Friday, December 23, 2016

Do we know what is happening in our systems?  Is anyone asking? 
Fairbanks Hospital in Indianapolis is notifying an undisclosed number of patients that employees could have been accessing protected health information of patients since at least November 2013 (and possibly earlier).  The information that was accessed included current and former patients’ social security numbers, contact information, diagnosis, treatment and health insurance.
In a notification dated December 16, the hospital writes that they are unaware of any actual or attempted misuse of any protected health information.
Of concern, it appears that their investigators were not able to determine whether any employee actually accessed any patient’s record inappropriately.  So it may well be that some employees snooped on records, and yet, the hospital would not have been able to detect that.  And if it couldn’t detect whether the employees were accessing PHI records inappropriately, it sounds like they might have to notify every patient seen at the hospital since November 2013.  DataBreaches.net has sent an inquiry to Fairbanks via their site contact form and will update this post as more information becomes available.
From their notification:
   What Happened? On October 18, 2016, Fairbanks became aware that some files on our internal network that contained patient information were electronically accessible to Fairbanks employees, including employees who were not intended to have access to patient information.  Fairbanks hired an outside computer forensics expert to determine the nature and scope of this issue.  The investigation has determined that this issue existed since at least November of 2013, however we are unable to determine whether the issue existed prior to that time.  


The economics of hacking.  Supply and demand.  The disruption of new technology.  All well understood processes, right?
Maria Korolov reports:
The black market value of stolen medical records dropped dramatically this year, and criminals shifted their efforts from stealing data to spreading ransom ware, according to a report released this morning.
Hackers are now offering stolen records at between $1.50 and $10 each, said Anthony James, CMO at San Mateo, Calif.-based security firm TrapX, the company that produced the report.
That down a bit since this summer, when a hacker offered 10 million patient records for about $820,000 — or about $12 per record — and even a bigger drop from 2012, when the World Privacy Forum put the street value of medical records at around $50 each.
Read more on Network World.
[From the article:
The information in medical records can be used for medical billing fraud as well as identity theft and other big-money scams.


But the market has become saturated, said James.  With about 112 million records stolen in 2015 alone, the medical info of nearly half all Americans is already out there.


For my Data Management students.  
If you want to see how mobile technology can disrupt the very basics of business models and habits established over hundreds if not thousands of years, look at what’s happening in India.  A telecommunications revolution, towards fourth generation (4G) mobile services, will transform the consumer landscape over the next 5-10 years.  This revolution will transform India the same way automobiles changed America 100 years ago but at ten times the speed — computers, laptops, and tablets will be marginalized as India leapfrogs to mobile 4G by 2020.  The consequences are far more revolutionary than have been considered by multinational companies and entrepreneurs.  In order to create value in India in the coming decade, companies must have a mobile-first strategy.
Some background: Until the mid-1980s, having telephone service in India was considered the ultimate luxury and less than 0.001% of the population possessed a phone.  By July 2016, virtually every Indian had a mobile telephone and access to text messaging, primarily using 2G technology.

(Related).  Maybe not everyone has a phone?  
Uber’s Drive Into India Relies on Raw Recruits
How do you train a million new Uber drivers in a country where most people have never driven a car, tapped on a smartphone or even used an online map?


I didn’t know Uber had such power!  (Or is it that now states have so little?) 
Md. approves alternative screening process for ride-hailing drivers, amid threats Uber would leave
The Maryland Public Service Commission approved an alternative screening process that would allow Uber and Lyft to continue operating in the state without conducting fingerprint-based background checks of their drivers.
The decision Thursday averted a showdown with California-based Uber — which had threatened to leave Maryland — and represented a victory in the ride-hailing companies’ battles against regulations that would have threatened their ability to maintain tens of thousands of drivers in the state.
Uber and Lyft had argued that the electronic checks they use, supplemented by court records, are as, or more, thorough than the law-enforcement-backed methods suggested by regulators.


Might be amusing to
House Intel Committee Releases Declassified Snowden Report
by Sabrina I. Pacifici on Dec 22, 2016
News release: “The House Permanent Select Committee on Intelligence today released a declassified version of its investigative report on Edward Snowden, the former National Security Agency contractor who fled to China and then Russia after stealing an estimated 1.5 million classified documents.  The report, including redactions for classified information, was the result of a two-year inquiry into Snowden’s background, likely motivations, and methods of theft, as well as the damage done to U.S. national security as a result of his actions.  The report was completed in September 2016 and submitted to the Intelligence Community for a declassification review.  
To read the declassified report, click here.  To read Intelligence Committee highlights of the report, click here.
  • Via The Guardian – “…The report’s credibility was immediately condemned by Snowden’s lawyer Ben Wizner.  He dismissed the report and insisted that Snowden acted to inform the public.  “The House committee spent three years and millions of dollars in a failed attempt to discredit Edward Snowden, whose actions led to the most significant intelligence reforms in a generation,” Wizner said. “The report wholly ignores Snowden’s repeated and courageous criticism of Russian surveillance and censorship laws. It combines demonstrable falsehoods with deceptive inferences to paint an entirely fictional portrait of an American whistleblower.”
  • Snowden’s Twitter response: Unsurprising that HPSCI’s report is rifled with obvious falsehoods. The only surprise is how accidentally exonerating it is


Does he have a point?
McDonald's sued because 'Extra Value Meal' is 41 cents more


For my Spreadsheet class this Spring.


We are trying to get an AI course approved. 


This must be one of Trump’s lawyers? 

No comments: