Friday, October 15, 2010

A couple of points: First, the potential harm of Identity Theft isn't just in the first or second year after the event. Second, a well planned fraud may go for years without detection – unlike the small time 'quick buck' copycats we see so frequently. Three, I'm beginning to suspect the police generally don't trust the organizations breached to help in an investigation.

Orange Regional Medical Center asks investigators for info on breach

October 14, 2010 by admin

Following revelations yesterday by the FBI and U.S. Attorney’s Office of a massive Medicare fraud scam that utilized patient data stolen, in part, from Orange Regional Medical Center in New York, I asked the center whether they had known about the breach when it occurred in 2005 and whether and when patients were notified of the breach. In response, the center sent me this e-mail statement:

Orange Regional Medical Center was very concerned to learn from news reports that we were among several NY healthcare facilities from which patient identities had been allegedly obtained in 2005 by an organized crime ring, for the purposes of committing Medicare fraud. We were not aware of this Medicare fraud scheme until learning of it from news outlets; and we consider ourselves among the victims of this conspiracy. Orange Regional regards the protection of patient information to be among our highest priorities and we take any purported breach of patient information very seriously.

We have reached out to the FBI, Department of Justice and Office of the Inspector General and asked that they share with us any information relating to this incident and, specifically, whether this breach occurred within Orange Regional or outside at a site unrelated to Orange Regional. Presently, we are awaiting information.

In light of a statement in the indictment linking stolen patient data directly to a breach at ORMC in 2005, it sounds like the center had no idea that there had been a breach and still does not really know about it.

This is not the first time we’ve seen law enforcement withhold information about breaches from breached entities, but now that they’ve indicted people, it would be helpful if they informed the breached entities what they know about how the breaches occurred and which patients’ data were stolen so that the hospitals can contact their patients to make proper notification and offer apologies and support, as appropriate.

Technologically illiterate or simply too inept to steal patient data on you own? Let HHS help!

HHS covets role as ‘data sugar daddy’ to app developers

By Dissent, October 15, 2010

Mary Mosquera reports:

The Health & Human Services Department plans in December [In time for Christmas? Bob] to release significantly more health-related data to spur commercial development of new software applications designed to help patients, providers and policymakers make better health care decisions.

National, state and county health performance data sets will be made available via the Internet to HHS’s “Health Indicators Warehouse,” according to Todd Park, HHS’s chief technology officer, who said HHS will also set up a permanent “one stop shop” Web site for public access to community health data and health-related data from other federal agencies.

“We want to keep flooding the market with more and more data from our vaults,” said Park, who views government as an enabler of business innovation and a source of support to developers and programmers looking to use public data in useful applications and services.

Read more on Government Health IT.

How about flooding us with data on privacy and security?

[From the article:

In an example of innovative uses of the data, Park highlighted how software firm Adobe Systems converted ASCII text files containing veteran and Medicare information into the HTML format for Web documentation, which made the information easier for beneficiaries to read and manipulate.

The application is part of the “Blue Button” initiative, a program under which the Veterans Affairs Department and the Centers for Medicare and Medicaid Services offer beneficiaries access to copies of their personal health information via a button on the VA and CMS Web sties.

Look at everything technology makes available to us!

Coming soon to your pharmacy: Police accessing your prescription records

From The Associated Press:

Starting next year, dozens of states will begin knitting together databases to watch prescription drug abuse, from powerful painkillers to diet pills.

With federal money and prodding, states are being asked to sign onto an agreement allowing police, pharmacies and physicians to check suspicious prescription pill patterns from Nevada to North Carolina.

Civil liberties and privacy advocates have objected to the state databases, which would be linked with technology and standards developed by the Justice and Homeland Security departments.

Thirty-four states operate databases to fight a drug problem authorities say is growing more deadly than heroin.

Read more onn Lancaster Online.

(Related) “If you've got nothing to hide...” we'll make something up for you!

The war on drugs makes flu sufferers felons

By Dissent, October 14, 2010

Jim Edwards asks, “Why Do Police Want a Centralized Database of Flu Sufferers?”

