| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jessevalentin at yahoo.com (Jesse Valentin) Subject: FDA Approves Use of Chip in Patients ? HIPAA woes? This is a very interesting viewpoint. I guess I am little weary about using this type of technology. If a scanner malfunctions, if you pass by a magnet - will it erase the data?, etc. I was reading an article today in SC magazine called - "A life threatening security problem?" (October 2004) where the issue of a major security predicament is facing many hospitals today. The article mentions the following: "The problem [...] is the use of off-the-shelf operating systems, such as MS windows, within medical devices. [...] using Windows allows the devices to talk to a hospital's network [...] but at the same time, also become just as vulnerable as any commercial computers whenever hackers are about". The article goes on to mention the fact that an innacurate reading could be produced in an MRI scan, etc if malware affected the hospital's network and as a result any databases or devices connected to it. Just illustrates a need to ensure that health care facilities have tight security to minimize the issue of tampering of data in order to prevent mis-diagnosis, etc. Its interesting that many healthcare facilities are aware of the problem but have not truly mobilized as of yet to fix this issue. The article mentions: "The nation's hospitals, Microsoft, and even the FDA are all rapidly searching for a solution..." Not very comforting. I can just see it now... Symantec announces the release of W32.youvebeenmisdiagnosedwithAIDS.worm.... :-) Simon Richter <Simon.Richter@...yros.de> wrote: Hi, > It is just a rapid way of identifying people which is not a bad thing in > some circumstances. Some catagories of patient carry alert bracelets to > inform any medical practitioners that they have certain severe reactions > or specific medical conditions. I would immediately accept a chip that does not contain my name, but only neccessary medical details and would use encryption to only hand out certain details to medical staff. This will still mean that diabetics need their bracelets, as the people who need to call an ambulance do not have access to a scanner, but it will definitely help in treating comatose patients found on the side of the road. The technical implementation will, however, be difficult (what to do about leaked private keys that will give access to the chip, for example). I wonder whether it would be possible to form a collective opinion on that matter, since it is something that is likely to happen and definitely needs to be pushed into the right direction. Simon -- GPG Fingerprint: 040E B5F7 84F1 4FBC CEAD ADC6 18A0 CC8D 5706 A4B4 > ATTACHMENT part 2 application/pgp-signature name=signature.asc --------------------------------- Do you Yahoo!? vote.yahoo.com - Register online to vote today! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041015/ab795171/attachment.html
Powered by blists - more mailing lists