Saturday, September 15, 2012

A tiny breach, but with all the “Worst Practices”
By Dissent, September 14, 2012
A press release from the Feinstein Institute for Medical Research:
After learning that a laptop containing research study information was stolen from an employee’s car, the Feinstein Institute for Medical Research announced today it is sending letters to some research participants, advising of the possible disclosure of some personal and health information.
“Although both the computer and the health information contained on the laptop were password protected, we cannot rule out the possibility that such information could be accessed,” Kevin Tracey, MD, president and chief executive officer of the Feinstein Institute, wrote in a letter to approximately 13,000 current and past participants in about 50 different research studies, which represent about two percent of the 2,100 clinical trials coordinated by the Manhasset, NY-based research enterprise, part of the North Shore-LIJ Health System.
The Feinstein Institute is offering one year of free credit monitoring for the much smaller number of participants whose social security numbers were included with information contained in the stolen laptop.[That's below the more common two years... Bob]
… “Although we are not aware of any improper use of your information, [Other than by our employees... Bob] our priority is to help protect you against potential fraudulent activities,” Dr. Tracey said.
The laptop was stolen from the car of a computer programmer involved in organizing research data at the Feinstein Institute. [Why would a programmer have live data? Bob]
The theft has been reported to law enforcement authorities and extensive efforts were pursued to retrieve the laptop. [I would love to know what “extensive efforts” are. Bob]
… To reduce the risk of future breaches, the Feinstein Institute is pursuing aggressive steps to strengthen its IT security and will engage a leading digital risk management and investigation firm to develop recommendations. [Now that the horse is gone, we're considering shuting the barn door.. Bob]
… To view a sample of the notification letter sent to research participants, click here.
[Just for amusement, Google the phrase “forensic disk copy” or “bypass passwords” Bob]


...for the record. And a bit of perspective. Also a challenge for my Data Miners.
By Dissent, September 14, 2012
Erin McCann has an article on data breaches in the healthcare sector:
So who are the biggest offenders by state?
Generally, states with the highest population have the highest number of data breaches. For instance, California and Texas top the list, banking the highest number of data breaches in the nation. However, when population is taken into consideration, the numbers change substantially.
Using data from the HHS, here are the best and the worst states in terms of number of records breach per 1,000 people.
You can see her listing of “Blacklisted: Top 5 states with the highest number of data breaches” on Healthcare IT News, but I would say that the list is significantly flawed.
Using HHS’s breach tool as a basis may seem like a reasonable way to determine “worst states” when population differences are taken into account, but it’s not the best way, in my opinion.
Indeed, if you had simply asked me what state I think is the worst for breaches involving healthcare sector data, I’d have mentioned a state that’s not her list – Florida.
Why Florida, you ask? Because they have had a number of breaches involving insider theft or copying of data for misuse or fraud. Those breaches are worse than many other breaches that may have higher numbers but did not result in any harm. Also, Florida has had a number of cases of Medicare fraud prosecutions that involve patients’ Medicare numbers. Those incidents do not generally show up in HHS’s breach tool at all. Texas has also had a number of Medicare fraud prosecutions and has had some insider theft cases, but not as many reports of hospital employees stealing and misusing patient data. At least, that’s my impression as someone who has been tracking and reporting on breaches. Some mainstream media journalist might wish to attempt to verify or disconfirm my impressions.
But the bottom line is this: when we talk about “worst” states in terms of breaches, yes, the number of breaches per capita should be considered, but shouldn’t we take harm into account? I think we should.


No doubt the “We gotta do something!” crowd will be in high gear...
How a 14-Minute Video Can Trigger Violence Abroad
A perceived cozy relationship between the U.S. government and Internet companies doesn't help.

(Related) Idiots got rights too!
"BBC reports that Google officials have rejected the notion of removing a video that depicts the prophet as a fraud and philanderer and has been blamed for sparking violence at U.S. embassies in Cairo and Benghazi. Google says the video does not violate YouTube's policies, but they did restrict viewers in Egypt and Libya from loading it due to the special circumstances in the country. Google's response to the crisis highlighted the struggle faced by the company, and others like it, to balance free speech with legal and ethical concerns in an age when social media can impact world events. 'This video – which is widely available on the Web – is clearly within our guidelines and so will stay on YouTube,' Google said in a statement. 'However, given the very difficult situation in Libya and Egypt, we have temporarily restricted access in both countries.' Underscoring Google's quandary, some digital free expression groups have criticized YouTube for censoring the video. Eva Galperin of the Electronic Frontier Foundation says given Google' s strong track record of protecting free speech, she was surprised the company gave in to pressure to selectively block the video. 'It is extremely unusual for YouTube to block a video in any country without it being a violation of their terms of service or in response to a valid legal complaint,' says Galperin. 'I'm not sure they did the right thing.'"

