By Jeff Gould
Utah’s Governor has just fired the state’s CIO over a data breach that let foreign hackers steal the social security numbers of 280,000 state residents. Why did this unfortunate episode happen, and what can we learn from it?
Here are the basic facts. Sometime back in March, Romanian data pirates hacked into a state database. Utah, like many states, maintains a database of Medicaid recipients that health insurance providers query to verify a patient’s entitlement status before paying for care. Unfortunately, the way the process works is badly designed: everyone who receives health care in Utah has their name queried, whether they are on Medicaid or not. The CIO can’t be held responsible for this poor workflow design choice. Most likely the politicians are to blame, or perhaps the state department that regulates health insurance in Utah.
Posted by Jeff Gould 
FTC’s Google Safari Settlement: Impact on Government Computing
August 9, 2012Why we need a criminal investigation to finish the job the FTC couldn’t
By Doug Miller
By just about any accepted definition, Google’s overriding of default security settlings and unauthorized intentional access of Apple’s Safari web browser on users’ systems that led to the recent FTC investigation and settlement should be considered illegal hacking that warrants criminal investigation. That is, Google surreptitiously loaded executable code onto users’ devices, ran that code to weaken the browser’s security settings, and then used the weakened security environment to load third-party cookies to enhance the relevance of ads displayed to the user. This was done to provide Google with revenue from the additional ads. Since advertising generates 96% of Google’s revenue, the motive for hacking seems clear. Hacking for profit is against the law. Google should not get a pass for what is a criminal act.
Read the rest of this entry »
Share this: