Scott Wright’s Security Views

It seems that so many media reports of breaches have the obligatory statement “…There is no evidence that the lost Personally Identifiable Information (PII) was misused in any way.”

In this case (HERE), and originally reported HERE, the PII of Medicaid clients was certainly bought and sold. There is no mention of whether the data was “actually” used for fraudulent transactions or impersonations. The individual who was charged was apparently a new employee who had passed security screening. The employee resigned before the breach was communicated to the IT outsourcing company where she worked. The PII of 500 individuals was sold for $5,000. Continue Reading »

It was a small session, but was jam-packed with thought-provoking discussion, with everything from futuristic toilets that will be able to send data on your stool samples directly to your doctor, to smart dust (maybe as an allergen desensitizer? who knows?)….

But seriously, Bill Pascal of the Canadian Medical Association and Mark Dermer of the Canadian Health Infoway provided a great tag-team summary of the economic landscape (both global and Canadian), as well as a view of political and technological challenges in Canadian e-Health. Not surprisingly, security and privacy were considered to be key issues that must be built in (with privacy being highlighted as the major concern - they aren’t trying to stop foreign espionage, just misuse of personal health information). Continue Reading »