Jay Radcliffe is a fellow type 1 diabetic, and I remember reading his diabetes blog way back in the day, when I first started blogging. We read and commented on each other’s posts, and we were both part of the blogosphere when the DOC first started to grow. I knew he was married, had children, and did the day-to-day diabetes stuff that I did.
Which is why when I read the mainstream media’s take on his pump-hacking research (this article, Insulin Pumps Vulnerable to Hacking, for example), I reached out to him immediately. “Can I just tell you that my mother sent me this article about your research? Do you have time to talk?”
Jay was out in Las Vegas this morning, attending the Black Hat security conference, but he and I had a chance to hash it out over the phone.
“I know you! And I know you as a diabetic, not as this guy who hacks insulin pumps and has a billion articles floating around about it on the web right now. I have a few questions. Starting with, why did you decide to hack into your own insulin pump?” Read more »
*This blog post was originally published at Six Until Me.*
HealthNet either lost, or had stolen from it, computer hard drives with PHI of 1.9 million subscribers that had been in a California facility. This latest HealthNet data security breach, which may have included names, Social Security numbers, addresses, health information and financial information comes a little over a year after a widely-reported data security breach by HealthNet in Connecticut which resulted in the first state Attorney General action under the HIPAA amendments contained in the HITECH Act. HealthNet is notifying affected individuals and is offering two years of no-cost credit monitoring and fraud resolution services, and credit restoration and identify theft insurance as needed.
It’s both surprising and unsurprising that this has happened again to HealthNet. In these cases, and in recent cases in Massachusetts (Mass General Hospital HIPAA settlement) and Maryland (Cignet HIPAA violations and CMPs), we have seen examples, collectively, of individual sloppiness, of ineffective corporate policies and procedures, and possibly of gross neglect/fraud/incompetence. The question arises: Is HIPAA the right instrument to address all three sorts of problems? Since it seems that it is not having an effect on any of them, I would suggest that the answer is no. Read more »
*This blog post was originally published at HealthBlawg :: David Harlow's Health Care Law Blog*