New searchable website for Constitution Annotated

New searchable website for Constitution Annotated

The Library of Congress has created a new website for its Constitution Annotated, known officially as the “Constitution of the United States of America: Analysis and Interpretation.” For over 100 years, Constitution Annotated has served as the authoritative source for the American public to learn about the nation’s founding document alongside Supreme Court decisions that have expounded upon and refined it. The newest update, announced just in time for Constitution Day on September 17, is the latest in a string of efforts to bring the project fully into the digital era.

The new site, constitution.congress.gov, is home to a revamped, user-friendly version of the 3,000-page document, which for the first time ever is fully digitally searchable by the general public.

Librarian of Congress Carla Hayden described the site launch as “a great example of what we mean when we say we’re putting our users first.” Hayden emphasized that the new version transforms “the most comprehensive analysis of our Constitution” into a database that is “easier for everyone to use.”

The post New searchable website for Constitution Annotated appeared first on SCOTUSblog.

Putin aims a weaponised barb at Trump over Saudi attack – and hits the mark

Russian President Vladimir Putin joked this week about selling defense systems to Riyadh following weekend attacks on Saudi oil facilities. The gag was aimed at US President Donald Trump and it hit the mark with the precision of a guided weapon.

Source: Putin aims a weaponised barb at Trump over Saudi attack – and hits the mark

Millions of Americans’ Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek.

HIPPA violation numero uno!

by Jack Gillum, Jeff Kao and Jeff Larson

Medical images and health data belonging to millions of Americans, including X-rays, MRIs and CT scans, are sitting unprotected on the internet and available to anyone with basic computer expertise.

The records cover more than 5 million patients in the U.S. and millions more around the world. In some cases, a snoop could use free software programs — or just a typical web browser — to view the images and private data, an investigation by ProPublica and the German broadcaster Bayerischer Rundfunk found.

Get Our Top Investigations

Subscribe to the Big Story newsletter.

Don’t miss out on ProPublica’s next investigation. Sign up and get the Big Story email whenever we break news.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

We identified 187 servers — computers that are used to store and retrieve medical data — in the U.S. that were unprotected by passwords or basic security precautions. The computer systems, from Florida to California, are used in doctors’ offices, medical-imaging centers and mobile X-ray services.

The insecure servers we uncovered add to a growing list of medical records systems that have been compromised in recent years. Unlike some of the more infamous recent security breaches, in which hackers circumvented a company’s cyber defenses, these records were often stored on servers that lacked the security precautions that long ago became standard for businesses and government agencies.

“It’s not even hacking. It’s walking into an open door,” said Jackie Singh, a cybersecurity researcher and chief executive of the consulting firm Spyglass Security. Some medical providers started locking down their systems after we told them of what we had found.

Our review found that the extent of the exposure varies, depending on the health provider and what software they use. For instance, the server of U.S. company MobilexUSA displayed the names of more than a million patients — all by typing in a simple data query. Their dates of birth, doctors and procedures were also included.

Alerted by ProPublica, MobilexUSA tightened its security last week. The company takes mobile X-rays and provides imaging services to nursing homes, rehabilitation hospitals, hospice agencies and prisons. “We promptly mitigated the potential vulnerabilities identified by ProPublica and immediately began an ongoing, thorough investigation,” MobilexUSA’s parent company said in a statement.

[How do I know if my medical imaging data is secure? Read more.]

Another imaging system, tied to a physician in Los Angeles, allowed anyone on the internet to see his patients’ echocardiograms. (The doctor did not respond to inquiries from ProPublica.)

All told, medical data from more than 16 million scans worldwide was available online, including names, birthdates and, in some cases, Social Security numbers.

Experts say it’s hard to pinpoint who’s to blame for the failure to protect the privacy of medical images. Under U.S. law, health care providers and their business associates are legally accountable for securing the privacy of patient data. Several experts said such exposure of patient data could violate the Health Insurance Portability and Accountability Act, or HIPAA, the 1996 law that requires health care providers to keep Americans’ health data confidential and secure.

A scan obtained by ProPublica that was accessed by a security researcher from a U.S. server with no password security. ProPublica removed private patient information from it before publication.

Although ProPublica found no evidence that patient data was copied from these systems and published elsewhere, the consequences of unauthorized access to such information could be devastating. “Medical records are one of the most important areas for privacy because they’re so sensitive. Medical knowledge can be used against you in malicious ways: to shame people, to blackmail people,” said Cooper Quintin, a security researcher and senior staff technologist with the Electronic Frontier Foundation, a digital-rights group.

“This is so utterly irresponsible,” he said.

The issue should not be a surprise to medical providers. For years, one expert has tried to warn about the casual handling of personal health data. Oleg Pianykh, the director of medical analytics at Massachusetts General Hospital’s radiology department, said medical imaging software has traditionally been written with the assumption that patients’ data would be secured by the customer’s computer security systems.

But as those networks at hospitals and medical centers became more complex and connected to the internet, the responsibility for security shifted to network administrators who assumed safeguards were in place. “Suddenly, medical security has become a do-it-yourself project,” Pianykh wrote in a 2016 research paper he published in a medical journal.

ProPublica’s investigation built upon findings from Greenbone Networks, a security firm based in Germany that identified problems in at least 52 countries on every inhabited continent. Greenbone’s Dirk Schrader first shared his research with Bayerischer Rundfunk after discovering some patients’ health records were at risk. The German journalists then approached ProPublica to explore the extent of the exposure in the U.S.

Schrader found five servers in Germany and 187 in the U.S. that made patients’ records available without a password. ProPublica and Bayerischer Rundfunk also scanned Internet Protocol addresses and identified, when possible, which medical provider they belonged to.

ProPublica independently determined how many patients could be affected in America, and found some servers ran outdated operating systems with known security vulnerabilities. Schrader said that data from more than 13.7 million medical tests in the U.S. were available online, including more than 400,000 in which X-rays and other images could be downloaded.

The privacy problem traces back to the medical profession’s shift from analog to digital technology. Long gone are the days when film X-rays were displayed on fluorescent light boards. Today, imaging studies can be instantly uploaded to servers and viewed over the internet by doctors in their offices.

In the early days of this technology, as with much of the internet, little thought was given to security. The passage of HIPAA required patient information to be protected from unauthorized access. Three years later, the medical imaging industry published its first security standards.

Our reporting indicated that large hospital chains and academic medical centers did put security protections in place. Most of the cases of unprotected data we found involved independent radiologists, medical imaging centers or archiving services.

One German patient, Katharina Gaspari, got an MRI three years ago and said she normally trusts her doctors. But after Bayerischer Rundfunk showed Gaspari her images available online, she said: “Now, I am not sure if I still can.” The German system that stored her records was locked down last week.

We found that some systems used to archive medical images also lacked security precautions. Denver-based Offsite Image left open the names and other details of more than 340,000 human and veterinary records, including those of a large cat named “Marshmellow,” ProPublica found. An Offsite Image executive told ProPublica the company charges clients $50 for access to the site and then $1 per study. “Your data is safe and secure with us,” Offsite Image’s website says.

The company referred ProPublica to its tech consultant, who at first defended Offsite Image’s security practices and insisted that a password was needed to access patient records. The consultant, Matthew Nelms, then called a ProPublica reporter a day later and acknowledged Offsite Image’s servers had been accessible but were now fixed.

“We were just never even aware that there was a possibility that could even happen,” Nelms said.

In 1985, an industry group that included radiologists and makers of imaging equipment created a standard for medical imaging software. The standard, which is now called DICOM, spelled out how medical imaging devices talk to each other and share information.

We shared our findings with officials from the Medical Imaging & Technology Alliance, the group that oversees the standard. They acknowledged that there were hundreds of servers with an open connection on the internet, but suggested the blame lay with the people who were running them.

“Even though it is a comparatively small number,” the organization said in a statement, “it may be possible that some of those systems may contain patient records. Those likely represent bad configuration choices on the part of those operating those systems.”

Meeting minutes from 2017 show that a working group on security learned of Pianykh’s findings and suggested meeting with him to discuss them further. That “action item” was listed for several months, but Pianykh said he never was contacted. The medical imaging alliance told ProPublica last week that the group did not meet with Pianykh because the concerns that they had were sufficiently addressed in his article. They said the committee concluded its security standards were not flawed.

Pianykh said that misses the point. It’s not a lack of standards; it’s that medical device makers don’t follow them. “Medical-data security has never been soundly built into the clinical data or devices, and is still largely theoretical and does not exist in practice,” Pianykh wrote in 2016.

