Another small event
here in Colorado. My statistics students are suggesting that we
should turn the bell curve upside down since we only seem to see very
large breaches or very small ones. Something I'll need to think
about.
CBS in Denver reports
that a suitcase containing a thumb drive with approximately 100
students’ unencrypted medical information was stolen from a school
nurse’s car on October 5. The car had been left in a parking lot.
The drive reportedly
contained confidential health information for students from Eagleton,
Castro and Munroe Schools. That information included medications,
health-related letters and medical histories.
And of course, this
would be covered by FERPA, not HIPAA.
This is not the first
time we’ve seen student health info stolen from a school nurse’s
or employee’s unattended vehicle. And this is
going to keep happening until the federal government or states really
crack down and impose meaningful consequences on districts that do
not have policies in place that they monitor and enforce to protect
students’ personal information. [Amen
Bob]
You have to call this a
management failure. Either they failed to detect that the software
had not been updated or did know and failed to give a damn.
NSA
site where Snowden worked hadn't updated anti-leak software, says
report
The NSA facility where
Edward Snowden worked when he walked off with a hoard of secret
documents had failed to update its anti-leak software, according to a
report.
The computer network at
the National Security Agency site in Hawaii didn't yet have the
bandwidth to effectively run the updated program, an unnamed US
official told
news agency Reuters.
Other US government
facilities had begun installing the updated software in accord with a
presidential directive made in response to the WikiLeaks-Bradley
Manning document dump. The "insider threat" monitoring
software is reportedly made by Raytheon.
Always useful (even if
it doesn't say “Don't leave an unencrypted thumb drive in your
car.”) and not just in California.
Attorney General Kamala
D. Harris today released guidelines on preventing and remedying
medical identity theft, including best practice recommendations for
the health care industry and tips for consumers. The guidelines are
part of a report, Medical
Identity Theft: Recommendations for the Age of Electronic Medical
Records, which frames the escalated migration to electronic
medical records as an opportunity for the healthcare industry to
address this problem.
“Medical identity
theft has been called the privacy crime that can
kill,” said Attorney General Harris. “As the
Affordable Care Act encourages the move to electronic medical
records, the health care industry has an opportunity to improve
public health and combat medical identity theft with forward-looking
policies and the strategic use of technology.”
Medical identity theft
occurs when an individual uses someone else’s personal information
to obtain medical goods or services. For example, a thief may use
stolen information to submit fraudulent bills, a doctor or provider
may use patient information to write fraudulent prescriptions or an
individual may use someone else’s information to obtain treatment.
The report focuses on
the impact of identity theft on the accuracy of medical records and
argues that the serious risk that inaccuracies pose is not always
adequately addressed by existing healthcare industry procedures.
A companion information
sheet for consumers, First
Aid for Medical Identity Theft, describes the signs of medical
identity theft and provides tips on what to do in response. The
signs of possible medical identity theft include notice of a data
breach from a health care provider, an unknown item in an Explanation
of Benefits from a health insurer, a call from a debt collector about
an unfamiliar medical bill and questions about your identity or
health conditions at intake in a doctor’s office or hospital.
The report can be found
here: http://bit.ly/1eup6NO
(https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/medical_id_theft_recommend.pdf)
The guide for consumers
can be found here: http://bit.ly/1gnDICS
(https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/cis_16_med_id_theft.pdf)
SOURCE: Attorney
General Kamala D. Harris, October 17, 2013
Obvious, but difficult
to solve.
MeriTalk,
a public-private partnership focused on improving the outcomes of
government IT, today announced the results of its new report, “Cyber
Security Experience: Cyber Security Pros from Mars; Users from
Mercury.” The study, underwritten by Akamai Technologies, Inc. ,
compares what cyber security professionals report about their
agency’s security with what end users – Federal workers –
actually experience. According to the report, agencies often fail to
take the user experience into account when deploying cyber security
solutions. As a direct result, end users often
circumvent security measures and open their agencies up to data
theft, data loss, and denial-of-service attacks.
Read more of their
press release on Dark
Reading.
PR speak? Note that
they never say “The doctor did not take patient records,” because
he did. But they did fire the security guard who caught him doing
it. Well done, VA.
Lois Henry reports:
Responding
to allegations that a doctor had taken confidential patient records
out of the Bakersfield Veterans Administration
clinic, the VA announced Thursday that three separate investigations
over the course of seven months showed that no such patient
information had been “released into the community or abused in any
way.”
“We
are confident that these results confirm that veterans in Bakersfield
and Kern County did not have their personal information compromised,”
said David Holt, the VA Los Angeles associate director who was in
Bakersfield Thursday to talk to the media and meet with veterans at
the clinic just west of downtown Bakersfield.
He
praised clinic staff for being vigilant and reporting their
suspicions, but repeated several times that veterans had no cause for
concern about their personal information.
Some
of the original tipsters weren’t convinced.
Read more on the
Bakersfield
Californian.
[From
the article:
While the doctor was
not found to have compromised patient information, Holt said, he did
violate VA policies.
"Excessive use of
a copy machine," Holt said. "It was a minor violation."
Holt confirmed the
doctor is no longer with the VA but refused to say whether he was
fired. The security guard, meanwhile, employed by a private
contractor, was let go.
Interesting. Does your
policy address situations like these? (How would you clean up your
records?)
