Advocates for the Blind Sue Over Wi-Fi Kiosks

New York City’s public Wi-Fi kiosks aren’t sufficiently accessible to blind people, according to claims made in a lawsuit filed Thursday by attorneys representing advocates for the disabled.

Source: www.wsj.com

The kiosks include Braille labels next to a 911 button and a headphone jack. The kiosk’s touch-screen tablet is also at a level so that those in a wheelchair are able to use it, according to a CityBridge spokesman.

 

———————————————

 

Mindy Jacobsen, a 65-year-old Brooklyn resident, is one of three blind residents suing the city. Last week, Ms. Jacobsen, who teaches technology courses in Manhattan, said she plugged her headphones into a kiosk on Eighth Avenue, hoping to use it for directions. But the maps feature was on the touch screen, which Ms. Jacobsen couldn’t use.

 

A 911 call can only be placed when an on-screen prompt is pressed.

 

 

Danbury area grapples with ADA

Most people know that the Americans with Disabilities Act requires many institutions, including governments, to install curb cuts, wheelchair ramps and handicapped parking spaces. Approved by Congress in 1990 and updated in 2010, the ADA aims to provide equal access to those with a wide range of disabilities. Under the ADA, every municipality is required to have a compliance officer responsible for staying current with regulations and handling requests and complaints from disabled residents. Tony Phillips, Ridgefield’s director of social services, doubles as ADA compliance officer, a common arrangement in smaller towns. “It’s really unfortunate that it took an act of Congress to force municipalities to be inclusive and allow people with physical challenges into their business and civic activities,” Knickerbocker said. Ridgefield also plans to add wheelchair-friendly walkways from the high school to the visitors’ bleachers at a nearby athletic field — an amenity that wasn’t considered when the bleachers were designed and installed. The town is also buying a special cart for the town-owned golf course that raises handicapped players to a standing position so they can swing a club.

Source: www.newstimes.com

OHSU pays nearly $3 million over two data breaches in 2013

The university has signed an agreement with the U.S. Department of Health and Human Services to pay $2.7 million and carry out a three-year corrective plan over two breaches in 2013 that involved more than 7,000 patients.

Source: www.oregonlive.com

From HISTALK – Oregon Health & Science University will pay $2.7 million to settle charges stemming from two 2013 data breaches involving 7,000 patients, one the theft of a surgeon’s unencrypted laptop from his vacation home and the other caused by medical residents who stored patient information in cloud-based Google Docs. That’s a big penalty considering there’s no proof anyone actually saw or used the patient information.

U.S. Access Board Holds July Meeting

The U.S. Access Board recently convened for its July meeting. On July 11 and 12, Board members met in committee to advance agency rulemaking, review agency programs and operations, and attend presentations on various subjects. They also held meetings with several organizations as part of an agency outreach initiative. At the full meeting of the Board on July 13, which was streamed live, members received reports on these activities and a new member to the Board was sworn in.

New Board Member

Board member Shelley Siegel, FASID and Board Chair Sue Swenson
Shelley Siegel, FASID (right) with Access Board Chair Sue Swenson

Board members welcomed Shelley Siegel, FASID of Lake Worth, Florida to their ranks. Siegel, who was appointed to the Board by President Obama in May, was sworn in by Board Chair Sue Swenson. Siegel is the founder and president of Universal Design and Education Network, an interior design firm that specializes in universal design in residential and commercial projects. She has also been consulting designer of the Siegel Design Group, Inc. since 1972 and is a Fellow of the American Society of Interior Designers (ASID) and a member of the Design Alliance for Accessible Sustainable Environments.

Board Rulemaking

The Board is taking steps to conclude rulemaking in several areas, including new or updated accessibility guidelines and standards for information and communication technology (ICT), transportation vehicles, public rights-of-way, and medical diagnostic equipment.

ICT Refresh

The Board is working to complete a final rule to refresh its accessibility requirements for ICT covered by Section 508 of the Rehabilitation Act and Section 255 of the Communications Act. The Board has finalized the text of the rule and is in the process of completing a companion discussion of the rule, referred to as the “preamble,” and the necessary cost-benefit analysis or “regulatory assessment.” During the July meeting, the Board heard a progress report on the regulatory assessment from its contractor. The Board is scheduled to vote on the full package later this summer and will then submit it to the Office of Management and Budget (OMB) for review. Once the rule is cleared by OMB, it will be published in the Federal Register and posted on the Board’s website.

