European survey finds most web health sites insecure

[InfoSec News <isn () C4I ORG>]

http://www.telekomnet.com/news_security/9-14-00_european_survey.asp

September 14, 2000

If you were thinking of entering personal data onto a European Web
healthcare portal, think again, as a report due out next week says
that many healthcare sites across Europe are less than healthy when it
comes to their own levels of security.

The damning report says that 70 percent of Europe's leading healthcare
companies' sites have been found to collect users' personal
information in a potentially insecure environment - and are in danger
of being hacked into.

Clicksure, whose business is Web site certification, has published its
findings in "Clicksure Comment," the first in a series of reports due
to be published on the company's Web site. This, the first report,
will be published in the next few days.

For its research, Clicksure looked at more than 500 U.S. and U.K.
corporate and government sites across a range of industry sectors and
criteria, aiming to identify where they fell down on best practice in
the world of e-commerce.

Phil Hendey, Clicksure's chief marketing officer, said that 77 percent
of Europe's healthcare companies gave their users no rights to
withdraw or withhold their consent for any disclosure or use of their
personal information.

"Healthcare companies hold highly personal and sensitive information
on thousands of people," he said, adding that the report found that
this information is gathered in a potentially insecure manner and
could be accessed by an unauthorized third party.

Hendey went on to say that the Internet allows an easy people-to-
people (P2P) exchange of information. It is, however, only as reliable
and secure as the individuals programming the sites that transmit and
receive this data.

"This report should act as a warning to companies to tighten up on
information security or face a loss of confidence among their
consumers," he said.

For its research, Clicksure used its best practice auditing product,
Discovery Snapshot, to monitor the organizations' Web sites.

In use, the product reviews corporate Web sites and rates them against
exacting criteria, including privacy, security, information,
transaction management, quality, and monitoring.

The results, the firm says, enable businesses to see how well they
measure up to internationally recognized best practice for e-business,
their competitors and e-business in general.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".