Digital Podcast

The AMA and Patient Access, Top 3 Red Team Findings, and University of Washington Medicine Breach


Join Now to Share


InfoSec ICU show

Summary: What are Gerry and Steve talking about this week?<br> The Office of Civil Rights (OCR) asked for input on their proposal for improving patient access to PHI and the AMA responded with 29 pages of well-crafted sense. Will OCR listen? A red teamer provides some lessons learned after 6 years of penetration testing engagements. The top three findings are just #sad. Finally, a massive data breach at U Washington Medicine due to a “mis-configured database”.<br> As always they end with One Cool Thing.<br> <a href="https://podcast.musc.edu/podcast/infosec/e64-infosecicu/" target="_blank" rel="noopener noreferrer">Show Notes</a><br> <br> Resources:<br> InfoSec ICU is a finalist for Best Local Podcast in Charleston. <br> Vote here -&gt; <a class="Hyperlink SCXW91944092" href="http://chscp.co/BestOfArts" target="_blank" rel="noopener noreferrer">http://chscp.co/BestOfArts</a><br> AMA feedback to OCR about improving patient access to PHI<br> <a href="https://searchlf.ama-assn.org/undefined/documentDownload?uri=/unstructured/binary/letter/LETTERS/2019-2-8-Letter-to-Severino-re-HIPAA-RFI-Response.pdf" target="_blank" rel="noopener noreferrer">https://searchlf.ama-assn.org/undefined/documentDownload?uri=/unstructured/binary/letter/LETTERS/2019-2-8-Letter-to-Severino-re-HIPAA-RFI-Response.pdf</a><br> Red Team findings from 6 years of tests<br> <a href="https://www.cbronline.com/opinion/red-teaming-lessons" target="_blank" rel="noopener noreferrer">https://www.cbronline.com/opinion/red-teaming-lessons</a><br> University of Washington Medicine breach notification<br> <a href="https://www.scmagazine.com/home/security-news/data-breach/misconfigured-database-exposes-974000-university-of-washington-medicine-patients/" target="_blank" rel="noopener noreferrer">https://www.scmagazine.com/home/security-news/data-breach/misconfigured-database-exposes-974000-university-of-washington-medicine-patients/</a><br> What Google indexes &gt; <a href="https://support.google.com/webmasters/answer/35287?hl=en" target="_blank" rel="noopener noreferrer">https://support.google.com/webmasters/answer/35287?hl=en</a><br> One Cool Things<br> YouTube Kids (totally not cool)<br> <br> <a href="https://www.cbsnews.com/news/youtube-kids-inappropriate-horrified-mom-discovers-suicide-instructions-in-video-on-youtube-and-youtube-kids/" target="_blank" rel="noopener noreferrer">https://www.cbsnews.com/news/youtube-kids-inappropriate-horrified-mom-discovers-suicide-instructions-in-video-on-youtube-and-youtube-kids/</a><br> The Tyrconnell<br> <a href="https://www.thetyrconnellwhiskey.com/" target="_blank" rel="noopener noreferrer">https://www.thetyrconnellwhiskey.com/</a><br> Contact<br> Email <a href="mailto:infosecicu@musc.edu">infosecicu@musc.edu</a><br> Twitter:<br> <br> * <a href="https://twitter.com/Gerald_Auger" target="_blank" rel="noopener noreferrer">Gerry Auger (@Gerald_Auger)</a><br> * <a href="https://twitter.com/sgcardinal" target="_blank" rel="noopener noreferrer">Steven Cardinal (@sgcardinal)</a><br> <br>