05/26/2009
e-health in the UK and Belgium ?
We don't see anything, we don't hear anything so we don't know anything
In the UK this is different for e-health and that this kind of controls is needed is shown in this article because it is not because it is on paper that the monkeys will do what they are supposed to do. It is only because you control, monitor and test.
"A total of 140 security breaches were reported within the NHS between January and April this year. These included computers containing medical records stolen and left by skips, and passwords taped on encrypted discs with sensitive information, The Independent newspaper said."
http://www.telegraph.co.uk/health/healthnews/5381605/Thou...
09:41 | Permalink | Comments (0) | Email this
| 
| 
del.icio.us
|
| 
Digg | 
Facebook
05/19/2009
some interesting presentations about the EID (dutch)
But some of them (including the one from the Belgian official Privacycommission who points out that the readers that are used have NO legal basis for the moment) are quite interesting. The details are what it is all about.
- Introductie (Vincent Naessens, KaHo Sint-Lieven)
- Adder(s) in het e-ID gras (Willem Debeuckelaere, Voorzitter Privacy Commissie)
- The Hitchhiker’s Guide voor de e-ID (Peter Strickx, Chief Technology Officier Fedict)
- e-ID toegangscontrole voor beperken van toegang tot bedrijfsparkings en containerparken (David Maelfait, Alphatronics)
- e-ID kaartlezers en e-ID software ondersteuning (Johan De Vriendt, Arena Solutions)
- Toepassingen met e-ID handtekeningen (Frank Delanghe, DSoft)
- Een e-ID gebaseerd ticketing systeem (Jorn Lapon, KaHo Sint-Lieven)
- eHealth-toepassingen en het gebruik van de Belgische elektronische identiteitskaart (Frank Robben, Administrateur-generaal eHealth platform)
11:20 | Permalink | Comments (0) | Email this
| | del.icio.us
|
| Digg | Facebook
05/14/2009
Holland shows Belgium how to not to take any risk with ehealth projects
A Dutch Cabinet minister has stopped the development of the eHealth card as security researchers have successfully discovered the secret encrypted key on that card.an attack that ia already old and analysed the electromagnetic fields on the chip of the card. It was also possible because the chip didn't use the best security to be able to handle transactions faster. This was done in an university (where are our universities doing such important work ?) and you need also the pincode to be able to do something with it (but hey we got keyloggers for that and most people keep all those pincodes together or they use the same). So theoretically it is only useful in a very targeted attack or by a lucky theft (in which you have the card and the pincode).
The chip is not only used for the ehealth card but also in other smartcards. The chips have to be replaced. Meanwhile the development of the ehealth card has been stopped but some just think that this is because there are numerous other technical difficulties and because opposition against the card is bigger than expected and still growing. The main objections are the information about the patients can be found on laptops and computers of all kinds of medical staff and institutions, while the security of those installations can differ enormously.
Security has to follow the data. If you claim that some data is more important and others, it must have more security than other data at all times wherever it is to be found. Even if Holland has a very stict law (dutch) that for some kind of data even imposes penetration testing, it is not sure that it would be implemented acros the board at all times. The minister has announced that the ehealth infrastructure and card will be tested by penetration testers and hackers. That is in Holland off course. Maybe they should test their incident response at the same time.
In Belgium we also have ehealth, but we don't have the technical norms, laws and controls as the USA nor the critical penetration testing, research and oversight by professionals and researchers as in Holland. There are some promises but these are words in the wind. On paper the ehealth business controls its own business. If you would do that in any other business, they would have a word for it. Especially in times like these when everybody wants to implement more controls. I hope we don't need 10 years to realise that we ought to implement much more controls and overight and laws about the security and privacy of ehealth after something went awfully wrong.
the dutch articles (about which the Belgian press wrote NOTHING)
330.000_bezwaren_tegen_patientendossier
21:12 | Permalink | Comments (0) | Email this
| | del.icio.us
|
| Digg | Facebook
05/06/2009
american ehealth database hacked and millions of ehealthfiles held ransom
"
On Thursday, April 30, the secure site for the Virginia Prescription Monitoring Program (PMP) was replaced with a $US10M ransom demand:
- "I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."
The site, https://www.pmp.dhp.virginia.gov/pmpwebcenter/login.aspx appears to have been entirely disabled and is presently unavailable.
The linked file provides the full ransom message.
The PMP is used by pharmacists and others to discover prescription drug abuse.
The PMP declined to comment, although when contacted, appeared to be aware of the issue, instantly referring inquiries to the director of the DHP, who is presently unavailable" source Wikileaks.org
yeah safe, sure and not sick..... all that ehealth bizz and buzz - just trust us, we know what we are doing....
00:47 | Permalink | Comments (0) | Email this
| | del.icio.us
|
| Digg | Facebook
01/25/2009
2008 the arrival of ehealth in Belgium
In June the parliament discussed and finally approved the e-health proposal on the basis of faith in the people responsable for the project. As we don't have faith but just want to see the facts, we studied it and had some attention for the subject. I am sure that we will have more attention for it in 2009 as this is a very important subject.