A firm can have a great
policy of not storing credit card numbers, but if the policy isn’t
followed by staff, trouble can result.
eReplacementParts.com
learned this lesson the hard way. They discovered that despite their
non-storage policy, credit card information of some customers had
been stored. In some cases, the storage was due to the customer
providing their credit card number in an email to the firm. In
other cases, it was because customer service personnel entered the
customer’s credit card number in the “order comments” field.
In any event, some
credit card information was on their server when it got hacked on
February 5, but the firm didn’t discover the presence of credit
card numbers until September 26.
eReplacementParts.com
did not offer those affected any free services, but notes that they
have no evidence that any one individual’s credit card information
was viewed or accessed – only that it resided on a server that was
accessed.
You can read their
notification to New Hampshire and affected customers here.
Not gonna work, unless
you can confirm that user “Dude#4” who logs on from San
Francisco, is in fact a citizen of the EU?
James Kanter reports:
Lawmakers
here have introduced a measure in the European Parliament that could
require American companies like Google and Yahoo to seek clearance
from European officials before complying with United States warrants
seeking private data.
Read more on The
New York Times.
This is interesting.
It won't last. There's too much money on the table to just walk
away.
Illinois
court throws out 'Amazon tax' online sales law
The Illinois Supreme
Court struck down a
state law Friday that required online retailers, like Amazon, to
collect sales tax if they have in-state Web affiliates, according to
Associated
Press.
The court decided the
law violated federal rules, which prohibits putting a discriminatory
tax on digital sales. It's the first time a high court has thrown
out a law like this -- 18 other states have similar laws. In New
York, the court upheld
the law, spurring Amazon and Overstock.com to petition
the Supreme Court.
Amazon
ended its affiliates program in Illinois when the law was adopted
in 2011.
It is coming to Denver
this year!
Aereo
to motor into Detroit on October 28
The upstart service,
which provides cloud-based broadcast TV service to consumers for a
starting price of $8 per month, is heading
to Detroit on October 28. The offering will be available across
nine counties around the Motor City.
Aereo has ambitious
plans to land in 22 cities this year, building out from its
initial turf in New York. So far, it's also reached Boston, Atlanta,
Salt Lake City, Miami, Houston, and Dallas, while its arrival in
Chicago ran into a delay.
Perspective
35%
of Americans now own a tablet, Pew says
Thirty-five percent of
Americans own a tablet and 24 percent own an e-reader, according to
the latest study from Pew Internet Research.
Pew documented a big
jump in tablet
ownership. In November 2012, 25 percent of Americans owned a tablet.
The
findings illustrate the democratization of tablet computing and
the impact on lower-cost models beyond the larger version of the
iPad.
Interesting to see that
Privacy is popular in Europe...
The
Coursera Of Europe: iversity Opens With 24 Free Courses And 100K
Students
Berlin based
iversity.org has
planted its footprint in the ever-expanding MOOC (Massively Open
Online Course) universe. It starts with a fresh bouquet of free
courses and a strong student base of 115,000. For the present
moment, 24 courses are on the catalog with more expected soon. The
open courses have been designed by the top professors from Europe and
the US according to the press release.
iversity has started
with free open courses at launch; the course catalog has a total of
24 for now (15 of which are in English, with the rest in German).
The other courses will begin later this year and spill over to 2014.
Three courses have seen the largest enrollments:
- The Future of Storytelling by the Fachhochschule (University of Applied Sciences) Potsdam.
- Design 101 (or Design Basics) by the Accademia di Belle Arti in Catania.
- Public Privacy: Cyber Security and Human Rights by the Humboldt Viadrina School of Governance in Berlin.
Free is good!
Students
Can Get Microsoft Office 365 For Free
Starting on December
1st, Universities that license Office
Education for their faculty and staff can offer students Office
365 ProPlus for free thanks to a new program called Student
Advantage. For students at these institutions, that means free
access to Word, PowerPoint, Excel, OneNote, Outlook, Access,
Publisher, and Lync. While many cheaper alternatives
to Office have sprung up, many students still rely on Redmond’s
good ol’ productivity tools.
Office
365 University typically costs $80 for a 4-year subscription for
students,
… If you’re lucky
enough to be enrolled in one of the eligible Universities, you should
check out our Office
2013 guide to to be able to fully utilize the productivity suite.
For my Math students.
PBS
Math Club - Short Interactive Math Videos
PBS
Math Club is a new YouTube channel in which students can watch
and interact with math videos. Each of
the videos contains a series of math lessons and challenge
activities. To complete a challenge students click on the video to
answer questions. If they answer correctly, they move on to the next
question. If they answer incorrectly students are shown another
video clip that explains the correct answer. Watch one of the videos
below.
PBS
Math Club is just getting started. As more content is added to
it, it could become a good source of flipped lesson materials. The
videos utilize the YouTube annotations tool which you could also use
to create your own series of interactive video lessons.
(Related) I may make
my own videos...
How
to Create a Linked Series of YouTube Videos
In my previous post
about PBS
Math Club I mentioned that you could create similar videos by
using the annotations tool in the YouTube video editor. If you would
like to try this yourself, I have directions that will walk you
through the process. Keep in mind that you can only
annotate videos that you own and upload to your YouTube account.
Something nice for my
students (just before we raise tuition)
Where
the Software Engineer Money Is: Juniper
The company currently paying the most on average for software
engineers in the U.S. might not be the one you'd expect.
Although tech firms
that have sparred publicly for talent -- such as Apple, Facebook,
Google and Microsoft -- rank high on Glassdoor's 2013 list of the 25
Highest Paying Companies for Software Engineers,
the company that has opened its wallet widest for software engineers
turns out to be networking equipment maker Juniper Networks.