Thursday, October 07, 2010

This reads more like vendetta than discipline.

Cancer researcher fights UNC demotion over data breach

October 7, 2010 by admin

Gregory Childress reports that a data breach had significant consequences for a researcher. Because I don’t recall ever seeing such consequences before, I think this is pretty newsworthy:

A UNC cancer researcher is fighting a demotion and pay cut she received after a security breach in the medical study she directs.

Bonnie Yankaskas, a professor in the Department of Radiology and principal investigator of the Carolina Mammography Registry (CMR), was demoted from full professor to associate professor with tenure after one of two servers used by the program was hacked into in 2007, placing the personal data, including Social Security numbers, of more than 100,000 women at risk.

The university also reduced Yankaskas’ salary from $178,000 to $93,000. She remains on faculty and continues to lead the CMR program.

Although the security breach occurred in 2007, it wasn’t discovered until Yankaskas reported a computer problem in 2009.

Yankaskas’ attorney, Raymond Cotton, said Wednesday that it’s unfair to blame his client for the breach. He said the university knew the program’s computer system had security deficiencies as early as 2006 but failed to notify Yankaskas.

“No one told her so she could do anything about it,” Cotton said. “The only person who didn’t know was Bonnie [Yankaskas]. It was gross negligence.”

I can’t remember any other data breach of this kind where a researcher experienced such consequences. Researchers have lost data on laptops or flash drives, databases get hacked, but holding the researcher responsible for this type of breach? I’m surprised.

But university officials said Yankaskas’ role in the security breach rose the level of negligence which warranted her dismissal from the university.

In fact, then-interim provost Bruce Carney sent Yankaskas a letter in October 2009 notifying her of the university intent to dismiss her from the faculty because her role in the security breach “constitutes a neglect of duty.”

Carney also charged that Yankaskas obtained sensitive HIPPA-protected patient data from UNC Hospitals without the proper authority, which also rose to the level of neglect of duty. [But it's negligence on the part of the custodian of the data, not the requester. Bob]

Okay, that’s HIPAA, not HIPPA, but that’s actually a very serious charge and one which is reasonable to hold a researcher accountable for. Not only does a researcher have legal obligations under HIPAA for use of patient data, but there are also obligations to comply with the Institutional Review Board’s terms of approval for a study. In this case, there was reportedly no “clear and convincing evidence” that the researcher had violated any rules. What is not clear from the media coverage is whether the records were supposed to have been anonymized or not. Wake Radiology subsequently withdrew from the study when it discovered that the data were not anonymized. The issue of anonymization should have been addressed during the approval process for the study, and it’s not clear to me whether Wake Radiology knew but wasn’t concerned until after the hack or if there had been a representation that data would be anonymized that was not followed.

The committee said Yankaskas’ “inadequate attention to security” did warrant discipline, but not the dismissal as recommended by Carney.

Was this a university server? If so, the notion that individual researchers should be held accountable for the security of servers holding research/patient data boggles my mind. If the research is conducted under the auspices of the university and is part of their network (and that’s a big “if”), do they not provide security? I can see holding a researcher responsible if the researcher opens holes in the security by installing p2p software, or transfers the data to devices that are not part of the system, but routine use of a server? This could really have an effect on all academic researchers who may start wondering whether they need to include a security consultant/IT in their grant proposals.

On Wednesday, Carney, the university’s permanent provost, said he stands by his recommendation in the wake of the “pervasive neglect” with which Yankaskas handled the program’s computer security.

“Ultimately, the principal investigator has to be responsible,” Carney said.

Yankaskas has appealed the demotion to the UNC Board of Trustees, which could decide the matter next month.

Read the full story in The Herald Sun. This case has the potential to have a lot of repercussions among academic researchers.

If you don't understand laws and regulations, you are likely to under or over react.

Nurse reprimanded over Facebook photo

Managers at Genesys Regional Medical Center reprimanded a nurse for unprofessional behavior, based on a photo that ended up on Facebook, the Flint Journal reports.

The photo, which was taken in the early spring showed another nurse removing a splinter from Cathy Miller in an otherwise empty operating room at the hospital based in Grand Blanc Township, Mich.

Unbeknown to Miller, her coworker posted that photo and others on Facebook.

… "They told me there was a serious investigation going on and that this was something I could lose my job over," Miller told the Flint Journal.

Such an investigation is not uncommon. Twenty percent of companies with at least 1,000 employees have investigated a leak of information to a social network site, according to a survey by the Internet security firm Proofpoint Inc. And 7 percent have fired an employee for violating social network policy.

… The Teamsters 332 union, which represents Genesys nurses, has filed a labor relations charge related to the incident with the National Labor Relations Board. There was no policy against taking a picture in the operating room, Miller said. The nurses were on break, there were no patients in sight and nothing about the photo identified the site as Genesys.

Perhaps there is a market for a “Baby's first mug shot” kit?

Study: 92% of U.S. 2-year-olds have online record

There has been a lot of concern about young people posting too much information about themselves online, but a study commissioned by security company AVG found that 92 percent of U.S. children have some type of online presence by the time they are 2 years old. A third of U.S. mothers posted pictures of newborns, and 34 percent of U.S. moms said they had posted sonograms of their as-yet unborn child.

The study, conducted by Research Now, surveyed 2,200 mothers with young children in the United States, United Kingdom, Germany, France, Italy, Spain, Canada, Australia, New Zealand, and Japan during the week of September 27. American parents, according to the study, are more likely to share baby pictures and information online than parents from other countries in the survey. Seventy-three percent of parents in the United Kingdom, Spain, France, Germany, and Italy said they were willing to share images of their infants.

Something for my “Ethical Hackers?”

Medicare, veterans to get downloadable health info

SAN LEANDRO, Calif.--The U.S. government is adding a new "blue button" to the Medicare and Veterans Affairs Web sites that will allow veterans and seniors on Medicare to download their health records onto their own computers. The program, though live already, is set to be formally unveiled by the White House tomorrow, CNET has learned.

For some time, the government has allowed both Medicare recipients and veterans to view their medical records or claims history, but is only now adding the download option...

… Already, developers have been creating apps that can tie into the Blue Button data, and the Markle Foundation has issued a challenge for developers to create innovative programs that can make use of the information. Microsoft, for example, plans to announce this week that people will be able to import their Blue Button data into its HealthVault personal-record service.

(Related) Oh look, a vulnerability guide.

October 06, 2010

New GAO Reports: Cyberspace Policy, DOD's Electronic Health Record Initiative, Employment of Individuals with Disabilities

  • Cyberspace Policy: Executive Branch Is Making Progress Implementing 2009 Policy Review Recommendations, but Sustained Leadership Is Needed, GAO-11-24, October 06, 2010

  • Information Technology: Opportunities Exist to Improve Management of DOD's Electronic Health Record Initiative, GAO-11-50, October 06, 2010

  • Highlights of a Forum: Participant-Identified Leading Practices That Could Increase the Employment of Individuals with Disabilities in the Federal Workforce, GAO-11-81SP, October 05, 2010

One more for my Ethical Hackers. Remember, you have to secure EVERYTHING

Hacked Voting System Stored Accessible Password, Encryption Key

An internet-based voting system that was hacked last week by researchers at the University of Michigan stored its database username, password and encryption key on a server open to attack.

Alex Halderman, a computer scientist at the university, has detailed the vulnerabilities and hacking techniques his students used to completely control the system last week. The hack allowed them to change votes and program the system to play his school’s fight song “Hail to the Victors” after each voter cast their ballot.

The hack, unnoticed by election officials until researchers notified them, [Perhaps they assumed that all voting machines were from Michigan? Bob] forced election officials to take the system offline and adopt a contingency plan for the November elections.

I wonder how many Chinese students are in US Law Schools?

China Becoming Intellectual Property Powerhouse

Posted by samzenpus on Wednesday October 06, @06:20PM

"A lot of Westerners view China as little more than the world's factory manufacturing anything with little regard to patents, copyrights and trademarks. But it seems as far as patents go, China is moving on up. According to the WIPO, the company that applied for the most patents in 2008 was not an American or Japanese company but China's Huawei Technologies. And China has made astonishing ground recently moving up to third place with 203,257 patent applications behind Japan (500,000) and the United States (390,000). It remains to be seen if these patents applications will come to fruition for China but it is evident that they are focusing on a new image as a leader in research and development. The Korean article concentrates on 2008 but you can find 2009 statistics at the WIPO's report on China along with some statistics breaking down applications by industry."

Expert: ACTA No Longer Gutting Internet Freedom

The United States is caving on the internet section of a proposed international intellectual-property treaty, meaning its one-time quest to globally dictate draconian copyright rules has come to an abrupt halt.

That’s what Michael Geist, an Anti-Counterfeiting Trade Agreement expert at the University of Ottawa, concluded Wednesday after the United States released the latest draft of the proposal (.pdf).

(Related) No doubt RIAA will now add support for the “Border Wall” to their copyright lobbying efforts.

Mexican Senate Votes To Drop Out of ACTA

Posted by samzenpus on Wednesday October 06, @10:01PM

"The Mexican Senate has voted unanimously to drop out of ACTA negotiations, saying that the process has been way too secretive, left out many stakeholders and appears to deny access to knowledge and information. Of course, it's not clear if this "non-binding resolution," actually means much, as the negotiators are not under the Senate's control. At the very least, though, it appears the Mexican Senate is going to fight to keep the country from agreeing to ACTA."

“If you digitize it, they will come.”

New study suggests e-book piracy is on the rise

Last January a company called Attributor conducted its first e-book piracy study. And back in May, I mentioned that study in piece called "Is Pad supercharging e-book piracy?" Well, Attributor has conducted a second study more recently and come up with some interesting data.

The company says its key findings are:

  • 50 percent increase in online searches for pirated downloads throughout the past year

  • 1.5-3 million daily Google queries for pirated e-books

  • 20 percent increase in demand for pirated downloads since the iPad became widely available in mid-May 2010

  • 54 percent increase in pirated e-book demand since August 2009

  • Proliferation of smaller sites that host and supply pirated e-books--a shift from larger sites like Rapidshare dominating the syndication market

  • "Breaking Dawn" by Stephanie Meyer registered the most pirated copy searches throughout the study

  • Widespread international demand, with the largest number of searches during the study originating in the United States (11 percent), India (11 percent) and Mexico (5 percent)

Not much beyond the names of the candidates yet, but this has real potential. The League of Women Voters should do something similar. - Learn Who Is Running For Office

As pitiful as it is, we often are completely ignorant of who is running for office when local elections come around. We might not even be acquainted with the names on the ballot, let alone know about their plans for solving these local issues that beset us all. Picking one out ends up being a very random process. And that shouldn’t be like that under any concept - after all, we are talking about an elected representative.

Someone realized that, and came up with this nice application. Simply put, Ballot Book will let you know the names of those who are running for office in the next local elections, and also what they plan to do in the event they are elected. That is certainly nice, and what is even nicer is that you are also provided with a feed in which you can read what other community members are saying about them.

It's merely another “Tax on the Ignorant” – a cherished American custom.

Best Buy Unapologetic About Charging For PS3 Firmware Updates

Posted by Soulskill on Thursday October 07, @01:12AM

"After discovering that electronics retailer Best Buy was charging ignorant customers $30 for the 'service' of installing updated firmware on PS3s, IndustryGamers got word from the company on its policy. Best Buy sees no problem with charging for this convenience, even though it's something Sony provides to PS3 owners completely free. 'While many gamers can handle firmware upgrades easily on their own, those customers who do want help can get it from Geek Squad, and we continue to evaluate this offering to ensure it meets their needs. The service goes beyond a firmware updates, and includes user account setup, parental control setup and other components,' a representative said."