A federal law intended to restrict the crystal meth trade is leading to a centralized police database of flu sufferers. In a rash of recent cases across the South and Midwest, people innocently buying the nasal decongestant pseudoephedrine – often sold as Pfizer (PFE)’s Sudafed, Dimetapp, and Advil Allergy Sinus, and Merck (MRK)’s Clarinex-D – have been arrested for “promotion of meth manufacturing” when in fact all they have is a stuffy nose. Possessing too much pseudoephedrine is often the sole requirement for a “promotion of meth manufacturing” charge.


In Wabash Valley, Ind., Sally Harpold bought a box of Zyrtec and a box of Mucinex and became the subject of an early morning police raid:

The morning she was arrested, Harpold and her husband were awakened by police officers banging on the front door of their home at Midway along U.S. 36. She was allowed to get dressed, and was then taken in handcuffs to the Clinton Police Department, where she was questioned about her cold medicine purchases. She was later booked into jail, and her husband had to pay $300 bail to get her released.

Harpold is actually employed in law enforcement: she works at the Rockville Correctional Facility for women. Her police mugshot ran on the front page of her local newspaper under the headline “17 Arrested in Drug Sweep.” The local cops couldn’t care less, according to….

Read more on bnet. Really. Read it. This is one of the problems with surveillance databases that do not have adequate checks on their use. People’s reputations can be wrecked.

Some in law enforcement acknowledge the problem, but their solution is to gaily discard HIPAA and invade privacy in the name of preventing false arrests:

The police’s major complaint about the law is that it doesn’t go far enough in allowing them to scrutinize the citizenry’s medical records. The system falls down, they say, because the pharmacy records aren’t centralized. They want to install a single, central online database into which all pharmacies would enter the indentifying information of anyone buying Sudafed.

The war on drugs should never be confused with a war on flu. Get it together, people. In the meantime, my family will stick to chicken soup, I guess.

(Related) ...and if you can't find a specific law they've broken, you can always brand them terrorists.

Wikileaks Donations Account Shut Down

Posted by timothy on Thursday October 14, @06:51PM

"The whistleblowing group WikiLeaks claims that it has had its funding blocked and that it is the victim of financial warfare by the US government. Moneybookers, a British-registered internet payment company that collects WikiLeaks donations, emailed the organisation to say it had closed down its account because it had been put on an official US watchlist and on an Australian government blacklist. The apparent blacklisting came a few days after the Pentagon publicly expressed its anger at WikiLeaks and its founder, Australian citizen Julian Assange, for obtaining thousands of classified military documents about the war in Afghanistan."

This should give the RIAA warm fuzzies... How did they ever convince the French to do this? Celine Dion autographs?

French Government May Subsidize Music Downloads

Posted by Soulskill on Friday October 15, @09:26AM

"The European Commission has approved a French program to subsidize legal music downloads for young people. The Carte Musique scheme gives €25 (US$35) to French residents aged 12 to 25 to spend on music downloads or subscription services. Young people can purchase a €50 card for just €25, with the balance paid by the state."

I think I'd prefer the Regan approach – end it. But perhaps we have forgotten that history.

Chertoff Advocates Cyber Cold War

Posted by timothy on Thursday October 14, @06:07PM

"The US and allied countries should formulate a doctrine to apply the principles of nuclear deterrence to cyber attacks and cyber espionage, according to former US Homeland Security secretary Michael Chertoff. No matter that it's very difficult to attribute the source of cyber attacks — just take punitive action against the platform being used to attack, says Chertoff."


UK Police Force Posts All Its Calls On Twitter

Posted by samzenpus on Thursday October 14, @09:50AM

"One of the largest police forces in the UK is posting every incident reported to it today on Twitter. Greater Manchester Police began its 24-hour experiment this morning at 05:00 BST, tweeting all incident reports in the hope of highlighting the complexity of modern policing. 'Policing is often seen in very simple terms, with cops chasing robbers and locking them up,' Chief Constable Peter Fahy said in a statement. 'However the reality is that this accounts for only part of the work they have to deal with.'"

