St. Joseph Health (SJH) has agreed to
settle potential violations of the Health Insurance Portability and
Accountability Act of 1996 (HIPAA) Privacy and Security Rules following the
report that files containing electronic protected health information (ePHI)
were publicly accessible through internet search engines from 2011 until 2012. SJH, a nonprofit integrated Catholic health
care delivery system sponsored by the St. Joseph Health Ministry, will pay a
settlement amount of $2,140,500 and adopt a comprehensive corrective action
plan.
…On February 14, 2012, SJH reported to the U.S. Department
of Health and Human Services, Office for Civil Rights (OCR) that certain files
it created for its participation in the meaningful use program, which contained
ePHI, were publicly accessible on the internet from February 1, 2011, until
February 13, 2012, via Google and possibly other internet search engines. The server SJH purchased to store the files
included a file sharing application whose default
settings allowed anyone with an internet connection to access them. Upon
implementation of this server and the file sharing application, SJH did not
examine or modify it.
… The Resolution
Agreement and Corrective Action Plan may be found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/sjh.
SOURCE: HHS
Note that this incident was covered on this site back in 2012.
A settlement of a class-action lawsuit stemming from the breach was announced
in March of this year.
Failure to use Best Practices?
Andrew Blake reports:
A Republican Party website that
sells bumper stickers and T-shirts advertising presidential candidate Donald
Trump was compromised earlier this year by hackers who spent several months
silently stealing credit card details and other personal information from
purchasers, according to a Dutch security researcher.
The digital storefront used by
the National Republican Senatorial Committee (NRSC) to sell products ranging
from “Never Hillary” stickers to “Make America Great Again” bracelets was
compromised for nearly six months starting March 16, researcher Willem de Groot
wrote in a recent report.
Read more on Washington
Times.
Gosh, how unexpected!
Mirai Increasingly Used for DDoS Attacks After Source Code
Leak
The first reports about Mirai
were largely ignored by the industry, but the massive distributed
denial-of-service (DDoS) attacks launched against the website of journalist
Brian Krebs and hosting provider OVH brought the Trojan into the spotlight.
When he decided to release
the source code, the author of Mirai claimed his creation had
infected as many as 380,000 devices, but the number had started to drop after
the malware made the news.
Researchers at
Level3 Communications have been monitoring Mirai and determined that the number
of bots more than doubled following the source code leak.
Another look at an Ethical Hacking resource.
Sandra Chereb reports:
Auditors delayed release of a
report detailing security vulnerabilities in state databases to protect the
information of tens of thousands of current and former state employees and
their beneficiaries, a legislative committee was told Tuesday.
Douglas Peterson, information
systems audit supervisor, told the Legislative Audit Subcommittee it was the first time he can recall in 20 years with
the state that a decision was made to withhold an audit until problems are
fixed.
Read more on the
Las Vegas Review-Journal.
How bad was it, you wonder? From the key findings of the audit:
Confidential information about
state employees was stored unencrypted in the Division’s databases, increasing
the risk of unauthorized access of this information.
… State security standards
require that confidential personal data be encrypted whenever possible.
… Enterprise Information Technology Services
(EITS) support staff, who manage the Division’s databases, indicated they were
not aware that there was a requirement to encrypt this information.
…and a Computer Security resource.
17 October 2016
The Hague
The Hague
More than 2 500 victims were able to decrypt
their devices thanks to No More Ransom
Just three months after the successful launch of the No
More Ransom project, law enforcement agencies from a further 13 countries have
signed up to fight ransomware together with the private sector.
… More law
enforcement agencies and private sector organisations are expected to join the programme
in the coming months. Their
collaboration will result in more free decryption tools becoming available,
helping even more victims to decrypt their devices and unlock their
information, and damaging the cybercriminals where it hurts the most: their
wallets.
… The aim of the
online portal www.nomoreransom.org is
to provide a helpful resource for victims of ransomware. Users can find information on what ransomware
is, how it works and, most importantly, how to protect themselves.
SOURCE: Europol
Something for my IT Governance students from India. Have they been informed?
Sugata Ghosh and Sachin Dave report:
A month ago, an official of Axis
Bank– India’s third largest private sector lender — received an unexpected
telephone call. The caller, an engineer at Kaspersky Lab, the well-known
Moscow-headquartered cyber security firm, rattled off the names of several Axis
computers which, he claimed, have been breached.
The Kaspersky man said his firm
had stumbled on the information in the course of a separate probe. When an Axis
team looked into the bank’s servers, it found out that there was indeed an
unauthorized login by an unnamed, offshore hacker.
(Related)
ToI reports:
Pune: In one of the biggest card
replacements in Indian banking, State Bank of India has said that it will
re-issue around six lakh debit cards to customers, which have been
blocked following a malware-related security breach in a non-SBI ATM
network.
“It’s a security breach, but not
in our banks’ systems. Many other banks also have this breach —
right now and since a long time,” Shiv Kumar Bhasin, SBI’s chief
technology officer (CTO), told TOI, adding that customers who used their cards
only at SBI-run ATMs have not been affected by this. “A few ATMs have been affected by a malware. When people use their card on infected
switches or ATMs, there is a high probability that their data will be
compromised,” Bhasin said.
Read more on Times
of India.
Note: 6 lakh = 600,000
Perspective. (How
do I encrypt my face?)
Half of American Adults Are in Police Facial-Recognition
Databases
… These findings
were published Tuesday in a report from
Georgetown Law’s Center for Privacy and Technology. It details the results of a year-long
investigation that drew upon more than 15,000 pages of records obtained through
more than 100 freedom-of-information requests.
The study’s authors—Clare Garvie, Alvaro Bedoya, and
Jonathan Frankle—attempted to fill in large gaps in public knowledge about how
facial-recognition technology is used, and the existence of policies that
constrain how police departments can use it. Some details about the FBI’s use of facial
scanning were previously known, but the scale of local and state
law-enforcement involvement is only now starting to come to light.
… Only five states
have any laws that touch on how law enforcement can use facial recognition, and
none of them take on more than one aspect of the issue, the report found.
Yes, Colorado has laws.
David Raths reports:
To help school administrators,
families, technology companies and state legislators sort through the patchwork
quilt of state legislation on student privacy, the Center for Democracy &
Technology (CDT), an advocacy group, has developed a
state-by-state survey of student privacy laws in partnership with the law
firm BakerHostetler.
THE Journal recently
spoke with Michelle De Mooy, the acting director of CDT’s Privacy & Data
Project, about the survey’s findings. In
its review on student privacy legislation in all 50 states and the District of
Columbia, CDT found that California is the model in terms of comprehensiveness,
with clear requirements about data retention limits and data security programs.
“California’s Student Online Personal
Information Protection Act is definitely a model for updated student privacy
protection, we think,” said De Mooy.
Read more on T|H|E
Journal
Related: State
Student Privacy Law Compendium
This is brilliant, but unlikely to get to enough airports
fast enough to keep customers happy.
Would “global flash services” be a profitable enterprise?
Samsung Sets Up Galaxy Note 7 Exchange Stations At Airports
Around The Globe
The exchange
booths first appeared in South Korea at the Incheon International Airport. The stations have now appeared throughout the
world. Flyers have reported exchange
booths at LAX and San Francisco International Airport, while the Samsung
Australia page directs flyers to stations at seven different airports. Rumor has it that these exchange booths will
be coming to the United Kingdom soon.
For my IT Architecture students.
Banking group unveils guidelines for new financial technology
The American Bankers Association (ABA) released its FinTech playbook, standards
for banks to follow as they adopt new technologies to expand their services.
The future? If it
works in Europe, can it work here?
Amazon Eyes Internet Service Offering
Amazon.com is considering offering internet service
directly to consumers in Europe, said a person briefed on the discussion. That would allow Amazon to bundle internet
access with its Prime streaming video offering, the person said, making it more
competitive with cable operators which already offer a similar broadband-video
package.
Something for my students to consider.
… the truth is
that companies rarely succeed by adapting to market events. Rather, successful firms prevail by shaping the future. That can’t be done through agility alone, but
takes years of preparation to achieve. The
truth is that once you find yourself in a position where you need to adapt,
it’s usually too late.
Are they right about cash?
Apple's Next Goal Is Killing Paper Money Once and For All
Apple CEO Tim Cook has an idea for the future—eliminating
cash.
Apple Pay could be the “catalyst” that ultimately gets the
world to switch from cash to digital payments, he told
the Japanese news service Nikkei in an interview published on Monday.
“We would like to be a catalyst for taking cash out of the
system,” Cook said. “We don’t think the consumer particularly likes cash.”
This will make the next Apple Super Bowl ad amusing. Imagine Microsoft ninjas sneaking into the
Patriot locker room and deflating all the footballs…
New England Patriots coach Bill Belichick puts Surface tablet
on the inactive list
In the National Football League’s march toward technology,
Bill Belichick is calling a timeout.
The New England Patriots head coach says he’s “done” with
Microsoft’s Surface tablets, the devices that line NFL sidelines during games
to help players and coaches review images of past plays.
“They’re just too undependable for me,” he said in a rant at a press conference
that reporter Zack Cox of NESN clocked
at 5 minutes, 25 seconds long. The
tirade eventually touched on a range of Belichick’s concerns with the NFL’s
technology regime.
Belichick, a winner of four Super Bowls, including the
championship game in 2015 against the Seattle Seahawks, says he’ll stick with
paper printouts from here on out.
Microsoft in 2014 inked a five-year sponsorship deal with
the NFL for a reported $400 million.
Believe it or not, we have a very active student Movie
Club that streams movies on the huge TV/white boards we have.
… Vudu is a
offering a sweet deal here. Although a
Vudu account IS required, you don’t even need to have payment information on
file to access the free, ad-supported content. So while Vudu’s ultimate goal is to draw you
into buying or renting other movies or TV shows, at least it isn’t being too
pushy about it.
No comments:
Post a Comment