Friday, July 17, 2009

A large number of small breaches are being reported today, I'll just pass on the more interesting ones.



HIPPA obfuscation?

http://www3.signonsandiego.com/stories/2009/jul/16/1m16breach001243-computers-breached-cancer-center/

Computers breached at cancer center

By Angelica Martinez Union-Tribune Staff Writer 2:00 a.m. July 16, 2009

SAN DIEGO — A letter has been sent to 30,000 patients of UCSD's Moores Cancer Center after a hacker breached the center's computers and gained access to patients' personal information.

The computer servers affected contained information such as patients' names, dates of birth, medical record number, diagnosis and treatment dates back to 2004, Marshall said. The vast majority of patients' information did not include Social Security numbers, she said.

She said there is no evidence that any of the information has actually been viewed or used. Patients' medical records, which are stored in separate servers, were not breached.


(Related) The costs of a breach include:

http://www3.signonsandiego.com/stories/2009/jul/17/1m17hacker221630-hotline-ucsd-patients-swamped/

Hotline for UCSD patients swamped

Hacker causes ID theft concern

By David Hasemyer Union-Tribune Staff Writer 2:00 a.m. July 17, 2009

… LA JOLLA — The hotline established by UCSD's Moores Cancer Center after a hacker breached the center's computers and gained access to patients'personal information has been swamped with hundreds of calls from worried patients.

… She said hospital officials have determined that just 36 of the files contained Social Security numbers.

A letter was sent to all of the patients earlier this month telling them that the center's computer network was “illegally accessed” twice by overseas hackers and that some personal information may have been stolen.

… Jan Emerson, a spokeswoman for the California Hospital Association, said it's difficult to assess what allowed the hacker into the UCSD system, and consequently there is little alarm to be raised for other hospitals. [You don't have to worry about this happening to you because we have no idea what happened? Does that strike you as an extremely illogical statement or an extremely naive one? Bob]

… “Medical records have no real value other than the very specific medical information,” Jennex said. [What am I bid for the results of Michael Jackson's drug screen? Bob]



If every state auditor can find evidence that every hospital violated access rules, the state budget deficit would vanish. Think of it as an e-Gold-Rush...

http://www.pogowasright.org/?p=1931

Kaiser Bellflower fined again for privacy breach

July 16, 2009 by Dissent Filed under Breaches, Featured Headlines, U.S.

The Kaiser Permanente hospital in Bellflower has been hit with a $187,500 fine for failing for a second time to prevent unauthorized access to confidential patient information, state pubic health officials said today.

[Updated at 3 p.m.: A spokesman for the hospital said the fine was part of the ongoing investigation into employees improperly accessing the medical records of Nadya Suleman and her children. Disciplinary action has been taken against the employees, said Jim Anderson, a hospital spokesman. All the incidents occurred in January; a previous post said they had occurred in April and May.]

State officials said Kaiser Permanente Bellflower Medical Center compromised the privacy of four patients when eight employees improperly accessed records. This is the second penalty against the hospital, officials said.

The hospital was fined $250,000 in May for failing to keep employees from snooping in the medical records of Nadya Suleman, the woman who set off a media frenzy after giving birth to octuplets in January.

Read more in the Los Angeles Times. Keep in mind that this is not HHS fining them under HIPAA, but the state fining them.



For a “Think Tank” there seems to be quite a lot of “we don't know” and (since they are politicians) a lot of double-talk and a clear statement of “You employees are to blame.”

http://www.databreaches.net/?p=6225

Center for American Progress security breached

July 16, 2009 by admin Filed under Breach Incidents, Miscellaneous, Of Note, U.S., Unauthorized Access

The Center for American Progress and the Center for American Progress Action Fund were reportedly the victims of a “highly sophisticated computer security breach by an unauthorized outside party” where the motive for the breach may not have been personal information. [No doubt they wanted to steal their Liberal bias? Bob]

In a letter to the Maryland Attorney General’s Office dated April 30, CAP’s General Counsel, Debbie Fine, reports that the names and Social Security numbers of current and former employees and dependents or 401k beneficiaries may have been accessed. Some of those affected were notified that the outside party might have accessed names and Social Security numbers of health care dependents insured by American Progress’s health care plan, the employee’s CAP and CAPF email accounts, and their office computers.

No free services were offered to those affected, which included Maryland residents, but CAP’s letter to those affected included a statement that

an unauthorized party may have gained access to the contents of your office computer. We understand that information stored on your office computer can include a wide range of sensitive information. We therefore suggest considering whether you used your office computer to store information with respect to which you may want to take additional steps.



