News
3/17/2008
10:45 PM
Terry Sweeney
Terry Sweeney
Commentary
50%
50%

Not As Dumb As Eliot Spitzer

Don't get me wrong -- I think Chris Crocker would make a crap spokesperson for HIPAA. But the medical staff of the UCLA Health System facing discipline or dismissal for snooping in Britney Spears' medical records deserve everything coming to them.

Don't get me wrong -- I think Chris Crocker would make a crap spokesperson for HIPAA. But the medical staff of the UCLA Health System facing discipline or dismissal for snooping in Britney Spears' medical records deserve everything coming to them.The Los Angeles Times wrote about this breach/medical voyeurism over the weekend. As if the 19 staffers on this most recent go-round weren't bad enough, the Times reported several workers were disciplined in September 2005 for looking at Spears' records after she gave birth to her first son.

A few years ago, we might have called this bad form, unethical even. But thanks to the personal privacy protections in state and federal laws, this kind of snooping is now officially illegal.

I can imagine being tempted to look. I can probably even imagine being boneheaded enough to open up unauthorized files. I can't imagine being so stupid to believe that some log file or audit trail wouldn't eventually betray my burning need to know.

Is dismissal or suspension an appropriate response? Those punishments don't really fit the crime, do they? What if the culprits were required to publish their own medical records in a couple major daily newspapers? Or maybe some community service, in which they form human shields around some celeb to confound the paparazzi?

I'm curious if you think the UCLA staff deserves more than a slap on the hand. E-mail me with your thoughts or leave a comment below.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2329
Published: 2015-08-31
Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by ...

CVE-2014-2330
Published: 2015-08-31
Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown ...

CVE-2014-2331
Published: 2015-08-31
Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

CVE-2014-2332
Published: 2015-08-31
Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

CVE-2014-2570
Published: 2015-08-31
Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.