[From the article:

Due to restrictions imposed by Twitter, the force must alternate between three separate accounts - @gmp24_1, @gmp24_2, and @gmp24_3 - over the course of the day.

(Related) that didn't take long...

Cops in online scuffle over fake Twitter posts

This should make for an interesting lawsuit...

CIO Fired After Others May Have Accessed Her EHR

By Dissent, October 14, 2010

Gerry Higgins writes:

A prominent CIO of a regional hospital system encountered the limitations of HIPAA and so-called “Protected Health Information (PHI)” when her boss fired her after a short medical leave of absence. After years working without taking vacation, a family catastrophe that affected her health prompted her to take a medical leave of absence. She had a physician’s letter to justify the leave, which was sent to the Occupational Health section of the hospital system, and they guaranteed the information would be kept confidential. Upon her return, she was called into her supervisor’s office and was promptly terminated, even after years of excellent performance reviews.

Two co-workers in the Department of Clinical Informatics, which she had managed, told her that they were ordered by other executives in the hospital system for a copy of her Electronic Health Record – a flagrant abuse of PHI. There they found she had a history of depression, but she had managed the problem with Cognitive Behavioral Therapy, extensive psychotherapy and medication. Another employee in Human Resources, who recently left the department, told her that is was routine policy to share Physician’s letters supporting medical leave with the employee’s supervisor.


That an employee’s supervisor may have access to any PHI or a doctor’s report has always been a workplace privacy issue across all settings, as I’ve blogged about on at times.

I wonder whether the Chief Privacy Officer for the hospital was aware of this “routine policy” and had any input into it and why Human Resources does not make clear to employees requesting a medical leave that any doctors’ reports will be shared with their employer.

While I agree with some of the “lessons to be learned” that Gerry describes, there’s another lesson here for employers: be transparent.

For my Ethical Hackers: Think of this as reverse engineering on the fly. And note that governments will protect “markets” even when they are not the issue...

Norwegian Day Traders Convicted For Manipulating Computer Trading System

Posted by timothy on Friday October 15, @01:53AM

An anonymous reader submits news of the conviction of two Norwegian day traders, Svend Egil Larsen and Peder Veiby, who were on Wednesday fined and given suspended sentences (Norwegian court, Norwegian document) for cleverly working out — and cashing in on — the way the computerized trading system of Interactive Brokers subsidiary Timber Hill would respond to certain trades. They used the system's predictable responses to manipulate the value of low-priced stocks. The pair have gotten some sympathetic reactions from around the world, and promise to appeal.

[From the article:

The news brings the role of automated trading systems, with complicated algorithms, back under scrutiny. High-volume algorithmic platforms are playing an increasingly important role in trading globally, with stock exchanges investing heavily to ensure their own networks meet the demand.

… In yesterday's conviction of the Norweigan traders, the prosecution said the pair had given "false and misleading signals about supply, demand and prices" when they manipulated several Norwegian stocks through Timber Hill’s online trading platform.

Anders Brosveet, the lawyer for Veiby, admitted that his client had learnt how the Timber Hill trading algorithm would behave in response to certain trades. However, he denied this amounted to "market manipulation".

Brosveet told the Financial Times, “They had an idea of how the computer would change the prices but that does not make them responsible for what the computer did.”

Interesting that they will spend more on e-discovery and therefore want the rules changed to limit it. Only 30% of US firms report Privacy “issues” v. 51% in the UK. (They also asked who uses Facebook and Twitter.)

October 14, 2010

Fulbright's 7th Annual Litigation Trends Survey Report

Fulbright's 7th Annual Litigation Trends Survey Report

  • AmLawDaily: "Fulbright's 2010 report is based on survey responses from 275 U.S. and 128 U.K. in-house lawyers, the majority of whom were general counsel at companies with revenues north of $100 million in the last fiscal year. Ninety-three percent of U.S. respondents and 97 percent of U.K. respondents expected litigation involving their companies to increase or remain steady in the coming year. Eighty-seven percent of U.S. respondents faced new litigation in the past year, compared with 83 percent in Fulbright's previous survey."

