Campus administrators and faculty are not immune to the email plague of phishing. That became evident at the University of California at San Francisco School of Medicine (UCSF) this week when a physician was fooled into revealing a username and password to hackers. An official looking email made to look like it was sent by university computer security staff asked the doc to provide the information. It is unclear whether any sensitive information was accessed but the employee’s email account did include information about patients, including demographic and clinical data as well as Social Security numbers of four patients. Though commonly thought of in financial circles, it is clear that campus employees and faculty need to be educated about such threats and remain vigilant.  

Australia plans to crack down on welfare and medical fraud cheats, according to a news report in the West Australian. To do so, the Australian Government along with the Human Services Agency will introduce a plan that will assign each of its citizens with a virtual ID card.

The government plans to centralize information from various human services agencies including Medicare, Centrelink, the Child Support Agency, Australian Hearing and CRS Australia, who coordinate rehabilitation services for people with disabilities, injuries or other health problems. 

Two-factor authentication isn’t always enough as fraudsters have found vulnerabilities in some of these system, according to a report from Gartner Inc.

Trojan-based, man-in-the-browser attacks have evaded strong two-factor authentication, enabled through one-time password tokens. Other strong authentication factors, such as those using chip cards and biometric technology that rely on browser communications, can also be defeated. 

SMART Association Inc. announced that Wyckoff Heights Medical Center of Brooklyn, New York, will implement a health care smart card program. The program, slated to issue more than 110,000 smart cards to Wyckoff’s patients and will start deployment in the first quarter of 2010.

Over the next two years, patients will be issued a Wyckoff Heights Medical Center smart card that will carry patient’s individual demographic information and important medical information such as medical conditions, allergies and medications. 

ActivIdentity Corp., a provider of strong authentication and credential management, announced that it had entered into an agreement to acquire CoreStreet Ltd., a provider of distributed identity credential validation solutions.

ActivIdentity will pay approximately $20 million, primarily cash, but also include stock and warrants. The acquisition is subject to closing conditions and is expected to be completed in December. 

Gemalto announced that Banca Intesa in Serbia has selected its Ezio Classic reader to secure e-commerce services.

The reader will enable users to make online purchases with EMV security. Banca Intesa determined to implement Gemalto’s authentication solution to protect its online customers from card-not-present fraud.

To operate the Ezio Classic reader users insert their banking card into the reader and enter their PIN code on the keypad; the device then generates a one-time-password that is used to complete the purchase.  

The December meeting of the Government Smart Card Interagency Advisory Board (IAB) was recently held in Washington D.C. FIPS201.com was on hand to cover the event and has provided, as a service to the IAB and the smart card community, an audio recording of the presentations. Click on the link below to access a list of audio and accompanying PowerPoint slides (in pdf format).

Visit FIPS201.com to hear the presentations and view the slides.