This is still a relatively small breach, but the inclusion of the “we know exactly where we lost it” double talk rates inclusion.
http://www.databreaches.net/?p=14822
Health insurers say data on 280,000 Pennsylvania clients may be compromised
October 20, 2010 by admin
Jane M. Von Bergen reports:
Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan said Tuesday that a portable computer drive containing the names, addresses, and health information of 280,000 Medicaid members in Pennsylvania has been lost.
The affiliated companies together insure 400,000 people on medical assistance in Pennsylvania.
The companies said the portable computer hard drive, used at community health fairs, was lost within the companies’ corporate offices. [Wishful thinking or pure speculation. If you knew where it was, it wouldn't be lost. Bob] Keystone’s headquarters is in Southwest Philadelphia and AmeriHealth Mercy’s is in Harrisburg.
The computer drive included members’ health plan identification numbers and some of their health information, the insurers said.
Also stored on the drive were the last four digits of 801 members’ Social Security numbers, plus complete Social Security numbers for seven others.
Read more on Philly.com
(UPDATE) Turns out they may have said the data was “missing from the corporate offices” not “missing in the corporate offices”
http://www.philly.com/inquirer/business/20101021_Medical-data_breach_said_to_be_major.html?viewAll=y
Medical-data breach said to be major
… The insurers said the drive was missing from the corporate offices on Stevens Drive in Southwest Philadelphia. It noted that the same flash drive was used at community health fairs.
"That seems grossly irresponsible," said Dr. Deborah Peel, a Texas psychiatrist who heads Patient Privacy Rights, an advocacy group.
"Why would you be hauling around private patient information to a health fair," she said. "I can't imagine what they were thinking, taking this data out of a locked room at company headquarters.
… The companies said that as of Tuesday, there had been no reports of anyone trying to use the information stored on the drive. [Typical PR spin. “Up to the time we announced the breach, no one has contacted us to complain about the breach they didn't know had occurred.” Bob]
… The affiliated companies have been tight-lipped about the breach, which they said occurred Sept. 20.
Until The Inquirer asked for information, the company had not disclosed the data breach to affected members, most of whom live in Philadelphia and nearby counties.
Did privacy concerns keep this from happening before? Wouldn't that greatly increase liability? Another reason for “open journals?”
http://www.pogowasright.org/?p=16215
Researchers who fake results should be named, academic panel urges
October 21, 2010 by Dissent
Margaret Munro reports:
A blue-ribbon panel says Canadian academics found to have faked data, plagiarized and engaged in serious misconduct should be named publicly. In a report to be released Thursday, the panel said action is needed to fill serious gaps in how Canada deals with misconduct involving research and studies paid for by taxpayers.
It calls for creation of a Canadian Council for Research Integrity to foster more honesty and accountability and said the research community needs to be more open and transparent about bad behaviour that does occur.
The report deals with the privacy and reputation concerns:
Although the panel recognizes the importance of maintaining the privacy of individuals during an investigation, investigative findings should be reported and made public if an individual or institution is found guilty of research misconduct,” reports the panel, made up of 14 academics and researchers brought together by the Council of Canadian Academies, a non-profit corporation that assesses public policy issues.
“Similarly, the fact that an allegation is under investigation should be reported if an individual who is subject to an allegation resigns (either by mutual or unilateral decision) before the end of the investigation,” the panel says. “Even if an individual resigns, any investigation initiated prior to the resignation should be completed and the findings reported.”
Read more in the Edmonton Journal.
I agree that those found guilty of research misconduct should be named publicly. If doctors are to rely on research, then it’s important for us to know when research is untrustworthy and also when we might want to rethink any other studies published by a particular investigator.
Here in the U.S., many states have publicly available web sites where you can find out if a particular professional has ever had disciplinary action taken against them in their licensed or registered capacity as a provider. Those lists might not include research misconduct, though, because the state board in charge of professional misconduct may not be the board conducting the investigation on research misconduct.
A recent article in The Atlantic by David H. Freedman highlights the growing problem with untrustworthiness in published research and journals. If you think this doesn’t apply to you, think again, as the medications you are prescribed or the treatment options you have depend, in part, on what’s in the journals and what doctors are being told in what are often BigPharma-funded talks.
For my Ethical Hackers (and stalkers?)
Qwerly
Qwerly is a whois for Twitter. For every Twitter user that is looked up on our site, we generate a simple profile with links to that person's other profiles on sites such as Facebook, LinkedIn, Flickr, Last.fm, Delicious and many, many more. This way, you can discover where your friends and other interesting people hang out online.