A “challenge” for my Ethical Hackers

Home WiFi Network Security Failings Exposed

Posted by CmdrTaco on Thursday October 14, @12:14PM

"The shocking state of home wireless (Wi-Fi) network security in the UK has been revealed by a life assistance company study. CPP used an 'ethical hacker,' Jason Hart, to test thousands of Wi-Fi networks across six UK cities, including London. He found that many didn't even have a password and roughly half of home UK Wi-Fi networks could be hacked in less than 5 seconds." [Suggests he was doing something manually. Let's fully automate and get the time down to under one second. Bob]

Another challenge for my Ethical Hackers: Let's look at thumbs to detect potential Texting and lips to detect potential cell phone use and could that runny nose indicate cocaine use?

Tiny Eyetracker watches for sleepy drivers

The compact digital camera system, being developed at the Fraunhofer Institute for Digital Media Technology in Germany, tracks drivers' eye movements. If it spots the peepers shut beyond a user-defined interval, it sounds an alarm to keep the driver from dozing off.

For my Risk Management students. “Green” cars are both environmentally safe and delicious!

Denver Airport Overrun by Car-Eating Rabbits

Posted by samzenpus on Thursday October 14, @12:14PM

It turns out the soy-based wire covering on cars built after 2002 is irresistible to rodents. Nobody knows this better than those unlucky enough to park at DIA's Pikes Peak lot. The rabbits surrounding the area have been using the lot as an all-you-can-eat wiring buffet. Looks like it's time to break out The Holy Hand Grenade of Antioch.

For the amusement of my Math students...

Proving 0.999... Is Equal To 1

Posted by CmdrTaco on Thursday October 14, @09:24AM

"Some of the juiciest parts of mathematics are the really simple statements that cause one to immediately pause and exclaim 'that can't be right!' But a recent 28 page paper in The Montana Mathematics Enthusiast (PDF) spends a great deal of time fielding questions by researchers who have explored this in depth and this seemingly impossibility is further explored in a brief history by Dev Gualtieri who presents the digit manipulation proof: Let a = 0.999... then we can multiply both sides by ten yielding 10a = 9.999... then subtracting a (which is 0.999...) from both sides we get 10a — a = 9.999... — 0.999... which reduces to 9a = 9 and thus a = 1. Mathematicians as far back as Euler have used various means to prove 0.999... = 1."

For all my tech and business students (Registration required)

The Age of Exabytes: Tools & Approaches For Managing Big Data

We are experiencing a big data explosion, a result not only of increasing Internet usage by people around the world, but also the connection of billions of devices to the Internet.

Eight years ago, for example, there were only around 5 exabytes of data online.

Just two years ago, that amount of data passed over the Internet over the course of a single month.

And recent estimates put monthly Internet data flow at around 21 exabytes of data.

This explosion of data - in both its size and form - causes a multitude of challenges for both people and machines. No longer is data something accessed by a small number of people. No longer is the data that's created simply transactional information; and no longer is the data predictable - either as it's written, or when, or by whom or what it's going to be read by. Furthermore, much of this data is unstructured, meaning that it does not clearly fall into a schema or database. How can this data move across networks? How can it be processed? The size of the data, along with its complexity, demand new tools for storage, processing, networking, analysis and visualization.

This new premium report explores how technologies are evolving to address the needs of managing big data, from innovations in storage at the chip and data center level, to the development of frameworks used for distributed computing, to the increasing demand for analytical tools that can glean insights from big data in near real-time.

I know you frequently ask yourself, “Are there any more sites as wonderful as Centennial-Man?” Well, these tools won't help you find them, but they work well on standard websites.

Similar Site Search: Find Similar Websites On The Web With Ease

Similar tool: SimilarSites and SimilarWeb.

No comments: