Full Disclosure mailing list archives

RE: Re: vulnerabilities of postscript printers

From: "Chris DeVoney" <cdevoney () u washington edu>
Date: Sun, 25 Jan 2004 12:37:05 -0800

Although this is a slight subject drift, just to make everyone's life
slightly more interesting we at University of Washington Medicine (both
Medical Centers and Health Sciences) are forcing our digital copier vendor
to sign a HIPAA Business Associates agreement. If the unit required service
(and show me one of these that don't), the repair person (or remote
diagnostic) would have access to the internal hard disk which could contain
images of pages holding protected health information. That's a no-no.

It ain't just Postscript device that falls under this edict. It's any
digital copier/printer/scanner that has persistent internal storage or is
network connected.

And for that matter, we're also setting up bridging firewalls on some of the
units that contain an actual PC inside to manage the scanning functions,
such as the Canon ImageRunner series.

cdv

------------------------
Chris DeVoney
Clinical Research Center Informatics
University of Washington
------------------------




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: vulnerabilities of postscript printers Michael Zimmermann (Jan 23)
- Re: Re: vulnerabilities of postscript printers Valdis . Kletnieks (Jan 23)
  - Re: Re: vulnerabilities of postscript printers Ka (Jan 23)
    - RE: Re: vulnerabilities of postscript printers Chris DeVoney (Jan 25)
- Re: Re: vulnerabilities of postscript printers Darren Reed (Jan 23)
  - Re: Re: vulnerabilities of postscript printers Michael Zimmermann (Jan 26)
- <Possible follow-ups>
- Re: vulnerabilities of postscript printers Michael Zimmermann (Jan 24)
  - Re: vulnerabilities of postscript printers der Mouse (Jan 24)