The October 2022 issue of IEEE Spectrum is here!

Close bar

About a month ago, I blogged about the medical record breach at Utah's Department of Health (UDOH). Nearly a million patient medical records were stolen by suspected Eastern European hackers. When the story first broke, the state blamed the incident on a technician who “installed a password that wasn't as secure as needed” on a new server that had been placed into service just three months earlier.

Well, news stories like this one in the Salt Lake Tribune are now reporting that UDOH has partly shifted its stance, admitting the breach was made worse because the medical record data, instead of being erased each day as its own security protocols require, was left to accumulate on the server from the time it was first installed. UDOH is keeping quiet, however, about why the security protocol was not followed, as well as why compliance with the protocol and password requirements weren’t checked as a matter of course when the new server was brought online.

UDOH is also refusing to say whether those responsible for the security breach have been disciplined, something that those whose medical records were compromised have been asking about. In response to these inquiries, the department's executive director, David Patton, was quoted as saying that, "We’re in the mode of trying to help people, not find culprits."

So far, only 20 000 people have taken up the state’s offer of one year of free credit monitoring, although part of the slow uptake is being blamed on the state’s approach to victim outreach. According a separate story published by the Tribune, the letters from the state sent to potential victims concerning the breach direct them to “call a hot- line and enter their Social Security number.” Many folks, the Tribune reports, fear the letters they are receiving are part of some scam, since this type of request is exactly what  Utah’s government officials routinely advise state residents never to comply with. And even if you believe the letter is legit and follow the enclosed directions, the Tribune says, the operators manning the victim hotline are apparently only able to read from a script and have been instructed not to answer any questions posed to them by callers!

And speaking of engineering mistakes, according to an article in Computer World, an Apple programmer forgot to turn off a “debugging switch” in the latest version of Apple’s Lion operating system. The consequence of the error is that it can reveal “the passwords for material stored in the first version of FileVault, the company's encryption technology.” The issue doesn’t affect those with the latest version of FileVault, however.

The Conversation (0)

The Spectacular Collapse of CryptoKitties, the First Big Blockchain Game

A cautionary tale of NFTs, Ethereum, and cryptocurrency security

8 min read
Vertical
Mountains and cresting waves made of cartoon cats and large green coins.
Frank Stockton
Pink

On 4 September 2018, someone known only as Rabono bought an angry cartoon cat named Dragon for 600 ether—an amount of Ethereum cryptocurrency worth about US $170,000 at the time, or $745,000 at the cryptocurrency’s value in July 2022.

It was by far the highest transaction yet for a nonfungible token (NFT), the then-new concept of a unique digital asset. And it was a headline-grabbing opportunity for CryptoKitties, the world’s first blockchain gaming hit. But the sky-high transaction obscured a more difficult truth: CryptoKitties was dying, and it had been for some time.

Keep Reading ↓Show less
{"imageShortcodeIds":[]}