforcement purposes, but with the aid of IBM, has built a network that possibly links thousands of video surveillance cameras all over Chicago. Possibly, because the city refuses to confirm just how many cameras are in the network. [Consider that they may never have counted them Bob] Critics say that Chicago is becoming the city of Big Brother. 'The city links the 1,500 cameras that police have placed in trouble spots with thousands more—police won't say how many—that have been installed by other government agencies and the private sector in city buses, businesses, public schools, subway stations, housing projects and elsewhere. Even home owners can contribute camera feeds. Rajiv Shah, an adjunct professor at the University of Illinois at Chicago who has studied the issue, estimates that 15,000 cameras have been connected in what the city calls Operation Virtual Shield, its fiber-optic video-network loop.' There are so many camera feeds coming in that police and officials can't monitor them all, but when alerted to a situation, can zoom in on the area affected. The ACLU has requested a total number of video feeds and cameras, but as of yet, this information has not been supplied."
Something fishy about this. (Read the comments) Good (as in, we follow best practices) encryption would still be impossible to crack in my lifetime. Are pedophiles so stupid that they actually carry images through customs on their laptops rather than encrypt them and email them to themselves?
US Government Using PS3s To Break Encryption
Posted by timothy on Wednesday November 18, @05:16PM from the purchase-order-shenanigans dept.
Entropy98 writes
"It seems that the US Immigration and Customs Enforcement Cyber Crimes Center, known as C3, has replaced its '$8,000 Tableau/Dell server combination' with more efficient and much cheaper $300 PS3s. Each PS3 is capable of 4 million passwords per second, and C3 currently has 20 PS3s with plans to buy 40 more. Naturally this is only being used to break encryption on computers seized with a warrant and suspected of harboring child pornography."
[From the article:
After securing a warrant, agents can seize and search a suspect's computer, but the Fourth Amendment prevents authorities from forcing suspects to surrender their passwords, Davenport said. [They don't need a warrant to seize the computer, do they? Bob]
… The networked Playstation 3s can process 4 million passwords per second, cutting down on the time necessary to find the correct combination. [Not each Playstation Bob]
For my Intro to Computer Security class. How simple is encryption?
Quickly & Easily Protect & Encrypt Files With Conceal
Nov. 18th, 2009 By Guy McDowell
This should be banned. My students are scary enough in 2-D
http://www.maximumpc.com/article/howtos/how_build_your_own_3d_camera_rig
How to Build Your Own 3D Camera Rig for Under $20
Posted 11/18/09 at 11:00:00 PM by Eric Kurland
No comments:
Post a Comment