|
Good morning. Here's this weeks edition of the Healthcare ISAC
news, intended to bring you the top healthcare related information security news
stories of the week.
For those not familiar with the H/ISAC, the Information Sharing and
Analysis Center (ISAC) was formed as specified under Presidential Decision
Directive-63 to offer the Healthcare Infosec community a forum for the exchange
of analytical data. The H/ISAC is partnered fully with the SANS Institute (www.sans.org), the leading provider of
Information Security education, and will, through them begin offering both
Information Security Management and Technical course offerings. The H/ISAC also
hopes to be able to offer a set of Healthcare "Best Practices" if you will by
drafting a set of security policies and procedures, that will be promultaged
throughout the community for feedback and consensus. Our site is new, but the
concept is not. Please take a look at the H/ISAC site, sign on the mailing list,
and jump on in. Your participation makes this work! As a note, for all you
security administrators, at the H/ISAC, you can find statistics showing the "Top
10" most common firewall and intrusion detection system detects for the month of
March. Look for the January and February stats soon, and April will be posted
each week. You can view the most current stats and other analysis at http://www.info-security.net/ISAC/h_isac.html.
Participation in the "Top 10" is encouraged. To participate, simply
summarize your IDS logs, and send the top ten most frequent detects to [EMAIL PROTECTED].
Why is this important? Simple -most IDS's watch for several hundred
signatures. The rulesets are build after a new signature is identified. By
participating in the top 10, you are ensuring the most common detects being
caught are covered by your IDS, and you are also catching new signatures.
I'll climb down from my soapbox for now.
Until next week.
Jeff Stutzman, President
Information Security Network,
Healthcare ISAC
COMMENTS
Here's a story in Salt Lake City that tells a story of a
police officer moonlighting as a security guard at a local hospital. Consider
this... What would have happed if this officer were more computer savvy? As a
security guard, how much access did he have to patient data? Pharmacy? Billing
information? Does you have a policy in place to offer role based
access?
Former cop admits to theft from Bountiful
hospital
The Desert News (Salt Lake City, UT) ,April 2, 2000,
Sunday
FARMINGTON -- Former West Bountiful
police officer Patrick Jellerson has admitted stealing money from a safe and
gift shop cash register at Lakeview Hospital, where he moonlighted as a security
guard.
Jellerson pleaded guilty to a misdemeanor charge of theft in 2nd District Court on Thursday. Another felony theft charge filed against him was dismissed in exchange for Jellerson's cooperation in an investigation of evidence-room thefts by other West Bountiful police officers. Davis County prosecutor Bill McGuire said he plans to file a criminal charge against former West Bountiful officer Jamie Wehner for allegedly taking firearms and other property from the department's evidence cache. Wehner will be charged with a class-A misdemeanor count of wrongful appropriation, said McGuire, who was not willing to explain why Wehner isn't being charged with a felony, the usual penalty for stealing firearms. Wehner resigned from the police department in February. Two other officers were investigated for alleged theft. One retired and will not be charged, and the other, placed on administrative leave, was cleared and will go back on duty, McGuire said. Jellerson was fired last July, when Lakeview Hospital reported losing $5,000 to thefts. His lawyer, George Diumenti, said Jellerson will pay $1,907 in restitution, get leniency at sentencing and cooperate in a continuing investigation. Jellerson is scheduled to be sentenced May 18 on a theft charge that carries a possible sentence of a year in prison. CYBER CRIME BLOTTER
Computer crime
IN THE NEWS Apr 3, 2000 Weekly Microsoft Security Roundup <http://www.securityportal.com/direct.cgi?