funsec mailing list archives
Re: Jail for Selling Email Lists to Spammers (slashdot)
From: "Michael Simpson" <mikie.simpson () gmail com>
Date: Thu, 8 Feb 2007 14:32:37 +0000
On 2/8/07, David Harley <david.a.harley () gmail com> wrote:
> IMO the executive are just gearing up for the inevitable > fallout from the "connecting for health" fiasco and this is > just an incidental benefit I'd be fascinated to know exactly which "Connecting for Health" fiasco you're referring to. :) -- David Harley Security Author/Editor/Consultant, Antivirus Researcher Small Blue-Green World dharley () smallblue-greenworld co uk Security Bibliography: http://www.smallblue-greenworld.co.uk/pages/bibliography.html Articles: http://watersidesyndication.com/inbusiness/
My main worry is the fact that having a hardware firewall between teh intarweb and sensitive info is still the gold standard for health IT security. A wee story from a few years ago. When i worked in the Royal hospital for sick children @ Yorkhill in Glasgow the setup there was such that you couldn't sneeze without using the inhouse computer system. All tests and patient updates had to be recorded on the system. However there was no authorisation or accountability with regards to who could view what data. As long as you were able to access the system then you could view what was happening to any current or previous patient. At the time a local celebrity had children that were spending a lot of time as inpatients and each day a local tabloid had a depressingly accurate story on what was happening to them. The suspicion was that someone was feeding them information acquired through the system. Then there is this gem: http://www.theregister.co.uk/2006/12/22/bma_nhs_record_systems_boycott_call/ and please trust when i say that if my union are voicing DPA concerns (when they willingly allowed me to be totally shafted for years as a junior - 110+hr weeks, 4 day shifts with no expectation of sleep, yada yada) then there has to be a real problem. As part of the IT subgroup for my current employers i try to flag up current problems within our own IT security (no email security, confidential information being sent to Yahoo! webmail accounts, traffic traversing the internet thanks to BT's N3 program, etc) but no-one seems to be interested prolly because of the whole too many systems, too few people conundrum. When the EPA becomes a reality in either Scotland or England i will advise all patients to opt out of it if they are allowed to. If you are allergic to penicillin or diabetic then wear a medic alert bracelet. IMO If you allow your records to go online then they will be read by people whom you do not give access to. I could go on but it raises my blood pressure too much :-) from http://www.theregister.co.uk/2004/11/09/letters_0911/ [This week we also covered the British Medical Association's warning that IT systems are at risk of failure if doctors are not properly consulted on their implementation. It is this subject to which our writer now turns.] To be fair, a large proportion of the doctors that i had the good or bad fortune to work with during my time in the NHS are technological luddites who have no idea about what is actually achievable with technology and don't comprehend issues of security or reliability and resent the growing intrusion of IT issues into their lives. The main problem is that the IT people within the NHS are technological luddites who have no idea about what is actually achievable with technology and don't comprehend issues of security or reliability and resent the growing intrusion of IT issues into their lives. There's a synergy there. Mike Simpson ;-) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Jail for Selling Email Lists to Spammers (slashdot) Paul Vixie (Feb 07)
- Re: Jail for Selling Email Lists to Spammers (slashdot) Michael Simpson (Feb 08)
- RE: Jail for Selling Email Lists to Spammers (slashdot) David Harley (Feb 08)
- Re: Jail for Selling Email Lists to Spammers (slashdot) crazy frog crazy frog (Feb 08)
- RE: Jail for Selling Email Lists to Spammers (slashdot) David Harley (Feb 08)
- Re: Jail for Selling Email Lists to Spammers (slashdot) Michael Simpson (Feb 08)
- RE: Jail for Selling Email Lists to Spammers (slashdot) David Harley (Feb 08)
- Re: Jail for Selling Email Lists to Spammers (slashdot) Michael Simpson (Feb 08)