images

now browsing by tag

 
 

#cybersecurity | #hackerspace | Billions of Medical Images Leaked in Huge Privacy Puzzle

Source: National Cyber Security – Produced By Gregory Evans

Security researchers say healthcare providers are failing to secure highly sensitive patient medical data. Mind-boggling amounts of health info are just sitting on internet-connected servers, with only a well-known default password—or no password at all.

And it’s despite frequent warnings. The scale of the problem has only grown in recent months.

Imagine that. In today’s SB Blogwatch, we prescribe radical surgery.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Nice pipes (giggity).


HIPAA PACS FAIL

What’s the craic, Zack? Mister Whittaker reports—“A billion medical images are exposed online, as doctors ignore warnings”:

 Hundreds of hospitals, medical offices and imaging centers are running insecure storage systems, allowing anyone … to access over 1 billion medical images of patients. … About half of all the exposed images, which include X-rays, ultrasounds and CT scans, belong to patients in the United States.

The problem is well-documented. Greenbone found … more than 720 million medical images in September. … Two months later, [it doubled]. The problem shows little sign of abating.

Medical images … are typically stored in … a PACS server. … But many doctors’ offices disregard security best practices and connect their PACS server directly to the internet without a password. … Some of the largest hospitals and imaging centers in the United States are the biggest culprits.

Many patient scans include … the patient’s name, date of birth and sensitive information about their diagnoses. … Yet, patients are unaware that their data could be exposed on the internet for anyone to find.

HIPAA created the “security rule” … designed to protect electronic personal health information. … The law also holds healthcare providers accountable for any security lapses [which] can lead to severe penalties. … Experts who have warned about exposed servers for years say medical practices have few excuses.

And Renée Fabian adds—“Unsecured Medical Images Are an Underrated Threat”:

 Compromised medical data is life-altering — worse than having your financial information stolen — and in some cases, even life-threatening. … But the general public still has their eyes on financial identity theft as the bigger threat.

However, when your health-related information is used by someone else … it can have a much bigger impact than stolen financial data. … Here’s how:

Errors in your medical record constitutes one of the biggest dangers. … A diagnosis you don’t have, medication you’re allergic to, the wrong blood type or treatments you never actually get [can] make it into your permanent health care file. [So] you may end up in a situation where you’re treated with something that’s harmful.

You could also fail a physical job exam because a medical condition you don’t have ends up in your medical record. … It puts you at greater risk of discrimination, especially at work.

Your legitimate [insurance] claims may be denied. The company may flag or cancel your policy because of a suspicious number of claims or another person’s information on your record. [Or] you may be denied health or life insurance in the future.

Medical data includes more personal information than your financial data, which is why it sells for an estimated 10 times as much on the dark web. … Criminals get more bang for their buck out of your health data.

Are you sure we’re not hyping this up a bit? Mark Davis is horrified:

 Images, as actually used, usually do contain demographics. But they also often contain indications and sometimes diagnosis and treatments. Those are the absolute most sensitive of all information.

Indications are the reason for the image and would be something like “suspected pneumonia.” Diagnoses are official labels of sickness/illness/disease, like “AIDS.”

I can’t overstate how bad disclosing such information is, when it comes to protecting privacy.

Specifically, what are the legalities? Here’s Oliver Jones:

 It’s possible to see so-called “protected health information” (PHI) in these images. … HIPAA and ARRA 2009 (followon legislation) made it a federal crime to knowingly or negligently disclose PHI.

Natural persons can be tried and convicted, even if they were acting on behalf of corporations. … The Centers for Medicare and Medicaid Services (CMS) has a Breach Notification Rule, requiring holders of data to notify patients and CMS themselves if PHI is breached.

It wouldn’t surprise me if the people involved in securing these sloppily configured … servers are in a state of panic. … I was involved in dealing with an unintentional breach of 44 patient records a few years back, and yeah … it stinks to be them.

So doctors are to blame? prostheticvamp thinks that’s too simplistic:

 I have never, in all my years of working in healthcare, seen a hospital or physicians office directly install and manage PACS. They pay a third-party—usually the vendor—to install, configure, and walk them through it.