ProPublica’s latest findings follow several other major breaches. In 2015, U.S. health insurer Anthem Inc. revealed that private data belonging to more than 78 million people was exposed in a hack. In the last two years, U.S. officials have reported that more than 40 million people have had their medical data compromised, according to an analysis of records from the U.S. Department of Health and Human Services.

Joy Pritts, a former HHS privacy official, said the government isn’t tough enough in policing patient privacy breaches. She cited an April announcement from HHS that lowered the maximum annual fine, from $1.5 million to $250,000, for what’s known as “corrected willful neglect” — the result of conscious failures or reckless indifference that a company tries to fix. She said that large firms would not only consider those fines as just the cost of doing business, but that they could also negotiate with the government to get them reduced. A ProPublica examination in 2015 found few consequences for repeat HIPAA offenders.

A spokeswoman for HHS’ Office for Civil Rights, which enforces HIPAA violations, said it wouldn’t comment on open or potential investigations.

“What we typically see in the health care industry is that there is Band-Aid upon Band-Aid applied” to legacy computer systems, said Singh, the cybersecurity expert. She said it’s a “shared responsibility” among manufacturers, standards makers and hospitals to ensure computer servers are secured.

“It’s 2019,” she said. “There’s no reason for this.”


How Do I Know if My Medical Imaging Data is Secure?

If you are a patient:

If you have had a medical imaging scan (e.g., x-ray, CT scan, MRI, ultrasound, etc.) ask the health care provider that did the scan — or your doctor — if access to your images requires a login and password. Ask your doctor if their office or the medical imaging provider to which they refer patients conducts a regular security assessment as required by HIPAA.

If you are a medical imaging provider or doctor’s office:

Researchers have found that picture archiving and communication systems (PACS) servers implementing the DICOM standard may be at risk if they are connected directly to the internet without a VPN or firewall, or if access to them does not require a secure password. You or your IT staff should make sure that your PACS server cannot be accessed via the internet without a VPN connection and password. If you know the IP address of your PACS server but are not sure whether it is (or has been) accessible via the internet, please reach out to us at medicalimaging@propublica.org.

12829190.gif

Ranchers in one border town, losing their lands to Trump’s immigration wall, have their sights set on 2020 election too

By Marisa Treviño

Latina Lista

Real estate moguls, hotel entrepreneurs and land developers must have thought they hit pay dirt when one of their own was elected president. But recent headlines reveal that their enthusiasm is running dry.

Nowhere is that more evident than in Laredo, Texas where border security is butting heads with landowner rights.

Ever since Trump renewed his rallying cry that 52 miles of border wall along the Rio Grande must be built — even though Acting U.S. Customs and Border Protection Commissioner Mark Morgan recently reported migrant crossings have declined — landowners in this border town have been meeting regularly, according to the Laredo Morning Times.

The eleven ranch owners of Webb County are mad at Trump’s government. Not because they don’t believe in border security. They’re all for drones, more border agents and other high-tech devices to monitor who comes and goes across their lands. What they’re not happy about is how the government is doing this.

“Basically the federal government comes in and expropriates the property without permission, without due process. Then you argue about the price later. They just build it,” Ranch owner Steve LaMantia said. “They don’t even give you an insurance policy in case someone gets hurt on your property.”

As of now, the odds of these ranchers losing longheld family property is high.

Adding insult to injury for these ranchers is that Webb County is not even considered a high-traffic area, according to Laredo’s Rep. Henry Cuellar. In fact, Cuellar sees only one solution to these ranchers’ dilemma – for Trump to lose in 2020.

And as mad as LaMantia and the other ranchers, along with all of the other border property owners whose rights and land inheritances have been trampled on by this White House, they may be the first in line at the voting polls to see that it happens.

Democrats have long blamed ‘culture’ for black poverty. Joe Biden is no exception | Bhaskar Sunkara | Opinion | The Guardian

Why, then, this obsession on what poor people, particularly poor black people, are doing wrong? It’s simple: both Democrats and Republicans have preferred a patchwork, punitive and degrading welfare state over an efficient, well-funded, universal one. They’d rather blame the oppressed than lift them out of oppression. They’d rather talk about culture than challenge corporations.

Source: Democrats have long blamed ‘culture’ for black poverty. Joe Biden is no exception | Bhaskar Sunkara | Opinion | The Guardian