http://www.phiprivacy.net/?p=1984
HIPAA Harm Threshold Works, Say Providers
By Dissent, February 8, 2010 10:04 am
Dom Nicastro reports:
HHS’ “harm threshold” standard in its interim final rule on breach notification will prevent healthcare organizations from overwhelming patients with unnecessary breach notification [I want to hear every time. Bob] responses, according to providers who work with privacy and security.
At the 18th annual National HIPAA Summit Friday, Judi Hofman, CAP, CHP, CHSS, privacy/information security officer for Cascade Healthcare Community at St. Charles Medical Center in Bend, OR, and Debbie Mikels, corporate manager, confidentiality for Partners Healthcare System in Boston, said the provision published August 24 in the Federal Register gives covered entities the power to prevent unnecessary notifications.
“If you flood your patients with huge concerns, you’re going to open up a floodgate of problems in your organization where you really may not have had a risk to start with,” Hofman said.
Read the full coverage on Health Media Leaders.
[From the article:
According to the interim final rule, the important questions are:
In whose hands did the PHI land? [If you don't know (95% of the cases?) should you assume Mother Teresa? Bob]
Can the information disclosed cause "significant risk of financial, reputational, or other harm to the individual"? [And please have this opinion in writing signed by a C-level manager who is willing to “bet his job” he is correct. Bob]
Was mitigation possible? For example, can you obtain forensic proof that a stolen laptop computer's data was not accessed? [No. You can show there is no evidence of access, but lack of evidence is not proof the data was not accessed. Bob]
(Related) Consider this a lesson from the weasel-wording 101 textbook.
http://www.databreaches.net/?p=9904
AvMed: Data of 208,000 at risk after Gainesville theft
February 8, 2010 by admin
The Gainesville Sun reports that AvMed Health Plans announced that personal information of some current and former subscribers may have been compromised [If they define compromised the way most dictionaries do (expose or make liable to danger, suspicion, or disrepute ) there is no “may have been” The data was stolen. Bob] by the theft of two company laptops from its corporate offices in Gainesville on Dec. 11.
The information includes names, addresses, phone numbers, Social Security numbers and protected health information, according to an AvMed news release.
“The theft was immediately reported to local authorities but attempts to locate the laptops have been unsuccessful,” according to the news release. “On December 23, 2009, AvMed determined that the data on one of the laptops may not have been protected properly, [Well DUH! The information was stolen, clearly it wasn't protected adequately. They mean it wasn't encrypted. Bob] and approximately 80,000 of AvMed’s current subscribers and their dependents may be affected. An additional approximate 128,000 former subscribers and their dependents, dating back to April 2003, may also have been affected.”
Read more in The Gainesville Sun.
A copy of AvMed’s release does not appear to be available on their web site at the time this entry was filed.
[From the article:
The random way the data was listed makes the risk of identity theft very low, the company said. [The data is very unlikely to be listed randomly, although it may appear so to non-techies. Bob]
… It announced the breach in a release dated Feb. 5. [Less than two months. Bob]
The delay in announcing the breach was to avoid hindering the investigation and to set up identity protection services. [Because we never considered that we might have a breach, so we made no effort to contract with a service before the breach. Bob]
There are currently no known reports of identity theft, [Not that anyone knew who to report to until your announcement. Bob] but Ruiz-Topinka said AvMed will have a better idea once members start registering for identity protection.
… AvMed has also implemented additional security procedures and training. [I wonder if the procedures now require data to be encrypted or portable devices to have low-jack software installed? Bob]
They have about 50 million people. If the proportion held in the US, we would be seeing more than 30 million “cases” a month!
http://www.databreaches.net/?p=9909
Za: Hijacked IDs are fuelling spending sprees
February 9, 2010 by admin
Identity theft has increased phenomenally in South Africa, reaching such a level that a major retailer is thinking about installing photo-recognition or fingerprint scanners in its stores.
Johan Kok, chief operating officer of JD Group, said identity theft had become much more sophisticated in the past five years. Their group is part of the South African fraud-prevention service, and they see between five and six million cases of fraud a month.
JD Group has Bradlows, Hi-Fi Corporation, Incredible Connection, Joshua Doore, Morkels and Russells among its stable.
Read more on iol.co.za
A hacker does not need to be an Einstein, just tenacious.
http://www.databreaches.net/?p=9915
Woman worms into D.C. taxpayer accounts
February 9, 2010 by admin
Michael Neibauer reports:
A mentally ill woman exploited a loophole in D.C. tax office online systems to gain unauthorized access to taxpayer accounts, establish herself as the owner of dozens of businesses and file returns on their behalf.
Details of the online trespass, by a woman who law enforcement sources say believed herself to be the guardian of large corporations, were laid out in an independent auditor’s review of the District’s fiscal 2009 books and financial systems. BDO Seidman, D.C.’s outside auditor, found automated and manual tax processes in the Office of Tax and Revenue to be “significant deficiencies” in internal controls.
