Never contradict the Attorney
General...
By Dissent,
May 24, 2012
It started with an announcement in July
2010 that computer backup
tapes with data on 800,000 were missing. It proceeded to
confusion as to what
business associates or vendors were involved and the sequence
of events. But things started getting really ugly over a dispute
between South Shore Hospital and the Massachusetts Attorney General’s
Office, who objected
to the hospital’s position that it did not have to provide
individual notice. Today, the Attorney General’s Office announced
that the hospital would pay $750,000 to settle charges against it
under HIPAA and state laws over the data breach:
South Shore
Hospital has agreed to pay $750,000 to resolve allegations that it
failed to protect the personal and confidential health information of
more than 800,000 consumers, Attorney General Martha Coakley
announced today. The investigation and settlement resulted from a
data breach reported to the AG’s Office in July 2010 that included
individual’s names, Social Security numbers, financial account
numbers, and medical diagnoses.
“Hospitals and
other entities that handle personal and protected health information
have an obligation to properly protect this sensitive data, whether
it is in paper or electronic form,” AG Coakley said. “It is
their responsibility to understand and comply with the laws of our
Commonwealth and to take the necessary actions to ensure that all
affected consumers are aware of a data breach.”
The consent
judgment approved today in Suffolk Superior Court includes a $250,000
civil penalty and a payment of $225,000 for an
education fund [Never contradict the Attorney General... Bob]
to be used by the Attorney General’s Office to promote education
concerning the protection of personal information and protected
health information. In addition to these payments, the consent
judgment credits South Shore Hospital for $275,000 to reflect
security measures it has taken subsequent to the breach.
The lawsuit was
filed under the Massachusetts Consumer Protection Act and the federal
Health Insurance Portability and Accountability Act.
In
February 2010, South Shore Hospital shipped three boxes
containing 473 unencrypted back-up
computer tapes with 800,000 individuals’ personal information and
protected health information off-site to be erased.
[This part could be done on-site Bob] The hospital
contracted with Archive Data Solutions to erase the back-up tapes and
resell them.
The hospital did
not inform Archive Data, however, that personal information and
protected health information was on the back-up computer tapes nor
did South Shore Hospital determine whether Archive Data had
sufficient safeguards in place to protect this sensitive information.
Multiple companies handled the shipping of the boxes containing the
tapes.
In
June 2010 South Shore Hospital learned that only one of the
boxes arrived at its destination in Texas. The missing boxes have
not been recovered although there have been no reports of
unauthorized use of the personal information or protected health
information of affected individuals to date.
The allegations
against South Shore Hospital in the lawsuit are based on both federal
and state law violations, including failing to implement appropriate
safeguards, policies, and procedures to protect consumers’
information, failing to have a Business Associate
Agreement in place [That is required by law? Bob] with
Archive Data, and failing to properly train its workforce with
respect to health data privacy.
According to the
consent judgment, South Shore Hospital has also agreed to take a
variety of steps in order to ensure compliance with state and federal
data security laws and regulations, including requirements regarding
its contracts with business associates and third-party service
providers engaged for data destruction purposes. The hospital also
agreed to undergo a review and audit of certain security measures and
to report the results and any corrective actions to the Attorney
General.
If you want to make a “world class
security screw-up” this is the model to follow...
"Yahoo on Wednesday launched
a new browser called Axis and researchers immediately discovered
that the company had mistakenly
included its private signing key in the source file, a serious
error that would allow an attacker to create a
malicious, signed extension for a browser that the browser will then
treat as authentic. The mistake was discovered on
Wednesday, soon after Yahoo had launched Axis, which is both a
standalone browser for mobile devices as well as an extension for
Firefox, Chrome, Safari and Internet Explorer. ... Within hours of
the Axis launch, a writer and hacker named Nik Cubrilovic had noticed
that the source file for the Axis Chrome extension included the
private PGP key that Yahoo used to sign the file. That key is what
the Chrome browser would look for in order to ensure that the
extension is legitimate and authentic, and so it should never be
disclosed publicly."
This screw-up is merely “New Jersey
class” It points out how easy it is to start hacking, but omits
the warning that much of this could have been spoofed.
"The mayor of West New York,
New Jersey was
arrested by the FBI after he and his son illegally took down a
website that was calling for
the recall of mayor Felix Roque (the site is currently down).
From the article: 'According to the account of FBI Special Agent
Ignace Ertilus, Felix and Joseph Roque took a keen interest in the
recall site as early as February. In an attempt to learn the
identity of the person behind the site, the younger Roque set up an
e-mail account under a fictitious name and contacted an address
listed on the website. He offered some "very good leads"
if the person would agree to meet him. When the requests were
repeatedly rebuffed, Joseph Rogue allegedly tried another route. He
pointed his browser to Google and typed the search strings "hacking
a Go Daddy Site," "recallroque log-in," and "html
hacking tutorial."'" [Be
careful what you Google... Bob]
(Related) I think it's safe to assume
that “Hillary's Hackers” are more sophisticated than “some guy
from Jersey” but think of the minimum required to join the Jihad...
