Ross Anderson writes: Your medical records are now officially on sale. American drug companies now learn that MedRed BT Health Cloud will provide public access to 50 million de-identified patient records from UK. David Cameron announced in 2011 that every NHS patient would be a research patient, with their records opened up to private healthcare firms. He promised…
Month: November 2013
Whose data is it anyway?
John Moore and Rob Tholemeier write: A common and somewhat unique aspect to EHR vendor contracts is that the EHR vendor lays claim to the data entered into their system. Rob and I have worked in many industries as analysts. Nowhere, in our collective experience, have we seen such a thing. Manufacturers, retailers, financial institutions, etc. would…
Evernote tells some users to change their passwords. (Psst! It’s Adobe’s fault…)
Graham Cluley writes: Just like Facebook before it, Evernote has been scouring the list of millions of email addresses and passwords exposed by the recent mega-breach at Adobe. And, if Evernote finds an email address in Adobe’s breached database that matches that belonging to an Evernote user, they are sending them a message telling them to…
Veterans Health Administration Issues Directive Regarding Access To Personally Identifiable Information In Information Technology Systems
WASHINGTON, Nov. 20 — The U.S. Department of Veterans Affairs’ Veterans Health Administration issued the following directive: 1. REASON FOR ISSUE: This Veterans Health Administration (VHA) Directive establishes policy for approving and providing authorized users access to VHA personally identifiable information (PII) in Information Technology (IT) systems of the Department of Veterans Affairs (VA). 2. SUMMARY OF CHANGES: This is a new Directive….
In Monroeville, have politics and personal allegiances trumped data privacy and security?
A PHIprivacy.net editorial. As regular readers know, PHIprivacy.net and PogoWasRight.org have been covering breach accusations involving the emergency medical dispatch (EMD) and police criminal history databases in Monroeville, Pennsylvania. The town’s investigation into the allegations, an independent forensic evaluation of the security controls in use for the systems, and a subsequent state attorney general’s investigation all confirmed…
RacingPost.com hacked; change your passwords
The following statement was posted on RacingPost.com this morning: Stringent new measures are being put in place to prevent a repeat of the security breach that has affected racingpost.com. In the meantime, the website is completely safe to use as you wish because we have removed all log-in and registration functionality. Betting through the site…