/topnews/weekly/microsoft20000403. html> - Three Security Bulletins, "Virtualized UNC Share" Vulnerability, "Malformed TCP/IP Print Request" Vulnerability, "Malformed Hit-Highlighting Argument" Vulnerability. Mailing list review: RunAs Information, NIPC Advisory 00-038 - Self-propagating 911 script. Tip of the Week: Have a security question that you just can�t find any information on? Do you need a technical answer to a security question that no one seems to be able to provide you with? NandoTimes: Hackers gather at Israel conference <http://www.nandotimes.com/technology/story/0,1643,500187324-500250833-50127 1402-0,00.html>- Hackers from around the world overcame interrogations, censorship and an all-around bad reputation to hold Israel�s first hacker convention, wrapping up the two-day conference Thursday without a glitch SJ Mercury: Internet Security system unveiled <http://www.sjmercury.com/svtech/news/breaking/ap/docs/382663l.htm> - Analysts say a new type of Internet burglar alarm system by Counterpane may raise the bar in the burgeoning and vital field of computer security Apr 2, 2000 National Infrastructure Protection Center Advisory: Malicious 911 Virus <http://www.nipc.gov/nipc/advis00-038.htm> - NIPC is reporting a new virus that can supposedly erase hard drives and dial 911 systems. It reportedly propagates itself through Microsoft file sharing (we don�t know if this is an April Fool�s Joke or what the NIPC has been smoking, but the advisory is on their site right now) Apr 1, 2000 PC World: FTC Committee Debates Online Privacy <http://www.pcworld.com/pcwtoday/article/0,1510,15993,00.html>- The Advisory Committee on Online Access and Security, established in February by the FTC, met Friday to debate the issues surrounding access and security of Web users Archives Mar 31, 2000 IDG: Health sites' data collection under fire <http://www.idg.net/idgns/2000/03/31/HealthNetSitesDataCollectionUnder.shtml > - The authors of a report on privacy policies and practices of health Internet sites weren�t necessarily hoping to spark a U.S. government investigation with their damning findings, but that appears to be what has happened FCW: GAO lists security bargains <http://www.fcw.com/fcw/articles/2000/0327/web-cheap-03-30-00.asp> - In its security audits of agencies, including the departments of Defense and Veterans Affairs, GAO found that security controls are in place but that those controls are not being used correctly Red Hat Advisory: ircii buffer overflow <http://www.redhat.com/support/errata/RHSA2000008-01.6.1.html> - A buffer overflow exists in ircii�s dcc chat capability. An attacker could use this overflow to execute code as the user of ircii CERT Current Activity: BIND and SGI Objectserver vulnerabilities <http://www.cert.org/current/current_activity.html> - updated information on current high impact vulnerabilities includes a new report with a SGI Objectserver exploit that can lead to elevated privileges ZDNet: Safe Harbor privacy plan -- not so safe? <http://www.zdnet.com/zdnn/stories/news/0,4586,2495461,00.html> - Consumer group says Internet privacy accord between European Union and U.S. government isn�t so safe for citizens in either region Mar 30, 2000 Microsoft Bulletin: Patch Available for Malformed TCP/IP Print Request <http://securityportal.com/topnews/ms00-021.html> - Microsoft has released a patch that eliminates a security vulnerability in the TCP/IP Printing Services for Microsoft� Windows NT� 4.0 and Windows� 2000. If this service is installed, the vulnerability could allow a malicious user to disrupt printing services Microsoft Bulletin: Patch Available for Virtualized UNC Share Vulnerability <http://securityportal.com/topnews/ms00-019.html> - Microsoft has released a patch that eliminates a security vulnerability in Microsoft� Internet Information Server and products based on it. Under certain fairly unusual conditions, the vulnerability could cause a web server to send the source code of .ASP and other files to a visiting user ZDNet: Australia tackles Net privacy and workplace e-mail <http://www.zdnet.com.au/zdnn/stories/zdnn_display/au0001402.html> - The Australian Federal Privacy Commissioner today released guidelines for companies navigating workplace e-mail issues -- part of a broad strategy for safeguarding privacy on the Internet Sun Security Bulletin 00194: BIND <http://securityportal.com/topnews/sun20000329.html> - Sun announces the release of patches for Solaris(tm) 7 which relate to four vulnerabilities in BIND reported in CERT Advisory CA-99-14 Trend Micro: TROJ_PLATAN <http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PLATAN> - This is a password stealing Trojan that collects system passwords from the infected PC and emails it to the author Trend Micro: VBS_NETLOG.WORM <http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_NETLOG.W ORM> - This Trojan when run searches for a computer in the network where c:\ is shared with full control and accesses files. This virus does not run on Windows NT environment. Rated medium risk NWFusion: Check Point launches security appliance initiative <http://www.nwfusion.com/news/2000/0329checkpointapp.html> - Check Point Software has begun letting vendors such as Alteon WebSystems and IBM integrate Check Point�s virtual private network and FireWall-1 technologies into their product lines Techweb: Hacker School Teaches Security <http://www.techweb.com/se/directlink.cgi?IWK20000327S0051> - More than 2 |
