> It's my understanding that e-mail and text aren't encrypted, so
> definitely not HIPPA compliant.
Which is why the only email they ever send is "you have a new message
from your physician" or similar.
> Does it take much talent to gain access to a patient's portal records?
the business of these companies (Epic, et al.) is predicated on keeping
this data protected. Same with Bitwarden, 1Password, etc. If you use a
weak password, don't use two factor authentication, or the HTTP
connection uses a weak form of TLS encryption than it is much easier to
snoop on a connection.
That said, it seems highly unlikely that a normal individual would be
targeted in such an attack. What value does it do to spend the effort to
find out that I take Nexium to manage chronic heartburn? Very little.
What are they going to do, try and extort me?
-- ak
| ander kierig
| Application Development
| University of Minnesota Libraries
| https://www.lib.umn.edu/about/staff/ander-kierig
| they/them
On 2025-02-17 at 12:31 (-0600) charles meyer wrote:
> My esteemed listmates,
>
> It's my understanding that e-mail and text aren't encrypted, so
> definitely
> not HIPPA compliant.
>
> But, couldn't doctor's offices/hospitals have you sign a form saying
> that
> you acknowledge the risk of using unencrypted communications and what
> information they're allowed to send in what channels
>
> Better you use an email to confirm the date and time of an appointment
> than
> using a PW generator where it could be hacked and now the miscreants
> can
> access your patient portal and gather all your health care records.
>
> We know the patient portals aren't the only way in for miscreants but
> is it
> one of the easier way to get healthcare info?
>
> It's easier than dumpster diving.
>
> Police detectives and the FBU have shared that most criminals are lazy
> (and
> or dumb) so that's why they're criminals. It takes talent and the
> right
> temperament to write code so many miscreants could never use their
> "powers
> for good and not evil" as they have no special talents.
>
> Does it take much talent to gain access to a patient's portal records?
>
> An experienced detective explained to me that many of those using
> Ransomware never created that software but found it "on the dark web"
> (chat
> rooms) where they are given step-by-step instructions of how to use
> the
> Ransomware created by others.
>
> We have some patrons who have been really circumspect re: sharing
> their
> email addresses and/or phone #s with us just for a library card.
>
> Others don't want to share their driver's license numbers.
>
> We're all trying to assess and manage risk but how much do we really
> know
> and understand about our or others' vulnerabilities?
>
> Thanks,
>
> Charles.
>
> Charlotte County Public Library
Received on Mon Feb 17 2025 - 14:24:19 EST