[Med-privacy] Pharmacare, Harvard Try To Shut Down Security Hole
Jeff Williams
jwkckid1@ix.netcom.com
Sun, 23 Jan 2005 00:58:11 -0800
All,
This should be an interesting refrence for some of you...
"CVS's drug insurance wing Pharmacare and Harvard
University have taken steps to shut down a security hole that would
have allowed anyone on the Internet to view any Harvard affiliate's drug
history, a possible violation of Federal laws concerning medical records
(HIPAA). The Boston Globe has the story, which came after the
vulnerabilities were discovered by two reporters for the school
newspaper (that story has screenshots that show just how easy it was).
Raises interesting questions about computer security and using ID
numbers
as passwords."
See:
http://www.boston.com/news/local/articles/2005/01/22/harvard_fixing_data_security_breaches/
and
http://www.thecrimson.com/today/article505402.html
Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Be precise in the use of words and expect precision from others" -
Pierre Abelard
"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Registered Email addr with the USPS
Contact Number: 214-244-4827