Risk Factor iconRisk Factor

Indictment in UCLA Medical Record Snooping

As I wrote about a few weeks ago, a a worker - since fired - was responsible for snooping through 61 electronic medical records at the UCLA Medical Center, 32 of which were those of celebrities including California first lady Maria Shriver and actor Farrah Fawcett.

News reports are coming out that the worker was indicted on one count of illegally obtaining individually identifiable health information for commercial advantage.

The ex-worker allegedly received $4,600 from an unidentified media outlet in exchange for providing the private medical information.

SSA Plans (Again) to Reduce its 36 Million Lines of COBOL

The US Social Security Administration (SSA) is planning, for the third time, to start reducing its dependence on mainframe systems and COBOL code, according to a story in Federal Computer Week.

Testifying before the US House Ways and Means Committee, SSA Commissioner Michael Astrue said that the SSA would hopefully soon start moving to "a unified information technology system to replace the current 54 separate COBOL-based systems." Those 54 systems consist of some 36 million lines of COBOL.

Assuming that all the stakeholders can agree and resources can be found, this will mark the third such attempt by SSA to try to modernize its systems in the past 25 years. The first attempt began in 1982 as a ten-year, $500 million System Modernization Plan (SMP). It was canceled in 1988 after modest improvements to SSA systems.

In 1992, SSA began another effort called the Engineered Disability System "collapsed" (Astrue's characterization) in 1999 after costing $71 million.

Given that the first "baby boomer" retired last year, and she will soon be followed 80 million more in the next 21 years, SSA better hurry up, and get it right this time.

Stolen Pilot's Laptop Causes Security Concerns


It was reported last week that a Mesa Airlines pilot's personal laptop was apparently stolen about a week ago while he was co-piloting a United Express flight from Birmingham, Alabama to Washington Dulles. What made the theft notable was that the laptop, which was thought to have been stolen from an overhead compartment, contained the security access codes that allow pilots to access gates and aircraft.

As a result, 17 airports (Dulles, Atlanta, Phoenix, Chicago O'Hare, etc.) had to immediately change their security codes.

The Transportation Security Administration (TSA) is now looking into changing the security requirements for pilots and others who carry this type of information along with them.

DNA Non-Discrimination Bill Moves Forward


I have been blogging recently about the expansion of government DNA databases and their potential uses. In a related story, last Thursday the US Senate unanimously voted for a bill that bars insurers and employers from discriminating based on a person's genetic makeup. It is expected that the US House of Representatives will pass the bill this week, and for President Bush to sign it soon thereafter.

The new law would keep insurance companies from denying health coverage or charging higher insurance premiums based on someone's DNA. It would also prevent employers from gathering DNA information or using DNA information to make job-related decisions, for instance in hiring or firing employees.

In a Wall Street Journal article on the legislation, it said that, "A survey by Johns Hopkins University's Genetics and Public Policy Center last year found 92% of the adults surveyed were concerned that genetic information could be used against them. Just 24% said they trusted health insurers with such information, and only 16% trusted their employers."

While not a perfect bill, it should help those who have genetically-related health problems and who worry, like the folks in my IEEE Spectrum story a few years back on electronic health records, that they or their children will be discriminated against.

BTW, a story in the Washington Post appeared earlier last week spoke of how the state and federal criminal justice systems are using DNA databases to solve crimes even if a suspect is not in the database. All the police need to do is to get a "close enough" match an existing DNA profile, which might lead to the identification of a relative of a person in the database.

More on how the US government is using DNA to attack crime can be found at the President's DNA Initiative website as well as in a weekend story by the LA Times on how California is aggressively using DNA as a crime-fighting technique.

IRS IT Improvement Speeds Rebate Checks


In a bit of good news, Government Computer News reports that a new Internal Revenue Service (IRS) computer program upgrade allowed the taxpayer rebate checks to be sent out a week earlier than expected. The initial schedule called for the checks to be sent this Friday, 2 May, but now they are going out today.

Some 130 million taxpayers are expected to receive a total of $110 billion starting now and running into July. The checks, which will be (depending on income) $600 per taxpayer, $1200 per couple and $300 per child, will be sent out according to the last two numbers of a person's Social Security number.

The IRS is also warning of likely scams in regard to the rebates as well. As noted on the IRS website:

"Some people have received phone calls about the economic stimulus payments, in which the caller impersonates an IRS employee. The caller asks the taxpayer for their Social Security and bank account numbers, claiming that the IRS needs the information to complete the processing of the taxayer's payment. In reality, the IRS uses the information contained on the taxpayer's tax return to process stimulus payments, rather than contacting taxpayers by phone or e-mail."

"An e-mail claiming to come from the IRS about the '2008 Economic Stimulus Refund' tells recipients to click on a link to fill out a form, apparently for direct deposit of the payment into their bank account. This appears to be an identity theft scheme to obtain recipients' personal and financial information so the scammers can clean out their victims' financial accounts. In reality, taxpayers do not have to fill out a separate form to get a stimulus payment or have it directly deposited; all they had to do was file a tax return and provide direct deposit information on the return."

So, spend wisely and avoid the scammers.

And kudos to the IRS.

Hey, I Just Won a Million Pounds!


It must be my lucky day! I just got an email saying I won a £1,000,000.00 GBP. All I had to do to collect was to provide a few personal details at the "winners' " website.

Earlier in the week, I got an emails from people in the Republic of Western Sahara, Scotland, South Africa and the Philippines all having money burning in their pockets that they were wishing to share with me.

I must be one lucky guy, eh?

My collection of unique phishing emails now approaches 120. I got a new one this morning that was in Italian - my first - stating (if my translation was correct) that my account at some website had some incorrect data and I needed to immediately sign in and fix it.

I am curious - does anyone have a real funny or different phishing email to share?

Want a $400,000 IT Job?


The London Times is reporting that the UK National Health Service (NHS) is looking for two senior executives to take over the job of leading its electronic health record project National Programme for IT (NPfIT). The salary is $400,000 or possibly more, with the "exact package to be negotiated and agreed with the successful candidates."

The two jobs cover the work covered by Richard Granger who resigned as Director-General, NHS IT, last year after five years.

Anyone interested? You have until the 28th of April to apply.

Congrats to Baker College for Winning Cyber Defense Competition

IEEE Spectrum editor Joshua Romero let me know about the conclusion of a recent cyber competition.

Baker College of Flint, Michigan, defeated last yearâ''s champion Texas A&M University in the 3rd annual National Collegiate Cyber Defense Competition (CCDC) held April 18-20 at the Airport Hilton Hotel in San Antonio. The University of Louisville took third place honors.

According to the CCDC, its program is the first cyber defense competition allowing teams of full-time college students from across the country to apply their information assurance and information technology education in a competitive environment. While similar to other cyber defense competitions, CCDC competitions are unique because they focus on business operations and incorporate the operational aspect of managing and protecting an existing network infrastructure. The teams inherited an "operational" network from a fictional business complete with e-mail, Web sites, data files, and users.

Each team was required to correct problems on their network, perform typical business tasks, and defend their networks from a red team that generates live, hostile activity throughout the competition. The teams were then scored on their performance in those three areas.

The CCDC program has grown from five participating schools in 2005 to 56 schools in 2008 with six regional competitions taking place nationwide. Let's hope more participate next year.

Thank Goodness for Photoshop?

The London Telegraph ran a story recently about how fashion magazines, who used to make fashion models look thinner, are now "fattening up" their skinny models to make them look "fuller-figured." According to the Telegraph, "The move is a response to critics who blame images of so-called 'size zero' models for the rise in eating disorders in young girls."

The story says that Nicky Eaton, the head of press and PR at Condé Nast, which publishes Vogue, GQ, and Glamour,confirmed that images of models were enhanced to make them appear fuller-figured.

Eaton is quoted as saying, "There have been cases where models are booked way ahead of a shoot and then they turn up two months later looking less healthy and perhaps a bit underweight. We wouldn't be happy showing them that way, so it is then that we would need that person to look a little bit fuller."

What's interesting is that Eaton's quote is very similar to that an editor at Allure magazine said in 2006 - that models keep showing up too thin from the time of their booking to the photo shoot. Maybe the magazines need the models' contracts to stipulate a "shoot weight" at the time of the booking, or better yet, just to hire "fuller figured" models in the first place.

Australian and UK Health IT Program Problems


The Australian reported that State of Victoria's health IT HealthSMART program aimed at replacing the information systems and technology running Victoria's hospitals and health clinics will not be completed by June 2009 as promised, which was already two years later than the originally promised completion date of June 2007. Victoria's Auditor-General Des Pearson has found that 57% of the HealthSMART A$323 million budget has been spent, but that only 25% of the project has been completed. He blamed much of the problem on over-ambitious project objectives.

The Auditor-General also noted that it is not known how much more will be needed to complete the project (although at least an additional A$61 would be be needed to subsidize health care providers until the system was up and running), nor what the new estimated completion date would be. Surprisingly (or maybe not), he also said that Victoria's Department of Human Services has not yet informed the government that the system was going to be late.

Australia is not the only one with health IT problems.

Over in the UK, ComputerWeekly has said that there have been problems with the NPfIT new Choose and Book appointment system. According to the UK National Health Service (NHS), "Choose and Book is a national electronic referral service which gives patients a choice of place, date and time for their first outpatient appointment in a hospital or clinic. Patients can choose their hospital or clinic, and then book their appointment to see a specialist with a member of the practice team at the GP surgery, or at home by telephone or over the internet at a time more convenient to them."

Unfortunately, according to ComputerWeekly, a glitch in the Choose and Book software meant that nearly 350 patients received wrong information about appointments for about a week. Some people got incorrect appointments while others didn't get told of their appointments.

A planned upgrade to the Choose and Book software was postponed until the reason for the problem was discovered.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Willie D. Jones
Load More