A tiny breach, but with all the “Worst
Practices”
By Dissent,
September 14, 2012
A press release from the Feinstein
Institute for Medical Research:
After learning
that a laptop containing research study information was stolen from
an employee’s car, the Feinstein Institute for Medical
Research announced today it is sending letters to some
research participants, advising of the possible disclosure of some
personal and health information.
“Although both
the computer and the health information contained on the laptop were
password protected, we cannot rule out the possibility that such
information could be accessed,” Kevin Tracey, MD, president and
chief executive officer of the Feinstein Institute, wrote in a
letter to approximately 13,000 current and past
participants in about 50 different research studies, which
represent about two percent of the 2,100 clinical trials coordinated
by the Manhasset, NY-based research enterprise, part of the North
Shore-LIJ Health System.
The Feinstein
Institute is offering one year of free credit monitoring for the much
smaller number of participants whose social security numbers were
included with information contained in the stolen laptop.[That's
below the more common two years... Bob]
… “Although
we are not aware of any improper use of your information, [Other
than by our employees... Bob] our priority is to help
protect you against potential fraudulent activities,” Dr. Tracey
said.
The laptop was
stolen from the car of a computer programmer involved in organizing
research data at the Feinstein Institute. [Why would
a programmer have live data? Bob]
The theft has been
reported to law enforcement authorities and extensive
efforts were pursued to retrieve the laptop. [I would love to know
what “extensive efforts” are. Bob]
… To reduce
the risk of future breaches, the Feinstein Institute is pursuing
aggressive steps to strengthen its IT security and will engage a
leading digital risk management and investigation firm to develop
recommendations. [Now that the horse is gone, we're
considering shuting the barn door.. Bob]
… To view a
sample of the notification letter sent to research participants,
click
here.
[Just for amusement,
Google the phrase “forensic disk copy” or “bypass passwords”
Bob]
...for
the record. And a bit of perspective. Also a challenge for my Data
Miners.
By Dissent,
September 14, 2012
Erin McCann has an article on data
breaches in the healthcare sector:
So who are the
biggest offenders by state?
Generally, states
with the highest population have the highest number of data breaches.
For instance, California and Texas top the list, banking the highest
number of data breaches in the nation. However, when population is
taken into consideration, the numbers change substantially.
Using data from
the HHS,
here are the best and the worst states in terms of number of records
breach per 1,000 people.
You can see her listing of
“Blacklisted: Top 5 states with the highest number of data
breaches” on Healthcare
IT News, but I would say that the list is significantly flawed.
Using HHS’s breach tool as a basis
may seem like a reasonable way to determine “worst states” when
population differences are taken into account, but it’s not the
best way, in my opinion.
Indeed, if you had simply asked me what
state I think is the worst for breaches involving healthcare sector
data, I’d have mentioned a state that’s not her list – Florida.
Why Florida, you ask? Because they
have had a number of breaches involving insider theft or copying of
data for misuse or fraud. Those breaches are worse than many other
breaches that may have higher numbers but did not result in any harm.
Also, Florida has had a number of cases of Medicare fraud
prosecutions that involve patients’ Medicare numbers. Those
incidents do not generally show up in HHS’s breach tool at all.
Texas has also had a number of Medicare fraud prosecutions and has
had some insider theft cases, but not as many reports of hospital
employees stealing and misusing patient data. At least, that’s my
impression as someone who has been tracking and reporting on
breaches. Some mainstream media journalist might wish to attempt to
verify or disconfirm my impressions.
But the bottom line is this: when we
talk about “worst” states in terms of breaches, yes, the number
of breaches per capita should be considered, but shouldn’t we take
harm into account? I think we should.
No doubt the “We gotta do something!”
crowd will be in high gear...
How
a 14-Minute Video Can Trigger Violence Abroad
A perceived cozy relationship
between the U.S. government and Internet companies doesn't help.
(Related) Idiots got rights too!
"BBC reports that Google
officials have rejected the notion of removing a video that depicts
the prophet as a fraud and philanderer and has been blamed for
sparking violence at U.S. embassies in Cairo and Benghazi. Google
says the
video does not violate YouTube's policies, but they did restrict
viewers in Egypt and Libya from loading it due to the special
circumstances in the country. Google's
response to the crisis highlighted the struggle faced by the company,
and others like it, to balance free speech with legal and ethical
concerns in an age when social media can impact world events.
'This video – which is widely available on the Web – is
clearly within our guidelines and so will stay on YouTube,'
Google said in a statement. 'However, given the very difficult
situation in Libya and Egypt, we have temporarily restricted access
in both countries.' Underscoring Google's quandary, some digital
free expression groups have criticized YouTube for censoring the
video. Eva Galperin of the Electronic Frontier Foundation says given
Google' s strong track record of protecting free speech, she was
surprised the company gave in to pressure to selectively block the
video. 'It is extremely unusual for YouTube to block a video in any
country without it being a violation of their terms of service or in
response to a valid legal complaint,' says Galperin. 'I'm
not sure they did the right thing.'"
(Related)
‘Muslims’
Movie Producer Was Arrested for PCP, Snitched for Feds
Continuing the theme of “We don't
need no stinking lawyers!”
Disrupt
Hackathon Winner Docracy Adds Collaborative Editing And Signing
Capabilities To Github For Legal Documents
There are a number of websites that
offer form legal documents to users. But it can be difficult to
complete the next step of the process of establishing a will, or
forming a company, when it comes to actually editing and signing
these documents online. Docracy,
which won
the Disrupt NYC Hackathon more than a year ago, is a repository
for legal and business documents, such as NDAs and term sheets.