"In the growing Al-Qaeda
activity in Yemen, Secretary of State Hillary Clinton revealed today
that 'cyber experts' had recently hacked
into web sites being used by an Al-Qaeda affiliate, substituting
the group's anti-American rhetoric with information about civilians
killed in terrorist strikes. Also this week, a statement from the
Senate Committee on Homeland Security and Governmental Affairs
revealed the
presence an Al-Qaeda video calling for 'Electronic Jihad.'"
Can you imagine what the people who run
China think of 1,000,000,000 people who can communicate in real time?
How does that change the political dynamic? (Does democracy start
with the Tweet: “I'm not going to take this any more. Who is with
me?”
China
rules the mobile world with 1 billion users
According to The
Next Web, the Chinese government has officially announced that it
now has more than 1 billion mobile phone users.
For comparison, the U.S. looks measly
with just more than 330 million users, according to numbers from the
CTIA
wireless association.
Perspective
Google
Says It Removes 1 Million Infringing Links Monthly
Each month, Google removes more than 1
million links to infringing content such as movies, video games,
music and software from its search results — with about
half of those requests for removal last month coming from Microsoft.
The search and advertising giant
revealed the data Thursday as it released sortable analytics on the
massive number of copyright takedown requests it receives — adding
to its already existing data on the number of times governments ask
for users’ personal data.
The Mountain View, California-based
company removes links to comply with the Digital
Millennium Copyright Act. The DMCA requires search engines to
remove links to infringing content at a rights holder’s request or
else face liability for copyright infringement itself. Google said it
complies with about 97 percent of requests, which are submitted via
an online form and usually approved via a Google algorithm.
… Google rejected some of the
requests, Fred von Lohmann, Google’s senior copyright attorney
said, because “the form is incomplete, the web page doesn’t exist
or we look at it and say we don’t think it is infringing.”
The top rights holders demanding
removal of links were Microsoft, at 543,000 last month, the British
Recorded Music Industry at 162,000 and NBC at 145,000. The top
targeted sites hosting allegedly infringing content were
filestube.com at more than 43,000, torrents.eu at more than 23,000,
and 4shared.com at more than 22,000.
The Pirate Bay, the most notorious
online haven for copyrighted content, came in at an unimpressive 13th
place, with 10,245 requests for takedowns of links to the site.
… Overall, Google received 1.24
million requests from 1,296 copyright owners for removal the past
month. They targeted 24,129 domains.
… But before the removal process
became automated, Google said in a blog post that it removed less
than 250,000 links in all of 2009. [Indication
that the requester's end is also automated? Bob]
Something to think about...
The
Future of Scholarship: Easier, Harder, and With More Charlatans
… Fifteen years ago my laptop was
surrounded by books, some of which I owned, some I had checked out
from my college's library or from the local public library, some I
had ordered from other libraries. And then there were the
photocopied articles, so many that I had organized them roughly by
subject and gathered them into three-ring binders.
… Now I still have books around,
but in far smaller stacks, and no photocopies at all. Instead, I
have thirty or more browser tabs open, containing articles from JSTOR
or Project Muse, full-length texts
on Google Books and Project
Gutenberg, Amazon.com pages containing all the notes I've made in
the Kindle books I've used for research, plus a number of "Look
Inside!" pages from Amazon. I even have Amazon pages open for
books sitting on my desk. There's no Kindle edition of Diarmaid
MacCulloch's magisterial
biography of Thomas Cranmer, but if I'm looking for a particular
passage in it, looking through my underlined and annotated paper copy
is just too slow: I type a keyword or two into the
"Look Inside" search box and get the relevant page number
instantly. Often I type in a quotation from the webpage
instead of from the book because it's faster and easier than trying
to find a way to prop the book open. Probably half of the sources I
draw on in my research are still from print, but I spend 80 percent
or more of my working time looking at my laptop screen. I still use
a lot of books, but I spend less and less time in them, and more and
more time with digital text (even when I have hard copies of the
books).
… So how do these changes matter?
How do they affect the work of writing, and how we think
about the work of writing? I think there are three major ways.
1) They make
research -- and getting the research into my documents -- much easier
and faster.
2) They make it
less defensible to cut corners. If I read
in a modern book or article a quotation from an old book or article,
chances are I can find that original source online: if it's a book,
it's likely to be in Google Books or some other site, and if it's an
article, the digital archives of periodicals are increasingly
complete. There's really no good excuse for failing
to track down that original source to make sure it hasn't
been quoted inaccurately or out of context, and to see if it contains
other useful material.
3) They
make it easier to fake erudition. It has never been
nearly so easy to give yourself the appearance of learning you do not
really have. … Instead of citing one source for a given idea I
can cite five. If I have gotten information from a commonly-used
source I can often track down a much older and more obscure citation
for it.
No comments:
Post a Comment