Wondering what to get yourself for Christmas? With Google TV and one of these devices, you no longer need to move from your computer to your TV. You can become a “multi-tasking couch potato!!”

Google Launches Website With Feature Set For Google TV [News]

Up until now, however, Google hasn’t released much information about their upcoming product, aside from a few small announcements and screenshot releases.

That all changed a few days ago, when Google launched a mini-site detailing the much anticipated Google TV platform. Included with a quick tour, this website reveals a bunch of juicy details about what we can expect to be included with the platform.

Here are the key points illustrated in the tour:

  • Search across every channel, every app, and the entire web, simultaneously.

  • Ability to browse the whole web, not just some of it.

  • Comes with several of your favorite apps, and next year developers can create their own.

  • Use your phone as a remote, including voice search.

  • Customizable home screen with favorite channels, apps and websites.

  • Seamless switching between TV and web, or watch both at the same time.

  • DVR access right from the search bar.

  • Easy to install and works with your current setup.

… Google includes a link to a YouTube video in which they demo the wide variety of apps that will be available on the platform


Logitech’s Revue Product Page Goes Live, Preorder One Now For $299

The device’s minisite just went live ahead of the official unveiling at 3:00 PM EDT today and that’s fine by us. The site itself doesn’t talk all that much about Google TV — at least there isn’t anything here that wasn’t on the Google TV minisite — rather it’s devoted to Logitech’s Google TV offering, the Revue.

(Related) Another, cheaper Computer to TV device.


One for my Statistics students. For their mid-term, I'll have them determine if Colorado has smarter deer of West Virginia has dumber drivers.

Five states where you're most likely to hit a deer this fall

State Farm calculates the chances of a West Virginia driver striking a deer over the next 12 months at 1 in 42. [Colorado is 1 in 366 Bob]

Strange as it seems to some of us, apparently there is a big audience for these sites... Here's my Reader's Digest version of the article.

10 Helpful Resources on the Basics For The Computer Illiterate

In addition to MakeUseOf’s awesome Windows 7 Guide titled “From Newbies to Pros”, I also recommend the following 10 sites for the computer illiterate.

Jan’s Illustrated Computer Literacy 101 Upon first landing on the site I thought it was from the 1990’s. The design is a bit outdated and the some of the graphics are cheesy, but after browsing through the site you’ll see that Jan offers useful instruction that really will teach computers to someone who absolutely has no clue how computers work.

PDF quick reference guide from Custom Guide. ... offers this very useful two-page quick reference for novice computer users.

Computer Basics and Beyond covers basic tips on computer maintenance, Internet browsing, security and more.

Microsoft's Digital Literacy site. three “curriculum” levels – basic, standard and advanced. Each curriculum level provides a few tutorial videos that will walk the user through a list of lessons.

The University of North Carolina at Chapel Hill probably offers one of the best free lists of online PDF instructional material for new computer users

Sandy Berger’s Compu-KISS site covers just about any aspect of computing that you can imagine. Her tutorials are very short, very simple, and offers screenshots to boot.

The Terry Bellavance Resource Centre in Ontario a free online tutorial where you start at the “Introduction” and click “next” – working your way through the illustrated tutorial at your own pace.

Senior’s Guide to Computers a website devoted to providing technical information about computers and the Internet in a manner that older folks will be able to understand.

Computer Help A to Z it’s formatted a bit like one of those websites seeking to sell subscriptions, it’s actually chock full of free tips and articles on basic computer topics.

MS Office website While I’d rarely point any newbie to the Microsoft site for “easy-to-follow” instruction, this site actually has a lot of useful content, like “getting started with…” tutorials for each Office product.

No comments: