Friday, June 17, 2011

Who Needs Hackers When There Are Accidents Like This? The PCEHR Won’t Avoid Hacker Attention I Suspect.

The following popped up a little while ago.

Unencrypted laptop health breach affects more than 8.6 million records

By Dom Nicastro

Think the United States has its problems with securing patient health information?

We’re not alone.

London Health Programmes, a medical research organization based at the NHS North Central London health authority, has reported missing an unencrypted laptop containing information of 8.63 million patients and 18 million hospital visits, operations and procedures, according to today’s issue of The Sun.

The data does not include names, “but patients could be identified from postcodes and details such as gender, age and ethnic origin,” according to the newspaper. Information on the laptop included records of cancer, HIV, mental illness and abortions.

The computer was one of 20 lost, and officials have since recovered eight. The research organization “only just” reported the missing laptops to police although they went missing three weeks ago, according to the newspaper.

The Information Commissioner’s Office, Great Britain’s independent authority that promotes data privacy for individuals, has issued a statement regarding the laptop theft:

“Any allegation that sensitive personal information has been compromised is concerning and we will now make inquiries to establish the full facts of this alleged data breach.”

More here with a gruesome list of UK breaches.

http://blogs.hcpro.com/hipaa/2011/06/unencrypted-laptop-health-breach-affects-more-than-8-million-records/

Clearly this sort of incident is made more significant when material like this is appearing regularly.

Thousands of Aussie websites exposed in hack attack

Asher Moses and Ben Grubb

June 17, 2011 - 1:41PM

Thousands of Australian websites are vulnerable to being taken over by hackers following a break-in at Australian domain registrar and web host Distribute.IT, security experts say.

It comes as the hacker group LulzSec followed up yesterday's attack on the CIA's website by today releasing 62,000 email addresses and passwords. A number of the leaked login details related to .com.au addresses and several government departments and councils.

Distribute.IT was hacked on Saturday in a "deliberate, premeditate and targeted attack", the company said. Almost an entire week has elapsed since then and the company has still been unable to get its website online, explain what happened or notify customers of any stolen data.

It is unclear exactly how many Australian websites are hosted by Distribute.IT or how many domain names it manages, but Fairfax Media has seen a list of hundreds of customers and this is understood to be just the tip of the iceberg with thousands affected.

Complaints have already begun pouring in from affected businesses who are suffering as a result of the break-in.

Lots more tales of woe here:

http://www.smh.com.au/technology/security/thousands-of-aussie-websites-exposed-in-hack-attack-20110617-1g6vd.html

I have to say I really wonder just how we will be able to provide portals for citizens to access their PCEHR and have confidence that there will not be abuse of the information contained therein.

All the various varieties of social engineering type attacks are likely to have some success to say nothing compared with the possible harm that may be caused by the (very rare) unhappy employee of the various technology providers.

I look forward to seeing how user authentication will actually work for the PCEHR consumer!

David.

No comments: