Posts Tagged 'HIPAA'

Sears used Spyware on their customers

Published June 8, 2009 Privacy Leave a Comment
Tags: , , ,

Via: Sans Institute:

Sears Settles FTC Complaint Regarding Customer Internet Data Collection (June 4, 2009)

Sears has settled charges brought by the US Federal Trade Commission (FTC) regarding the company’s failure to accurately describe the amount of information gathered by tracking software. Sears offered the customers US $10 to participate in “My SHC Community;” those who agreed were asked to download software that they were told would gather information about their “online browsing.” The FTC charges allege that the software also monitored secure sessions, such as online banking, e-shopping cart contents, drug prescription information and information about web-based email the users sent. Under the terms of the settlement, Sears would cease collecting data with the software and would destroy all the data it has already collected. The settlement also calls for Sears to “clearly and prominently disclose the types of data (their software) will monitor, record, or transmit.”
-http://www.ftc.gov/opa/2009/06/sears.shtm
-http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
cleId=9133965

Heart Hacking

Published October 22, 2008 Intelligence , Privacy , Technology Leave a Comment
Tags: , , ,

Is it possible for someone to hack your heart’s pacemaker?   According to the Medical Device Security Center, it sure is…

Report excerpt:

“As part of our research we evaluated the security and privacy properties of a common ICD.   We investigate whether a malicious party could create his or her own equipment capable of wirelessly communicating with this ICD.

Using our own equipment (an antenna, radio hardware, and a PC), we found that someone could violate the privacy of patient information and medical telemetry. The ICD wirelessly transmits patient information and telemetry without observable encryption. The adversary’s computer could intercept wireless signals from the ICD and learn information including: the patient’s name, the patient’s medical history, the patient’s date of birth, and so on.

Using our own equipment (an antenna, radio hardware, and a PC), we found that someone could also turn off or modify therapy settings stored on the ICD. Such a person could render the ICD incapable of responding to dangerous cardiac events. A malicious person could also make the ICD deliver a shock that could induce ventricular fibrillation, a potentially lethal arrhythmia.”

In addition to medical devices, under experiment are drug monitoring and delivery systems via implanted chips.  Gizomodo reported on this in their article “Implanted Microchip Will Monitor your Health, Deliver Drugs from under your Skin.”

I suppose it would be possible to manipulate the amount of drugs released via similar methodology if one were to intercept the chip.

Seems to me that these devices should have encryption built in.  What are they thinking?   Or maybe that’s extra….