Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Hospital's computer security given poor grade in April report

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Hospital's computer security given poor grade in April report
Date: Fri, 22 Oct 2004 01:08:50 -0500 (CDT) 
http://www.thetimesonline.com/articles/2004/10/20/news/top_news/87e009eb749c7fd186256f3200836776.txt

BY MATTHEW VAN DUSEN
Times Staff Writer
October 20, 2004 

VALPARAISO -- A damning assessment of Porter hospital's computer
security never publicly released became a test that Porter County
Commissioner Robert Harper posed Tuesday to candidates for the
hospital board .

Harper read from an April 2004 Deloitte & Touche assessment that
identified 30 problems with the hospital's information systems, nine
of them classified as "high risk."

The assessment concludes, "Porter does not know whether someone could
be accessing critical medical, financial and management systems
without being detected."

Harper asked the candidates, "Do you think the public has the right to
know something like that?"

He made it clear the right answer was "yes."

Hospital Chief Executive Officer Ron Winger did not return a call
requesting comment and spokesman Andrew Snyder also did not comment.

Harper also read a separate statement from Deloitte, which audits the
hospital's finances, that said if the problems weren't fixed the
hospital would not meet "appropriate accounting controls," and that
Deloitte might not be able to certify the hospital's books.

David Schroeder, an associate professor at the Valparaiso University
business school, reviewed the PowerPoint presentation at The Times'
request.

Schroeder said if the hospital made the changes Deloitte suggested,
its computer systems are in good shape. If officials had not made the
changes, the systems are in poor shape, he said.

The assessment, for example, found that some systems were protected by
program default passwords, such as "QUSER." A person could access a
system with the default password and make changes or learn information
and the hospital would not know who they are.

This problem would be easy to fix.

Other problems with the system were more complicated, such as not
knowing what an employee can access and not being able to eliminate
those access rights if the employee is fired.

The assessment notes that it would not be clear if someone had
accessed the systems illegally unless there was a noticeable effect
from it.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Hospital's computer security given poor grade in April report, InfoSec News <=
Previous by Date:  [ISN] Source code thefts, hacking on the rise, InfoSec News
Next by Date:  [ISN] High-Tech Crimes Revealed: An Interview with Stephen Branigan, InfoSec News
Previous by Thread:  [ISN] Source code thefts, hacking on the rise, InfoSec News
Next by Thread:  [ISN] High-Tech Crimes Revealed: An Interview with Stephen Branigan, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]