Alexandria Wilson Pecci
MedPage Today
Originally posted February 26, 2017
Here is an excerpt:
Broken down by industry, hacking was the most common data breach source for the healthcare sector, according to data provided to HealthLeaders Media by the Identity Theft Resource Center. Physical theft was the biggest breach category for healthcare in 2015 and 2014.
Insider theft and employee error/negligence tied for the second most common data breach sources in 2016 in the health industry. In addition, insider theft was a bigger problem in the healthcare sector than in other industries, and has been for the past five years.
Insider theft is alleged to have been at play in the Jackson Health System incident. Former employee Evelina Sophia Reid was charged in a fourteen-count indictment with conspiracy to commit access device fraud, possessing fifteen or more unauthorized access devices, aggravated identity theft, and computer fraud, the Department of Justice said. Prosecutors say that her co-conspirators used the stolen information to file fraudulent tax returns in the patients' names.
The article is here.
Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Monday, March 27, 2017
Tuesday, March 21, 2017
Ethical concerns for telemental health therapy amidst governmental surveillance.
Samuel D. Lustgarten and Alexander J. Colbow
American Psychologist, Vol 72(2), Feb-Mar 2017, 159-170.
Abstract
Technology, infrastructure, governmental support, and interest in mental health accessibility have led to a burgeoning field of telemental health therapy (TMHT). Psychologists can now provide therapy via computers at great distances and little cost for parties involved. Growth of TMHT within the U.S. Department of Veterans Affairs and among psychologists surveyed by the American Psychological Association (APA) suggests optimism in this provision of services (Godleski, Darkins, & Peters, 2012; Jacobsen & Kohout, 2010). Despite these advances, psychologists using technology must keep abreast of potential limitations to privacy and confidentiality. However, no scholarly articles have appraised the ramifications of recent government surveillance disclosures (e.g., “The NSA Files”; Greenwald, 2013) and how they might affect TMHT usage within the field of psychology. This article reviews the current state of TMHT in psychology, APA’s guidelines, current governmental threats to client privacy, and other ethical ramifications that might result. Best practices for the field of psychology are proposed.
The article is here.
American Psychologist, Vol 72(2), Feb-Mar 2017, 159-170.
Abstract
Technology, infrastructure, governmental support, and interest in mental health accessibility have led to a burgeoning field of telemental health therapy (TMHT). Psychologists can now provide therapy via computers at great distances and little cost for parties involved. Growth of TMHT within the U.S. Department of Veterans Affairs and among psychologists surveyed by the American Psychological Association (APA) suggests optimism in this provision of services (Godleski, Darkins, & Peters, 2012; Jacobsen & Kohout, 2010). Despite these advances, psychologists using technology must keep abreast of potential limitations to privacy and confidentiality. However, no scholarly articles have appraised the ramifications of recent government surveillance disclosures (e.g., “The NSA Files”; Greenwald, 2013) and how they might affect TMHT usage within the field of psychology. This article reviews the current state of TMHT in psychology, APA’s guidelines, current governmental threats to client privacy, and other ethical ramifications that might result. Best practices for the field of psychology are proposed.
The article is here.
Wednesday, February 24, 2016
Ethical aspects of facial recognition systems in public places
Philip Brey
Journal of Information, Communication and Ethics in Society
Vol. 2 Iss: 2, pp.97 - 109
This essay examines ethical aspects of the use of facial recognition technology for surveillance purposes in public and semipublic areas, focusing particularly on the balance between security and privacy and civil liberties. As a case study, the FaceIt facial recognition engine of Identix Corporation will be analyzed, as well as its use in “Smart” video surveillance (CCTV) systems in city centers and airports. The ethical analysis will be based on a careful analysis of current facial recognition technology, of its use in Smart CCTV systems, and of the arguments used by proponents and opponents of such systems. It will be argued that Smart CCTV, which integrates video surveillance technology and biometric technology, faces ethical problems of error, function creep and privacy. In a concluding section on policy, it will be discussed whether such problems outweigh the security value of Smart CCTV in public places.
The article is here.
Journal of Information, Communication and Ethics in Society
Vol. 2 Iss: 2, pp.97 - 109
This essay examines ethical aspects of the use of facial recognition technology for surveillance purposes in public and semipublic areas, focusing particularly on the balance between security and privacy and civil liberties. As a case study, the FaceIt facial recognition engine of Identix Corporation will be analyzed, as well as its use in “Smart” video surveillance (CCTV) systems in city centers and airports. The ethical analysis will be based on a careful analysis of current facial recognition technology, of its use in Smart CCTV systems, and of the arguments used by proponents and opponents of such systems. It will be argued that Smart CCTV, which integrates video surveillance technology and biometric technology, faces ethical problems of error, function creep and privacy. In a concluding section on policy, it will be discussed whether such problems outweigh the security value of Smart CCTV in public places.
The article is here.
Monday, January 11, 2016
Cyber security: Attack of the health hackers
Kara Scannell and Gina Chon
FT.com
Originally published December 21, 2015
Here is an excerpt:
Hackers accessed over 100m health records — 100 times more than ever before — last year. Eight of the 10 largest hacks into any type of healthcare provider happened this year, according to the US Department of Health and Human Services.
Insurers scrambled to hire cyber security companies to scrub their systems. Premera Blue Cross, CareFirst BlueCross BlueShield, and Excellus Health Plan announced breaches affecting at least 22m individuals in total since March, including hacks that stretched back more than a year. Investigators told the FT that they believe some of the hacks are related and trace back to China.
The insurers face multiple investigations from state insurance regulators and attorneys-general and some could face fines for failing to comply with state data privacy laws, while federal law enforcement agencies are investigating who is behind the hacks.
The article is here.
FT.com
Originally published December 21, 2015
Here is an excerpt:
Hackers accessed over 100m health records — 100 times more than ever before — last year. Eight of the 10 largest hacks into any type of healthcare provider happened this year, according to the US Department of Health and Human Services.
Insurers scrambled to hire cyber security companies to scrub their systems. Premera Blue Cross, CareFirst BlueCross BlueShield, and Excellus Health Plan announced breaches affecting at least 22m individuals in total since March, including hacks that stretched back more than a year. Investigators told the FT that they believe some of the hacks are related and trace back to China.
The insurers face multiple investigations from state insurance regulators and attorneys-general and some could face fines for failing to comply with state data privacy laws, while federal law enforcement agencies are investigating who is behind the hacks.
The article is here.
Monday, May 25, 2015
Q: Is privacy dead? Of course not
By Evan Selinger
Aeon Magazine - Ideas
Here is an excerpt:
But if we’re talking about informational privacy, it isn’t a thing. Informational privacy is a series of decisions individuals and groups make. Some crucial decisions are about social and ethical norms. This means we’ve got to decide which norms to value, determine when it’s appropriate for norms to be enforced and when norm violations should be allowed to slide, and figure out which sanctions are befitting of proper norm policing. In a pluralistic society, these ends are furthered by fraught and ongoing negotiation. Such negotiation is further complicated by disruptive innovation changing how people consume and share information.
The entire article is here.
Aeon Magazine - Ideas
Here is an excerpt:
But if we’re talking about informational privacy, it isn’t a thing. Informational privacy is a series of decisions individuals and groups make. Some crucial decisions are about social and ethical norms. This means we’ve got to decide which norms to value, determine when it’s appropriate for norms to be enforced and when norm violations should be allowed to slide, and figure out which sanctions are befitting of proper norm policing. In a pluralistic society, these ends are furthered by fraught and ongoing negotiation. Such negotiation is further complicated by disruptive innovation changing how people consume and share information.
The entire article is here.
Friday, January 9, 2015
Withstanding moral disengagement: Attachment security as an ethical intervention
By Dolly Chugh, Mary C. Kern, Zhu Zhu, and Sujin Lee
Journal of Experimental Social Psychology 51 (2014) 88–93.