Interesting that elected officials can not talk the bureaucracies out of their techno-spying – in the UK or the US. (Who is in charge?)
http://www.pogowasright.org/?p=16163
Every email and website to be stored
October 20, 2010 by Dissent
Tom Whitehead reports:
Every email, phone call and website visit is to be recorded and stored after the Coalition Government revived controversial Big Brother snooping plans.
It will allow security services and the police to spy on the activities of every Briton who uses a phone or the internet.
Moves to make every communications provider store details for at least a year will be unveiled later this year sparking fresh fears over a return of the surveillance state.
Read more in the Telegraph.
[From the article:
The plans were shelved by the Labour Government last December but the Home Office is now ready to revive them.
It comes despite the Coalition Agreement promised to "end the storage of internet and email records without good reason".
… The information will include who is contacting whom, when and where and which websites are visited, but not the content of the conversations or messages.
The move was buried in the Government's Strategic Defence and Security Review,
I sure this will work...
Australian Visitors Must Declare Illegal Porn To Customs Officers
Posted by samzenpus on Wednesday October 20, @03:57PM
Australian Justice Minister Brendan O'Connor has advised visitors to take a better safe than sorry policy when it comes to their porn stashes, and declare all porn that they think might be illegal with customs officers. From the article: "The government said it changed the wording on passenger arrival cards after becoming aware of confusion among travellers about what pornography to declare. 'People have a right to privacy and while some pornography is legal and does not need to be disclosed, all travellers should be aware that certain types of pornography are illegal and must be declared to customs,' Mr O'Connor said."
You would think that somewhere before the ninety ninth time this is reported, someone in charge would notice...
http://www.washingtonpost.com/wp-dyn/content/article/2010/10/20/AR2010102006740.html
Report criticizes FBI on computer project
The FBI's effort to move from paper to electronic files took another hit Wednesday when Justice Department auditors issued their latest, and perhaps most critical, report to date on the long-troubled Sentinel project.
"Sentinel is approximately $100 million over budget and 2 years behind schedule," the report from Justice Department Inspector General Glenn A. Fine said, and still lacks common features of personal computers and ordinary word-processing software, such as search functions, spell-checking and automatic document saves.
Worse, the IG said, the FBI had spent almost 90 percent of the $451 million currently budgeted for the entire program, "but it will have delivered only two of the program's four phases to its agents and analysts."
The project could cost $350 million more and take six years to complete, the auditors said. [Any IT project planned to take more then six months would get you tossed out of most MBA programs. Bob]
"We found that while Sentinel has delivered some improvements to the FBI's case management system, it has not delivered much of what it originally intended," the report said.
… Because the system lacked an auto-save capability, "several users lost partially completed forms and hours of work while using Sentinel," the IG said.
"Users also found the lack of an integrated spell checker unacceptable because most current word processing software includes this feature." On Sept. 16, FBI technology officials had briefed the auditors, telling them how the bureau had mended its ways, throwing out approaches that hadn't worked and instituting new ways to get the mission accomplished.
… But the auditors did not sound impressed. It may be too late, the inspector general said, to keep refining Sentinel.
"Regardless of the new development approach, it is important to note that Sentinel's technical requirements are now 6 years old, and there have been significant advances in technology and changes to the FBI's work processes during that time."
(Related) Maybe governments can't manage IT
http://www.databreaches.net/?p=14815
Open slather for hackers on official databases
October 20, 2010 by admin
Brian Robins follows up on the NSW Auditor-General’s report, released yesterday:
Computer hackers could gain access to personal information held in government databases as state departments routinely ignore government edicts that tighter security be imposed.
The government rarely discloses when its computer security systems have been breached, although in a report yesterday, the NSW Auditor-General, Peter Achterstraat, confirmed the Jobs NSW website was hacked last year, with email addresses of job applicants stolen and the applicants spammed by the hackers.
Similarly, RailCorp’s computer networks were infected with the Conficker virus last year. This disabled security services in its network, with data vulnerable to theft or modification by hackers
Read more in the Sydney Morning Herald.
Another IT project doomed to failure?
US Elections Dominated By Closed Source. Again.
Posted by CmdrTaco on Wednesday October 20, @12:28PM
"Another American election is almost here, and while electronic voting is commonplace, it is still overwhelmingly run by closed source, proprietary systems. It has been shown that many of these systems can be compromised (and because they are closed, there may be holes we simply cannot know about). Plus they are vulnerable to software bugs and are often based on unstable, closed-source operating systems. By the inherent nature of closed software, when systems are (optionally!) certified by registrars, there is no proof that they will behave the same on election day as in tests. The opportunities for fraud, tampering and malfunction are rampant. But nonetheless, there is very little political will for open source voting, let alone simple measures like end-to-end auditable voting systems or more radical approaches like open source governance. Why do we remain in the virtual dark ages, when clearly we have better alternatives readily available?"
Maybe the only place you can be found is on Facebook...
http://idle.slashdot.org/story/10/10/20/1222210/Man-Served-Restraining-Order-Via-Facebook?from=rss
Man Served Restraining Order Via Facebook
Posted by samzenpus on Wednesday October 20, @10:10AM
"An Australian man has been served a restraining order via Facebook, after unsuccessful attempts by police to reach him by phone and in person. The man was a 'prolific Facebook user' who had allegedly threatened, bullied and harassed a former partner online. He was served both interim and final intervention orders by Facebook, after a local magistrate upheld the interim order indefinitely."
If you are smart enough to know technology can help, you should be smart enough to know your should be watching the people who use it in your name. Especially if you are running on your skills as a manager!
Meg Whitman Campaign Shows How Not To Use Twitter
Posted by samzenpus on Wednesday October 20, @07:36PM
"California gubernatorial candidate Meg Whitman's campaign team attempted to share with her Twitter followers an endorsement from a police association. Unfortunately, the campaign press secretary entered an incorrect or incomplete Bit.ly URL in the Tweet, which took clickers to a YouTube video featuring a bespectacled, long-haired Japanese man in a tutu and leggings rocking out on a bass guitar. And for whatever reason, the Tweet, which went out on the 18th, has remained active through today."
Good news! We can take pictures of public places! (We're not all terrorists!)
http://www.bespacific.com/mt/archives/025540.html
October 20, 2010
NYCLU Settlement Ends Restriction on Photography Outside Federal Courthouses
News release: "In settling a lawsuit filed by the New York Civil Liberties Union, the federal government [October 18, 2010] recognized the public’s right to take photographs and record videos in public spaces outside federal courthouses throughout the nation. The settlement comes after the NYCLU sued the federal government in April on behalf of a Libertarian activist who was unlawfully arrested by federal officers after exercising his First Amendment right to record digital video outside of a federal courthouse in Lower Manhattan."
(Related) Bad news! Not everyone agrees.
All Your Stonehenge Photos Are Belong To England
Posted by samzenpus on Thursday October 21, @12:32AM
"English Heritage, the organization that runs and manages various historical sites in the UK, such as Stonehenge, has apparently sent letters to various photo sharing and stock photo sites claiming that any photo of Stonehenge that is being sold violates its rights, and only English Heritage can get commercial benefit from such photos. In fact, they're asking for all money made from such photos, stating: 'all commercial interest to sell images must be directed to English Heritage.' As one recipient noted, this seems odd, given that English Heritage has only managed Stonehenge 'for 27 of the monument's 4,500 year old history.'"
More for the “Why lawyers are loved” file? An interesting and profitable model!
http://news.cnet.com/8301-31001_3-20020260-261.html?part=rss&subj=news&tag=2547-1_3-0-20
Accused pirates to indie filmmakers: Sue us
The independent film studios suing thousands of alleged file sharers for copyright violations may soon face their own version of Jammie Thomas-Rasset.
Attorneys representing some of the people accused of illegal file sharing told CNET yesterday that several have refused to settle with the indie studios--which is what Thomas-Rasset did when she was accused of illegal file sharing by the music industry. By taking this stance, the accused film pirates are challenging the filmmakers to take them to court.
So, that is what the studios will do, according to their attorney, Thomas Dunlap.
Dunlap is one of the founders of Dunlap, Grubb & Weaver, a Washington, D.C. law firm that has made news this year by overseeing the litigation campaign on behalf of the indie studios, a group that includes the makers of the Oscar-winning film "The Hurt Locker." [I haven't seen that one yet, perhaps I'll have my Ethical Hackers download it for me... Bob]
… The way Dunlap goes after alleged file sharers is by first filing complaints against unnamed "Doe defendants." He subpoenas the Internet service providers of each person to obtain their name. Dunlap then withdraws the suits against the Doe defendants and refiles the claims against those who decline to settle--only this time he names them. [Anything new here? Bob]
… In the next few weeks, at a minimum, you will see three or four individuals taken to court in different states."
