According to the HHS this hospital reported a breach in 2010, was given a warning with technical assistance, then was breached again in 2013 and 2017.
URMC filed breach reports with OCR in 2013 and 2017 following its discovery that protected health information (PHI) had been impermissibly disclosed through the loss of an unencrypted flash drive and theft of an unencrypted laptop, respectively. OCR’s investigation revealed that URMC failed to conduct an enterprise-wide risk analysis; implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level; utilize device and media controls; and employ a mechanism to encrypt and decrypt electronic protected health information (ePHI) when it was reasonable and appropriate to do so. Of note, in 2010, OCR investigated URMC concerning a similar breach involving a lost unencrypted flash drive and provided technical assistance to URMC. Despite the previous OCR investigation, and URMC’s own identification of a lack of encryption as a high risk to ePHI, URMC permitted the continued use of unencrypted mobile devices.
Encryption is not that hard, especially for mobile devices. Flash drives and laptops are trivial to enable and manage keys. It’s not a technical problem, it’s a management/leadership one, which is why these regulatory fines probably should be even larger and go directly into executive pockets.
Deaths in America from heart disease are on the rise as a 2016 report warned
Heart disease is the No. 1 cause of death in the United States. But after nearly three decades in decline, the number of deaths from heart disease has increased in recent years, a new federal report shows.
Now a new study called “Data breach remediation efforts and their implications for hospital quality” (PDF) reports that a service quality decline increases death rates for patients with heart disease.
Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes. Remediation activity may introduce changes that delay, complicate or disrupt health IT and patient care processes.
More specifically the study authors counted 36 more dead per 10,000 heart attacks every year due to security breaches, based on hundreds of hospitals examined. It even boils the data down to showing any care center with a breach will experience an electrocardiogram delay of 2.7 minutes for suspected heart attack patients.
Given the huge rise of ransomware since 2015, traced to weak security management practices of database companies, is there a case now to be made that software development is directly culpable for a rise in human deaths?
To put this in perspective, fewer people die from service delays (availability) than from mistakes (integrity), yet downstream integrity is impacted by availability. Medicals error studies call disruptions and mistakes the third leading cause of death in America.
A recent Johns Hopkins study claims more than 250,000 people in the U.S. die every year from medical errors. Other reports claim the numbers to be as high as 440,000.
Avoiding death from heart disease, which requires fast response and critical decision-making without error, becomes even harder to ensure as system availability declines due to breaches.
This new NY Books essay reads to me like prose and raises some important points about the desire to escape, and believing reality exists in places that we are not:
…when I look back at the series of wilderness travel articles I wrote for The New York Times a decade ago, what jumps out at me is the almost monomaniacal obsession with enacting Denevan’s myth by finding unpopulated places. Camped out in the Australian outback, I boasted that it was “the farthest I’d ever been from other human beings.” Along the “pristine void” of a remote river in the Yukon, I climbed ridges and scanned the horizon: “It was intoxicating,” I wrote, “to pick a point in the distance and wonder: Has any human ever stood there?”
Rereading those and other articles, I now began to reluctantly consider the possibility that my infatuation with the wilderness was, at its core, a poorly cloaked exercise in colonial nostalgia—the urbane Northern equivalent of dressing up as Stonewall Jackson at Civil War reenactments because of an ostensible interest in antique rifles.
As a historian I’d say he’s engaging in a poorly cloaked exercise is escapism, more like going to Disneyland than trying to reenact real events from the past (whether it be the white supremacist policies of Britain or America).
Earlier this year researchers disclosed in a study that the lack of regulation has allowed BitCoin markets to be over 90% fraud.
Nearly 95% of all reported trading in bitcoin is artificially created by unregulated exchanges, a new study concludes, raising fresh doubts about the nascent market following a steep decline in prices over the past year.
Bitcoin prices were being manipulated in late 2013 by a pair of autonomous computer programs running on bitcoin exchange MtGox, according to an anonymously published report.
The programs, named Willy and Markus, allegedly pushed prices up to $1,000 before the bubble burst after MtGox’s collapse in late February.
The report’s author alleges that some of the trades were coming from inside the exchange itself. “In fact,” the report says, “there is a ton of evidence to suggest that all of these accounts were controlled by MtGox themselves.”
The farm has both left- and right-wing troll accounts. That makes their smear and support campaigns more believable: instead of just taking one position for a client, it sends trolls to work both sides, blowing hot air into a discussion, generating conflict and traffic and thereby creating the impression that people actually care about things when they really don’t – including, for example, about the candidacy of a recently elected member of the Polish parliament.
I suppose we can say now the Ashley Madison dataset was no exception to widespread online fraud:
Over 20 million male customers had checked their Ashley Madison email boxes at least once. The number of females who checked their inboxes stands at 1,492. There have already been multiple class action lawsuits filed against Ashley Madison and its parent company, Avid Life Media, but these findings could send the figures skyrocketing. If true, it means that just 0.0073% of Ashley Madison’s users were actually women — and that changes the fundamental nature of the site.
People keep asking what will a future life with robots look like, when we’re obviously already living in it. It basically looks like a world where the late 1800s common phrase in America “there is a sucker born every day” continues to haunt the security industry…
The Great Conspiracy: A Complete History of the Famous Tally-sheet Cases, by Simeon Coy, 1889, p 222
“Sneaking” banks refers to a social engineering trick where one person creates a distraction while the other sneaks money out of the vault.
Note how even back in 1889 an author writes about banks and jewlers hacking themselves to become wise to how to stop hackers. Threats mostly were targeting people too weak to protect themselves individually (hinting towards a need for regulatory oversight).
a blog about the poetry of information security, since 1995