Highlights
• We propose an ethical intervention with the potential to reduce unethical decision-making.
• We challenge the relationship between moral disengagement and unethical decision-making.
• We use attachment theory as the basis for the ethical intervention.
• Individuals primed with attachment anxiety experience the usual effects of moral disengagement.
• However, individuals primed with attachment security are able to withstand moral disengagement.
Abstract
We propose an ethical intervention leading to improved ethical decision-making. Moral disengagement has long been related to unethical decision-making. We test an ethical intervention in which this relationship is broken. Our ethical intervention consisted of priming individuals to be securely-attached, in which they recalled a past instance of relational support and acceptance. We predicted and found an interaction between attachment state and moral disengagement, in which individuals primed with attachment security were able to withstand moral disengagement.
In Study 1, we demonstrate that the securely attached behave more ethically than the anxiously attached in an achievement context. In Study 2, we show that secure attachment overrides one's natural propensity to morally disengage. In Study 3, we find that secure attachment minimizes the impact of the propensity to morally disengage through the mechanism of threat construal. Within both student and working adult samples and using both judgment and behavioral dependent variables, we show that the priming of secure attachment is a relatively simple and effective intervention that managers, educators, and organizations can use to reduce unethical behavior.
The entire article is here.
Journal of Experimental Social Psychology 51 (2014) 88–93.
Highlights
• We propose an ethical intervention with the potential to reduce unethical decision-making.
• We challenge the relationship between moral disengagement and unethical decision-making.
• We use attachment theory as the basis for the ethical intervention.
• Individuals primed with attachment anxiety experience the usual effects of moral disengagement.
• However, individuals primed with attachment security are able to withstand moral disengagement.
Abstract
We propose an ethical intervention leading to improved ethical decision-making. Moral disengagement has long been related to unethical decision-making. We test an ethical intervention in which this relationship is broken. Our ethical intervention consisted of priming individuals to be securely-attached, in which they recalled a past instance of relational support and acceptance. We predicted and found an interaction between attachment state and moral disengagement, in which individuals primed with attachment security were able to withstand moral disengagement.
In Study 1, we demonstrate that the securely attached behave more ethically than the anxiously attached in an achievement context. In Study 2, we show that secure attachment overrides one's natural propensity to morally disengage. In Study 3, we find that secure attachment minimizes the impact of the propensity to morally disengage through the mechanism of threat construal. Within both student and working adult samples and using both judgment and behavioral dependent variables, we show that the priming of secure attachment is a relatively simple and effective intervention that managers, educators, and organizations can use to reduce unethical behavior.
The entire article is here.
Monday, October 10, 2011
Health industry lacks patient data safeguards: poll
by Alina Selyukh
(Reuters) - New technologies are flooding into the healthcare world, but the industry is not adequately prepared to protect patients from data breaches, according to a report published on Thursday.A vast majority of hospitals, doctors, pharmacies and insurers are eager to adapt to increasingly digital patient data. However, less than half are addressing implications for privacy and security, a survey of healthcare industry executives by PricewaterhouseCoopers LLP found.
The original article is here.
Monday, August 15, 2011
Ten Best: Preventing Privacy and Data Breaches
The antics of groups like Anonymous and LulzSec over the past few months have made data breaches seem inevitable. If information security vendors like HBGary and RSA Security aren't safe, what hope does an average SMB have? It is true that there is no silver bullet, and no impervious network security, but there are a variety of things IT admins can do to prevent network breaches and protect data and privacy better.
The Web safety and online identity protection experts at SafetyWeb.com and myID.com helped put together a list of ten different data and privacy breach scenarios, along with suggestions and best practices to avoid them.
1. Data Breach Resulting From Poor Networking Choices. Names like Cisco and Sun are synonymous with enterprise-level networking technologies used in large IT departments around the world. Small or medium businesses, however, generally lack the budget necessary for equipment like that. If an SMB has a network infrastructures at all, it may be built around networking hardware designed for consumer use. Some may forego the use of routers at all, plugging directly into the Internet. Business owners can improve network security and block most threats by using a quality router, like a Netgear or Buffalo brand router and making sure to change the router password from the default.
2. Data Breach Resulting From Improper Shredding Practices. Dumpster diving identity thieves target businesses that throw out paperwork without shredding it. Most home shredders will suffice for small businesses in a pinch, but a commercial shredder is a wise investment if private information is printed and shredded daily. Make sure that documents with sensitive information or personally identifiable data are thoroughly shredded before disposal.
3. Tax Records Theft Around Tax Time. On a similar note, businesses need to pay extra attention to incoming and outgoing information related to taxes. Businesses must ensure that tax returns are dropped off at the post office and refunds are collected promptly from the mailbox. Identity thieves often steal tax returns from an outbox or mailbox.
4. Identity Theft Resulting From Public Databases. Individuals, especially business owners, often publish lots of information about themselves in public databases. It is a sort of catch-22 because a small business owner wants to maximize exposure while still protecting individual privacy. Businesses are registered with the county clerk, telephone numbers are in the phone book, many individuals have Facebook profiles with their address and date of birth. Many identity thieves can use information searchable publicly to construct a complete identity. SMBs need to think carefully about how and where to gain exposure for the business, and consider the consequences of sharing sensitive information publicly.
5. Identity Theft Resulting from Using a Personal Name Instead of Filing a DBA. Along those same line, sole proprietors that do not take the time to file a Doing Business As application are at a far higher risk of identity theft due to their personal name, rather than their business names, being published publicly.
The rest of the story is here.
Friday, July 22, 2011
Survey: 90% of companies say they've been hacked
By Jaikumar Vijayan
ComputerWorld>Security
If it sometimes appears that just about every company is getting hacked these days, that's because they are.
In a recent survey (download PDF) of 583 U.S companies conducted by Ponemon Research on behalf of Juniper Networks, 90% of the respondents said their organizations' computers had been breached at least once by hackers over the past 12 months.
Nearly 60% reported two or more breaches over the past year. More than 50% said they had little confidence of being able to stave off further attacks over the next 12 months.
Those numbers are significantly higher than findings in similar surveys, and they suggest that a growing number of enterprises are losing the battle to keep malicious intruders out of their networks.
"We expected a majority to say they had experienced a breach," said Johnnie Konstantas, director of product marketing at Juniper, a Sunnyvale, Calif.-based networking company. "But to have 90% saying they had experienced at least one breach, and more than 50% saying they had experienced two or more, is mind-blowing." Those findings suggest "that a breach has become almost a statistical certainty" these days, she said.
The organizations that participated in the Ponemon survey represented a wide cross-section of both the private and public sectors, ranging from small organizations with less than 500 employees to enterprises with workforces of more than 75,000. The online survey was conducted over a five-day period earlier this month.
Roughly half of the respondents blamed resource constraints for their security woes, while about the same number cited network complexity as the primary challenge to implementing security controls.
The Ponemon survey comes at a time of growing concern about the ability of companies to fend off sophisticated cyberattacks. Over the past several months, hackers have broken into numerous supposedly secure organizations, such as security vendor RSA, Lockheed Martin, Oak Ridge National Laboratories and the International Monetary Fund.
Many of the attacks have involved the use of sophisticated malware and social engineering techniques designed to evade easy detection by conventional security tools.
The attacks have highlighted what analysts say is a growing need for enterprises to implement controls for the quick detection and containment of security breaches. Instead of focusing only on protecting against attacks, companies need to prepare for what comes after a targeted breach.
The survey results suggest that some organizations have begun moving in that direction. About 32% of the respondents said their primary security focus was on preventing attacks, but about 16% claimed the primary focus of their security efforts was on quick detection of and response to security incidents. About one out of four respondents said their focus was on aligning security controls with industry best practices.
Subscribe to:
Posts (Atom)