Saturday, November 08, 2014
Should be interesting to watch. I doubt there will be any sanction from regulatory agencies. NOTE: Twitter now seems to be the preferred contact method? Let's hope these guys are more current on their personal technology than they appear to be on security.
Status: Not Monitoring for Follow Up (Not a client)
SLC Security Services LLC has noted that this medical establishment has failed to secure patient records. Observed were patient name and date of birth as well as specific medical information. SLC Security Services LLC has confirmed the information in this report.
Additional Follow up: IT staff contacted us. We provided what information was known. The entity is not a client of SLC Security Services LLC. We are unable to verify if the company has resolved the issue at this time.
Update: As of 25 Sept 2014 this vulnerability still exist. We are seeing multiple PHI and PII from this source. The issue may be attributed to an outside source.
On October 31, SLC updated their report:
We have previously contacted both entities and neither entity responded to our notification letters.
Not only did Cape Fear Valley Health System allegedly not follow up on SLC’s report to them, they did not respond to an inquiry sent to them in September by PHIprivacy.net.
Neither Cape Fear Valley Health System nor WakeMed are listed on HHS’s public breach tool as having reported breaches to HHS.
Today, PHIprivacy.net asked SLC Security via Twitter if they have reported their findings to HHS. PHIprivacy.net also tweeted inquiries to WakeMed and Cape Fear Valley Health System to inquire whether they were aware of leaks and whether they were aware that their patients were being directly notified by SLC Security.
If I get responses, I will update this post.
(Related) “We don't need no stinking security!” No logs (or at least no review of the logs) either.
N.C. Dermatology Center Discovers Hacked Server Two Years After Attack
In another cowardly Friday afternoon data breach disclosure, Chapel Hill, N.C.-based Central Dermatology Center said that one of its servers was breached by hackers back in August of 2012, but that it has just become aware of the breach.
The company said that on September 25, 2014 it became aware that one of its servers had been compromised by malware, sparking them to immediately call in forensic experts to identify the malware and resulting fallout.
In addition to not discovering the breach until roughly two years later, the company acknowledged that they are not sure exactly what data the attackers may have gotten their hands on.
I suspect they will all go for fiber. Users will likely get gigabyte speed.
7 Colorado Towns Vote To Build Their Own Broadband Internet
As the FCC continues to debate the issue of net neutrality and fast lanes, while continuing issues with Service Providers continue to plague internet users, 7 towns in Colorado have decided to branch out on their own. All 7 towns have voted to let their local governments offer internet service.
About 20 states have laws, mostly due to ISPs such as Comcast helping to get them passed, which make it difficult for a community to develop its own municipal broadband. But the rules in Colorado are unique. Colorado’s laws state that towns are able to pursue broadband if the resident’s approve the idea on an election ballot.
In Boulder, which has a population of 100,000 residents, 84 percent of the votes were in favor of allowing the city to provide high-speed internet, telecommunications, and/or cable television services to its residents, schools, libraries, businesses, and other users of these services. Similar votes were cast in the towns of Yuma, Wray, Cherry Hills Village, and Red Cliff in addition to the Rio Blanco and Yuma counties with a large majority of votes approving the measure.
However, the successful vote doesn’t mean that the government is required or guaranteed to start developing its own broadband internet service. But there is already “miles” of unused fiber to help the project get started.
My comic industry...
… Harvard University has been spying on folks again. Last year it was caught searching faculty emails. This week, “the university acknowledged that as part of a study on attendance at lectures, it had used hidden cameras to photograph classes without telling the professors or the students.” The Chronicle of Higher Education write-up of the revelation contains this wonderful sentence: “But putting aside the question of whether the methodology was ethical, what did the researchers learn about classroom-attendance patterns from their study, and what were the motives behind the experiment?” Yes. Let’s put aside the ethics of surveillance and data collection in education. Carry on!
… Ikeoluwa Opayemi, age 7, has been allowed back to school in Milford, Connecticut after her school reversed its decision to make her stay home due to fears of Ebola. Opayemi has been in Nigeria - where there is no Ebola.