Update of ADA Accessibility Guidelines for Buses and Vans

Rulemaking is underway to update the Board’s ADA Accessibility Guidelines for Transportation Vehicles. In May, the Board completed work on a final rule that updates guidelines for buses and vans which is currently under review by OMB. The Board will publish the rule once cleared by OMB and will then proceed with rulemaking to update portions of the vehicles guidelines covering rail cars according to recommendations it received from an advisory panel it chartered, the Rail Vehicles Access Advisory Committee, which submitted its report to the Board last year.

Medical Diagnostic Equipment Standards

Under the Affordable Care Act, the Board is developing new standards for medical diagnostic equipment, including examination tables and chairs, weight scales, radiological equipment, and mammography equipment. The Board is working to complete the final rule, including the preamble and regulatory assessment, for OMB’s review.

Guidelines for Public Rights-of-Way and Shared-Use Paths

The Board also is completing work on new guidelines that will address access to public streets and sidewalks and shared-use paths. The text of the guidelines has been finalized, and the Board is preparing the preamble and regulatory assessment.

Presentations

The Board often invites guest speakers to its meetings to present information on various topics, including accessibility initiatives, new access challenges or “frontier issues,” innovative technologies or product solutions, and research results. At the July meeting, members received a presentation by Michele Erwin, the founder and president of All Wheels Up, Inc. an advocacy organization for improved accessibility aboard airplanes. The organization is promoting development and testing of restraint systems to accommodate wheelchairs aboard planes so that users do not have to transfer to boarding chairs and airplane seats.

In addition, Seanna Kringen, a Research Associate with Beneficial Designs, briefed the Board on new standards for accessible fitness equipment developed by the American Society for Testing and Materials (ASTM) and the Rehabilitation Engineering and Assistive Technology Society of North America (RESNA). She was joined by Ryan Eder, Founder & Chief Executive Officer of IncludeFitness Inc., who demonstrated examples of accessible fitness equipment developed in accordance with the new ASTM standards.

Outreach to Agencies and Organizations

Laptop with BoardBoard members and staff touring ASID’s new offices in Washington, D.C.
Board members and staff tour ASID’s new offices in Washington, D.C.

 

Over the past year, Board members have visited various agencies and organizations to learn more about their work and areas of mutual interest and to share information on Board resources, services, and initiatives. These discussion also have explored potential partnerships in publicizing the work of the Board, conducting trainings and webinars jointly, and promoting research. In July, Board members met with representatives of ASID, the American Institute of Architects, the American Public Transportation Association, and the Information Technology Industry Council. Board members previously visited the Department of Health and Human Services, the American Hotel & Lodging Association, the National Association of Counties, the National Restaurant Association, and others.

Next Board Meeting

The Board meets every two months. The next Board and committee meetings will take place September 12 – 14. Subscribe to Board news to receive updates on upcoming meetings and other Board events and activities.

Twitter Locks 32 Million Accounts After Breach

Twitter locked millions of user accounts in response to password leak.

Source: www.pymnts.com

It was reported that the login credentials of more than 32 million Twitter users were compromised. According to LeakedSource, which indexes hacked credentials from data breaches, the credentials are being traded on the Dark Web for about 10 bitcoin a pop or a little under $6,000.

 

LeakedSource goes on to note that passwords are stored as plain text files, and many seem to be attached to Russian users. That detail indicates that the passwords were stolen from users, as opposed to through a hack into Twitter’s central systems.

In response to the leak, Twitter quickly initiated forced resets for many of its users.

 

As Fortune reported, Twitter remains adamant that its systems were not breached. But either way, the validity of many of the credentials led the company to react by locking down a number of accounts until the owners manually reset their passwords.

Wendy’s Admits Data Breach Much Worse Than Previously Reported

Wendy’s Admits Data Breach Much Worse Than Previously Reported

Click here to edit the content

Source: www.lowcards.com

Wendy’s announced the number of stores affected in a recent data breach is “considerably higher” than the previously reported 300 stores.

 

Initially, the fast food chain discovered malware on its POS system at 5% of its franchisee-owned locations. However, they have recently uncovered a variant of the first malware.

“The attackers used a remote access tool to target a point-of-sale system that, as of the May 11th announcement, the Company believed had not been affected. This malware has been discovered on some franchise restaurants’ POS systems, and the number of franchise restaurants impacted by these cybersecurity attacks is now expected to be considerably higher than the 300 restaurants already implicated,” the restaurant said in its press release.

 

The release said the company has disabled the malware “on all franchise restaurants where it has been discovered” and it “continues to work aggressively with its experts and federal law enforcement to continue its investigation.”

 

Both security expert Brian Krebs and the National Association of Federal Credit Unions have accused Wendy’s of minimizing the issue, and have said the breach could be larger than the ones that affected Target(40 million customers) and Home Depot (56 million customers).

DOJ has launched a new Accessible Technology section for ADA.gov, its Americans with Disabilities Act (ADA) Web site

To further assist covered entities and people with disabilities to understand how the ADA applies to certain technologies, such as Web sites, electronic book readers, online courses, and point-of-sale devices. 

Source: www.ada.gov

Covered entities have longstanding obligations to make their programs, goods, services, and activities accessible—including those they provide online or via other technology.  The new Web pages compile in one place the Department’s technical assistance and guidance about accessible technology, as well as information about the Department’s accessible technology enforcement efforts, regulation development, and other federal accessible technology resources and initiatives.

PCI imposing new payments security rules as of April 28

When the PCI Security Council issues its new payments security requirements on Thursday, it is going to impose new rules about authentication and service providers. What is intriguing about the new edicts is that it shows the council’s new acknowledgment that to protect payment, protections have to happen in the larger corporate universe.

Source: www.computerworld.com

The big change is requiring new multifactor authentication for anyone with access to the datastore. Good rule, just a little late to the party so to speak.

News from U.S. Access Board – March/April 2016

Access Currents 
News from the U.S. Access Board  •  March/ April 2016

 


Board to Hold Town Hall Meeting in Seattle on May 10

Seattle skyline

The Access Board will hold a town hall meeting in Seattle onMay 10 at the University of Washington. The event will feature a panel discussion on implementation of accessibility requirements at the state and local levels and another on access to public transportation, including bus and rail systems and passenger vessels. Both panels will consist of speakers from the Seattle area and will be moderated by Board members.

An open forum will follow to allow members of the public to make comments or pose questions to the Board. The Board will provide a briefing on its mission and work and an update on its rulemaking activities under the ADA and other laws. The event will take place from 1:30 to 5:00 at the University of Washington Student Union. Registration is not required. Attendees are requested to refrain from using perfume, cologne, and other fragrances for the comfort of all participants.

For further information, contact David Baquis at baquis@access-board.gov, (202) 272–0013 (voice), or (202) 272–0071 (TTY).

U.S. Access Board Panel Discussions and Town Hall Meeting
May 10, 1:30 – 5:00
Husky Union Building (the HUB), Room 250 (2nd floor)
University of Washington
4001 East Stevens Way, NE
Seattle, WA 98195-2230

Schedule of Events
• Welcome and Update on Access Board Activities
• Panel Discussion on Implementation of Accessibility Requirements
• Panel Discussion on Public Transportation Accessibility
• Open Forum

back to top


Board to Release Next Installment of the Online Guide to the ADA and ABA Standards

Person using wheelchair at car parked in accessible spaceIn May, the Board will release the next installment of its online guide to the ADA and the Architectural Barriers Act (ABA) Accessibility Standards. This material will cover Chapter 5 of the standards (General Site and Building Elements) and address accessible parking, passenger loading zones, and stairways. Technical bulletins on these subjects will explain and illustrate requirements, answer common questions, and offer best practice recommendations. The installment also will include an animation on accessible parking and passenger loading zones.

The Guide to the ADA Standards covers design requirements for places of public accommodation, commercial facilities, and state and local government facilities covered by the ADA. The Guide to the ABA Standards addresses similar standards that apply under the ABA to facilities that are designed, constructed, altered, or leased with federal funds. Bulletins on the first four chapters of the standards are currently available, as are animations on wheelchair maneuvering, entrances and doors, toilet and bathing facilities, and protruding objects.

Sign up for email updates to be notified of the release of these and future installments to the guide.

 

back to top


ASTM International Proposes Standard for Sidewalk Smoothness Based on Board Study

ASTM International logoRough and uneven surfaces can be uncomfortable, even painful, for people who use wheeled mobility aids. ASTM International, an organization that develops voluntary consensus standards, is proposing a new standard for the smoothness of sidewalk surfaces to ensure that they can be comfortably traversed by everyone, including those who use wheelchairs, scooters, and wheeled walkers, as well as people with strollers and roller boards. While there are ways to measure and analyze surface roughness for roadways, none are appropriate for pedestrian pathways.

According to ASTM International, the new standard will describe a method to collect and analyze data from a sidewalk to determine its roughness. The ASTM Committee E17 on Vehicle-Pavement Systems is overseeing its development.

The proposed standard, “Practice for Computing Pathway Roughness Index from Longitudinal Profile Measurements” (WK41917), is based on the results of a study funded by the Board that used subject testing to examine how the roughness of pathway surfaces impacts wheelchair travel. Conducted by the Human Engineering Research Laboratories at the University of Pittsburgh, the project measured body vibrations resulting from travel across various types of bumpy or uneven surfaces, including existing sidewalks and simulated surfaces. The results indicated a high correlation between surface roughness and exposure to whole body vibrations. Some test surfaces were rated as unacceptable by over half of the subjects due to the discomfort they caused. Based on the findings, researchers recommended a method and protocol for measuring surface roughness as the basis for a new standard. The project report, which is available on the Board’s website, also provides recommendations for a sidewalk roughness index threshold and for the design of a measurement device.

For further information on the new standard, visit ASTM International’s website or contact Julie Lively at jlively@astm.org or (610) 832-9681.

 

back to top


Upcoming Board Webinars

laptop with Access Board seadThe next webinar in the Board’s free monthly series will take place May 5from 2:304:00 (ET) and will cover pedestrian signals that are accessible to all pedestrians, including those with vision impairments. A representative from the Federal Highway Administration will join Board staff in reviewing available signaling technologies and applicable provisions in the Manual on Uniform Traffic Control Devices. Other features of accessible intersections and street crossings, including curb ramps and detectable warnings, will be covered as well.

Visit www.accessibilityonline.org for more information or to register for the webinar. Questions can be submitted in advance of the session (total limited to 25) or can be posed during the webinar. Webinar attendees can earn continuing education credits. The webinar series is hosted by the ADA National Network in cooperation with the Board. Archived copiesof previous Board webinars are available on the site.

 

back to top


DOT to Undertake Negotiated Rulemaking on Air Travel Access Issues

DOT sealThe Department of Transportation (DOT) announced plans to conduct a negotiated rulemaking on air travel accessibility through a committee of stakeholders and interested parties. This effort will address access to in-flight communications and entertainment, accessible restrooms on single-aisle aircraft, and coverage of service animals and supplement DOT’s regulations under the Air Carrier Access Act (ACAA) which prohibits discrimination on the basis of disability in air travel.

As outlined in a published notice, DOT plans to form a negotiation committee that will represent disability groups, airlines, airports, aircraft manufacturers, and other stakeholders. DOT plans to name approximately 25 members to the committee based on nominations received in response to the notice. The Accessible Air Transportation Advisory Committee will be responsible for adopting consensus recommendations on how DOT should address these issues through its ACAA regulations. It is expected to meet monthly from May to October 2016.

For further information, contact Livaughn Chapman at livaughn.chapman@dot.gov or Blane A. Workie at blane.workie@dot.gov, or call (202) 366-9342.

What Hackers Do With Compromised WordPress Sites

We often talk to site owners who are surprised that their sites are targeted by attackers. Most of them assume that if there isn’t any juicy data to steal, like credit card numbers, that compromising their site is a worthless exercise. Unfortunately they are wrong. Aside from data, a compromised site’s visitors can be monetized …

Source: www.wordfence.com

Good informative read.

Kinvey, Google Launch HIPAA Compliant Mobile Backend as a Service

Kinvey, the leading enterprise mobile Backend as a Service (mBaaS), today launched a HIPAA compliant mBaaS on Google Cloud Platform.

Source: hitconsultant.net

The fully-managed service will allow healthcare providers and pharma businesses to more rapidly adopt mobile strategies and mHealth, like connected medical devices, patient adherence apps to manage chronic diseases, apps for clinical trials.

 

This is a significant announcement for Kinvey + Google in the healthcare space — leapfrogging the likes of AWS, Microsoft  Azure and IBM — who don’t have a similar complete offering for the healthcare and pharma industry.

Healthcare ransomware – Two new ransomware strains discovered, can spread even when offline

“Even if your network’s connection is shut off, it can encrypt anything and everything it has access to,” Kim said. “All that you need is the email; even if you’re offline, that won’t protect you.”

Both viruses encrypt data and files – including backups on the network, while Maktub can also compress the encrypted files and data. Strong encryption is used to hold the files, until the encryption key is released by the attacker.

Source: www.healthcareitnews.com

“There are more and more healthcare organizations getting hit, but it’s because the virus has evolved into this complex beast on how it’s deployed,” Kim said.

She recommended that healthcare organizations backup data in real-time, in order to revert to those files without losing information in case of an attack. Organizations also need store data offline, and networks should be segmented with a properly-configured firewall with routine risk assessments.

“We need to make sure we have a complete, strong security program that blocks the malware we know about,” Kim said. “So if something gets into our system, we can stop and eradicate it to stop the bleed. It’s also really important to block and tackle what you can – and have a plan.”

Kim added that there’s no substitute for good security.

“It really is a battle between these cyber criminals and the rest of us,” she said. “There definitely is a learning curve, but we can benefit as a community to try to build these solutions together.”

Is Your Jury Operation ADA Compliant?

How can your jury operation accommodate someone with a disability and provide the same access as everyone else? Where are the areas to focus on?

Source: web.courthouse-technologies.com

The first place to review is your self-service, online functionality. The second area of your jury operation you can address is the juror check-in and attendance process. Finally, increasing the array of methods you provide jurors to access their jury information, the more likely you are to be ADA compliant. You can accommodate a greater portion of your juror-eligible population by providing a wider range of options. For example, if a person cannot see, they may be able to use an IVR telephony system.

News 4/1/16 | HIStalk

Top News Insiders and the FBI confirm that ransomware is behind the MedStar Health total downtime that continues after several days. The 10-hospital system

Source: histalk2.com

Insiders and the FBI confirm that ransomware is behind the MedStar Health total downtime that continues after several days. The 10-hospital system says it has regained read-only access to its clinical systems and hopes to restore them completely. The hackers are demanding $1,250 per PC to remove the encryption they installed or $18,500 to restore access to all of them. The hacker’s message says the information will be permanently destroyed after 10 days.

 

 

Sources indicate that the ransomware involved is SamSam or Maktub, which are the subject of a March 25 urgent alert from the FBI. They appear to specifically target hospitals. The malware probes the network looking for unpatched enterprise servers and requires no communication with external systems once installed, so unlike most forms of malware, it does not use phishing attacks. SamSam allows communication between the hackers and their victims, allowing them to negotiate payment terms. Hackers appear to be experimenting with the value of their services, pricing initial attacks low but escalating to see how much victims are willing to pay to restore their data.

An apparent network entry point is JexBoss, a testing tool for JBoss application servers.

Ontario hospital website may have infected visitors with ransomware

Drive-by download

The file was served in a “drive-by download” attack, Segura said, meaning you don’t have to click on anything on the page.

“You just go to the site that’s compromised, and within a few seconds, malware is downloaded onto your computer and that’s it,” he told CBC News.

In this case, visitors to the site would have included patients, their families and staff who accessed a staff portal with schedules and an internal directory via the website.

Security researcher Jerome Segura says hospitals are, in many ways, the ‘perfect victim’ for cyberattacks: ‘Their systems are out of date, they have a lot of confidential information and patient files. If those get locked up, they can’t just ignore it.’ (Getty Images)

Visiting Windows computers would have been vulnerable if they were running Internet Explorer or older versions of the Adobe Flash or Microsoft Silverlight players.

Segura said hospitals are in many ways the “perfect victim” for cyberattacks. “Their systems are out of date, they have a lot of confidential information and patient files. If those get locked up, they can’t just ignore it.”

Source: www.cbc.ca

Efficient targeting the healthcare infrastructure and use that as your distribution mechanism.

Seagate Phish Exposes All Employee W-2’s — Krebs on Security

RT @SwiftOnSecurity: UPDATE: Seagate has been hit with this attack, all employee IRS data compromised https://t.co/2JjEu7kDoI
https://t.co

Source: krebsonsecurity.com

Dangers of email are shared. Email scam artists last week tricked an employee at data storage giant Seagate Technology into giving away W-2 tax documents on all current and past employees, KrebsOnSecurity has learned. W-2 forms contain employee Social Security numbers, salaries and other personal data, and are highly prized by thieves involved in filing phony tax refund requests with the Internal Revenue Service (IRS) and the states.

Premier Healthcare faces possible data breach that could affect 200,000 patients

Premier Healthcare, a physician-led multispecialty provider group based in Bloomington, Indiana, has reported a possible breach that could affect 205,748 patients after a laptop with patient data was stolen, the company announced on Tuesday. For 1,769 of these people, social security numbers and or financial information could also be accessed from the stolen laptop. Premier employees discovered that the laptop was missing from the locked and alarmed administrative office of the billing department on January 4.

Source: www.healthcareitnews.com

Home Depot Will Pay $19.5 Million After Major 2014 Data Breach

Home Depot agreed to pay at least $19.5 million to compensate U.S. consumers harmed by a 2014 data breach affecting more than 50 million cardholders.

Source: www.nbcnews.com

Home Depot has said the breach affected people who used payment cards on its self-checkout terminals in U.S. and Canadian stores between April and September 2014.

 

It has said the intruder used a vendor’s user name and password to infiltrate its computer network, and used custom-built malware to access shoppers’ payment card information.