Jackson Memorial Insider Breach

Jackson Memorial Hospital advertises itself as ranked among “America’s Best Hospitals” by U.S. News & World Report.

I wonder if the insider breach reported in the Sun Sentinel might change that status.

Ruben E. Rodriguez allegedly paid JMH ultrasound technician Rebecca Garcia $1,000 a month for the hospital records of hundreds of patients treated for slip-and-fall accidents, car-crash injuries, gunshot wounds and stabbings, federal authorities said.

Rodriguez then brokered the patients’ names, addresses, telephone numbers and medical diagnoses to the lawyer, according to an indictment.

The story supports several of my predictions in the “Top 10 Security Breaches” presentations. Note, for example, the theft occurred for several years without detection by even simple security measures.

The story goes that a business proposition was made in 2006 by Rodriguez. Garcia agreed in 2007 and started to access patient records outside her department or that had not been treated by her. Easy to detect? Absolutely. When I ran computer security for a radiology department around the time HIPAA was being ratified the Ultrasound systems were very distinct from even other radiology procedures and processes, let alone treatments outside the department. The more different a care center operates, the easier to distinguish user behavior on the network. It might seem impossible to tighten controls around role based access until you take a high-level view of the business and realize that everyone already sees differences between themselves and the other teams, shifts, departments, etc..

Was this a HIPAA violation? I’m not a lawyer, but…fortunately in 2009 Garcia had a change of heart and contacted authorities herself.

My question is still whether the type and frequency of incidents will be incorporated into future ratings of hospitals in America.

Chinese Onion Loyalty Bracelet

The humor never stops at the Onion. Now owned by Chinese, America’s Finest News Source has posted a series of Hot New Consumer Products, such as the Loyalty Bracelet.

Yu Wan Mei Loyalty Bracelet: Show your loyalty to Yu Wan Mei and its line of products in a high-fashion way! The bracelet looks so nice for men or women—even the GPS chip inside is designed with an eye for style. Do not remove the Loyalty Bracelet.

Do not remove the GPS loyalty chip. Ha ha clever, but I am curious if they could have named it the LiveWong bracelet?

Olympic Sailing Security and Privacy

The cost to secure approximately 2,000 sailors and their coaches in Weymouth, England has grown from £21 million to £38 million pounds. This of course is causing a controversy

Supt David Griffith, Dorset Police’s security co-ordinator, said: “It’s very key for myself and my team to ensure that we allow as much business as usual to carry on as possible, remembering that this is the Olympic Games of sailing, not the Olympic Games of security.”

It is always said that the Olympics bring significant infrastructure investments, such as building out the new Osprey Quay with community facilities, employment areas, marine works and housing. Perhaps £38 million in surveillance cameras and license plate recognition is generating opposition for reasons beyond pure cost — concerns about privacy after the games are gone.