Thursday, April 21, 2011

Texas is tough... But shouldn't this be the fate of any manager who fails to protect the assets they are responsible for?

http://www.networkworld.com/news/2011/042111-texas-fires-two-tech-chiefs.html

Texas fires two tech chiefs over breach

The Texas State Comptroller's office has fired its heads of information security and of innovation and technology following an inadvertent data leak that exposed Social Security numbers and other personal information on over 3.2 million people in the state.

Two other employees have also been fired over the incident, a statement posted on Texas Comptroller Susan Combs' site noted .

… The exposed data was contained in three files that were transferred to the comptroller's office from the Teacher Retirement System of Texas (TRS), the Texas Workforce Commission and the Employees Retirement System of Texas (ERS).

The data, which was to be used by a property verification system [Why would retired teachers be matched against property records? Bob] at the Comptroller's office, was supposed to have been transferred in an encrypted manner by the agencies under Texas administrative rules. However, the data was transferred in an unencrypted manner to the Comptroller.

To compound the mistake, personnel in Combs' office then put the information onto a server that was accessible to the public and left it there for an extended period, without purging it as required, the statement said.

The mistake was finally discovered on March 31, more than 10 months after the files were put on the server.



How NOT to share Electronic Health Records.

http://www.phiprivacy.net/?p=6534

Texas Health Arlington Memorial Hospital breach notice

By Dissent, April 20, 2011

I finally tracked down an explanation for a breach entry in HHS’s breach tool that read:

Texas Health Arlington Memorial Hospital,TX,, 654, 12/23/2010,Unknown ,Electronic Medical Record,,

I had reported it on this blog last week, but here’s the undated notice that explains it:

Texas Health Arlington Memorial Hospital is notifying our patients about a breach of personal health information. After completion of the investigation and review of the facts, we believe that there is no potential harm of identity theft or financial fraud to you due to the intended purpose of the disclosure. The breach was discovered on January 26, 2011.

Texas Health Arlington has been in the process of converting information systems and processes to the same system standards used at other Texas Health hospitals. On December 23, 2010 the information services department turned on a switch between Texas Health Arlington and SandlotConnect, a health information exchange. The switch allows health information to go to SandlotConnect after patients sign an authorization form and the patients’ accounts are marked to permit the exchange of information.

It was determined that there were two issues: (1) the SandlotConnect authorization form was not presented to patients at the time of registration as Texas Health Arlington employees were not aware that the switch had been turned on and (2) the registration employees were marking patients’ accounts incorrectly.

The information disclosed to SandlotConnect included the following elements: name, address, date of birth, social security number, account number, medical record number, insurance information, and dates of service. In addition, the categories of health information as indicated below may have been sent: Lab Results, Radiology Results, Problems, Procedures, Transcribed Reports, Medications, and/or Allergies.

Since notification of the event, we turned off the switch so that no further health information would be sent, marked each affected patients’ account as not participating in the health information exchange, and worked with Sandlot to shield the information from being further used or disclosed. In addition, Texas Health Arlington registration employees received additional training on the SandlotConnect health information exchange processes. Information services has modified their implementation process for the health information exchange and trained their employees on it.

We also reviewed audit trail reports and determined that the majority of accounts were accessed by Sandlot employees in order to shield the affected patients’ health information. [If I read this correctly, they manually flagged these records (rather than removing them) and at the time the Audit Reports were produced, they had not yet flagged them all. Why is there no automated “un-do” process? Bob]

… Another finding was that some patients already had their accounts marked to participate in the exchange due to a previous visit at another Texas Health hospital where they had authorized their the exchange to SandlotConnect. However, it is our practice for patients to have the opportunity at each visit to a Texas Health hospital to decide whether they want to participate or not in the health information exchange.

Read more on TexasHealth.org



Apparently, telling Congress that you (Apple) collect location data and store it anonymously is not the same as telling Congress that the device that collects the data can be related to the device owner because it is still in his possession!

http://www.pogowasright.org/?p=22512

Your computer knows where your iPhone has been

April 20, 2011 by Dissent

Apple may have just bought itself another round of questioning by certain members of Congress.

Back in July 2010, Apple informed members of Congress that although iPhone and other Apple products do collect and store “batched” user location data, the data are not directly associated with a particular identity or device (see their letter to Congressmen Markey and Barton here). That may be true on their side of the equation, but nowhere did they mention that what appears to be specific and time-stamped location data would be downloaded to the customer’s computer drive during synch operations.

Charles Arthur of The Guardian reports:

Security researchers have discovered that Apple’s iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner’s computer when the two are synchronised.

The file contains the latitude and longitude of the phone’s recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner’s movements using a simple program.

For some phones, there could be almost a year’s worth of data stored, as the recording of data seems to have started with Apple’s iOS 4 update to the phone’s operating system, released in June 2010.

Read more in The Guardian.

Clearly, this raises a huge privacy concern for those who do not want any record of their travels on their hard drive. Not everyone sees it as a problem, of course, and Kashmir Hill doesn’t seem to find it particularly problematic.

As for me, well, I don’t use any of those products, so it’s no big deal to me, but I do think that Apple should have been clearer with users about the existence of this file and its function.

[Senator Al Franken is jumping on reports like this on. Not sure if he is a techie at heart, or just thinks this will impress his constituents. Some good questions though...

http://www.franken.senate.gov/files/letter/110420_Apple_Letter.pdf



A Privacy Law review, but pretty thin....

http://www.bespacific.com/mt/archives/027057.html

April 20, 2011

CRS - Privacy Protections for Personal Information Online

Privacy Protections for Personal Information Online, Gina Stevens, Legislative Attorney, April 6, 2011

  • "There is no comprehensive federal privacy statute that protects personal information. Instead, a patchwork of federal laws and regulations govern the collection and disclosure of personal information and has been addressed by Congress on a sector by-sector basis. Federal laws and regulations extend protection to consumer credit reports, electronic communications, federal agency records, education records, bank records, cable subscriber information, video rental records, motor vehicle records, health information, telecommunications subscriber information, children’s online information, and customer financial information. Some contend that this patchwork of laws and regulations is insufficient to meet the demands of today’s technology. Congress, the Obama Administration, businesses, public interest groups, and citizens are all involved in the discussion of privacy solutions. This report examines some of those efforts with respect to the protection of personal information. This report provides a brief overview of selected recent developments in the area of federal privacy law. This report does not cover workplace privacy laws or state privacy laws."



“Oh golly gosh! Someone is selling something cheaper than we are! That must be why we're failing!” Another Industry that hasn't anticipated customer demands and can't imagine how to catch up.

http://games.slashdot.org/story/11/04/21/0532249/Dollar-Apps-Killing-Traditional-Gaming?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Dollar Apps Killing Traditional Gaming?

"There can be no denying that the rise of smartphones and tablets has had a major impact on the gaming business. The prevalence of free and 99-cent apps has changed consumers' perception of value . Mike Capps, president of Gears of War developer Epic Games, said, 'If there's anything that's killing us [in the traditional games business] it's dollar apps. How do you sell someone a $60 game that's really worth it? They're used to 99 cents. As I said, it's an uncertain time in the industry. But it's an exciting time for whoever picks the right path and wins.'"



For my Intro to Computer Security students Note: The PDF is bad – should be fixed soon...

http://www.bespacific.com/mt/archives/027059.html

April 20, 2011

NSA: Best Practices for Keeping Your Home Network Secure

Best Practices for Keeping Your Home Network Secure, April 2011.

  • "The cyber threat is no longer limited to your office network and work persona. Adversaries realize that targets are typically more vulnerable when operating from their home network since there is less rigor associated with the protection, monitoring, and maintenance of most home networks. Home users need to maintain a basic level of network defense and hygiene for both themselves and their family members when accessing the Internet."



If you absolutely must have a PowerPoint presentation, this might make it more palatable.

http://www.edutecher.net/links.php?id=1291

Present Me

Present Me is a wonderful presentation delivery tool that allows teachers to upload PowerPoint presentations and then record audio and video through a webcam which syncs to the presentation being shared. That new video presentation of the slides with the presenter can be shared, embedded, and easily sent around for others to view. This is a great way to capture and share specific lectures or explanations of assignments. It is also a great way for students to be able to reference or review an assignment given in class. The free version of this tool allows for a limited number of presentations to be saved/shared and is ad-supported.

http://present.me/



This looks very interesting. I wonder how well it works with technical writing?

http://www.makeuseof.com/tag/organize-create-stories-novels-storybook/

Organize & Create Your Short Stories & Novels With StoryBook

Here at MUO, we love writing and have always tried to bring you tools that will help with your writing, such as Nancy’s guide to inspiring apps for writers, Jeffry’s list of Firefox addons for writers, and Karl’s review of VocabGrabber. Today I’d like to offer an impressive open source application called Storybook, which can automate the entire writing process for you. This way, you can focus on what you do best – writing stories.

Writing A Novel With Storybook

What impressed me the most about this organizational tool is that it is capable of helping you sort out and organize even the most complicated novel with multiple storylines. The software comes loaded with tools to create, sort and connect the chapters of your book with individual scenes, your list of developed characters, and you can even “strand” together your scenes into a sequence that forms individual storylines that you can link together.


No comments: