While clicking on a poorly formed link to an article on HIPAA privacy enforcement (it's interesting .. but I'll let you go there and read it .. no comment from me for today) .. I stumbled on this error when I reached the site (as you will if you click on the heading above).
So what? It reveals a security flaw that has been well known by coldfusion programmers for years. As this Allaire Security Update from 2/99 suggests .. URL variables should not be use as variables in SQL statements directly. Let's hope someone tells the programmers at Health Data Management that their database is vulnerable!