(Related)
Muslims’ Movie Producer Was Arrested for PCP, Snitched for Feds


Continuing the theme of “We don't need no stinking lawyers!”
Disrupt Hackathon Winner Docracy Adds Collaborative Editing And Signing Capabilities To Github For Legal Documents
There are a number of websites that offer form legal documents to users. But it can be difficult to complete the next step of the process of establishing a will, or forming a company, when it comes to actually editing and signing these documents online. Docracy, which won the Disrupt NYC Hackathon more than a year ago, is a repository for legal and business documents, such as NDAs and term sheets. Anyone can upload a document, which will be translated into native HTML5, and become available to other users.
The startup’s free and community-curated library of templates now includes the ability to edit and sign legal documents. Once you find the document you want to edit, you can negotiate the whole thing online and edit the document directly within your private account. In terms of signage, Docracy now offers e-signatures with a typeset PDF result that links back to the executed version online.


For my Ethical Hackers...
"A recent study (PDF) conducted by UCLA professor Chunyi Peng shows that carriers generally count data usage correctly, but those customers who commonly use their device in areas with weak signal strength or to stream audio or video are often overcharged. Peng and three other researchers used data gleaned from an app installed on Android smartphones on two different carriers. The issue appears to be in how the system is set up to count data usage. Under the current scenario, data is charged as it is sent from the carrier's network to the end user. What does not exist is a system to confirm whether the packets are received, and thus preventing charges for unreceived data. Peng demonstrated this in two extreme circumstances. In one case, 450 megabytes of data was charged to an account where not a single bit of it had been received. On the flipside, Peng's group was able to construct an app which disguised data transfers as DNS requests, which are not counted by the carriers as data usage. Here they were able to transfer 200 megabytes of data without being charged. Overall, the average overcharge is about 5-7% for most users. While that does not seem like much, with unlimited plans gone and data caps in style that could pose potential problems for some heavy data users. Could you be going over your data allotment based on data you never received? It's quite possible."


For my Math Class... Because you asked for some real-world applications of math. (Those folks a Google have way too much time on their hands)
Google introduces 'Bacon number' -- What's the largest degree of separation you can find?
Google wants to make playing “Six Degrees of Kevin Bacon” easier.
The search engine has launched a new tool known as the Bacon number. By typing in any actor’s name followed by the words “Bacon number,” Google will tell you the degree of separation between that actor and Mr. Bacon.
… we challenge you to find the largest degree of separation between Kevin Bacon and a famous person of your choosing. Be warned: this is surprisingly hard. For example, you’d think Kim Kardashian would have a high Bacon number, but there’s actually only a two degree separation between the two. (Thanks, Denise Richards.)
So, the largest degree of separation I could find was three. Pathetic, I know — especially given that as of June 2011 there are 32 people in the IMDb database with a Bacon number of eight. Can you find any of the 32, PopWatchers?


For my football fan / geeks Is this how you adict even more fans? (It ain't cheap!)
Channel Your Inner John Madden With ‘Game Rewind’
… the NFL now offers Game Rewind, which allows fans to watch replays of every game from the last two years via tablet or PC. It not only offers the standard broadcast feed, but the ability to toggle to an end zone camera or the “All 22” feed — so named because it covers all 22 players on the field at once — that coaches use to study film.
This is a football fan’s dream come true, but the NFL and the company behind the product, NeuLion, are positioning it as even more than that.
… Other features include condensed games, which offer up every play, minus whatever happens between the time the whistle blows a play dead and the time the next ball is snapped (not including penalties, coach’s challenges and plays under review). An entire game can be watched this way in about a half-hour.
They also have something called Big Play Marker, which is essentially a timeline of the game at the bottom of the screen, with markers denoting significant plays, for which one can click to receive pertinent stats and video review.


The bits I find interesting...
Google released Course-Builder this week, an open source platform that it utilized for its “Power Searching with Google” online course. I haven’t had a chance to dive into the code, but I really do like the analysis offered by Phil Hill who argues that this is less about open-sourcing a MOOC platform and more about offering a competitive service (that is, Google App Engine) to Amazon Web Services, the cloud infrastructure that most ed-tech is currently being built upon.
… OER site Curriki has launched a free Algebra 1 course. I had a demo of the site last week, and wow, I’m really behind on writing up my OER research, huh.
… Job openings are good news. Universities looking to hire tenure track faculty in English, also good news. But bad news out of Colorado State University: Old PhDs Need Not Apply. Rather, if you’ve received your degree before 2010, you’re sorta a has-been, your smarts have expired, or something. More on this in Inside Higher Ed.
… A recent survey by the LEAD Commission has found that parents and teachers believe we should spend more money on classroom technology. Some 60% said they felt that the U.S. was “behind the curve” when it came to technology integration in the classroom.
… Never one to pass up on anything trendy in education, the Gates Foundation has announced that it’ll be offering grants of up to $50,000 for institutions that offer MOOCs in “high-enrollment, low-success introductory-level courses.” [Consistant with their support of Khan Academy Bob] Because clearly the way you tackle low-success introductory courses is throw students into a scenario where the going rate of completion is about 10%.
Stanford University announced 16 new online classes that it’s offering this fall. Interesting to note: they’re spread across a couple of platforms — Coursera, the startup founded by Stanford professors Daphne Koller and Andrew Ng, and Class2Go, a platform created by some other Stanford engineers (and open-sourced this week), and Venture Lab, a third Stanford-created platform, this one focused on students working in teams.

No comments: