Idaho Hospice to Pay $50,000 for HIPAA Violation for Data Breach

Losing a single laptop containing sensitive personal information about 441 patients will cost a non-profit Idaho hospice center $50,000, marking the first such penalty involving fewer than 500 data-breach victims.

The data was unencrypted.

The Department of Health and Human Services (HHS) announced last week that it has reached an agreement with the Hospice of North Idaho that will see the hospice pay $50,000 for violating the Health Insurance Portability and Accountability Act (HIPAA).

“This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients’ health information.” said HHS Office of Civil Rights Director Leon Rodriguez in a Press Release. “Encryption is an easy method for making lost information unusable, unreadable and undecipherable.”

While the hospice’s failure to encrypt patient data is egregious by any measure, you can count me among those wondering if perhaps HHS could have found a less sympathetic violator to hold up as an example. From the organization’s website: “Hospice of North Idaho cares for thousands of our neighbors and loved ones each year with a staff of over 100 and a volunteer force nearly double that.  … Hospice of North Idaho provides services for over 50% of our dying in Kootenai County; it is the community leader for hospice and palliative care.”

According to an article in The Spokesman-Review, the laptop was stolen from a hospice worker’s car, and although the thief was apparently apprehended, the computer was not recovered. Amanda Miller, a spokeswoman for the hospice, told the newspaper that there was no evidence that any patient information had been abused.

    “As a nonprofit, $50,000 is a lot of money and we are being extra resourceful right now to account for this settlement cost,” (Miller) said.

    “Hospice of North Idaho conducted a thorough risk analysis as a part of its security process, increased security measures on all equipment containing patient information, and adopted stronger security policies and procedures to ensure the safety of patient health information,” Miller said. “Other measures taken were the encryption of all laptops, stronger password enforcement, and HIPAA privacy and security training on a scheduled basis.”

The full agreement between the government and the hospice center can be read here.

Source: Network World

Trakdot Luggage Sends Luggage Location to Mobile Devices

Trackdot has announced the Trackdot Luggage, a device that will ensure that you never loss your luggage and that your luggage never gets misplaced if you check it at the airport.

The device is a palm-sized tracker that is ultra-light and is meant to fit into any sized bag. Trackdot let’s passengers keep constant tabs on their luggage.

Once travelers register the device on the Trakdot website they can place the device in their checked baggage, they will receive location information directly to their mobile phone or by via either text or email. The luggage locator system delivers real-time, city-specific information on the whereabouts of checked baggage.

Travelers can also check the location of their luggage on Trackdot.com or download the free Trakdot Luggage app. Also available for download is an additional app that will alert passengers as their bag is approaching on the carousel in the baggage claim of the airport.

The Trackdot Luggage device will be available in March 2013 for $49.95 USD with an $8.99 USD activation fee and an annual service fee of $12.99 USD, according to a press release from Trakdot. It will be compatible with any mobile, device including Apple and Android devices.

Yahoo Mail Accounts Hacked in Quick XSS Exploit

Yahoo Mail accounts have been hacked, with a DOM-based cross-site scripting vulnerability being the main vector of attack. Details of the hack, including how to perform the attack on specific e-mail accounts, has appeared online in a YouTube video demonstration, with the entire attacking process taking just a couple of minutes.

The attack has been demonstrated by a single person going by the name of Shahin Ramezany, according to The Next Web. The video seems to show a link being sent to a target user, which takes them to a seemingly-innocent URL. The attacker then uses details stored in log files to clone the cookie of the user and then gain access to their account, with the entire attack taking just over four minutes to complete. A post on Twitter by the hacker suggests that up to 400 million Yahoo Mail accounts are at risk from the attack until it gets patched by Yahoo, and a number of Twitter users have already confirmed they were victims of the exploit.

In July 2012, over 400,000 passwords and e-mail combinations were leaked from a Yahoo Voices server, rebranded from Associated Content. The attack at that time contained addresses for Gmail and AOL e-mail accounts, as well as Yahoo Mail.

Here is the Youtube Video of Yahoo Mail Hacking 2013.

Source: Electronista

QNX Announces New In-Car Speech Recognition Framework with AT&T’s Watson

The QNX car platform has done some great things and so many great features have been built using the QNX car platform. Now another amazing feature to add is the new in-car speech recognition framework that will now recognize a speakers intent for voice commands.

The framework allows applications to access AT&T Watson which provides a more natural understanding of spoken commands. This means users can do things like create calendar appointments, dictate email, give voice navigation instructions or even perform internet searches.

Press Release Below:

QNX Announces New In-Car Speech Recognition Framework to Understand a Speaker’s Intent

New intent framework to bring power of AT&T Watson(SM) speech recognition engine to wider variety of in-car systems and applications

OTTAWA, ONTARIO–(Marketwire – January 07, 2013) – QNX Software Systems Limited, a global leader in software platforms for in-car electronics, has announced a powerful new framework that will allow speech recognition systems in cars to understand a speaker’s intent. The framework extracts meaning from the driver’s spoken words, enabling in-car systems to create calendar appointments, dictate email or text messages, set complex navigation destinations, and even perform general Internet searches.

The framework, which is a component of the QNX CARTM application platform, allows in-car applications to access AT&T Watson(SM) speech recognition technology. AT&T Watson(SM) is AT&T’s pioneering speech services platform, which enables the development of next-generation technologies that go beyond speech to power more advanced natural language understanding and automatic speech recognition, among other capabilities. The multimodal and multilingual speech engine runs on a cloud-based server to provide extremely high-quality recognition with low latency.

Determination of the intent behind the driver’s speech starts on the server, where the AT&T Watson speech engine begins to analyze words and fits them to known patterns. The results are then handed from the cloud to the car, where the in-vehicle intent engine from QNX Software Systems performs the remainder of the speech analysis to determine how to act.

    “Sharing the workload across client and server offers automotive manufacturers and end-users the best of both worlds,” said Andy Gryc, automotive product marketing manager, QNX Software Systems. “The server-side analysis, provided by AT&T Watson, is optimized for complex scenarios, such as a navigation application in which the driver may verbalize destinations in hundreds of different ways. The QNX client-side analysis grants car makers greater flexibility, enabling them to adapt the AT&T Watson results for a variety of in-car applications, regional aspects, or personal tastes.”

    “For many of us, the most natural way to communicate is with our voice. By working with QNX and opening access to our rich set of speech technologies developed at our labs, we’re making it possible for more people to use the power of their voice to stay safely connected in their vehicles,” said Mazin Gilbert, assistant vice president of technical research, AT&T Labs. “Delivering this type of next-generation virtual assistant applications for the connected car is especially important as we look at how technology can help drivers keep their eyes on the road and hands on the wheel.”

The intent system from QNX Software Systems is dynamically pluggable, which allows the recognized vocabulary to change depending on what applications are active, and to support new apps that are downloaded to the car.

    “Enabling natural, intuitive, user experiences is fundamental to our vision of the connected vehicle, and providing our automotive customers with the tools to create those experiences is fundamental to our product strategy,” said Linda Campbell, director of strategic alliances, QNX Software Systems. “By providing a framework that enables our customers to take greater advantage of AT&T’s phenomenal speech engine, the new intent system should help accelerate the adoption of speech recognition across a broad range of vehicles.”

The QNX CAR application platform from QNX Software Systems is a comprehensive, pre-integrated software stack designed to help automotive companies reduce the time and effort of building highly sophisticated and connected infotainment systems.

QNX Software Systems has licensed its software technology for millions of in-vehicle systems worldwide, including digital instrument clusters, hands-free systems, multimedia head units, connectivity modules, and 3D navigation systems.

Developed at AT&T Labs, AT&T Watson(SM)has been powering advanced speech services in the marketplace for years. The technology reflects more than one million hours of research and development in speech technologies that has led to more than 600 U.S. patents and patent applications.

AT&T, Qualcomm Team Up and Announce the Internet of Everything Development Platform

AT&T Mobility is partnering with Qualcomm to spark further development of connected devices that can run on the carrier’s network.

Here at the 2013 Consumer Electronics Show, the two firms announced the Internet of Everything (IoE) development platform, which is based on Qualcomm’s QSC6270-Turbo chipset and supports Oracle’s Java ME Embedded 3.2.

The companies said that the new IoE development platform uses Qualcomm’s Gobi chipset for 3G modem technologies and will allow developers to accelerate development and decrease time-to-market for connected devices on AT&T’s network. Some of the vertical markets the companies are targeting with the new platform include tracking, industrial controls and healthcare.

Press Release
Source: Fierce Wireless

Disney’s ‘MagicBands’ Will Track the Movements and Behavior of Theme Park Attendees

Disney wants to make its theme parks more interactive, and it’s hoping digital wristbands will do the trick. Over the next few months, Disney World will be introducing a new program called MyMagic+ that uses location data and spending trends to more closely monitor park patron behavior. As part of the system, park attendees will have the option to wear RFID-equipped wristbands known as “MagicBands,” which function as a room key, credit card, and FastPass. These bands will allow Disney to know which attractions a customer visits, what they purchase, and when they purchased it.

The idea behind Disney’s program, like most other targeted advertising campaigns, is to personalize the company’s marketing efforts. It could also offer some obvious benefits by alerting users whenever ride lines are shortest, and allowing for a generally more intimate experience. When a user approaches a costumed Cinderella, for example, the MagicBand’s sensor will automatically provide her with his name, allowing her to greet him on a first-name basis.

Disney Parks and Resorts chairman Thomas O. Staggs says this approach should make the park-going experience more enjoyable for consumers, thereby fostering greater loyalty to the Disney brand. “If we can enhance the experience, more people will spend more of their leisure time with us,” Staggs told the New York Times.

Yet there are some concerns over such large-scale data gathering — especially in an environment filled with young children. These concerns have been swelling in recent months, encouraging the FTC to impose tougher online privacy rules for children.

Disney is well aware of these worries, and will allow parents to ultimately decide how much information their children reveal, but the company seems confident that its MyMagic+ program remains critical to its long-term success. “We want to take experiences that are more passive and make them as interactive as possible,” said Bruce Vaughn, chief creative executive for Walt Disney Imagineering. “Moving from, ‘Cool, look at that talking bird,’ to ‘Wow, amazing, that bird is talking directly to me.'”

Via: The Verge