lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200607041422.k64EMljS022960@turing-police.cc.vt.edu>
Date: Tue Jul  4 15:22:58 2006
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Undisclosed breach at major US facility

On Mon, 03 Jul 2006 20:38:04 EDT, Stack Smasher said:
> To my knowledge, no one has ever been convicted or fined for HIPAA
> violations EVER. Don't wast your time,  at this point you risk being
> arrested and blamed for this finding rather commended by finding it.

Only because the wheels of justice turn slowly.  HIPPA is a fairly new
law, and unlike a murder where it's usually a pretty quick thing to detect
the crime, a HIPPA violation can lay there for a LONG time until somebody
raises a complaint.  Then it's usually a civil matter, so you end up with
a long discovery period and getting it to trial.  I predict in the next
12-18 months, we'll start seeing cases come up.

Three other things to note:

1) Most of the people whos records have HIPPA issues don't understand
HIPPA, and as a result won't make a HIPPA case out of it.  If Joe Mechanic's
records are leaked, he (a) doesn't know it happened and (b) doesn't know
what to do about it.

2) Most HIPPA issues result in civil cases, not criminal - and civil
cases can (and often are) settled out of court with no court record
generated.  

3) HIPPA only covers certain classes of providers (hospitals, doctors,
insurance companies, and some related areas), and the 'software vendor' is
quite probably not covered.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060704/b6690067/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