Re: Jail for Selling Email Lists to Spammers (slashdot)

["Michael Simpson" <mikie.simpson () gmail com>]

On 2/8/07, David Harley <david.a.harley () gmail com> wrote:
> > IMO the executive are just gearing up for the inevitable
> > fallout from the "connecting for health" fiasco and this is
> > just an incidental benefit
>
> I'd be fascinated to know exactly which "Connecting for Health" fiasco
> you're referring to. :)
>
> --
> David Harley
> Security Author/Editor/Consultant, Antivirus Researcher
> Small Blue-Green World
> dharley () smallblue-greenworld co uk
> Security Bibliography:
> http://www.smallblue-greenworld.co.uk/pages/bibliography.html
> Articles: http://watersidesyndication.com/inbusiness/

My main worry is the fact that having a hardware firewall between teh
intarweb and sensitive info is still the gold standard for health IT
security.

A wee story from a few years ago.
When i worked in the Royal hospital for sick children @ Yorkhill in
Glasgow the setup there was such that you couldn't sneeze without
using the inhouse computer system. All tests and patient updates had
to be recorded on the system. However there was no authorisation or
accountability with regards to who could view what data. As long as
you were able to access the system then you could view what was
happening to any current or previous patient. At the time a local
celebrity had children that were spending a lot of time as inpatients
and each day a local tabloid had a depressingly accurate story on what
was happening  to them. The suspicion was that someone was feeding
them information acquired through the system.

Then there is this gem:

http://www.theregister.co.uk/2006/12/22/bma_nhs_record_systems_boycott_call/

and please trust when i say that if my union are voicing DPA concerns
(when they willingly allowed me to be totally shafted for years as a
junior - 110+hr weeks, 4 day shifts with no expectation of sleep, yada
yada) then there has to be a real problem.

As part of the IT subgroup for my current employers i try to flag up
current problems within our own IT security (no email security,
confidential information being sent to Yahoo! webmail accounts,
traffic traversing the internet thanks to BT's N3 program, etc) but
no-one seems to be interested prolly because of the whole too many
systems, too few people conundrum.

When the EPA becomes a reality in either Scotland or England i will
advise all patients to opt out of it if they are allowed to. If you
are allergic to penicillin or diabetic then wear a medic alert
bracelet. IMO If you allow your records to go online then they will be
read by people whom you do not give access to.

I could go on but it raises my blood pressure too much
:-)

from

http://www.theregister.co.uk/2004/11/09/letters_0911/

[This week we also covered the British Medical Association's warning
that IT systems are at risk of failure if doctors are not properly
consulted on their implementation. It is this subject to which our
writer now turns.]

To be fair, a large proportion of the doctors that i had the good or
bad fortune to work with during my time in the NHS are technological
luddites who have no idea about what is actually achievable with
technology and don't comprehend issues of security or reliability and
resent the growing intrusion of IT issues into their lives.

The main problem is that the IT people within the NHS are
technological luddites who have no idea about what is actually
achievable with technology and don't comprehend issues of security or
reliability and resent the growing intrusion of IT issues into their
lives. There's a synergy there. Mike Simpson

;-)
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.