Anyone can upload a document, which will be
translated into native HTML5, and become available to other users.
The startup’s free and
community-curated library of templates now includes the ability to
edit and sign legal documents. Once you find the document you want
to edit, you can negotiate the whole thing online and edit the
document directly within your private account. In terms of signage,
Docracy now offers e-signatures with a typeset PDF result that links
back to the executed version online.
For
my Ethical Hackers...
"A recent
study (PDF) conducted by UCLA professor Chunyi Peng shows that
carriers generally count data usage correctly, but those customers
who commonly use
their device in areas with weak signal strength or to stream
audio or video are often overcharged. Peng and three other
researchers used data gleaned from an app installed on Android
smartphones on two different carriers. The issue appears to be in
how the system is set up to count data usage. Under the current
scenario, data is charged as it is sent from the carrier's network to
the end user. What does not exist is a system to confirm whether the
packets are received, and thus preventing charges for unreceived
data. Peng demonstrated this in two extreme circumstances. In one
case, 450 megabytes of data was charged to an account where not a
single bit of it had been received. On the
flipside, Peng's group was able to construct an app which disguised
data transfers as DNS requests, which are not counted by the carriers
as data usage. Here they were able to transfer 200
megabytes of data without being charged. Overall, the average
overcharge is about 5-7% for most users. While that does not seem
like much, with unlimited plans gone and data caps in style that
could pose potential problems for some heavy data users. Could you
be going over your data allotment based on data you never received?
It's quite possible."
For
my Math Class... Because you asked for some real-world applications
of math. (Those folks a Google have way too much time on their
hands)
Google
introduces 'Bacon number' -- What's the largest degree of separation
you can find?
Google wants to make playing “Six
Degrees of Kevin Bacon” easier.
The search engine has launched a new
tool known as the Bacon number. By typing in any actor’s name
followed by the words “Bacon number,” Google will tell you the
degree of separation between that actor and Mr. Bacon.
… we challenge you to find the
largest degree of separation between Kevin Bacon and a famous person
of your choosing. Be warned: this is surprisingly hard. For
example, you’d think Kim Kardashian would have a high Bacon number,
but there’s actually only a two
degree separation between the two. (Thanks,
Denise Richards.)
… So,
the largest degree of separation I could find was three. Pathetic, I
know — especially given that as of June 2011 there
are 32 people in the IMDb database with a Bacon number of eight.
Can you find any of the 32, PopWatchers?
For
my football fan / geeks Is this how you adict even more fans? (It
ain't cheap!)
Channel
Your Inner John Madden With ‘Game Rewind’
… the NFL now offers Game
Rewind, which allows fans to watch replays of every game from the
last two years via tablet or PC. It not only offers the standard
broadcast feed, but the ability to toggle to an end zone camera or
the “All 22” feed — so named because it covers all 22 players
on the field at once — that coaches use to study film.
This is a football
fan’s dream come true, but the NFL and the company behind the
product, NeuLion, are positioning it as even more than that.
… Other features include condensed
games, which offer up every play, minus whatever happens between the
time the whistle blows a play dead and the time the next ball is
snapped (not including penalties, coach’s challenges and plays
under review). An entire game can be watched this way in about a
half-hour.
They also have something called Big
Play Marker, which is essentially a timeline of the game at the
bottom of the screen, with markers denoting significant plays, for
which one can click to receive pertinent stats and video review.
The
bits I find interesting...
… Google released
Course-Builder
this week, an open source platform that it utilized for its “Power
Searching with Google” online course. I haven’t had a chance to
dive into the code, but I really do like the analysis
offered by Phil Hill who argues that this is less about
open-sourcing a MOOC platform and more about offering a competitive
service (that is, Google App Engine) to Amazon Web Services, the
cloud infrastructure that most ed-tech is currently being built upon.
… OER site Curriki
has launched a free Algebra
1 course. I had a demo of the site last week, and wow, I’m
really behind on writing up my OER research, huh.
… Job openings are good news.
Universities looking to hire tenure track faculty in English, also
good news. But bad news out of
Colorado State
University: Old
PhDs Need Not Apply. Rather, if you’ve received your degree
before 2010, you’re sorta a has-been, your smarts have expired, or
something. More on this in Inside
Higher Ed.
… A recent survey
by the LEAD
Commission has found that parents and teachers believe
we should spend more money on classroom technology.
Some 60% said they felt that the U.S. was “behind the curve”
when it came to technology integration in the classroom.
… Never one to pass up on anything
trendy in education, the Gates
Foundation has announced that it’ll be offering grants
of up to $50,000 for institutions that offer MOOCs in
“high-enrollment, low-success introductory-level courses.”
[Consistant with their support of Khan Academy Bob]
Because clearly the way you tackle low-success introductory courses
is throw students into a scenario where the going rate of completion
is about 10%.
… Stanford
University announced 16 new online classes that it’s
offering this fall. Interesting to note: they’re spread across a
couple of platforms — Coursera,
the startup founded by Stanford professors Daphne Koller and Andrew
Ng, and Class2Go, a platform created by some other Stanford engineers
(and open-sourced
this week), and Venture Lab, a third Stanford-created platform, this
one focused on students working in teams.