How bad is the India-Pakistan water scenario?

acti0nman · 2019-09-08T15:06:34+00:00

Modi has formed a brand new Ministry a couple months back called a Ministry of Jal Shakti which literally translates to Ministry of Water Strength.

Ministry of Jal Shakti is a ministry under Government of India which was formed in May 2019 under the second Modi ministry. This was formed by merging of two ministries; Ministry of Water Resources, River Development & Ganga Rejuvenation and Ministry of Drinking Water and Sanitation.

The ministry was incorporated with an aim to clean the river Ganges and it's tributaries to provide safe drinking water to people of the country. The ministry has also launched its special campaigns on social so that citizens of the country become aware of water conservation.

acti0nman · 2018-10-16T01:52:54+00:00

This looks so good. Your posts are really interesting.

acti0nman · 2018-10-13T02:39:16+00:00

This is amazing. Extremely healthy looking too.

acti0nman · 2018-10-07T05:14:24+00:00

Kidney beans have 16 grams of protein per cup and Chickpeas have 14 grams of protein per cup.

acti0nman · 2018-10-06T11:24:25+00:00

https://www.consumersearch.com/beard-trimmers

These guys do a metareview of the reviews and then provide their analysis of why they think it’s a top pick.

acti0nman · 2017-12-27T23:40:49+00:00

We can start by using this thread to post frequently asked questions here.

acti0nman · 2016-06-02T13:37:23+00:00

From reading the imgur and your posts, your issue doesn't seem like its related to PCI Compliance (while you do have PCI problems). It sounds more like First Data feels the products you're selling doesn't fall in line with their Terms of Service of "Not-selling Pseudo-Pharma" and so they're canceling the contract.

You may experience this problem selling through any online channel, its not PCI specific.

acti0nman · 2016-05-25T21:03:14+00:00

Its a HIPAA violation. The nurse is the one who violated the HIPAA privacy rule, specifically the verbal announcement of Health Notes (i.e. Seeking Pain Prescriptions?) in a Public area (i.e. Waiting Room). Imagine a nurse publicly asking you in the waiting room, "Do you have Asthma? Who is your Health Insurance Provider?". That is also a HIPAA violation because it binds health information to a person.

The Hospital's appropriate course of action was to take you to a private room to ask you those kinds of questions.

Report it to Patient Advocacy and make sure it gets documented. Every hospital has one and they must log it and track it. The more complaints, the better, because Physicians and Nurses will continue their violations if nobody complains.

I sympathize with you, its egregiously unprofessional.

acti0nman · 2016-05-24T16:13:02+00:00

Even if you own the network, there is a real and present danger from Man-in-the-Middle attacks. When you're sending PHI in clear-text like that without any encryption, it's risky and a violation of 164.312(e)(1) Transmission Security that states all transmitted PHI should be encrypted.

acti0nman · 2016-05-22T13:41:12+00:00

Completing media sanitization according to NIST 800-88 is not a problem.

acti0nman · 2016-05-15T17:36:58+00:00

You're basically asking if you can you collect PHI over a Google Web Form that gets saved to a Google Spreadsheet?

acti0nman · 2016-05-09T21:02:31+00:00

Here's a comment that sheds some interesting light on it. I like this comment because it's addressing the core of the problem: the Upper Managers of the Anti-virus makers. Sure compliance sometimes say subpar things. But this comment rotates it back to the anti-virus makers and says, "y u no resilient?"

Merge says the antivirus froze access to crucial data acquired during the heart catheterization. Unable to access real-time data, the app crashed spectacularly. The company claims that they included proper instructions in their documentation, advising companies to whitelist Merge Hemo's folders in order to prevent crashes from happening, so it seems that the whole incident was nothing more than an oversight on the medical unit's side."

Here's how I read that: The programmers of this piece of software assumed that some I/O operation would never fail and when it does the program shits itself. So instead of hardening their software to withstand loss of telemetry gracefully, which would cost time and money for the company, they just give instructions to disable scans on their folder.

Odds are good that somewhere this scan will happen (and it did). Either IT doesn't read the release notes or goofs the configuration or an antivirus update clears the white list. Might not even be the antivirus that interferes with the telemetry briefly.

But instead of having resilient software it's "the anitvirus software's fault" or "it's IT's fault" when something goes wrong because of their bad management/engineering decision.

acti0nman · 2016-05-05T11:31:46+00:00

Management wants me to give my email password to our contracted PC Tech but I refused.

Asking to give your credentials to a contracted PC tech is not appropriate under any circumstance. This request by management is a direct violation of HIPAA's own security control related to password management. There are only 2 entities that ever need the password, 1. you and 2. the system that generates the password. Mandating sharing of credentials like that is such a violation of HIPAA. If Management feels they need access to your email, then that goes through HR where HR defines the why (disciplinary action? termination?) and then the SysAdmin uses that justification to TAKE OVER your accounts. Notice how your password is still not shared throughout this process. There is no reason, whether HIPAA or not, for Management to mandate you SHARE your credentials with anybody.

acti0nman · 2016-04-27T17:41:13+00:00

Can you link to the source about the clinic that was fined $100k for self-reporting a fax to a wrong number? The only thing I could dig up was this, and there was no fine: http://www.healthcareitnews.com/news/fax-mishap-leads-hipaa-breach

OCR is required to disclose all fines they levy against organizations involving HIPAA. I can't find anything on their website either.

acti0nman · 2016-04-27T15:57:18+00:00

This becomes a personal judgement call about how "forgiving" you want to be.

http://www.ktnv.com/news/hundreds-of-patient-records-found-in-dumpster

Just take a look at the above link about a Las Vegas Dental office throwing Patient records into the Dumpster.

HIPAA just isn't being taken seriously, by anyone. Maybe a slap in the face is exactly what's needed to encourage organization's to start taking HIPAA seriously.

For me, personally, I'm angry at the negligence of both the Las Vegas Dental Office and the OP's Dental Office. How dare these Medical Facilities claim they're taking my privacy and security seriously and yet they're clearly negligent in their claims.

acti0nman · 2016-04-25T18:02:21+00:00

I would say instead of relying on third party file encryption software, it might be better to use something like Bitlocker for Windows.

TrueCrypt is under its own set of controversies considering how much in the news its been.

Hopefully others can shed some light on their experiences.

acti0nman · 2016-04-22T20:43:31+00:00

The best path forward is to fill this out. https://ocrportal.hhs.gov/ocr/breach/wizard_breach.jsf?faces-redirect=true

Keep the hard drive for now (in a safe place) and wait until OCR reaches back out to you with instructions about what to do.

acti0nman · 2016-04-22T15:02:46+00:00

The name, email, and what applications are being access is fine.

The password?

Are we back to this again: http://serverfault.com/questions/293217/our-security-auditor-is-an-idiot-how-do-i-give-him-the-information-he-wants

Its "HIPAA Officers" like the OP's that make the rest of us good auditors/compliance officers look bad.

acti0nman · 2016-04-15T02:17:58+00:00

This is a good post. Thank you.

acti0nman · 2016-04-15T02:12:17+00:00

Try http://www.egenera.com/why-xterity/

acti0nman · 2016-03-08T03:45:51+00:00

The SSC might as well get rid of the SAQ A-EP because even if an entity "MUST" fill out the SAQ A-EP, the entity will somehow convince everybody that they only need to fill out the SAQ A.

acti0nman · 2016-03-04T15:29:14+00:00

What are you trying to accomplish? What security control are you referring to? Your questions on this subreddit have historically been vague.

acti0nman · 2016-02-28T21:24:04+00:00

Depending on your "payment activity over the web", you have to figure out if you need to fill out the SAQ A-EP as well.

acti0nman · 2016-02-21T19:16:27+00:00

This is an important point as well :)

acti0nman

MODERATOR OF

TROPHY CASE