As the U.S. invests billions of dollars to convert from paper-based medical records to electronic ones, has the time come to offer everyone a unique health-care identification number?
Proponents say universal patient identifiers, or UPIs, deserve a serious look because they are the most efficient way to connect patients to their medical data. They say UPIs not only facilitate information sharing among doctors and guard against needless medical errors, but may also offer a safety advantage in that health records would never again need to be stored alongside financial data like Social Security numbers. UPIs, they say, would both improve care and lower costs.
Privacy activists aren’t buying it. They say that information from medical records already is routinely collected and sold for commercial gain without patient consent and that a health-care ID system would only encourage more of the same. The result, they say, will be more patients losing trust in the system and hiding things from their doctors, resulting in a deterioration in care. They agree that it’s crucial to move medical records into the digital age. But they say it can be done without resorting to universal health IDs.
Read more…
DreamHost customers should change their passwords asap.
That’s the word from the Web-hosting service and domain name registrar, which sent an e-mail to customers last night saying that their FTP passwords may have been accessed by hackers.
The company said it had reset all customer FTP passwords as a precaution and that users would have to create new ones by logging in to their DreamHost Web panel. It also advised customers to change their e-mail passwords, though it said e-mail passwords and billing information were not accessed.
DreamHost added today that handling new password requests was taking some time:
“Processing user updates is taking longer than usual due to the sheer number of customers requesting password changes on our system,” the company said in a status update posted to its Web site. “We understand your desire to get things working in an expeditious manner and we are working hard to get you there. We’re examining ways of decreasing the queue depth, but we’re still faced with the fact that there is a considerable amount of work to be processed and apologize for the delay.”
Read more…
A SECRET dossier detailing plans for policing this summer’s London Olympics was left on a TRAIN.
A cop lost the file but a commuter found it and handed it to The Sun.
The shocking security blunder could have provided terrorists planning an attack with invaluable data.
A shamed senior cop has been carpeted.
The chief inspector in Scotland Yard’s Territorial Policing branch is said to be “hugely embarrassed” by the potentially serious blunder.
The dossier contained details that would have helped al-Qaeda terrorists mount a devastating attack on the Games in London this summer. “Restricted” files spell out security plans in place at the sites of events and provide minutes of top-level meetings where ways to beat terrorists were discussed.
Read more…
Montreal’s police chief is promising swift action following reports that a retired officer allegedly tried to sell information about informants to the Mafia.
Marc Parent said on Tuesday the 33-year police veteran worked in the intelligence unit and was one of a handful of people who had access to a confidential list of names.
Several reports said that the former officer is alleged to have had contact with a lawyer who represents organized crime figures and that he offered information in exchange for a six-figure sum.
He allegedly gave the lawyer four names to show he was serious – people who have since been contacted by police, Chief Parent said.
The man has not been charged and his name has not been made public. The offences are alleged to have occurred after his retirement in January, 2011.
Read more…
The year 2011 was one of the landmark years for high-profile cyber attacks. As the trend is said to continue in 2012 with more sophisticated and targeted attacks, security is a major concern for the IT users of all the segments from Home Users to SMB to Enterprise.
The year 2012 will build the foundation for India’s future IT-related crimes. Hactivism will gain momentum. Anonymous, which is mostly active in European Countries and the US, will be seen making active inroads into Asian Countries, especially in India in 2012. India will see a sharp rise in both money mules related activities and credit card-related crimes. As the list of petty criminals is huge in India, the activities of money mules will be outsourced to the country.
The number of data thefts has tripled in the past five years and the graph tends to rise with every passing year. Right from the Government, corporate, data centres and small to medium-sized companies, all have been targeted. With the introduction of IT consumerization, issues such as managing and supporting consumer devices and securing data from criminals, malware and other threats have emerged. Mobility in enterprise sector brings new challenges for managing data, as well as the wide range of devices in the network.
Social engineering attacks pose great risk to large amounts of valuable data that SMBs hold due to lack of data security budgets. Hence, the need to look beyond the basics of policy and procedure development to more advanced technologies such as network monitoring, data leakage prevention, and log file analysis arises. Social engineering tactics on social media that drive its users to disclose sensitive information and download malware are skyrocketing with its increasing popularity, especially amongst the SOHO users.
Read more…
Online shoe and clothing retailer Zappos.com has warned its users that it has suffered a massive data breach.
Up to 24 million customers may have been impacted by the security breach, which has forced the firm to reset the passwords of its customers.
According to the company, which is owned by Amazon.com, details stolen include names, email addresses, billing/shipping addresses, phone numbers, and the last four digits of customers’ credit card numbers.
In addition, password hashes were exposed.
So, you’ll have to change your Zappos password if you want to shop from the store again. And, actually, it would make sense to ensure that you are not using the same password anywhere else on the net.
Read more…
Eight police staff have lost their jobs after illegally accessing the confidential records of dozens of people on the Police National Computer.
Of the eight, one police officer and one community support officer (PCSO) are facing criminal charges after an investigation by Essex Police found them guilty of gross misconduct. Another PCSO has been cautioned.
All eight are alleged to have accessed the personal records of members of the public and passed on the information to people outside the force.
The force launched an inquiry after a whistle-blower told senior officers about ‘routine abuses’ of the computer system, which contains personal information on millions of people.
Essex Police have confirmed the officer and two PCSOs were arrested in December on suspicion of accessing confidential files in breach of the Data Protection Act.
Read more…
Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called “an infestation” of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned.
At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college’s data security monitoring service detected an unusual pattern of computer traffic, flagging trouble.
It appeared at first that the problem was contained in a single computer lab at Cloud Hall on the Phelan Avenue campus, one of a dozen City College sites around the city. David Hotchkiss, the chief technology officer, immediately shut the lab down and reported the problem to Chancellor Don Griffin, General Counsel Scott Dickey and Board of Trustees President John Rizzo.
But a closer look revealed a far more nefarious situation, which had been lurking within the college’s electronic systems since 1999. For now, it’s still going on. So far, no cases of identify theft have been linked to the breach. That may change as the investigation continues, and college officials said they might need to bring in the FBI.
The college’s payroll, admissions and accounting systems have yet to be analyzed for the viruses.
Read more…
Read more: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2012/01/12/MN4Q1MO9JK.DTL#ixzz1jP3ObQQk
A top federal prosecutor has a message for companies: If you’ve been hacked, tell us.
Speaking at a cyber security conference in New York on Thursday, Manhattan U.S. Attorney Preet Bharara said companies should trust in the discretion of prosecutors and the FBI and come forward with information about a security breach, rather than keep it an internal secret.
“When industry delays or minimizes, it is harder to assess vulnerabilities and harder to formulate solutions,” Bharara said. “When industry delays unduly in disclosing to us, or minimizes, it is that much harder to get the bad guy.”
Cyber security experts say that corporations rarely acknowledge breaches, and often keep them secret from law enforcement out of fear that news of a compromise will damage their reputation, hurt stock prices and possibly lead to further attacks.
Bharara addressed that fear, calling it unacceptable in the face of increasingly virulent cyber attacks.
Trying to maintain secrecy was “the equivalent of sticking one’s head in the sand,” Bharara said. “Get over it.”
Read more…
American and British politicians and defense and intelligence officials were among the victims of the hack attack on the website of think tank Strategic Forecasting (Stratfor) last Christmas Day.
A report on UK’s The Guardian said the security breach also exposed the data of North Atlantic Treaty Organization advisers.
The report said the private information exposed by the “hacktivists” included those of 221 British military officials and 242 NATO staff; civil servants working at the heart of the UK government including several in the Cabinet Office as well as advisers to the Joint Intelligence Organisation, have also been exposed, the report said.
It noted the Joint Intelligence Organisation acts as the prime minister’s eyes and ears on sensitive information.
The Guardian report said the hackers are believed to be part of the Anonymous hacker group, which hacked into the account information of Stratfor.
Read more…
Israel said on Saturday the online publication of thousands of its citizens’ credit card details by a hacker who says he is based in Saudi Arabia was comparable to terrorism, and promised to hit back.
The data theft, which appeared to focus on commercial websites, was one of the worst Israel has said it has faced.
While government officials and credit card companies said the financial damage was minimal, the breaches were welcomed by the Palestinian militant group Hamas and have heightened concerns about the potential use of stolen information by the Jewish state’s foes.
Such cyber-attacks are “a breach of sovereignty comparable to a terrorist operation, and must be treated as such”, Deputy Foreign Minister Danny Ayalon said in a speech, adding that Israel had not yet ruled out the possibility that the hacking had been carried out by a group “more organised and sophisticated … than a lone youth”.
“Israel has active capabilities for striking at those who are trying to harm it, and no agency or hacker will be immune from retaliatory action,” he said, without elaborating.
Read more…
Data breaches are like lightning; they will strike, but you never know where. Some breaches result from negligence, inadvertent disclosure, but many are due to malicious activity. Thus the industry conversation has moved beyond “if” to the questions of “when,” and “what is the impact?”
So how should you prepare for your data breach?
Once you’ve resolved to not bury your head in the sand, there are several ways to prepare. One of the newer options getting attention is data breach insurance. This innovation can offer coverage for a variety of potential costs associated with a breach – legal defense, forensic investigations, notifications to affected individuals, crisis management, liability claims, and so on. As a newer financial instrument, the terms and coverage can vary significantly from one insurance provider to another.
By no means does data breach insurance protect an organization against the event itself or all the consequences of data theft or exposure, but it is a prudent step to mitigate the resulting economic impact. As with auto insurance – which doesn’t eliminate accidents – data breach insurance doesn’t reduce the incidence of data breaches; it merely recognizes that breaches happen and mitigates the downside.
What else can you do to prepare? Here are three practical steps to protecting your organization against a breach:
Read more…