16/10/08 16:48 KUL Leuven and the TAS3 EU project (ehealth)
13/08/08 10:17 Medical ID theft in the US from test to reality (and Belgium)
07/08/08 23:23 Belgian Ehealth has no Privacy culture or awareness
24/06/08 09:56 3 bedenkingen bij het Ehealth platform voorstel
16:17 | Permalink | Comments (0) | Email this
| | del.icio.us
|
| Digg | Facebook
01/21/2009
Presentations about e-health in Belgium
from the boss himself, Mr Robben :)
Information session of the National Institute for Sickness and Incapacity Insurance - Brussels - January 15, 2009 |
Het eHealth-platform: doel, organisatie, stand van zaken en prioriteiten - La plate-forme eHealth: objectifs, organisation, situation actuelle et priorités
 | European Commission - i2010 subgroup on eHealth - Brussels - January 15, 2009 |
| Ceremony 5th Covidien Awards for excellence in hospital management - Vilvoorde - December 11, 2008 |
eHealth met respect voor privacy en beroepsgeheim - eHealth avec respect de la vie privée et du secret professionnel
| Conference of the Centre for Scientific Development of Pharmacists on "What can we expect from pharmacists in a patient-centric healthcare IT environment ?" - Brussels - November 27, 2008 |
Mogelijke ondersteuning van het elektronisch farmaceutisch dossier door het eHealth-platform
| General Assembly UNAMEC - Brussels - November 26, 2008 |
Het eHealth-platform: doel, stand van zaken en prioriteiten - La plate-forme eHealth: objectifs, situation actuelle et priorités
| eHealth Congres of TMAB and Agoria ICT - Brussels - November 18, 2008 |
16:49 | Permalink | Comments (0) | Email this
| | del.icio.us
|
| Digg | Facebook
01/17/2009
e-health got an OLD and STUPID virus and it is killing it
Some people here and in the US are dreaming of doing everything electronic in the health infrastructure - forgetting that we are talking about medical information that would be interesting for economic spionage, blackmail and intelligent scams and phishing.
Now they are talking on the news that several hospitals have great problems with that new (already two weeks old) virus that is spreading. They say that everything is working but that it takes more time to download medical information and so on
let us make a few things clear
* this is not a supervirus. This virus only works if you haven't updated your computer since october with an easy downloadable patch from Microsoft. Surely in a network like a hospital you should have organised your patching and updating centrally and control it so that it is done effectively. And there is nothing NEW
* it means that the security of the computers in hospitals is too lax to be confident that they should treat in their present situation in a confidential and high secure computernetwork with information that is as important as our medical information
* the great law of silence and just trust us has proven its weakness, especially after the new Belgian ehealth law needed more security and auditing and norms before going ahead with all their great plans. The system as a whole is only as secure as their weakest part. This means that maybe the computer use and culture and infrastructure in hospitals has to change and that hospitals have to understand that their computers are as important for saving lives as their operating rooms.
I am sure some people can tell stories about security in hospitals or on the computers of the doctors that would be quite interesting..... but that is the real reality that is responsable for this situation. You only need one pc to get the rest into trouble.
12:39 | Permalink | Comments (0) | Email this
| | del.icio.us
|
| Digg | Facebook
10/16/2008
EID and Ehealth : introduction (presentation)
A general presentation of the global certificate structure of the EID and how it is going to be used in the ehealth project.
16:52 | Permalink | Comments (0) | Email this
| | del.icio.us
|
| Digg | Facebook
KUL Leuven and the TAS3 EU project (ehealth)
TAS3 focuses federated identity management
TAS3 consolidates scattered research inSecurity, Trust, Privacy, Digital identities, Authorization, Authentication…
TAS3 integrates adaptive business-driven end2end Trust Services based on personal information: Semantic integration of Security, Trust, Privacy components
TAS3 provides dynamic view on application-level end2end exchange of personal data
16:48 | Permalink | Comments (0) | Email this
| | del.icio.us
|
| Digg | Facebook
09/19/2008
Frank Robben nieuwe presentaties
Gezien de unieke positie van Frank Robben hebben deze presentaties meer dan informatieve waarde.
eBelgium Congres - Leuven - 14 September 2008 |
Het eHealth-platform: doel, uitwerking en stand van zaken - La plate-forme eHealth: objectifs, concrétisation et situation actuelle
| Debate organised by the Belgian Association for Medical Ethics on the ethical aspects of the eHealth-platform - Ostend - 4 September 2008 |
Het eHealth-platform: doel, uitwerking en stand van zaken - La plate-forme eHealth: objectifs, concrétisation et situation actuelle
| Workshop of the Ministry of the Interior and the Ministry of Foreign Affairs - Brussels - 3 September 2008 |
23:22 | Permalink | Comments (0) | Email this
| | del.icio.us
|
| Digg | Facebook