Healthcare-related technologically was largely pushed on the industry via legislation. … When a technology is forced on you at a loss, from a vendor with little incentive to optimize ease of use or utility, you get a terrible piece of **** that no one wants to invest more time and money into than absolutely needed.

When it comes to healthcare, everything is always the doctor’s fault. It’s convenient to have a single target to blame. … Never mind that most physicians are just employees … in massive organizations, with extremely heavy regulatory oversight.

If an organization that runs three hospitals can’t … secure their PACS system with a decent password, that’s the fault of the physician about as much as it’s the fault of the nurse, the janitor, the cafeteria chef, etc. … We’re just line workers. We try to do our best by patients, but we ain’t in charge of anything.

OK, but what can IT do about it? imidan’s suggestion is clouded by their gender presumption:

 The IT guy needs to talk to the lawyer and the insurance guy. The lawyer will **** his pants at the HIPAA violation, and the insurance guy will **** his pants at the likely cost of judgment for the inevitable prosecution.

The three of them can go to the person in charge and explain the problem in terms of the technical, legal, and financial. When it’s clear that the fallout of prosecution includes fines so big they make the practice uninsurable, jail time for personnel who wantonly violated, and the loss of license for doctors, I would hope they’d listen.

It gets worse. wswope has this head-meets desk moment:

 Fun experiment: use Google Maps API to search a major US metro area for medical practices. Pick out any websites that don’t use TLS. Crawl them for HTML forms that include common PHI keywords. You’ll find a lot.

Meanwhile, what of our neighbors to the north? Here’s ceoyoyo:

 Here in Canada, hospitals are super paranoid about their PACS. As originally designed, PACS really couldn’t transmit images over the Internet at all, and most hospitals still have it configured that way.

And Finally:

Riccardo Bonci is going straight to Heck

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Stephen Hampshire (cc:by)

Source link

The post #cybersecurity | #hackerspace |<p> Billions of Medical Images Leaked in Huge Privacy Puzzle <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Cyber security #expert warns about the #dangers of sending #explicit images #online

Source: National Cyber Security – Produced By Gregory Evans

Cyber security #expert warns about the #dangers of sending #explicit images #online

A cyber security expert is warning about the dangers of sending sexually explicit images to strangers online.

Many Irish companies increased their IT security in the wake of the ‘Wanna Cry’ randsomware incident earlier this year, which affected systems in hundreds of countries around the world.

‘Sextortion’ is a much less complicated scheme which targets individuals on various social networking sites.

The CEO of Cyber Risk International, Paul Dwyer, who will be speaking at todays Cyber Threat Summit in Dublin, says people need to be aware of the scam.

He said: “People hear time and time again about the fact that there are fake profiles that reach out to people.

“They start a relationship with them and then they will ask them to do an embarassing act on camera, then hold them to ransom.

“That is happenning all the time, we are getting regular calls, and not just us but other security providers too.”

 

The post Cyber security #expert warns about the #dangers of sending #explicit images #online appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Internet firms should use profits to stamp out child abuse images, says police chief

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Internet companies should reinvest some of their “eye-watering” profits into efforts to stamp out child abuse images online, a chief constable has said. Mike Barton challenged firms to do more to stop the content appearing in…

The post Internet firms should use profits to stamp out child abuse images, says police chief appeared first on Become007.com.

View full post on Become007.com

Argentina army says its website hacked with images supporting Islamic State

Source: National Cyber Security – Produced By Gregory Evans

Argentina army says its website hacked with images supporting Islamic State

Argentina’s army said on Monday that its website was hacked and images purported to be of members of the Islamic State militant group were posted on it. “This is a threat. ISIS is in Argentina and you will hear from us soon,” said the page, which was seen by Reuters….

