Archive for Texas

Texas Tech University Health Sciences Center Pwned As Part Of A Larger Event…. Up To Two Million Patients Affected

Posted in Commentary with tags , on June 17, 2022 by itnerd

Texas Tech University Health Sciences Center has confirmed that the protected health information of 1,290,104 patients was compromised in a data breach at its electronic medical record vendor, Eye Care Leaders.

Eye Care Leaders said it detected a breach on Dec. 4, 2021, and disabled the affected systems within 24 hours. Texas Tech University Health Sciences Center said it received the final results of the forensic investigation on April 19, 2022. The compromised information included the following data elements: name, address, phone numbers, driver’s license number, email, gender, date of birth, medical record number, health insurance information, appointment information, social security number, as well as medical information related to ophthalmology services. No evidence of data exfiltration was found. But I’ll point out that it doesn’t mean that it didn’t happen. It just means that there’s no proof that it did.

Over the past few weeks, the number of eye care providers known to have been affected by the Eye Care Leaders data breach has been growing. At least 20 eye care providers have confirmed they have been affected and the protected health information of at least 1.9 million patients is known to have been exposed.

As the value of stolen credit cards has gone down in value, the value of health records has gone up.  With a complex web of interconnected providers in the healthcare space, many being small businesses, its impossible for the security safeguards in HIPAA to be fully maintained across the board.  That said, a breach at an Electronic Healthcare Records provider is especially concerning, as these are the types of vendors those small mom and pops rely on to provide more secure solutions than they could build on their own.

It’s commendable that they had their own incident response team that did detect a breach rather than it being reported by a 3rd party…a good sign that they are doing the right things.  For those who haven’t been through an investigation like this before, it is worth noting that there are many reasons that “no evidence of data being exfiltrated” could be found.  Very often logs that would have showed evidence aren’t kept for long enough…or at all.  If forensics teams don’t have the right data to work form, it becomes impossible to prove an exfiltration.  And there will be legal and executive pressure to state that no evidence was found in the absence of clear data that it was.  In short, anyone who was part of this breach still might be well off to scrutinize their bills closely, and be prepared to find healthcare services procured in their name at some later date, unfortunately.

We’ll have to see how bad this breach is. Starting with info showing up on the dark web which would be a sign that data was stolen. You might want to stay tuned to this one as I suspect I may be providing an update.

Texas Proposes Ban On Windows Vista Inside The State Government….. Ballmer Throws Another Chair In Anger

Posted in Commentary with tags , , on April 3, 2009 by itnerd

The Texas state Senate yesterday gave preliminary approval to a state budget that includes a provision forbidding government agencies from upgrading to Windows Vista without written consent of the legislature. Why do this? I’ll let Sen. Juan Hinojosa, vice chairman of the Finance Committee explain:

“We are not in any way, shape or form trying to pick on Microsoft, but the problems with this particular [operating] system are known nationwide,”

and:

“And the XP operating system is working very well.”

Not to mention:

“The reason we are so vendor-specific is because Microsoft has a monopoly on government PCs.”

Needless to say Microsoft isn’t very happy about this. According to a Microsoft sock puppet spokesperson:

“We’re surprised that the Texas Senate Finance Committee adopted a rider which, in effect, singles out a specific corporation and product for unequal treatment. We hope as the budget continues to go through the process, this language will be removed.”

This still has to get past the Texas of Representatives and then be reconciled into a single bill, so this rider could disappear somewhere along the line. But this has got to be embarrassing to Microsoft.

In the meantime, Microsoft employees should be on the lookout for flying chairs.