| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: cdevoney at u.washington.edu (Chris DeVoney) Subject: Re: vulnerabilities of postscript printers Although this is a slight subject drift, just to make everyone's life slightly more interesting we at University of Washington Medicine (both Medical Centers and Health Sciences) are forcing our digital copier vendor to sign a HIPAA Business Associates agreement. If the unit required service (and show me one of these that don't), the repair person (or remote diagnostic) would have access to the internal hard disk which could contain images of pages holding protected health information. That's a no-no. It ain't just Postscript device that falls under this edict. It's any digital copier/printer/scanner that has persistent internal storage or is network connected. And for that matter, we're also setting up bridging firewalls on some of the units that contain an actual PC inside to manage the scanning functions, such as the Canon ImageRunner series. cdv ------------------------ Chris DeVoney Clinical Research Center Informatics University of Washington ------------------------
Powered by blists - more mailing lists