[ale] [OT] SSN use, was: restricting web input

[Jim Kinney]

I turned on my wireless card in a multi-doctor office building and was
greeted with SEVEN (7!) open wireless networks. All had a connection
to a receptionist station and the main doctors PC. I went through the
building and pulled doctors to the side and showed them what data was
leaking on a casual walk through. Once they picked up their jaw, I
showed them what was available with a half-serious look and 3 seconds
of social engineering.  I stayed busy cleaning up that building for
the next year. They had all done wireless because it was cheaper than
running 10 cat5e lines.

HIPPA has no provisions for stupid AND cheap.

On Wed, May 6, 2009 at 9:08 PM, Paul Cartwright <ale at pcartwright.com> wrote:
> On Wed May 6 2009, Bob Toxen wrote:
>> I'm surprised (and disappointed) that there have been no
>> HIPAA-related lawsuits about this (negligence in computer
>> record-keeping of sensitive information causing identity theft).
>
> I was in my doctors office a few years back, when he was getting a new
> computer system, for HIPPA. The nurse had logged ouit of her application, but
> left the computer logged in. She left the room, left me there in front of the
> computer... When the doctor came in, I mentioned that this wasn't a very safe
> thing, considering the HIPPA issues. He said " oh, she logged out, you can't
> do anything"... I showed him how I could call up windows explorer,  found his
> network drives with all of that sensitive data, and pointed out I  could have
> plugged in my USB stick and walked away with all of his computer files.
> He said he would talk to " his people" about this... yeah right.
>
> --
> Paul Cartwright
> Registered Linux user # 367800
> Registered Ubuntu User #12459
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
-- 
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness