If one were involved in an aircraft accident this could certainly have an effect on your health.  In the news this week are 2 healthcare breaches, one in Virginia and one in California.  According to this article, there is also a lack of budgeting to help protect the FAA with security and web based software and more money is allotted towards bird abatement.  The return here for a hacker would not be as great as securing credit cards and social security numbers as found in healthcare records, but the consequences with one crash could be horrific. 

One more time we are back to budgets and money.  Will those who serve on budget committees wake up and realize that if we are to fully utilize imageand take advantage of technology, we need to ensure security on web based applications as well as internal servers.  Hopefully, this last week has helped make the point here. 

One example of how security can be enhanced is shown here at Harvard, using a vendor to monitor and keep watch over web based applications: 

Harvard Medical School Deploys Third Brigade For PCI Security

Cool Technology of the Week - Security Enhancements

The attack on Berkeley is now being reported as a potential SQL Injection attack.  Below is a link on a fictional account on how far a SQL injection attack can go. The video is in Windows Media format and uses Las Vegas as the setting for the story.  You can also go here to view in Silverlight from the site.  This is a race between the good guys and bad guys.  The good guys come in and find flaws, etc. and save the day.  It is not too technical and almost anyone can grasp what is going on here.  Great video.  image

The challenge for the team is to keep the system operating as the casino loss of money is huge, but also clean and update the system.  Money is being stolen from both the Casino and big roller guests. 

The long and short of all of this, SPEND THE MONEY ON SOFTWARE SECURITY SYSTEMS.  The developers were so busy functioning on the functionality of the software, security issues were over looked.  BD 

In the past four years, hackers have hobbled air traffic control systems in Alaska, seized control of Federal Aviation Administration network servers, and pilfered personal information from 48,000 current and former FAA employees, according to a newly released government report.

The report, "Review of Web Applications Security and Intrusion Detection in Air Traffic Control Systems," was published Wednesday by the Department of Transportation Office of the Inspector General.

It's also a matter of money, which could be easier to obtain under a cloud of imminent danger: The FAA has been pushing its Next Generation Air Transportation System, a project to update the nation's air transit infrastructure that's expected to cost at least $20 billion.

With any luck, that amount of funding will also buy a few scarecrows. There were almost 10 times as many wildlife strikes against airplanes in 2007 (7,666) as air traffic control cyberincidents in 2008. Such collisions -- recall the bird strike that sent US Airways Flight 1549 into the Hudson River in January -- cost an estimated $628 million in monetary losses annually, to say nothing of the potential loss of life. Hackers just don't have that kind of impact, unless they wander onto a runway.

Air Traffic Control System Repeatedly Hacked -- Government Security – InformationWeek

Related Reading:

Would Someone Give the Hacker 10 Million for Prescription Information In Virginia – We have already been for Sale for quite a while now..

Hackers breach UC Berkeley Data Base System

USB Memory Stick Round 2 – More Medical Record Information on a Lost Drive

The Hackers Could Possibly push the move for PHRs – Medical Records Hacked in Virginia Department of Health Professions computers

Security tightened over data loss – Flash Drives Can be One of HealthCare’s Biggest Nightmares
Malware attack - Department of Defense
Conficker and Malware covered by CBS 60 Minutes
Express Scripts offers $1 million award to nab extortionist in data breach case
Keeping Private Health Data Private - "Inadvertent Disclosures" with Peer to Peer Networks
Healthcare Workers Sharing Music and they could also be sharing Medical Records and Files
Express Scripts offers $1 million award to nab extortionist in data breach case


Post a Comment