Pharmacare, Harvard Try To Shut Down Security Hole

cfusion writes "CVS's drug insurance wing Pharmacare and Harvard University have taken steps to shut down a security hole that would have allowed anyone on the Internet to view any Harvard affiliate's drug history, a possible violation of Federal laws concerning medical records (HIPAA). The Boston Globe has the story, which came after the vulnerabilities were discovered by two reporters for the school newspaper (that story has screenshots that show just how easy it was). Raises interesting questions about computer security and using ID numbers as passwords."

Yes!

[drivinghighway61]

Yet another victory for the blogosphere!

What's that? Oh, you say it was print journalists?

Sorry, never mind everyone!

Harvard?

[RobertTaylor]

It was probably designed by females... ...as we all know there are biological differences in men's and women's abilities ;)

Re:Raises questions?

[BandwidthHog]

use non-private ID numbers as passwords

I'm told there's a large, affluent first world country where this is the norm. Every citizen is issued a nine digit identifier, which is then used for the rest of their life as both username and password for various reasons, both important and trivial.

But that's probably just an urban legend.