Should
be interesting to watch. I doubt there will be any sanction from
regulatory agencies. NOTE: Twitter now seems to be the preferred
contact method? Let's hope these guys are more current on their
personal technology than they appear to be on security.
On
September 3, SLC
alleged that WakeMed
was leaking patient information:
Status: Not Monitoring for Follow Up (Not a client)
SLC Security Services LLC has noted that this medical establishment
has failed to secure patient records. Observed were patient name and
date of birth as well as specific medical information. SLC Security
Services LLC has confirmed the information in this report.
Additional Follow up: IT staff contacted us. We provided what
information was known. The entity is not a client of SLC Security
Services LLC. We are unable to verify if the company has resolved
the issue at this time.
Update: As of 25 Sept 2014 this vulnerability still exist. We
are seeing multiple PHI and PII from this source. The issue may be
attributed to an outside source.
On
October 31, SLC
updated their report:
We have previously contacted both entities and neither entity
responded to our notification letters.
Not
only did Cape
Fear Valley Health System allegedly not follow up on SLC’s
report to them, they did not respond to an inquiry sent to them in
September by PHIprivacy.net.
Neither
Cape Fear Valley Health System nor WakeMed are listed on HHS’s
public breach tool as having reported breaches to HHS.
Today,
PHIprivacy.net asked SLC Security via
Twitter if they have reported their findings to HHS.
PHIprivacy.net also tweeted
inquiries to WakeMed and Cape Fear Valley Health System to
inquire whether they were aware of leaks and whether they were aware
that their patients were being directly notified by SLC Security.
If I
get responses, I will update this post.
(Related)
“We don't need no stinking security!” No logs (or at least no
review of the logs) either.
N.C.
Dermatology Center Discovers Hacked Server Two Years After Attack
In
another cowardly Friday afternoon data breach disclosure, Chapel
Hill, N.C.-based Central
Dermatology Center said that one of its servers was breached
by hackers back in August of 2012,
but that it has just become aware of the breach.
The
company said that on September 25, 2014 it became aware that one of
its servers had been compromised by malware, sparking them to
immediately call in forensic experts to identify the malware and
resulting fallout.
In
addition to not discovering the breach until roughly two years later,
the company acknowledged
that they are not sure exactly what data the attackers may have
gotten their hands on.
I
suspect they will all go for fiber. Users will likely get gigabyte
speed.
7
Colorado Towns Vote To Build Their Own Broadband Internet
As the FCC
continues to debate the issue of net
neutrality and fast lanes, while continuing
issues with Internet
Service Providers continue to plague internet users, 7 towns in
Colorado have decided to branch out on their own. All 7 towns have
voted to let their local governments offer internet service.
About 20 states have laws, mostly
due to ISPs such as Comcast
helping to get them passed, which make it difficult for a community
to develop its own municipal broadband.
But the rules in Colorado are unique. Colorado’s laws state that
towns are able to pursue broadband if the resident’s approve the
idea on an election ballot.
In
Boulder, which has a population of 100,000 residents, 84
percent of the votes
were in favor of allowing the city to provide high-speed internet,
telecommunications, and/or cable television services to its
residents, schools, libraries, businesses, and other users of these
services. Similar votes were cast in the towns of Yuma, Wray, Cherry
Hills Village, and Red Cliff in addition to the Rio Blanco and Yuma
counties with a large majority of votes approving the measure.
However, the successful vote
doesn’t mean that the government is required or guaranteed to start
developing its own broadband
internet service.
But there is already “miles” of unused fiber to help the project
get started.
My
comic industry...
…
Harvard University
has been spying on folks again. Last year it was caught searching
faculty emails. This
week, “the university acknowledged that as part of a study on
attendance at lectures, it had used hidden cameras to photograph
classes without telling the professors or the students.” The
Chronicle of Higher Education write-up of the revelation contains
this wonderful sentence: “But putting aside the question of whether
the methodology was ethical, what did the researchers learn about
classroom-attendance patterns from their study, and what were the
motives behind the experiment?” Yes. Let’s put aside the ethics
of surveillance and data collection in education. Carry on!
…
Ikeoluwa Opayemi, age 7, has been
allowed
back to school in Milford, Connecticut
after her school reversed its decision to make her stay home due to
fears of Ebola.
Opayemi has been in Nigeria - where there is no Ebola.
No comments:
Post a Comment