Re: CRIME [Fwd: [Information_technology] Daily News 12/06/02]

From: John E Jewkes-AAA0OR-AAA0ID (aar0mi@private)
Date: Fri Dec 06 2002 - 18:00:48 PST

Next message: George Heuston: "CRIME FW: [NIPC-daily] Information Bulletin 02-011, Software Firm Investigation Serves as a General Information Security Reminder"

Previous message: Lyle Leavitt: "CRIME [Fwd: [Information_technology] Daily News 12/06/02]"
Maybe in reply to: Lyle Leavitt: "CRIME [Fwd: [Information_technology] Daily News 12/06/02]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 06 Dec 2002 17:37:30 -0800 Lyle Leavitt <lylel@private>
writes:
> 
> 
> -------- Original Message --------
> Subject: [Information_technology] Daily News 12/06/02
> Date: Fri, 6 Dec 2002 09:11:49 -0600
> From: "NIPC Watch" <nipcwatch@private>
> To: "Information Technology" 
> <information_technology@private>
> 
> December 3, Government Computer News
> Texas health data at risk, audit finds."System access and 
> security control problems at some Texas academic 
medical institutions have the potential to place protected 
health information at risk," the auditors said. Unauthorized users 
both inside and outside the hospitals' and other institutions' 
networks could gain access to patient medical records, 

FWIW: The ORHION System (OHSU and other Hospitals) had
similar problems several years back when it was first starting. In
Most cases, IT managers quickly learn how to close some of the
loops that let people in where they don't belong. When I worked
in the SPD (now Logistics) Dept., They had an occasional glitch
that let other folks log in under my name/user id, without password,
and gain access to areas of the system that even I wasn't supposed
to have access to. 
        This usually happened between 0200 and 0500 (Backup period)
as the Authentication server went down as well. Since then they have
made many changes that upgraded the security. Remember, once it
was only needful to get a signature saying you wouldn't stray where
you shouldn't, and so on. Big problem was, when you have more
than a handful of WAN's and LAN's tied together where the safety
checks are incompatible one with another. 
        I would imagine that Texas Health is having similar issues.. I
wish there was a clearinghouse that helped other IT professionals
setting up 'first WAN's' and Multi LAN's with side stepping some
of the early contacts and setup problems.....

John Jewkes, SMD US ARMY MARS
Oregon/Idaho State Director
AAA0OR OR/AAA0ID ID/AAR0MI OR
W6HNC

________________________________________________________________
Sign Up for Juno Platinum Internet Access Today
Only $9.95 per month!
Visit www.juno.com

Next message: George Heuston: "CRIME FW: [NIPC-daily] Information Bulletin 02-011, Software Firm Investigation Serves as a General Information Security Reminder"
Previous message: Lyle Leavitt: "CRIME [Fwd: [Information_technology] Daily News 12/06/02]"
Maybe in reply to: Lyle Leavitt: "CRIME [Fwd: [Information_technology] Daily News 12/06/02]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 06 2002 - 20:19:21 PST