Interesting People mailing list archives
Re: If you can't trust Johns Hopkins ...
From: David Farber <dave () farber net>
Date: Mon, 18 May 2009 10:51:18 -0400
Begin forwarded message: From: Andrew C Burnette <acb () acb net> Date: May 17, 2009 11:00:59 PM EDT To: dave () farber net, rvh40 () insightbb com Subject: Re: [IP] If you can't trust Johns Hopkins ... Dave, I'm not sure what makes Johns Hopkins special (other than close proximity to Lenny's deli in Baltimore). The problem with all enterprise networks is that security is defined by the lowest common denominator, that being whatever equipment you use in your business that has the weakest capabilities defines the security paradigm. The average CIO has a shelf life of less than 36 months. Barely enough time to snag the golden parachute, but more importantly, such a short tenure guarantees that the typical CIO/CTO will only attempt to meet the minimal fiduciary responsibility required by the board (e.g. last years lame practices in security) and will take zero risk in actually forwarding the security operations and methodology needed for real security. That sort of activity typically shortens the shelf life a bit. that said, when my daughter was born 5 years ago, I brought my laptop for the weekend of the event. The wireless network at the hospital was open, and 'dozens' of servers were seen by my laptop as accessible. The more effective security mechanism was my daughter's adorable smile which was far more interesting;-) Best regards, Andy Burnette David Farber wrote:
Begin forwarded message: From: Randall <rvh40 () insightbb com> Date: May 17, 2009 12:21:20 PM EDT To: David Farber <dave () farber net>, johnmacsgroup () yahoogroups com Subject: If you can't trust Johns Hopkins ...Insider May Have Breached More Than 10,000 Patient Records At Johns HopkinsEmployee had access to patient database as part of her job, report saysMay 13, 2009 | 04:03 PM By Tim Wilson DarkReading An employee at Johns Hopkins Hospital may have leaked the personal information of more than 10,000 patients in an identity fraud scam. According to a report filed to the administrator of the state of Maryland's Identity Theft Program (PDF), some 31 individuals with connections to Johns Hopkins have reported identity thefts since Jan. 20. Law enforcement agencies suspect the thefts might be part of a fraudulent driver's license scheme discovered in neighboring Virginia. In researching the thefts, members of the Johns Hopkins security department discovered that a single employee who worked in patientregistration may have used her access privileges to review data on morethan 10,000 patients while working at the hospital. The now-former employee is expected to be indicted for stealing the data, the report states.The hospital emphasizes that the breach was not a hacking incident, butthat the employee had access to the records as part of her job. Johns Hopkins is offering credit monitoring and fraud resolutionservices, as well as $30,000 in identity theft reimbursements, to the 31 victims, as well as to any of the 526 Virginia residents in the databasewho report fraud. It also is notifying the other 10,000 patients whose records were in the database.The hospital says the patient registration database contains no medicalrecords, but it does contain sensitive data, such as addresses andSocial Security numbers. Johns Hopkins officials say they do not know ifthe database was the source of the identity thefts, but are notifying all of those involved as a precaution. This is not the first time Johns Hopkins has experienced data theft byan insider. In 2007, officials at Johns Hopkins University reported thata contractor did not return backup tapes from the hospital anduniversity payroll. Some 135,000 employees and former patients had to benotified. The data was not encrypted.And in January, a Johns Hopkins employee was arrested in connection withthe theft of patient data. News reports quoted a hospital spokesperson saying the number of victims in that case was "probably less than 10." Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. http://www.darkreading.com/insiderthreat/security/privacy/showArticle.jhtml?articleID=217400831 -- The war on privilege will never end. Its next great campaign will be against the privileges of the underprivileged. H. L. Mencken ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- If you can't trust Johns Hopkins ... David Farber (May 17)
- <Possible follow-ups>
- Re: If you can't trust Johns Hopkins ... David Farber (May 18)