Franklin Veaux (tacit) wrote,
Franklin Veaux
tacit

  • Mood:

Open source will save us all!

Or, err, perhaps not.

Consider the case of www.freehipaa.net, a Web site that advertises free, open-source HIPAA-cmpliant medical software. HIPAA is the US law that protects the privacy and security of patient medical records; it has, among other things, provisions specifying security standards for remote storage, use, and retrieval of sensitive patient information.

HIPAA compliance is a big deal; those who violate the standards can find themselves neck-deep in legal trouble, and anyone who is responsible for maintaining patient medical information is obligated to take security very seriously indeed.

Which is why it's all the more amusing that I received a fake PayPal scam email in my mailbox today directing suckers to a phony Web page, where the hackers could steal their PayPal information. The hackers responsible for these scams first find vulnerable Web servers with outdated content management or ecommerce software, then hack these Web sites ad put up their phony phishing pages, and finally send out spam email directing the unwary to the hacked Web site for fleecing.

Today's cracked Web site du jour? None other than http://www.freehipaa.net/icons/us/webscr.htm -- yep, that's right. The creators of HIPAA-complaint medical billing software can't even secure their own Web server.

Hmm. I wonder if their software is any better...
Tags: computer security, rant
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 6 comments