Saturday, October 19, 2013

Another small event here in Colorado. My statistics students are suggesting that we should turn the bell curve upside down since we only seem to see very large breaches or very small ones. Something I'll need to think about.
CBS in Denver reports that a suitcase containing a thumb drive with approximately 100 students’ unencrypted medical information was stolen from a school nurse’s car on October 5. The car had been left in a parking lot.
The drive reportedly contained confidential health information for students from Eagleton, Castro and Munroe Schools. That information included medications, health-related letters and medical histories.
And of course, this would be covered by FERPA, not HIPAA.
This is not the first time we’ve seen student health info stolen from a school nurse’s or employee’s unattended vehicle. And this is going to keep happening until the federal government or states really crack down and impose meaningful consequences on districts that do not have policies in place that they monitor and enforce to protect students’ personal information. [Amen Bob]

You have to call this a management failure. Either they failed to detect that the software had not been updated or did know and failed to give a damn.
NSA site where Snowden worked hadn't updated anti-leak software, says report
The NSA facility where Edward Snowden worked when he walked off with a hoard of secret documents had failed to update its anti-leak software, according to a report.
The computer network at the National Security Agency site in Hawaii didn't yet have the bandwidth to effectively run the updated program, an unnamed US official told news agency Reuters.
Other US government facilities had begun installing the updated software in accord with a presidential directive made in response to the WikiLeaks-Bradley Manning document dump. The "insider threat" monitoring software is reportedly made by Raytheon.

Always useful (even if it doesn't say “Don't leave an unencrypted thumb drive in your car.”) and not just in California.
Attorney General Kamala D. Harris today released guidelines on preventing and remedying medical identity theft, including best practice recommendations for the health care industry and tips for consumers. The guidelines are part of a report, Medical Identity Theft: Recommendations for the Age of Electronic Medical Records, which frames the escalated migration to electronic medical records as an opportunity for the healthcare industry to address this problem.
“Medical identity theft has been called the privacy crime that can kill,” said Attorney General Harris. “As the Affordable Care Act encourages the move to electronic medical records, the health care industry has an opportunity to improve public health and combat medical identity theft with forward-looking policies and the strategic use of technology.”
Medical identity theft occurs when an individual uses someone else’s personal information to obtain medical goods or services. For example, a thief may use stolen information to submit fraudulent bills, a doctor or provider may use patient information to write fraudulent prescriptions or an individual may use someone else’s information to obtain treatment.
The report focuses on the impact of identity theft on the accuracy of medical records and argues that the serious risk that inaccuracies pose is not always adequately addressed by existing healthcare industry procedures.
A companion information sheet for consumers, First Aid for Medical Identity Theft, describes the signs of medical identity theft and provides tips on what to do in response. The signs of possible medical identity theft include notice of a data breach from a health care provider, an unknown item in an Explanation of Benefits from a health insurer, a call from a debt collector about an unfamiliar medical bill and questions about your identity or health conditions at intake in a doctor’s office or hospital.
SOURCE: Attorney General Kamala D. Harris, October 17, 2013

Obvious, but difficult to solve.
MeriTalk, a public-private partnership focused on improving the outcomes of government IT, today announced the results of its new report, “Cyber Security Experience: Cyber Security Pros from Mars; Users from Mercury.” The study, underwritten by Akamai Technologies, Inc. , compares what cyber security professionals report about their agency’s security with what end users – Federal workers – actually experience. According to the report, agencies often fail to take the user experience into account when deploying cyber security solutions. As a direct result, end users often circumvent security measures and open their agencies up to data theft, data loss, and denial-of-service attacks.
Read more of their press release on Dark Reading.

PR speak? Note that they never say “The doctor did not take patient records,” because he did. But they did fire the security guard who caught him doing it. Well done, VA.
Lois Henry reports:
Responding to allegations that a doctor had taken confidential patient records out of the Bakersfield Veterans Administration clinic, the VA announced Thursday that three separate investigations over the course of seven months showed that no such patient information had been “released into the community or abused in any way.”
“We are confident that these results confirm that veterans in Bakersfield and Kern County did not have their personal information compromised,” said David Holt, the VA Los Angeles associate director who was in Bakersfield Thursday to talk to the media and meet with veterans at the clinic just west of downtown Bakersfield.
He praised clinic staff for being vigilant and reporting their suspicions, but repeated several times that veterans had no cause for concern about their personal information.
Some of the original tipsters weren’t convinced.
Read more on the Bakersfield Californian.
[From the article:
While the doctor was not found to have compromised patient information, Holt said, he did violate VA policies.
"Excessive use of a copy machine," Holt said. "It was a minor violation."
Holt confirmed the doctor is no longer with the VA but refused to say whether he was fired. The security guard, meanwhile, employed by a private contractor, was let go.