The post Argentina army says its website hacked with images supporting Islamic State appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Nude images of Charlotte Flair released online

Source: National Cyber Security – Produced By Gregory Evans

Nude images of Charlotte Flair released online

CHARLOTTE Flair has spoken of her devastation after naked pictures of her were leaked on the internet. The daughter of WWE legend Ric had the intimate images posted online following on from Paige and other top stars earlier this year. Charlotte is pictured fully naked in some selfies with other intimate poses also shown. The former four-time women’s champion took …

The post Nude images of Charlotte Flair released online appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Teacher Ross Mortlock, 35, from Avening pleads guilty to three offences of making indecent images of children

A TEACHER from Avening has lost his job, his home and his family after he was caught with child pornography on his computer, a court heard today.

Ross Mortlock, 35, of Cherington, near Avening was arrested as he arrived home on the day his new baby had just been born in hospital, Gloucester Crown Court was told.

He was found to have more than five hours of video of the worst Category A pornography showing sexual abuse of children on his computer as well as other less serious child pornography.

Mortlock pleaded guilty to three offences of making indecent images of children but denied that he had a sexual interest in them, his lawyer said.

Read More

The post Teacher Ross Mortlock, 35, from Avening pleads guilty to three offences of making indecent images of children appeared first on Parent Security Online.

View full post on Parent Security Online

Sick paedo, 66, who targeted young girl for years caught after ‘accidentally’ uploading child abuse images to Facebook

AN EVIL paedophile’s years of abuse and horrific sex tourism was uncovered after he “accidentally” uploaded child abuse images to FACEBOOK.

David Grant, 66, was picked up by cops last August and told officers he found underage girls “attractive and pretty” – but was released on bail and able to continue his vile crimes.

The painter and decorator, from Westcliff, in Essex, was meant to be banned from having contact with children after he was arrested and bailed for possession of child abuse images.

But Grant ignored this and carried on assaulting his victim until he was arrested again three months later in what once police officer described as “one of the most harrowing cases” they’ve seen.

Read More

The post Sick paedo, 66, who targeted young girl for years caught after ‘accidentally’ uploading child abuse images to Facebook appeared first on Parent Security Online.

View full post on Parent Security Online

Vicar Peter Low, of Heybridge, charged with downloading child sex abuse images by Essex Police

Source: National Cyber Security – Produced By Gregory Evans

Vicar Peter Low, of Heybridge, charged with downloading child sex abuse images by Essex Police

A VICAR has been charged with offences of possessing indecent images. Peter Low, 64, of Crescent Road, Heybridge, has been charged with three counts of possession of indecent images of children and one count of possession of a prohibited image …

The post Vicar Peter Low, of Heybridge, charged with downloading child sex abuse images by Essex Police appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Former teacher jailed for downloading thousands of images of child pornography

A former school teacher from Cardiff has been jailed after downloading thousands of images of child abuse – some involving boys as young as 10.

Paul Fisher admitted possessing more than 2,000 pornographic images of children and distributing more than 800 images using a peer-to-peer file sharing site.

Sentencing at Cardiff Crown Court , Judge Daniel Williams told the defendant: “You must recognise that behind each of those images is a real child.”

The court heard the 68-year-old was already the subject of a Sexual Harm Prevention Order imposed in 2012 following similar offending.

Prosecutor Paul Hewitt said the order was “for public protection” and banned the defendant from viewing or downloading images of children online.

Read More

The post Former teacher jailed for downloading thousands of images of child pornography appeared first on Parent Security Online.

View full post on Parent Security Online

Hacker sentenced to 29 months for developing PhotoFucket for ‘fusking’ naked Photobucket images

640x392_47379_209470-700x336

Source: National Cyber Security – Produced By Gregory Evans

Hacker sentenced to 29 months for developing PhotoFucket for ‘fusking’ naked Photobucket images

Hacker who developed a code to scan Photobucket’s 10 billion images sentenced to 29 months in prison
A 41-year-old Colorado hacker was sentenced Tuesday to 29 months in prison for selling his software which enabled blackmailers and others to scan

The post Hacker sentenced to 29 months for developing PhotoFucket for ‘fusking’ naked Photobucket images appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures