http://www.phiprivacy.net/?p=1780
After further review, investigator doesn’t think WDH had to report data breach
By Dissent, January 8, 2010 6:29 am
Adam D. Krauss brings us the latest on the controversy over a breach at Wentworth-Douglass Hospital:
A state investigator says after reviewing additional information he still doesn’t think Wentworth-Douglass Hospital had to notify patients impacted by the privacy breach.
James Boffetti, who leads the Office of the Attorney General’s consumer protection and antitrust bureau, said the breach didn’t trigger the state’s notification law even though personal information was improperly viewed by an ex-employee.
“What we know is she, as an apparent act of retaliation against her former employers, tampered with certain fields of information,” including patients’ genders, addresses and where their reports should be sent, he said. But “there isn’t any indication that she misused the information.”
RSA 359-C: 20 says in the event of a breach those doing business in the state must determine whether personal information will be misused and mandates notification of those affected if misuse has occurred, is reasonably likely to occur or if a determination cannot be made.
Read more on Foster’s Democrat.
Update How much is Visa actually out of pocket because of this breach? Zero Issuing banks reimburse their cardholders.
http://www.databreaches.net/?p=9350
Heartland in $60 mln settlement agreement with Visa
January 8, 2010 by admin Filed under Breach Incidents, Financial Sector, Of Note, U.S.
Reuters is reporting:
Heartland Payment Systems Inc (HPY.N) said it reached a $60 million settlement agreement with Visa Inc (V.N), under which it will pay issuers of Visa-branded credit and debit cards for data security breach claims.
Heartland, the fifth-largest payments processor in the United States, said the settlement was with respect to losses issuers may have incurred from a criminal breach of its payment systems in 2008.
Visa would credit the full amount of intrusion-related fines it previously collected from Heartland’s sponsoring bank acquirers and provide details of the settlement to eligible issuers in the coming days, Heartland said in a statement.
[Press Release omitted Bob]
Basic management control. Know the flow of records and investigate any anomalies!
http://www.phiprivacy.net/?p=1783
UMC lacks way to log patients’ records
By Dissent, January 8, 2010 6:59 am
Marshall Allen updates us on a recent breach involving allegations that insider(s) accessed and sold patient data to local attorney(s):
University Medical Center has no system to track patient records, leading to numerous instances in which hospital paperwork containing Social Security numbers, birth dates and other private information goes missing, a state investigation has found.
The investigation was triggered by a Las Vegas Sun story revealing that patient records of traffic injury victims were being systematically leaked from UMC, allegedly to ambulance-chasing attorneys in search of clients. The breach, an apparent violation of federal law, is also being investigated by the FBI.
The Nevada State Health Division examined the public hospital’s methods for protecting patient privacy. It released its report Thursday.
[...]
After reading the report, Jeffrey Drummond, a Dallas attorney who specializes in helping hospitals comply with patient privacy laws, said it’s rare for a facility to take such a “cavalier” attitude toward securing sensitive information. [I suspect it is not rare. Perhaps the public rarely hears about it... Bob]
“This strikes me as pretty outrageous,” he said. “The lack of control over what’s going on in the hospital with regard to patient information, if this (report) is remotely true, seems outrageous.”
[...]
Washington, D.C., attorney Kirk Nahra, who also specializes in hospital privacy compliance, offered a more nuanced view of the report. There’s nothing in the document that directly relates to the leak of the face sheets originally reported in the Sun, he said, and even the most stringent privacy practices can’t stop an employee who wants to commit a criminal act.
A trauma center is a chaotic place where hospitals balance caring for the needs of patients with protecting their private information, Nahra said. The same kinds of problems reported by the state could be found in other emergency rooms, he said, though they should serve as a wake-up call to UMC.
Read more in The Las Vegas Sun.
Balancing? Keeping track of where you file multiple copies of a medical record and keeping track of access to records does not interfere with patient care, particularly when some of the recording is automated through software. In fact, having a system that enables you to know where to find information can speed up health care. Having been involved in emergency care in the past, I could agree with Kirk if he argued that occasionally, a copy of a file might get lost or misplaced in an emergency room, but to minimize the failure to have a system in place for monitoring access is just excusing sloppy security and privacy practices. The fact that it may also occur in other emergency rooms does not minimize the importance of the problem, if the report is accurate.
