SoylentNews is people
SoylentNews
The BBC News reports that:
The 56 Dean Street clinic in London's Soho sent out the names and email addresses of 780 patients when a newsletter was issued to people who attend the clinic. Patients were supposed to be blind-copied into the email but instead details were sent as a group email.
From an interview with one patient:
One man, a 40-year-old public sector worker, has been HIV positive for 13 years and has been using the Dean Street clinic for five. He said: "I felt sick when I realised what had happened. I first saw the email at work but ignored it as I was busy. I then looked at it when I was on the way home from work. I couldn't breathe. I'm concerned who will get this information. If it ends up in the hands of the wrong people, such as hate groups, it could be dynamite."
Further:
Fellow patient James ... said: "I was travelling back from the pride parade in Manchester on Monday when I received this email. I couldn't believe it when I got it and I've been full of worry since. I am not ready to disclose my HIV status to my wider friends or family. I fear now that I have no choice."
Finally, a friend informs me that a breach of privacy at another clinic may be widely reported within the next few days.
(Score: 2) by kurenai.tsubasa on Thursday September 03 2015, @11:20PM
Ok, this time a serious comment.
First of all it's HIPAA [wikipedia.org]: Health Insurance Portability and Accountability Act. HIPPA is somebody shouting the name of a small island in British Columbia.
I have it on a very good source that medical offices frequently send PHI over unencrypted RFC 2822 email. They frequently send it over SMS (even when an encrypted service is available, just because it's a separate app than the SMS app). I could name a company who produces a product used by an entire service industry that is heavily utilized by doctors and hospitals that the company knows is going to store and transmit ePHI, yet has absolutely no support for encryption whatsoever (well, ok, not whatsoever, but she did say that it was a symmetric cypher and probably just some amateur-invented obfuscated ROT13), no strongly encrypted data at rest, no strongly encrypted data in motion. (I doubt they would be any more liable for when their product is used to store and process ePHI than Microsoft is when a hospital sends ePHI in plaint text.)
HIPAA, even after the HITECH act was passed, is a complete joke when it comes to what happens to your data behind the scenes, probably because of people like you or else just general apathy about other people's data.
That being said, what TheGratefulNet may have been offered is something that's been gaining popularity, precisely because support for standards like S/MIME usually tends to be utter shit (Outlook, Mozilla, etc), not to mention the inability of a home user to generate a valid cert for that standard in particular. There's GnuPG, but support there is crap (Mozilla) or might as well be non-existent (Outlook). Who knows what support, if any, iGadget or Android mail apps have. Nothing I have ever seen has come close to the ease of KMail 3.5 when it comes to encryption. (I haven't checked out KDE lately, so no idea about Kontact.)
Hospitals have been buying these web apps that are kind-of webmail. That is, I'm sure security's very tight and well done (*rolls eyes*), but if you send to an address outside the system, it simply sends a notification over RFC 2822 email that asks the recipient to log on or create an account on this kind-of webmail platform to read the mail. It receives non-encrypted RFC 2822 mail transparently. So, technically electronic mail, just not RFC 2822 mail when sending.
So who knows!