SoylentNews is people
SoylentNews
The BBC News reports that:
The 56 Dean Street clinic in London's Soho sent out the names and email addresses of 780 patients when a newsletter was issued to people who attend the clinic. Patients were supposed to be blind-copied into the email but instead details were sent as a group email.
From an interview with one patient:
One man, a 40-year-old public sector worker, has been HIV positive for 13 years and has been using the Dean Street clinic for five. He said: "I felt sick when I realised what had happened. I first saw the email at work but ignored it as I was busy. I then looked at it when I was on the way home from work. I couldn't breathe. I'm concerned who will get this information. If it ends up in the hands of the wrong people, such as hate groups, it could be dynamite."
Further:
Fellow patient James ... said: "I was travelling back from the pride parade in Manchester on Monday when I received this email. I couldn't believe it when I got it and I've been full of worry since. I am not ready to disclose my HIV status to my wider friends or family. I fear now that I have no choice."
Finally, a friend informs me that a breach of privacy at another clinic may be widely reported within the next few days.
(Score: 3, Funny) by kurenai.tsubasa on Thursday September 03 2015, @12:53PM
HIV is God's way of punishing homosexuality! Gay sex is the only way to get HIV! Burn them! Especially any women or children who have been having gay sex with gay men!
(Score: 3, Funny) by Lagg on Thursday September 03 2015, @06:46PM
See. I don't know why people always want to burn them. It's clear that the gay is transmitted in airborne carcinogens like smoke. There's just no other way to explain the sheer number of flamboyant and depraved secretly gay fundamentalist types. No other way.
http://lagg.me [lagg.me] 🗿
(Score: 3, Insightful) by c0lo on Thursday September 03 2015, @01:09PM
You call this "inability"?! Why... was BCC missing/defective so that the sender was unable to use it in spite of her/his best intention to do it?
I'd rather call it stupidity... nay, scratch that... disability of the sender, more precisely some sort of intellectual disability. And it's too bad this disability was not detected before.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1, Flamebait) by Anne Nonymous on Thursday September 03 2015, @01:31PM
Well if he's got a disability, we better start sending him $800 a month.
(Score: 2) by Runaway1956 on Thursday September 03 2015, @02:37PM
I thought it was 800 Euros each month. No one wants dollars anymore.
(Score: 2) by Anne Nonymous on Thursday September 03 2015, @02:57PM
Sorry, I have $/€ syndrome.
(Score: 3, Funny) by nukkel on Thursday September 03 2015, @07:39PM
Here, have 800 rubles.
(Score: 2) by meisterister on Saturday September 05 2015, @01:01AM
Cool! Now I can get either a pizza or two or a terrifyingly large number of nehalem CPUs!
(May or may not have been) Posted from my K6-2, Athlon XP, or Pentium I/II/III.
(Score: 0) by Anonymous Coward on Thursday September 03 2015, @08:10PM
Ignoring your dictionary pedantry - calling the sender stupid is itself stupid. Sending a CC that should have been a BCC happens all the damn time. This person made an error that practically everybody on the net has made at least once in their lives.
The problem is not with the sender, the problem is that the tools are not fit for purpose. The clinic's email system should never have let a giant CC list go out without explicit human confirmation. In fact it is such a common problem that all email systems should give the user warning and a way to easily switch a message to BCC mode under such conditions.
(Score: 3, Informative) by TheGratefulNet on Thursday September 03 2015, @02:36PM
stopped reading after that.
the stupid commoners STILL DO NOT UNDERSTAND that email is about as non-private as you can get. a sealed envelope mailed is safer than email, these days. paper mail requires too much work to be spied on, so all the spying goes via electronic means.
and so, let me understand this: someone sent sensitive info about USING NON SECURE COMMS (email) and the issue is that they used the wrong header tag field???
we, as a species, are clearly too dumb to deserve this planet. time and time, its demonstrated to me that this is true ;(
each time I visit the doctor (once a year) I am asked if I want to sign up for online doctor access where they could correspond with me over email or send lab reports back to me that way. and each time, I have to launch into 'security lecture mode' to TEACH (cough) stupid doctors and nurses that they are doing horrible things and not even realizing it, by using unsecure comms channels (email!) to send sensitive info about health and medical stuff. they listen to me, nod their heads, but nothing sinks in; and they are our 'smart guys' in the world (many think so, at least). if you cannot even educate doctors about this, how the fuck are we going to educate normies about it?
"It is now safe to switch off your computer."
(Score: 3, Interesting) by Zz9zZ on Thursday September 03 2015, @04:42PM
It is probably easier to educate regular people vs. doctors since the latter often develop an overblown ego which makes them feel that their opinion on everything is paramount, and they deal with stupid questions on a daily basis. I'm sure many of them nod since they probably have heard such information before and have decided that worrying about breaches of email is silly. Or, they believe that the only breaches of privacy are by their own government and "who cares if they see it". Even with developer friends of mine I've heard things like "if they want my youtube history who cares?" It shows such a fatalistic viewpoint on privacy. Even if you can't do anything about it (realistically) at least you can care about the issue.
Oh, and educating normals is definitely easier, I've seen some of the more shocking stories have quite an impact; such as the facebook app spying on users with the phone's mic.
Lastly, there is a lot that could be done. Encryption (which is finally taking off more widely) is the practical line of defense, but we could also pass legislation to define our digital rights and provide legal repercussions for abuses.
Final word: people are busy with their jobs and rarely have the knowledge to fully understand your points, let alone do anything about it. If you want to make a difference then find out which organization would come down on the doctors and then you can give out dire warnings. People react a little more to dire warnings with possibilities of punishment, shakes them out of their daily autopilot. You don't need to convince the normals, you need to convince a few smart people in the right places.
~Tilting at windmills~
(Score: 3, Insightful) by DeathMonkey on Thursday September 03 2015, @05:27PM
each time I visit the doctor (once a year) I am asked if I want to sign up for online doctor access where they could correspond with me over email or send lab reports back to me that way.
I think they are just describing it to you in layman's terms. No Dr in their right mind is going to violate HIPPA* by sending sensitive info via email. What the portals do is store the info within the portal then email you that the info is there. You have to log in to see it.
* similar laws exist pretty much everywhere if you aren't in the US.
(Score: 2) by TheGratefulNet on Thursday September 03 2015, @05:59PM
nope, I've been told that if I pay a bit more for my HC, I will get email access to my doctor and I can converse with him/her in any way I want.
THAT is scary shit that never should have been 'a thing' to begin with.
and hippa regulations? I've had pharmacists call and leave messages on my voicemail about medications I was taking or waiting for and those idiots had no idea that it was WRONG to say anything informational in a voicemail. simply say that I'm the pharmacist and please call us back. that's all it would take. but no, I've gotton some pretty bad messages left and if there were other people having access to my VM or if I was dumb enough to listen to my VM on a spkrphone, I'd have been quite angry to have personal info like that left on a recording!
we just are not ready to have this kind of communications electronically (including voicemail) since too much is at stake and its too easy for sloppy asshole clinicians to ruin your life or let some personal details out that you did NOT want others to know.
"It is now safe to switch off your computer."
(Score: 0) by Anonymous Coward on Thursday September 03 2015, @10:12PM
Which is why a shitload of companies now sell secure solutions to stupid doctors.
(Score: 0) by Anonymous Coward on Thursday September 03 2015, @10:27PM
It's because of people like you that HIPPA exists. Now my wife can't easily take care of that stuff for me. What a pain, and all so you can pretend you have privacy. (you don't actually get it due to contractors and affiliates)
You don't even need that privacy. Nobody does. Why are you so concerned? It's just medical info. We all get sick. If it's actually something that others will care about, then they probably ought to know! If anything, the doctor should be sure to phone them so that they know to be careful around you.
(Score: 0) by Anonymous Coward on Thursday September 03 2015, @10:55PM
> If anything, the doctor should be sure to phone them so that they know to be careful around you.
You sound a lot like a sociopath. I wish your doctor would let me know your real name and diagnosis so I can avoid all contact with you.
(Score: 2) by kurenai.tsubasa on Thursday September 03 2015, @11:20PM
Ok, this time a serious comment.
First of all it's HIPAA [wikipedia.org]: Health Insurance Portability and Accountability Act. HIPPA is somebody shouting the name of a small island in British Columbia.
I have it on a very good source that medical offices frequently send PHI over unencrypted RFC 2822 email. They frequently send it over SMS (even when an encrypted service is available, just because it's a separate app than the SMS app). I could name a company who produces a product used by an entire service industry that is heavily utilized by doctors and hospitals that the company knows is going to store and transmit ePHI, yet has absolutely no support for encryption whatsoever (well, ok, not whatsoever, but she did say that it was a symmetric cypher and probably just some amateur-invented obfuscated ROT13), no strongly encrypted data at rest, no strongly encrypted data in motion. (I doubt they would be any more liable for when their product is used to store and process ePHI than Microsoft is when a hospital sends ePHI in plaint text.)
HIPAA, even after the HITECH act was passed, is a complete joke when it comes to what happens to your data behind the scenes, probably because of people like you or else just general apathy about other people's data.
That being said, what TheGratefulNet may have been offered is something that's been gaining popularity, precisely because support for standards like S/MIME usually tends to be utter shit (Outlook, Mozilla, etc), not to mention the inability of a home user to generate a valid cert for that standard in particular. There's GnuPG, but support there is crap (Mozilla) or might as well be non-existent (Outlook). Who knows what support, if any, iGadget or Android mail apps have. Nothing I have ever seen has come close to the ease of KMail 3.5 when it comes to encryption. (I haven't checked out KDE lately, so no idea about Kontact.)
Hospitals have been buying these web apps that are kind-of webmail. That is, I'm sure security's very tight and well done (*rolls eyes*), but if you send to an address outside the system, it simply sends a notification over RFC 2822 email that asks the recipient to log on or create an account on this kind-of webmail platform to read the mail. It receives non-encrypted RFC 2822 mail transparently. So, technically electronic mail, just not RFC 2822 mail when sending.
So who knows!
(Score: 4, Informative) by Soybean on Thursday September 03 2015, @05:58PM
> stopped reading after that.
That's your problem right there. Willful ignorance. Ironic given that half your post is devoted to flaming other people for their supposed willfull ignorance in the face of your educating them.
They did not send email with test results. They sent an email newsletter to an opt-in list that had no relation to test results.
It is meta-data that can be used to make inferences, and it should never have happened. But that is completely different from your baseless flame about deliberately sending medical data via email.
(Score: 2) by Ken_g6 on Thursday September 03 2015, @03:40PM
"Inability to use BBC..."? Especially since both "BCC" and "BBC" are present in the article rather close together? I couldn't figure out how the inability to use a TV/news network caused a leak.
(Score: -1, Troll) by Anonymous Coward on Thursday September 03 2015, @05:00PM
Wow. A double narcissism post.
First you demonstrate your selfishness by starting your post in the subject line, thus fucking up the flow of anyone reading the body of your post.
Then you ask a question that is practically no different than telling us about a dream you had last night.
Get over yourself.
(Score: 2, Interesting) by Anonymous Coward on Thursday September 03 2015, @03:42PM
Every email client should throw a fit and require an explicit manual over-ride whenever sending a message with multiple recipients. A window should pop-up containing a list of every recipient in a big font, it should pause for at least 5 seconds before the user even has the option to click OK. In the grand scheme of things, a 5 second pause is not a significant work-flow interruption, but it could literally be a life-saver.
Meanwhile, here's a story where the root problem is another broken tool - but instead of software, it's the law.
Activists Pursue Private Abortion Details Using Public Records Laws [propublica.org]
(Score: 0) by Anonymous Coward on Thursday September 03 2015, @11:58PM
When you give your email address to someone, thinking that the dumb bitch is only going to use it in the context you gave it to her, then she not only puts you on her bulk mailing list without your permission but uses CC instead of BCC (because, again, she's way more stupid than you ever imagined), you realize just how bad the CC-line-displayed-by-default thing in email clients is.
Yeah, I'm still pissed at this major breech of etiquette after these many years.
-- gewg_
(Score: 2) by Common Joe on Friday September 04 2015, @04:24AM
That and make it explicitly easy to see who is getting the email you are writing and explicitly easy to fill in the To, CC, and BCC fields. I last used Outlook a few years ago and it made it difficult to see who was in which field. At home I use Thunderbird and it's even worse to populate the boxes and see who is getting what. It's limited to three lines and each line can have To, CC, or BCC, but to see the whole list? You have to scroll thought those three lines and click on tiny individual hard-to-see buttons.
Hey... here's another idea that can help with this: Have premade lists default to CC or BCC (changeable by user).
(Score: 2) by albert on Thursday September 03 2015, @05:02PM
Why are we even helping people to hide the fact that they have a dangerous disease that could spread to others? Is it that we want to support them in lying about it, and thus in spreading it?
There is more justification for an HIV list than there is for a sex offender list.
There is nothing special about HIV. Quit thinking this has anything whatsoever to do with gay rights. The same applies to tuberculosis for example. This information should be public. It's for public safety.
(Score: 1, Insightful) by Anonymous Coward on Thursday September 03 2015, @05:50PM
> Why are we even helping people to hide the fact that they have a dangerous disease that could spread to others?
Go back to the 1980s.
If we don't give people medical privacy, they will avoid treatment all together. And then they won't even know they are contagious.
(Score: 0) by Anonymous Coward on Thursday September 03 2015, @10:44PM
We mandate testing. We report diseases by category, sending notification to neighbors and coworkers. We don't disclose the exact disease. For example, tuberculosis would be reported as "airborne". HIV would get reported as "sexual". (blood transmission too, but that applies to nearly everything so no point mentioning it) Leprosy would be reported as "contact". Polio and cholera would be reported as "fecal". Ebola is reported as, well, all of the above.
Nobody has to know exactly what you have, but everybody knows what general type of biohazard you are.
Embarassing? No, you'd get used to it. You'd be hearing about other people all the time, and so would everybody else. It wouldn't be such a big deal anymore. We'd all be safer this way.
(Score: 3, Insightful) by arslan on Thursday September 03 2015, @10:50PM
airborne you say? She's a WITCH!! Lets burn her!
(Score: 3, Insightful) by TheGratefulNet on Thursday September 03 2015, @06:01PM
methinks you have not walked in the shoes of those who may have a VERY different view point, having lived thru it.
people like you are the most dangerous kind; you are all too willing to sacrifice privacy for your own selfish reasons.
this is the most personal info and it has NO BUSINESS being public. I could care less what reasons you have; its wrong, its dangerous and if you ever had to be on the other side, you'd instantly understand how stupid and wrong it is!
"It is now safe to switch off your computer."
(Score: 0) by Anonymous Coward on Thursday September 03 2015, @10:55PM
I suppose I kind of like privacy, but I'll gladly sacrifice mine...
1. in exchange for others doing likewise
2. to help ensure the safety of others
3. for easier access to my own medical records
Just one of those reasons is probably enough. All three? Hell yeah.
Privacy is not some absolute good. There are many excellent reasons to give it up in varying degrees, both individually and for society as a whole.
(Score: 2) by tibman on Thursday September 03 2015, @05:11PM
Civilian HIV testing is really strange with privacy. They won't tell you results over the phone, won't send you results in the mail, won't have someone random meet you at the clinic to tell you. They are overly-serious and it takes a lot of time. You have to have an appointment to learn your results and it has to be a councilor or something. I had five tests while in the US Army and two as a civilian. The army one was the better way. You get a whole collection of diagnostic tests performed for one blood draw. If there is anything you need to know then you'll get a piece of paper explaining what's up and how to proceed. This was done annually. I'll bet there are so many civilians (maybe even me!) walking around with issues they don't know about (HIV) and will never get tested for. There just isn't a good mechanism to change that right now.
SN won't survive on lurkers alone. Write comments.
(Score: 0) by Anonymous Coward on Thursday September 03 2015, @06:39PM
> Civilian HIV testing is really strange with privacy.
That's because it isn't about privacy. You even inadvertently hit on it when you said they require a "councilor or something" - it is about making sure that the patient has the best possible options open to them if they need it. Anyone who is concerned enough to seek out a test isn't going to be put off from testing by a requirement that they come in for a full explanation of the results. Anyone who just casually wants to know and is getting tested because they happen to be in their doctor's office can wait until whenever is most convenient to get the results because they are much lower risk.
There is no 'perfect' course of action with respect to HIV testing, so the best they can do is come up with an approach that improves outcomes the most.
(Score: 2) by tibman on Thursday September 03 2015, @07:06PM
How does forcing you to meet with a councilor give you the best possible options? That is literally a restriction on your options. What if you wanted to opt for not speaking to anyone about it? You could also know for a fact that you are positive but your job requires annual testing (like the US Army). Making you come in to verify an unchangeable result is sub-optimal.
But you are right about it not being about privacy, i can agree with you there. It's about some sort of "we know what is best for you" thing veiled as protecting your privacy : )
SN won't survive on lurkers alone. Write comments.
(Score: 0) by Anonymous Coward on Thursday September 03 2015, @07:19PM
> How does forcing you to meet with a councilor give you the best possible options? That is literally a restriction on your options
Options for dealing with it.
You sound like one of those people who thinks the GPL is a fraud since you aren't free to remove the GPL from the code.
(Score: 2) by tibman on Thursday September 03 2015, @07:34PM
Lol, looking mature there, AC : ) You are advocating for a mandatory talk about options to deal with HIV, whether you are positive or not. Would you settle for a note that comes in the mail with your results that gave you a phone number to call if you wanted to discuss options?
If i am wrong, it isn't for the reason you are arguing. HIV testing in the US is too complicated to the point that nobody does it unless forced to. Also, i am open to discussing the GPL with you but not when you use it to derail an argument : )
SN won't survive on lurkers alone. Write comments.
(Score: 0) by Anonymous Coward on Thursday September 03 2015, @07:41PM
> Lol, looking mature there, AC : )
Really? What exactly in that post do you consider immature? Drawing the parallel between two forms of willful ignorance?
> You are advocating for a mandatory talk about options to deal with HIV, whether you are positive or not.
Yes. I am. Because treating negatives any different is a way to signal positives that they are positive without getting the counseling and is thus self-defeating.
> Would you settle for a note that comes in the mail with your results that gave you a phone number to call if you wanted to discuss options?
No. Because that is not how real people work. Robots, sure. But regular people, just giving them a phone number which they will avoid calling because they are in denial is not helpful.
> If i am wrong, it isn't for the reason you are arguing.
thanks for clearing that up, the maturity of your argument is indisputable.
(Score: 2) by tibman on Thursday September 03 2015, @08:38PM
Accusing me of being someone who thinks "the GPL is a fraud" is intended to derail the conversation and attack me at the same time. Pretending you were just drawing parallels between to very dissimilar things is silly.
That is an argument i think you could win. I will defer to current civilian practices of notifying people of cancer and other "important" life changing diagnoses. I have personally received the "You have cancer" talk and it was in person, so there is that.
I think that is weak because every carton of cigarettes says it will kill you and people still do it. Being notified in person versus reading it in a letter will result in the same level of denial.
I'm glad we're finally agreeing on something : )
SN won't survive on lurkers alone. Write comments.
(Score: 0) by Anonymous Coward on Thursday September 03 2015, @08:46PM
> Pretending you were just drawing parallels between to very dissimilar things is silly.
Whether you think it was an attack or not, your restatement of my intention as being to refer to dissimilar things is by far the most immature thing in this thread.
> I think that is weak because every carton of cigarettes says it will kill you and people still do it.
> Being notified in person versus reading it in a letter will result in the same level of denial.
What?
(A) Buying a pack of cigarettes is nothing even remotely like receiving a medical diagnosis.
(B) Sitting face to face with a person who is trained to mitigate denial is nothing like receiving a letter.
(Score: 0) by Anonymous Coward on Friday September 04 2015, @12:13AM
Put the person in a room that includes whatever they may want...
a lawyer for writing a will
professional-grade fireworks in case you need to celebrate
a 12-gauge magnum loaded with 00 buck shot in case you want to kill yourself or others
enough heroin to put down a blue whale
a low-latency gigabit connection for posting to facebook, youtube, and soylentnews
(Score: 2) by Gravis on Thursday September 03 2015, @08:53PM
I'm concerned who will get this information. If it ends up in the hands of the wrong people, such as hate groups, it could be dynamite."
while it is disconcerting that people lack the basic understanding of email, unless i'm missing something, everyone that got the email has HIV and this is not inclined to share the contents of the list. if you want to minimize the possibility of exposure, then BCC everyone on the list to delete the previous email for security reasons. sure, some that get the request will be too stupid to understand but it drastically reduces the number of computers with the information.
(Score: 1, Informative) by Anonymous Coward on Thursday September 03 2015, @08:58PM
> everyone that got the email has HIV and this is not inclined to share the contents of the list.
(1) No, just people who have gone to the clinic and signed up for email newsletters.
(2) Even if that were true, that would be terribly brittle. In case you haven't noticed, the internet makes it super easy to be anonymous. Gravis is your legal name, right?
(Score: 2) by cafebabe on Monday September 14 2015, @08:23AM
I assume that the list has been distributed because journalists interviewed three or more of the people affected. One of the people affected didn't seem very forthcoming.
1702845791×2
(Score: 2, Insightful) by Anonymous Coward on Friday September 04 2015, @07:21AM
I thought this was a tech site. Yet I've reached the bottom without seeing a single person ask why the f were they using an e-mail client for something that should have used an actual mailing list?
Mailing list software doesn't have a BCC field. It uses the SMTP envelope, and ignores the headers (or puts its own address in the To header, to please spam filters). Technically, the end result is the same as using the BCC field, with the exception that there is no option to put stuff in the wrong field, because there is no fields.
Outlook should not be used for mailing lists. Mailing list software should.
(Score: 2) by cafebabe on Monday September 14 2015, @08:52AM
I considered outsourcing but unless every recipient agrees to every change of outsourcer, that would be the equivalent of a HIPAA violation. There's also a Euro-socialist attitude against "You can only receive a digital copy of our public-sector mailing list if you agree to receive it via our preferential private-sector provider (who double-dib-dib, cub-scout's-honor, absolutely swears to us that they hold your personal information securely)."
I hadn't considered desktop mailing list software but they very probably have a standardized, locked-down desktop - and the last thing you want to do is give these clowns *more* ability to send data outside of their organization.
1702845791×2