Example of scare & snare
I took a screen shot of this to ensure that you don’t get any drive by links from it, but this is typical of the scare and snare advertising made possible by the relatively abysmal level of security practiced by most health information custodians. Also highlights why auditing, logging and transparency with respect to health data are important issues. Auditing and logging are relatively well understood in IT, but transparency is a new concept - especially for security practitioners. If a public ledger is a transparency tool allowing organizations to prove that they are doing what they say are doing, the question will be how do you provide that transparency will providing appropriate security and privacy safeguards with respect to the underlying personal data/ Sincerely, John Wunderlich @PrivacyCDN Call: +1 (647) 669-4749 eMail: john@wunderlich.ca -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
Dibs on the Healthcare Horcrux use case, haha. Scott Shorter - Vice President, Security sshorter@kimbleassociates.com<mailto:sshorter@kimbleassociates.com> On Aug 9, 2016, at 10:07 AM, John Wunderlich <john@wunderlich.ca<mailto:john@wunderlich.ca>> wrote: I took a screen shot of this to ensure that you don’t get any drive by links from it, but this is typical of the scare and snare advertising made possible by the relatively abysmal level of security practiced by most health information custodians. Also highlights why auditing, logging and transparency with respect to health data are important issues. Auditing and logging are relatively well understood in IT, but transparency is a new concept - especially for security practitioners. If a public ledger is a transparency tool allowing organizations to prove that they are doing what they say are doing, the question will be how do you provide that transparency will providing appropriate security and privacy safeguards with respect to the underlying personal data/ <Picture 20160809_100142.png> Sincerely, John Wunderlich @PrivacyCDN Call: +1 (647) 669-4749 eMail: john@wunderlich.ca<mailto:john@wunderlich.ca> This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. _______________________________________________ DG-BSC mailing list DG-BSC@kantarainitiative.org<mailto:DG-BSC@kantarainitiative.org> http://kantarainitiative.org/mailman/listinfo/dg-bsc
participants (2)
-
John Wunderlich
-
Scott Shorter