Interesting. Does your policy address situations like these? (How would you clean up your records?)
A firm can have a great policy of not storing credit card numbers, but if the policy isn’t followed by staff, trouble can result. learned this lesson the hard way. They discovered that despite their non-storage policy, credit card information of some customers had been stored. In some cases, the storage was due to the customer providing their credit card number in an email to the firm. In other cases, it was because customer service personnel entered the customer’s credit card number in the “order comments” field.
In any event, some credit card information was on their server when it got hacked on February 5, but the firm didn’t discover the presence of credit card numbers until September 26. did not offer those affected any free services, but notes that they have no evidence that any one individual’s credit card information was viewed or accessed – only that it resided on a server that was accessed.
You can read their notification to New Hampshire and affected customers here.

Not gonna work, unless you can confirm that user “Dude#4” who logs on from San Francisco, is in fact a citizen of the EU?
James Kanter reports:
Lawmakers here have introduced a measure in the European Parliament that could require American companies like Google and Yahoo to seek clearance from European officials before complying with United States warrants seeking private data.
Read more on The New York Times.

This is interesting. It won't last. There's too much money on the table to just walk away.
Illinois court throws out 'Amazon tax' online sales law
The Illinois Supreme Court struck down a state law Friday that required online retailers, like Amazon, to collect sales tax if they have in-state Web affiliates, according to Associated Press.
The court decided the law violated federal rules, which prohibits putting a discriminatory tax on digital sales. It's the first time a high court has thrown out a law like this -- 18 other states have similar laws. In New York, the court upheld the law, spurring Amazon and to petition the Supreme Court.
Amazon ended its affiliates program in Illinois when the law was adopted in 2011.

It is coming to Denver this year!
Aereo to motor into Detroit on October 28
The upstart service, which provides cloud-based broadcast TV service to consumers for a starting price of $8 per month, is heading to Detroit on October 28. The offering will be available across nine counties around the Motor City.
Aereo has ambitious plans to land in 22 cities this year, building out from its initial turf in New York. So far, it's also reached Boston, Atlanta, Salt Lake City, Miami, Houston, and Dallas, while its arrival in Chicago ran into a delay.

35% of Americans now own a tablet, Pew says
Thirty-five percent of Americans own a tablet and 24 percent own an e-reader, according to the latest study from Pew Internet Research.
Pew documented a big jump in tablet ownership. In November 2012, 25 percent of Americans owned a tablet. The findings illustrate the democratization of tablet computing and the impact on lower-cost models beyond the larger version of the iPad.

Interesting to see that Privacy is popular in Europe...
The Coursera Of Europe: iversity Opens With 24 Free Courses And 100K Students
Berlin based has planted its footprint in the ever-expanding MOOC (Massively Open Online Course) universe. It starts with a fresh bouquet of free courses and a strong student base of 115,000. For the present moment, 24 courses are on the catalog with more expected soon. The open courses have been designed by the top professors from Europe and the US according to the press release.
iversity has started with free open courses at launch; the course catalog has a total of 24 for now (15 of which are in English, with the rest in German). The other courses will begin later this year and spill over to 2014. Three courses have seen the largest enrollments:

Free is good!
Students Can Get Microsoft Office 365 For Free
Starting on December 1st, Universities that license Office Education for their faculty and staff can offer students Office 365 ProPlus for free thanks to a new program called Student Advantage. For students at these institutions, that means free access to Word, PowerPoint, Excel, OneNote, Outlook, Access, Publisher, and Lync. While many cheaper alternatives to Office have sprung up, many students still rely on Redmond’s good ol’ productivity tools.
Office 365 University typically costs $80 for a 4-year subscription for students,
… If you’re lucky enough to be enrolled in one of the eligible Universities, you should check out our Office 2013 guide to to be able to fully utilize the productivity suite.

For my Math students.
PBS Math Club - Short Interactive Math Videos
PBS Math Club is a new YouTube channel in which students can watch and interact with math videos. Each of the videos contains a series of math lessons and challenge activities. To complete a challenge students click on the video to answer questions. If they answer correctly, they move on to the next question. If they answer incorrectly students are shown another video clip that explains the correct answer. Watch one of the videos below.
PBS Math Club is just getting started. As more content is added to it, it could become a good source of flipped lesson materials. The videos utilize the YouTube annotations tool which you could also use to create your own series of interactive video lessons.

(Related) I may make my own videos...
How to Create a Linked Series of YouTube Videos
In my previous post about PBS Math Club I mentioned that you could create similar videos by using the annotations tool in the YouTube video editor. If you would like to try this yourself, I have directions that will walk you through the process. Keep in mind that you can only annotate videos that you own and upload to your YouTube account.

Something nice for my students (just before we raise tuition)
Where the Software Engineer Money Is: Juniper
The company currently paying the most on average for software engineers in the U.S. might not be the one you'd expect.
Although tech firms that have sparred publicly for talent -- such as Apple, Facebook, Google and Microsoft -- rank high on Glassdoor's 2013 list of the 25 Highest Paying Companies for Software Engineers, the company that has opened its wallet widest for software engineers turns out to be networking equipment maker Juniper Networks.

No comments: