According to a recent article in Federal Computer Week, foreign criminal hackers are targeting American health records.
Mark Walker of DHS Critical Infrastructure Protection Division recently told a National Institute of Standards and Technology workshop that the hackers' primary motive seems to be espionage. For example, any health problems among the nation's leaders would be of interest to potential enemies, he said.
Walker cited two events from 2007. In one, a virus was placed on the Centers for Disease Control and Prevention Web site. In another, there was a known data breach in the Tricare records for the Military Health System.
The Department of Homeland Security wants to build a database of health care-related data breaches. At present, Walker told the workshop that the DHS only has a vague understanding of data loss connected with health care services.
On a related note, the U.S. Department of Health & Human Services has outlined the bases and procedures for imposing civil money penalties on covered entities that violate any of the Health Insurance Portability & Accountability Act of 1996 (HIPAA) Administrative Simplification Rules. The Centers for Medicare and Medicaid Services (CMS) will enforce HIPAA Transactions and Code Set Standards, while Office for Civil Rights will enforce Privacy Standards. The final rules for security compliance cover specific areas of data storage, such as who must be interviewed regarding compliance, and what aspects of the company's IT security policy must be reviewed.
Coverity, which creates automated source-code analysis tools, announced late Monday its first list of open-source projects that have been certified as free of security defects.
Eleven projects made the list: Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL.
San Francisco-based Coverity, working in collaboration with Stanford University and under a contract from the Department of Homeland Security, is analyzing source code to certify that open-source projects written in C, C++, and Java are secure. Coverity has not disclosed the amount of the DHS contract.
The certification was created so that companies can "select these open-source applications with even greater confidence," Coverity said.
The company uses a ladder metaphor in its certification process.
Rung 2, which was announced late Monday and is the most secure level to date, includes the 11 projects. Rung 1 now includes 86 projects. Rung 0, the lowest level, currently lists 173 projects.
In all cases, open-source vendors must fix all vulnerabilities discovered by Coverity's tools in order to move up the rungs of the security ladder.
- prev
- 1
- next