A question for my Security students (and you readers) What are the risks? Someone uses some of my “unlimited Internet access” while drinking a “double double toil and trouble, mocha jamocha toka half-eye-of-newt rootie-toot, half-decalf distaff falstaff nonfat wing of bat summer smoothie” and I should care, why?

http://hardware.slashdot.org/story/09/07/17/0527203/Australian-Police-Plan-Wardriving-Mission?from=rss

Australian Police Plan Wardriving Mission

Posted by timothy on Friday July 17, @05:00AM from the village-green-preservation-society dept. wireless government security

bfire writes

"Police officers in the Australian state of Queensland plan to conduct a 'wardriving' mission around select towns in an effort to educate citizens to secure their wireless networks. When unsecured networks are found, the Police will pay a friendly visit to the household or small business, informing them of the risks they are exposing themselves to. Officers also hope to return to surveyed areas within a month to see if users have fixed their security settings. The idea is modeled on another campaign where officers walk around railway stations checking cars have been locked, and leaving notes warning people of the dangers involved with leaving their vehicles unsecured."



Why would they want to keep this confidential? My guess is they don't have the data erquested.

http://news.slashdot.org/story/09/07/16/1748235/RIAA-Loses-Bid-To-Keep-Revenues-Secret?from=rss

RIAA Loses Bid To Keep Revenues Secret

Posted by timothy on Thursday July 16, @02:43PM from the but-your-honor-that's-our-secret-recipe-for-money-soup dept. court money

NewYorkCountryLawyer writes

"The RIAA's motion to keep secret the record companies' 1999-to-date revenues for the copyrighted song files at the heart of the case has been denied, in the Boston case scheduled for trial July 27th, SONY BMG Music Entertainment v. Tenenbaum. The Judge had previously ordered the plaintiff record companies to produce a summary of the 1999-to-date revenues for the recordings, broken down into physical and digital sales. On the day the summary was due to be produced, instead of producing it, they produced a 'protective order motion' asking the Judge to rule that the information would have to be kept secret. The Judge rejected that motion: 'the Court does not comprehend how disclosure would impair the Plaintiffs' competitive business prospects when three of the four biggest record labels in the world — Warner Bros. Records, Sony BMG Music Entertainment, and UMG Recording, Inc. — are participating jointly in this lawsuit and, presumably, would have joint access to this information.'"


(Related) Is this just hubris or is there something I'm just not seeing?

http://news.slashdot.org/story/09/07/17/085244/New-Developments-In-NPGWikipedia-Lawsuit-Threat?from=rss

New Developments In NPG/Wikipedia Lawsuit Threat

Posted by timothy on Friday July 17, @08:06AM from the I-see-portraits-of-dead-people dept. court media internet

Raul654 writes

"Last week, it was reported that the UK's National Portrait Gallery had threatened a lawsuit against an American Wikipedian for uploading pictures from the NPG's website to Wikipedia. The uploaded pictures are clearly in the public domain in the United States. (In the US, copies of public domain works are also in the public domain. UK law on the matter is unclear.) Since then, there have been several developments: EFF staff attorney Fred von Lohmann has taken on the case pro-bono; Eric Moeller, Wikimedia Foundation Deputy Director, has responded to the NPG's allegations in a post on the WMF blog; and the British Association of Picture Libraries and Agencies has weighed in on the dispute in favor of the NPG."


(Related) An interesting perspective.

http://www.zeropaid.com/news/86657/are-hopeless-copyright-wars-against-p2p-our-new-prohibition/

Are “Hopeless” Copyright Wars Against P2P “Our New Prohibition?”

Written by soulxtc

Stanford Law professor Lawrence Lessig says using outdated copyright laws to sue illegal file-sharers hasn’t caused a decrease in illegal file-sharing, and that in fact “a whole generation of children has been raised to think the law is an ass—and an ass that is to be ignored.”



Tools & Techniques The Internet is forever, but only if you keep making backup copies. (Note: Technology seems to be devolving. 8,000 years ago the Pharaohs knew how to make thinks last!)

http://hardware.slashdot.org/story/09/07/17/1213203/New-DVDs-For-1000-Year-Digital-Storage?from=rss

New DVDs For 1,000-Year Digital Storage

Posted by kdawson on Friday July 17, @08:52AM from the you-must-remember-this dept.

anonymous cowpie sends word of a Utah startup that is about to introduce technology for writing DVDs that can be read for 1,000 years after being stored at room temperature. (Ordinary DVDs last anywhere from 3 to 12 years, on average.) The company, Millenniata, is said to be in the final stages of negotiation with Phillips over patent licensing and plans to begin manufacture in September. 1,000-year "M-ARC Discs" are expected to retail for $25-$30 at first, with the price coming down with volume.

"Dubbed the Millennial Disk, it looks virtually identical to a regular DVD, but it's special. Layers of hard, 'persistent' materials (the exact composition is a trade secret) are laid down on a plastic carrier, and digital information is literally carved in with an enhanced laser using the company's Millennial Writer, a sort of beefed-up DVD burner. Once cut, the disk can be read by an ordinary DVD reader on your computer."

No comments: