[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] FDA Approves Use of Chip in Patients ? HIPAA woes?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] FDA Approves Use of Chip in Patients ? HIPAA woes?
From: Jesse Valentin <jessevalentin@xxxxxxxxx>
Date: Fri, 15 Oct 2004 07:22:58 -0700 (PDT)

This is a very interesting viewpoint. I guess I am little weary about using 
this type of technology. If a scanner malfunctions, if you pass by a magnet - 
will it erase the data?, etc.

I was reading an article today in SC magazine called - "A life threatening 
security problem?" (October 2004) where the issue of a major security 
predicament is facing many hospitals today. The article mentions the following: 
"The problem [...] is the use of off-the-shelf operating systems, such as MS 
windows, within medical devices. [...] using Windows allows the devices to talk 
to a hospital's network [...] but at the same time, also become just as 
vulnerable as any commercial computers whenever hackers are about".

The article goes on to mention the fact that an innacurate reading could be 
produced in an MRI scan, etc if malware affected the hospital's network and as 
a result any databases or devices connected to it. Just illustrates a need to 
ensure that health care facilities have tight security to minimize the issue of 
tampering of data in order to prevent mis-diagnosis, etc.

Its interesting that many healthcare facilities are aware of the problem but 
have not truly mobilized as of yet to fix this issue. The article mentions: 
"The nation's hospitals, Microsoft, and even the FDA are all rapidly searching 
for a solution..." 

Not very comforting. I can just see it now... Symantec announces the release of 
W32.youvebeenmisdiagnosedwithAIDS.worm.... :-)

Simon Richter <Simon.Richter@xxxxxxxxxx> wrote:
Hi,

> It is just a rapid way of identifying people which is not a bad thing in 
> some circumstances. Some catagories of patient carry alert bracelets to 
> inform any medical practitioners that they have certain severe reactions 
> or specific medical conditions.

I would immediately accept a chip that does not contain my name, but
only neccessary medical details and would use encryption to only hand
out certain details to medical staff. This will still mean that
diabetics need their bracelets, as the people who need to call an
ambulance do not have access to a scanner, but it will definitely help
in treating comatose patients found on the side of the road.

The technical implementation will, however, be difficult (what to do
about leaked private keys that will give access to the chip, for
example).

I wonder whether it would be possible to form a collective opinion on
that matter, since it is something that is likely to happen and
definitely needs to be pushed into the right direction.

Simon

-- 
GPG Fingerprint: 040E B5F7 84F1 4FBC CEAD ADC6 18A0 CC8D 5706 A4B4

> ATTACHMENT part 2 application/pgp-signature name=signature.asc

---------------------------------
Do you Yahoo!?
vote.yahoo.com - Register online to vote today!

References:
- Re: [Full-Disclosure] FDA Approves Use of Chip in Patients ? HIPAA woes?
  - From: Simon Richter

Prev by Date: [Full-Disclosure] Google Desktop Search
Next by Date: Re: [Full-Disclosure] Google Desktop Search
Previous by thread: Re: [Full-Disclosure] FDA Approves Use of Chip in Patients ? HIPAA woes?
Next by thread: Re: [Full-Disclosure] FDA Approves Use of Chip in Patients ? HIPAA woes?
Index(es):
- Date
- Thread