Now this looks like “anonymized data” to me. Are schedules covered by HIPAA? Apparently. (Is vindictiveness a disease?)
http://www.phiprivacy.net/?p=1786
MS: Woman out of a job after sending tweet to Governor Barbour
By Dissent, January 8, 2010 9:22 am
Julie Straw of WDAM reports:
A tweet to Governor Haley Barbour ended with a University Medical Center employee resigning from her job. She said she was simply using the social networking site Twitter to exercise her right to freedom of speech. UMC officials said it was a violation of privacy laws.
Last Tuesday afternoon Governor Haley Barbour wrote this on his Twitter page, “Glad the Legislature recognizes our dire fiscal situation. Look forward to hearing their ideas on how to trim expenses.”
Less than an hour later Jennifer Carter, a former administrative assistant for UMC’s nursing school, tweeted this to Governor Barbour, “Schedule regular medical exams like everyone else instead of paying UMC employees over time to do it when clinics are usually closed.”
Carter was referring to an incident she was told about by several UMC staffers three years ago. She claims the Governor came to the Pavilion on a Saturday when it is usually closed and had it specially staffed with 15-20 people all for a check up.
“I wasn’t really jabbing at him. That’s just what people do on Twitter,” said Carter.
Two days later Carter was contacted by UMC’s Department of Compliance for violation of HIPAA Laws.
She said the Compliance Department told her the Governor’s Office had tracked her down and told them to deal with her.
“I was told I would be suspended for three days without pay until the paper work could be done. I was strongly encouraged to resign,” said Carter. She did resign.
Carter doesn’t believe her Tweet broke any privacy laws that protect patients.
Read more on WDAM.
I’m surprised that Carter doesn’t recognize that revealing anything she learned about him or his medical appointments through her employment is a HIPAA violation. Could someone reading the tweet not realize that she was referring directly to him? I suppose, but the fact is she knew she was referring to his visit to UMC and that means she was disclosing information that should not have been disclosed. At least that’s how I see it.
There must not be a large music or film industry in Oregon.
Senator Demands IP Treaty Details
By David Kravets January 7, 2010 5:39 pm
That a U.S. senator must ask a federal agency to share information regarding a proposed and “classified” international anti-counterfeiting accord the government has already disclosed is alarming. Especially when the info has been given to Hollywood, the recording industry, software makers and even some digital-rights groups. [“Yeah, but we trust them!” Bob]
Sen. Ron Wyden (D-Oregon) is demanding that U.S. Trade Representative Ron Kirk confirm leaks surrounding the unfinished Anti-Counterfeiting Trade Agreement, being negotiated largely between the European Union and United States. Among other things, Wyden wants to know if the deal creates international guidelines that mean consumers lose internet access if they are believed to be digital copyright scofflaws.
Read More http://www.wired.com/threatlevel/2010/01/senator-demands-details/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29#ixzz0c25ENly2
So that's were that email came from. Instead of “Bob is on vacation” it replies “Got Viagra?” If Chinese hackers could write clear English, this might have been more successful.
Hotmailers Hawking Hoax Hunan Half-Offs
Posted by kdawson on Thursday January 07, @04:05PM from the how-horrific dept.
Frequent Slashdot contributor Bennett Haselton writes
"An estimated 200,000 Hotmail users currently have their auto-reply set to a message spamming an advertisement for Chinese scam websites, which sell "discounted" electronics. Presumably the spammers compromised a large number of Hotmail accounts to pull this off, but wouldn't it be pretty easy for Hotmail to query for which users have that set as their auto-reply, and turn the auto-reply off for them?"
Read below for Bennet's thoughts.
After a recent mailing that I sent out to a subset of my proxy mailing list, I got back 18 auto-replies from Hotmail users, all substantially similar to this:
[Long post follows Bob]
For all you stalkers
Hack Pinpoints Victim's Physical Location
'Samy worm' writer publishes proof-of-concept that gleans home router GPS coordinates
Jan 06, 2010 | 03:38 PM By Kelly Jackson Higgins DarkReading
Samy might know where you live: Samy Kamkar, the hacker who spread the massive MySpace worm in 2005, has published a proof-of-concept attack that identifies a victim's geographic location via his home router.
Kamkar says it all started when he found a cross-site scripting (XSS) bug in a Verizon FiOS wireless router, which allowed him to grab the browser's MAC address and then map it to the GPS coordinates via Google Location Services. The attack works on any browser and doesn't rely on browser-based geolocation features.
(Related) The flip side of stalking?
Bank Thieves Foiled by GPS-Spiked Cash
By Kim Zetter January 7, 2010 3:50 pm
Forget exploding dye packs. Three thieves who made off with about $9,000 in cash from an Illinois bank were thwarted by a GPS device inserted in the cash that led authorities straight to their door, according to the Chicago Tribune.
Read More http://www.wired.com/threatlevel/2010/01/gps-spiked-cash/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29#ixzz0c24NLjxI
Canada has something like this, but it's a CD tax. So if I claim copyright on my Blog, will France and Canada send me money? If not, should I sue them?
France Considers 'Pirate Tax' For Online Ads
Posted by samzenpus on Friday January 08, @04:36AM from the somone-has-to-pay dept.
angry tapir writes
"A report commissioned by the French Minister of Culture Frédéric Mitterrand urges the introduction of a tax on online advertising such as that carried by Google, which would be used to pay the creators of artistic and other works that lose out to online piracy."
(Related) Owning a copyright make you crazy?
Mexico Wants Payment For Aztec Images
Posted by samzenpus on Thursday January 07, @10:44PM from the montezuma's-latest-revenge dept.
innocent_white_lamb writes
"Starbucks brought out a line of cups with prehistoric Aztec images on them. Now the government of Mexico wants them to pay for the use of the images. Does the copyright on an image last hundreds of years?"
I don't suppose they'd allow me to become a utility – my level of campaign contributions is too low.
Google launches a utility as DOE funds data center efficiency
With opportunities abounding in renewable power and energy efficiency, traditional IT companies are making some rather aggressive moves into this market. This week, Google announced that it will launch its own utility, while Yahoo has found a source of funds for a new data center: the Department of Energy.
By John Timmer Last updated January 7, 2010 12:33 PM
Always good for breaking stereotypes. Those “fat cat” Republicans only get two of the top ten slots. Most, of course, got their money the old fashioned ways (marriage or inheritance) But it's always comforting to know that Congressmen are just like real citizens.
http://www.bespacific.com/mt/archives/023202.html
January 07, 2010
The Richest Members of the US Congress
Center for Responsive Politics - Personal Finances Disclosures: "In some ways, lawmakers' finances look a lot like those of many Americans. They include diverse portfolios of stocks, bonds, mutual funds and real estate. They have bank accounts, credit cards and mortgages. The difference: Politicians generally have more money and—unlike most people they represent—they must make their investments public. By May 15 of each year, congressional members and top officials in the executive branch must file forms covering the preceding calendar year that detail their personal finances. By law, they must list their assets and liabilities, their income (excluding their government salaries, oddly), asset transactions, gifts they received and more. They need not list property unless it produces income, meaning their primary residence is generally not listed. But they must include the source of their spouse's income. Explore the holdings and activity of a particular politician or search through our database by keyword or organization to see who has holdings in your company or asset of choice."
(Related) I can't do this – I barely recognize myself when I look in the mirror. Perhaps we can get some of those poorer Congressmen to tweet about their love of Big Macs...
http://www.popeater.com/2010/01/05/celebrity-tweets-twitter/
The Secret Business of Celebrity Tweets
By Steven Avalos Posted Jan 5th 2010 03:03PM
Are celebs being paid to tweet about brands or services? Nicole Richie, Kim Kardashian, Whitney Port and Audrina Patridge can reportedly earn up to $10,000 per tweet for companies including Sony and Nestle. Say it ain't so. OK! Magazine reports on the dark underbelly of the Twitterverse, and you may never look at social media the same again!
… The biggest earners are Britney Spears and P. Diddy who could earn up to $20,000 per tweet. $20K. Per tweet.
Mark your calendars
http://www.phiprivacy.net/?p=1773
Webinar: “The State of U.S. Healthcare Privacy – Survey Results and Expert Perspectives”
By Dissent, January 7, 2010 1:52 pm
I received this notice of an educational webinar titled “The State of U.S. Healthcare Privacy – Survey Results and Expert Perspectives”, featuring Deven McGraw, Director of the Privacy Project at the Center for Democracy and Technology (full bio), and John Houston, Vice President; Information Security and Privacy; Assistant Counsel at the University of Pittsburgh Medical Center (full bio).
Date: Wednesday, January 27th, 2010 Time: 11:00 Pacific / 2:00 Eastern
Interesting. Looks like an RSS reader for Tweets. If they use my Tweet, can I demand royalties?
http://thenextweb.com/uk/2010/01/07/news-organisation-orders-journalists-install-tweetdeck/
Sky News Orders All Journalists to Install Tweetdeck
by Zee on January 7, 2010
Sky News is installing Twitter’s most popular application Tweetdeck on all of it’s journalist’s computers in the hope that it will stir the use of social media for newsgathering and reporting.
No comments:
Post a Comment