OTR was home to the largest theft in D.C. government history. In that case, tax office manager Harriette Walters exploited failings in the agency’s tax refund process to steal $50 million over two decades.
Law enforcement sources confirmed to The Examiner that the latest caper was performed by a mentally ill woman. She was not a D.C. employee. A review by the U.S. attorney is ongoing.
Read more in The Examiner. H/T, Privacy Lives.
This sounds entirely too much like my classes...
China Busts Nation's Biggest Hacking School ... for Google's Sake?
BY Kit EatonToday
… It seems that their main crime isn't so much hacking themselves, but running a subscription site which provided sophisticated tools like trojans and account-hijacking code. They also ran training sessions in which they'd show other coders how to write malicious code. Over the years of operation, Black Hawk attracted some 17,000 VIP members, 140,000 free-access members and had made a haul of the equivalent of just over a million dollars in membership fees.
(Related) This does not. (Demonstrating my cattle prod the first day of class keeps them on their toes.)
Turns Out You Actually Can Be Bored To Death
Posted by samzenpus on Monday February 08, @02:22PM
A study conducted by researchers at University College London shows that boredom can kill you. The researchers found that people who reported feeling a great deal of boredom were 37 per cent more likely to have died by the end of the study. Martin Shipley, who co-wrote the report said, "The findings on heart disease show there was sufficient evidence to say there is a link with boredom."
This is not just a Global Warming problem. Imagine the same levels of error in drug test analysis software...
Call For Scientific Research Code To Be Released
Posted by Soulskill on Tuesday February 09, @09:41AM
Pentagram writes
"Professor Ince, writing in the Guardian, has issued a call for scientists to make the code they use in the course of their research publicly available. He focuses specifically on the topical controversies in climate science, and concludes with the view that researchers who are able but unwilling to release programs they use should not be regarded as scientists. Quoting: 'There is enough evidence for us to regard a lot of scientific software with worry. For example Professor Les Hatton, an international expert in software testing resident in the Universities of Kent and Kingston, carried out an extensive analysis of several million lines of scientific code. He showed that the software had an unacceptably high level of detectable inconsistencies. For example, interface inconsistencies between software modules which pass data from one part of a program to another occurred at the rate of one in every seven interfaces on average in the programming language Fortran, and one in every 37 interfaces in the language C. This is hugely worrying when you realise that just one error — just one — will usually invalidate a computer program. What he also discovered, even more worryingly, is that the accuracy of results declined from six significant figures to one significant figure during the running of programs.'"
Need low-jack for your phone?
http://www.makeuseof.com/dir/wavesecure-anti-theft-software-for-mobile/
WaveSecure: Anti Theft Software For Mobile
WaveSecure is a nifty anti theft software for mobiles (Android, Symbian and Windows Mobile based cellphones). It can help you backup and restore your cellphone data automatically, lock down the phone when it is lost, send SMS alert to a friend you specified earlier, wipe out your private data and track it down if the cellphone is Wi-FI or GPS enabled.
GIMP is an extremely huge, complex and capable package. You'll need help becoming a master.
http://www.makeuseof.com/tag/5-websites-learn-gimp-photo-editor-online/
5 Websites To Make You A GIMP Ninja
Because you don't want to be using your Kindle while you drive. Lots of early science fiction and even Flatland!
http://www.makeuseof.com/dir/audioowl-free-audio-books-for-ipod/
AudioOwl: Get Free Audio Books For iPod
Similar tools: ThoughtAudio, NewFiction, WellToldTales, PodioBooks and LibriVox.
(Related) A do-it-yourself tool. Perhaps I can get my students to listen to their textbooks, because they seem to be very reluctant to actually read them!
http://www.killerstartups.com/Web-App-Tools/carryouttext-com-rendering-texts-as-audio-files
CarryoutText.com - Rendering Texts As Audio Files
In a nutshell, Carryout Text will empower you to take any text document and have it transposed into an audio file that you can save on your HD and play whenever you want. A service like this one certainly has as many uses as you can dream up. Some will employ it to have their emails read to them while they are at the gym, whereas others will use it to have the news read to them while they are commuting. Also, busy housewives can use it while they are cooking or doing the cleaning and they want to keep abreast of new content within their favorite blogs.
We don't need no stinking lawyers!
http://www.makeuseof.com/tag/create-software-license-agreement/
How to Create Your Own Software License Agreement
Like I needed an excuse! Still, I don't want to risk a silicon deficiency...
http://news.cnet.com/8301-27083_3-10449270-247.html?part=rss&subj=news&tag=2547-1_3-0-20
Silicon: It's good for you, especially in beer
by Elizabeth Armstrong Moore February 8, 2010 3:58 PM PST
Dilbert illustrates another risk of technology. “We can, therefore we must!”
No comments:
Post a Comment