[ECP] NetHappenings 3/18/19

YOUR HEALTH INFORMATION PRIVACY RIGHTS

HIPPA  

Office for Civil Rights Headquarters
U.S. Department of Health & Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-800-368-1019
TTD Number: 1-800-537-7697

HHS Releases Voluntary Cybersecurity Practices for Health Industry

GDPR, California’s Consumer Privacy Act, and next-generation ransomware and denial of service attacks, a firm’s ability to provide security is also becoming a matter of survival. Put it all together, and many CISOs today exist in environments where they are not understood by business executives and thus are not being included in business initiatives until it is too late and security vulnerabilities expose the enterprise to cyberattacks and compliance violations.

WHO OWNS YOUR MEDICAL RECORDS?

In 2016, more than 100 million Americans have had their electronic medical records hacked from health systems. For example, this June, Banner Health in Phoenix had a breach of 3.7 million electronic medical records.
Many hospitals throughout the country have been held hostage for their health information system by hackers and have had to pay ransom to regain control of their patients’ medical data.

2016 more than 100 million Americans have had their electronic medical records hacked. Each one can be sold for $50.
The Health Insurance Portability and Accountability Act was written 20 years ago, when medical records were kept on paper, and is not applicable to the contemporary digital era.

Moreover, the pervasive selling of our medical data is unchecked, with no legal protection. The massive hacking of health system data has not resulted in any new legislation to date or enforcement via established laws.

Informed Patient Institute
We rate the websites that help you find the right doctor, hospital, and nursing homes and we provide tips about quality concerns. also see

https://www.philly.com/philly/health/what-is-philly-health-costs-and-how-can-it-help-me-20180220.html

ProPublica analyzed nearly 17,000 surgeons and found wide variations in complication rates for some of the most routine elective procedures. Explore our database to know more about a surgeon before your operation.
https://www.propublica.org/article/surgeon-level-risk-quotes

2016 Consumer Reports Medical Board Ratings

Medicare Provider Utilization and Payment Data: Physician and Other Supplier

Digital business has become a key driver to business strategy across industries.
CIOs have digital transformation at the center of their corporate
strategy.  #Cybersecurity, amazingly, is often not a top-tier priority in enterprise risk management. The #CISO, is only noticed when things go wrong. This is why CISOs are almost always fired or “resign” after major data breaches. The CISO is usually the most qualified person to manage post breach forensics, cleanup, and compliance audits.
https://venturebeat.com/2019/03/16/cisos-you-need-to-manage-by-walking-around/

Think a strong information security posture means you’re complying with HIPAA? Without proper documentation for government regulators, infosec protocols might safeguard data without meeting federal criteria.

Staff lapses and IT system vulnerabilities are key reasons behind SingHealth cyberattack, according to COI Report

ClassAction.org is a group of online professionals who are committed to exposing corporate wrongdoing and giving consumers the tools they need to fight back. We’ve been reporting on the legal space for nearly a decade and have built relationships with class action and mass tort attorneys across the country.

Prescription Hope
Prescription Hope offers over 1,500 brand-name medications all for the
set price of $50 per month for each medication. This covers 100% of the medication cost, no matter the retail price.

Market Share Matters: Evidence Of Insurer And Provider Bargaining Over Prices
Health-care providers and insurers have to agree on how much doctors will be reimbursed before doctors begin treating insurers’ clients. Those fees, which depend on the two parties’ relative clout. Abstract

A survey of the numbers, published this week in Health Affairs, shows that small-time doctor’s offices and insurance companies are getting squeezed by their larger competitors.
https://www.washingtonpost.com/news/wonk/wp/2017/01/09/its-hard-to-be-a-small-time-family-doctor-these-days-new-data-show/

Finally, U.S. hospitals will have to post their prices online.

Hospitals must post ‘chargemaster’ prices online.
Patient Estimate team call  484.337.1970
FAQ Requirements for Hospitals To Make Public a List of Their Standard Charges via the Internet
https://www.cms.gov/Medicare/Medicare-Fee-for-Service-Payment/AcuteInpatientPPS/Downloads/FAQs-Req-Hospital-Public-List-Standard-Charges.pdf
The chargemaster is not a useful tool for consumers who are comparison shopping between hospitals or health systems.
The chargemaster amounts are billed to an insurance company, Medicare, or Medicaid, and those insurers then apply their contracted rates to the services that are billed. In situations where a patient does not have insurance, our hospital has financial assistance policies that apply discounts to the amounts charged.
https://www.mainlinehealth.org/patient-services/patient-billing/standard-charges

A huge trove of medical records and prescriptions found exposed Thousands of health records and doctor’s notes were exposed daily
By Zack Whittaker TechCrunch.com March 17, 2019 A health tech company was leaking thousands of doctor’s notes, medical records, and prescriptions daily after a security lapse left a server without a password. The little-known software company, California-based Meditab, bills itself as one of the leading electronic medical records software makers for hospitals, doctor’s offices, and pharmacies. The company, among other things, processes electronic faxes for healthcare providers, still a primary method for sharing patient files to other providers and pharmacies. But that fax server wasn’t properly secured, according to the security company that discovered the data. SpiderSilk, a Dubai-based cybersecurity firm, told TechCrunch of the exposed server. The exposed fax server was running a Elasticsearch database with over six million records since its creation in March 2018. The faxes also included personal data and health information on children. None of the data was encrypted. […] Board of Directors responsible

MOUNTAIN VIEW, CA

800 West El Camino Real, Suite 350
Mountain View, California 94040
General +1 650 458 2620
Sales +1 650 458 2625
info@elastic.co
sales@elastic.co

The server was hosted on an subdomain of MedPharm Services, a Puerto Rico-based affiliate of Meditab, both founded by Kalpesh Patel.

NY Governor Cuomo Calls For Investigation on Facebook Health Data Collection

American Travelers Seek Cheaper Prescription Drugs In Mexico And Beyond
In Utah last year, the Public Employee Health Plan took this idea to a new level with its voluntary Pharmacy Tourism Program. For certain PEHP members who use any of 13 costly prescription medications — including the popular arthritis drug Humira — the insurer will foot the bill to fly the patient and a companion to San Diego, then drive them to a hospital in Tijuana, Mexico, to pick up a 90-day supply of medicine.

TechCrunch: Screen time inhibits toddler development, study finds. “In news that will surprise few but still alarm many, a study has found that kids 2-5 years old who engage in more screen time received worse scores in developmental screening tests. The apparent explanation is simple: when a kid is in front of a screen, they’re not talking, walking or playing, the activities during which basic skills are cultivated

Researchers Create Algorithm to Protect Kids from Disturbing YouTube Videos

Computer program that could bypass patents to produce synthetic drugs Software that can bypass current intellectual property and design medication with the same function as top drugs could help pharma companies…

“Massachusetts Attorney General Maura Healey alleges eight Sackler family members and nine Purdue board members or executives played key roles in the nation’s deadly opioid epidemic.

EQUIFAX Has your email, password, or SSN #security been breached? Fire John Ford Chief Privacy Officer #FAIL

#FIX

Go to https://haveibeenpwned.com/
type in the email address and if your found it listed as breached go change it.

#FAIL

Richard F. Smith

EQUIFAX CHAIRMAN AND CHIEF EXECUTIVE OFFICER

Rick Smith has been chairman and chief executive officer of Equifax Inc. since 2005. Headquartered in Atlanta, Equifax is a $3.14 billion global company (NYSE: EFX)

Email Breach
CHIEF PRIVACY OFFICER JOHN FORD
http://www.zoominfo.com/p/John-Ford/7063545
HQ Phone:  (404) 885-8000
LYING ABOUT HOW THEIR #1 FOCUS IS PROTECTION OR YOUR DATA  https://financialservices.house.gov/media/pdf/060403jf.pdf
USELESS CORPORATE LEADERSHIP
http://www.equifax.com/about-equifax/corporate-leadership
Technology Committee ASLEEP AT THE WHEEL!!
John A. McKinley, Chair Mark L. Feidler G. Thomas Hough Elane B. Stock Mark B. Templeton
EQUIFAX INC.
CIK Number: 0000033185
IRS Number: 580401110
Industry: SERVICES-CONSUMER CREDIT REPORTING, COLLECTION AGENCIES [7320]
Company address: 1550 PEACHTREE ST NW ATLANTA 30302
Former name: RETAIL CREDIT CO, date of change: 1976-02-22 People related to EQUIFAX INC
SECURITY ALERTS ARE A JOKE
http://www.equifax.com/security/
Why the Equifax breach is very possibly the worst leak of personal info ever Consumers’ most sensitive data is now in the open and will remain so for years to come

SSN Equifax Breach

Equifax is one of the three major American firms that offers credit monitoring services, along with TransUnion and Experian, which also lost 15 million Social Security Numbers of T-Mobile customers in the fall of 2015.
2017 143 Million Social Security Numbers Stolen
Hackers have stolen the personal details of 143 million people, including their names, social security numbers, birth dates, and home addresses, according to credit monitoring firm Equifax, which disclosed the breach on Thursday.

For perspective, that’s nearly half of all Americans.

The First Problem is Equifax said there was  No Evidence of Unauthorized Access to Core Consumer or Commercial Credit Reporting Databases – OMG

so . . . if the 143 million people’s data wasn’t protected in their CORE DATABASE where the hell was that info stored??? on Pluto?
if YOUR INFORMATION WASN’T IN THEIR CORE  then the magnitude of their incompetence demands a class action suit.

But Equifax will offer Free Identity Theft Protection and Credit File Monitoring to All U.S. Consumers
Want to Know If Your SSN Was Included in the Equifax Breach? Good Luck!
They give this address to https://www.equifaxsecurity2017.com/ 
Second Problem
https://www.equifaxsecurity2017.com/
REDIRECTS TO
Equifax-Hacked
Ines Gutzmer
Corporate Communications
mediainquiries@equifax.com
404-885-8555

TOTAL FAIL

That site isn’t showing the correct cert so the  chrome browser says it is an  insecure phishing site so no one should be using it!!!!
Equifax-Hacked2
 

What kind of total incompetence is this? 

TrustedID Premier Terms of Use

https://trustedidpremier.com/static/terms
Effective Date: September 6, 2017
TrustedID, Inc. (“TrustedID,” “we,” “us,” “our”), an Equifax company, provides its products to you (“You,” “Your”) through various websites (including www.TrustedID.com) and its related applications and products (collectively, the “Product(s)” which term includes any new features, products and applications offered by us from time to time), subject to the following Terms of Use (as amended from time to time, the “Agreement”).
TrustedID is not a credit repair organization, or similarly regulated organization under other applicable law and does not provide any form of credit repair advice or counseling.
If you have any questions about your product or need more information, please contact one of our customer care representatives at:
E-mail: customer.care@equifax.com
Toll-Free Phone Number: 1.888.548.7878
Hours of Operation: 7 am – 8 pm, CST, 7 days a week
 
PRIVACY POLICY
https://trustedidpremier.com/static/privacy-policy
You may request deletion of your TrustedID account by contacting us directly as set forth below or, if you are a TrustedID customer, by calling our customer service number. Please note that some information may remain in our records after deletion of your account.
How to Contact Us
If you have questions or comments about this Privacy Policy, please e-mail us at privacy@Equifax.com or write to
Chief Privacy Officer,
Equifax Inc.,
1550 Peachtree Street, NW, Atlanta, GA 30309.
Please reference “Privacy Notice – TrustedID,” when contacting us about this policy.
 
The Equifax Online Behavioral Advertising Notice also provides information about how you may opt out from receiving ads based on your online behavior. Please visit the websites operated by the following organizations to learn more, including to learn about choices to opt out of targeted advertising.
REPORT A COMPLAINT http://www.aboutads.info/enforcement
Consumer Complaint Resolution
If you believe that you have witnessed a practice or ad that may violate the Principles, you can report the incident to either the CBBB or the DMA.  Complaints may be filed by either consumers, business entities, or other stakeholders.

Click to
Report a Complaint
to the CBBB

Click to
Report a Complaint
to the DMA

The CBBB and DMA will coordinate investigation of all complaints received.  Please click below to learn more about each organization’s complaint handling procedures

AAAAAAH  . . . FINALLY

The Monopoly guy has gone to Washington. A person dressed in a black top hat and bushy white mustache, occasionally putting on a monocle or dabbing forehead sweat with giant paper money, sat in the audience of the Senate Banking Committee hearing on the Equifax data breach on Wednesday. Former Equifax CEO Richard Smith didn’t seem to notice. The person was dressed to resemble the character Rich Uncle Pennybags from the classic board game.

@Public_Citizen sent the Monopoly man to the #Equifax hearing to send a message: FORCED ARBITRATION GIVES @EQUIFAX A MONOPOLY OVER OUR JUSTICE SYSTEM
Equifax ran code for *years* that executed s/w from abandoned domains, including a malware server since last Fall.
On Thursday, security researchers at security vendor Malwarebytes Corp. identified a small piece of code on Equifax’s website that connected users to the Netflame.cc internet domain, which was the source of the malicious software. That domain once was used by Digital River Inc., an e-commerce and digital-marketing vendor, for a now-defunct web-analytics product called Fireclick, Digital River said. But the domain’s registration was released in October 2016, three months after Digital River ended support for Fireclick as part of an “ongoing domain cleanup,” said Christopher Rence, the company’s chief information and risk officer. That domain was registered Nov. 15 to an individual with an address listed southeast of Bangkok, according to internet records. On Thursday, the Netflame.cc domain was serving up a variety of malicious software, including fraudulent online surveys, adware and software designed to steal online-banking credentials, said Jerome Segura, an analyst with Malwarebytes. It is common for scammers to be on the lookout for soon-to-expire web domains so they can snatch them up and use them to deliver malicious software, he said. Mr. Segura also discovered the Central America site of TransUnion, an Equifax competitor, connecting to the Netflame.cc domain, he said.