[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20041015142258.78985.qmail@web60302.mail.yahoo.com>
From: jessevalentin at yahoo.com (Jesse Valentin)
Subject: FDA Approves Use of Chip in Patients ? HIPAA woes?
This is a very interesting viewpoint. I guess I am little weary about using this type of technology. If a scanner malfunctions, if you pass by a magnet - will it erase the data?, etc.
I was reading an article today in SC magazine called - "A life threatening security problem?" (October 2004) where the issue of a major security predicament is facing many hospitals today. The article mentions the following: "The problem [...] is the use of off-the-shelf operating systems, such as MS windows, within medical devices. [...] using Windows allows the devices to talk to a hospital's network [...] but at the same time, also become just as vulnerable as any commercial computers whenever hackers are about".
The article goes on to mention the fact that an innacurate reading could be produced in an MRI scan, etc if malware affected the hospital's network and as a result any databases or devices connected to it. Just illustrates a need to ensure that health care facilities have tight security to minimize the issue of tampering of data in order to prevent mis-diagnosis, etc.
Its interesting that many healthcare facilities are aware of the problem but have not truly mobilized as of yet to fix this issue. The article mentions: "The nation's hospitals, Microsoft, and even the FDA are all rapidly searching for a solution..."
Not very comforting. I can just see it now... Symantec announces the release of W32.youvebeenmisdiagnosedwithAIDS.worm.... :-)
Simon Richter <Simon.Richter@...yros.de> wrote:
Hi,
> It is just a rapid way of identifying people which is not a bad thing in
> some circumstances. Some catagories of patient carry alert bracelets to
> inform any medical practitioners that they have certain severe reactions
> or specific medical conditions.
I would immediately accept a chip that does not contain my name, but
only neccessary medical details and would use encryption to only hand
out certain details to medical staff. This will still mean that
diabetics need their bracelets, as the people who need to call an
ambulance do not have access to a scanner, but it will definitely help
in treating comatose patients found on the side of the road.
The technical implementation will, however, be difficult (what to do
about leaked private keys that will give access to the chip, for
example).
I wonder whether it would be possible to form a collective opinion on
that matter, since it is something that is likely to happen and
definitely needs to be pushed into the right direction.
Simon
--
GPG Fingerprint: 040E B5F7 84F1 4FBC CEAD ADC6 18A0 CC8D 5706 A4B4
> ATTACHMENT part 2 application/pgp-signature name=signature.asc
---------------------------------
Do you Yahoo!?
vote.yahoo.com - Register online to vote today!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041015/ab795171/attachment.html
Powered by blists - more mailing lists