Top Security News

PayPal's Security Key
Infoworld reports that PayPal, long a favored target of phishers and email spam, has come up with a measure designed to better protect its customers. For $5, any PayPal customer can order a little security keychain that displays a new password every 30 seconds. When l...

Windows Getting Critical Fix Next Week
Only a few fixes have been planned for January's 'Patch Tuesday' from Microsoft, with Windows scheduled to receive an update to a critical issue .Along with the Windows patch, a trio of Office updates have been announced ahead of the January 9th...

Online Theft Snared 401k Account
Although the story of one man's lost of $179,000 from a retirement account appears to be headed for a happy ending, the article leaves out some crucial information. Down in the comments about Dave DeSmidt's victimization by an unknown...

QuickTime Issues Still Plague Websites
Similar to the issue that allowed the MySpace worm to parade through the popular social networking site, another flaw in Apple's QuickTime can be exploited. Windows and Mac users are vulnerable to a pair of security issues with QuickTime. Any website...

Data Thieves Drop In On Your Phone
Spyware geared toward stealing data from a mobile device has been spotted accompanying phone-infecting viruses; this early effort probably signals more sophisticated attacks are in the offing. Cellular service providers and major Internet players like Google, Yahoo, and AOL all want to get more...

Keeping An 'eEye' On Zero-Day Exploits
Marc Maiffret's eEye security firm has launched the Zero-Day Tracker, a website where the company will post and archive information on vulnerabilities hit by zero-day exploits. When a patch emerges from a prominent software company like Microsoft or Oracle...


David A. Utter
Thursday:01.18.07

Tokyo Doc Loses Patient Information

A physician with the University of Tokyo Hospital placed personal information about 150 patients on his home computer, only to have that data leaked online.

Private information and personal computers are not chocolate and peanut butter; they don't go together. But people keep thinking they won't be the ones to make the kind of mistakes other people have in inadvertently putting that data at risk.

The report in question said the doctor had a backup file containing patient information from about 10 years ago. He had treated the patients at the University and three other hospitals.

That file probably sat dormant all those years until someone placed file-sharing software on the computer.

After that, the data could be viewed for around a five hour period.

The information included names and birth dates, and medical records.

Low Rate eCommerce & Retail Plans

Details aren't clear about the whole issue. On a ten-year old computer, it's difficult to imagine modern file-sharing software running on it, although ftp could be an option.

It seems more likely the patient information was ten years old, but placed on a newer computer.

No accounts of misuse of the data have emerged yet, according to the University hospital. They claimed that they "prohibit in principle" the practice of taking personal information out of the hospital.

Principles are good to have, but in an age where a little personal information can lead to a big identity theft, clearly defined policies against that usage need to be in place too. Maybe the doctor just didn't think about, or even forgot, the backup.

Security pros do need to think about these things. It may be a good idea to check with employees to find out if sensitive information has been removed from an enterprise.

Well-meaning workers who want to do a good job probably don't see the harm in doing so.

They should not be prohibited from working effectively.
If there is a need for access to such data, the implementation of a managed solution like VPN should be used.

Control of the information needs to rest with the company, and not an individual employee.

In the United States, trends on identity thefts have indicated they will continue to spiral upward. A 250 percent rise in keyloggers and an increasing number of phishing attempts figured prominently in 2006.

Any data left unprotected will be attractive to criminal types. Between February 15, 2005 and April 28, 2005, figures from the Privacy Rights Clearinghouse cited 31 cases of personal data theft, affecting almost 3.5 million people. All in a mere 10 weeks.

About the Author:
David Utter is a technology writer for SecurityProNews, WebProNews, and InternetFinancialNews.

About SecurityProNews
SecurityProNews is updated in real time with vital internet security alerts, news and in-depth articles for IT Managers. SecurityProNews understands that IT Management Begins With Security.
 

SecurityProNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
ITmanagementNews.com NetworkNewz.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
 
 

Advertising Newsletters Corporate Info Site Map Support
© 2007 SecurityProNews. An email newsletter.
, Inc. 2549 Richmond Rd. Lexington KY, 40509
All Rights Reserved. Terms under which this service is provided to you. Read our privacy policy. Contact us.		 SecurityProNews is part of the iEntry Inc. Network of sites and newsletters.
SecurityProNews About Us News Archives Feedback