These cases could be pivotal to copyright owners and file sharers alike. Ever since Dunlap began filing the suits, critics wondered whether the law firm could afford to bankroll potentially drawn out and costly litigation against someone who refused to settle. [How many checks have they received from those too intimidated to risk a law suit? Bob]
Cindy Cohn, legal director of the Electronic Frontier Foundation, predicted this week that serious legal challenges would drain all the profit out of litigating against individual file sharers and could discourage copyright owners from pursing lawsuits as an antipiracy strategy. [But they get to choose how many suits they file. Bob]
In the case of Thomas, considered by some to be the Joan of Arc of file sharing, her case has dragged on for nearly five years. The Recording Industry Association of America has won favorable decisions, but the cost of trying it dwarfs whatever amount the music labels will get out of Thomas, who works on an Indian reservation in Minnesota. [If he had downloaded the films on the Reservation, would their copyright laws apply? Perhaps this is a new revenue source beyond casinos and cigarettes... Bob]
Dunlap said the cases against those who refuse to settle likely won't cost much. He plans to farm out the litigation to other law firms.
(Related) News organizations to join together for copyright protection?
http://news.slashdot.org/story/10/10/21/1257252/AP-Proposes-ASCAP-Like-Fees-For-the-News?from=rss
AP Proposes ASCAP-Like Fees For the News
Posted by CmdrTaco on Thursday October 21, @09:27AM
"Techdirt directed my attention to an article where the AP discussed pressure from new devices and mediums today giving them cause to create a clearinghouse for news — much like the music industry's ASCAP — to 'establish an enforcement and payment system.' You'll notice that the story I am linking to and quoting is an AP story ... would Slashdot then be required to pay these fees? We have seen DMCA take down notices and fee discussions before from the AP."
(Related) In my mind anyway... How will the copyright cops distinguish between a download and a one-time stream (since I can capture the stream using software on my computer) I see this model as a trend, by the way.
http://www.makeuseof.com/dir/musiclink-listen-to-complete-albums/
MusicLink: Listen To Complete Albums Before Buying
There are sites that let you preview all the songs in an album for 20-30 seconds but thats hardly enough to make a buying decision. Meet MusicLink, a tool that lets you listen to complete albums before you make a decision to buy it.
Moating the ivory tower? Dis will makes edjucasion gooder!
http://www.boingboing.net/2010/10/20/virginia-school-ap-h.html
Virginia school AP History class bans curiousity, independent study, Internet
Cory Doctorow at 10:00 PM Wednesday, Oct 20, 2010
Fairfax County, VA's Westfield High has a curious set of requirements in three of its AP History class:
"You are only allowed to use your OWN knowledge, your OWN class notes, class handouts, your OWN class homework, or The Earth and Its Peoples textbook to complete assignments and assessments UNLESS specifically informed otherwise by your instructor.''
That was not all. Students could not use anything they found on the Internet. They were not permitted even to discuss their assignments with friends, classmates, neighbors, parents, relatives or siblings.
What about complete strangers? The teachers had thought of that. "You may not discuss/mention/chat/hand signal/smoke signal/Facebook/IM/text/email to a complete stranger ANY answers/ideas/questions/thoughts/opinions/hints/instructions." The words were playful, but the teachers were serious. Any violations, they said, would mean a zero on the assignment and an honor code referral.
Fundamentally, these teachers have prohibited doing any kind of outside work, having any productive discussion with your friends and family that might connect the history you're learning with the world you're living in. They have reduced education to absorbing and regurgitating a specific set of facts, divorcing it from any kind of critical thinking, synthesis, or intellectual rigor.
Parents have complained to the principal, who "will decide soon whether these rules are okay."
I wonder if this will be available to smaller customers? I also wonder what it took to get Microsoft to do this?
http://slashdot.org/story/10/10/20/2145244/Microsoft-Unbundles-Software-For-NY-City?from=rss
Microsoft Unbundles Software For NY City
Posted by samzenpus on Wednesday October 20, @07:02PM
"Microsoft has agreed to sell individual pieces of software to NY City workers, rather than forcing each seat to buy a full suite of software. The city has created three classes of users based on which pieces of software they need to perform their job, and Microsoft will sell software packages tailored to each class at a reduced price."
No comments:
Post a Comment