Domestic piracy-- a new twist

Discussion in 'Fred's House of Pancakes' started by PriuStorm, May 6, 2009.

  1. PriuStorm

    PriuStorm Senior Member

    Joined:
    Sep 4, 2007
    2,239
    149
    0
    Location:
    Davis, CA
    Vehicle:
    2007 Prius
    PHI Stolen from Va. Govt. Site and Held for Ransom | AAPC News



    A hacker replaced a Virginia government Web site last week with a ransom note claiming he’d stolen 8.3 million patients’ personal and prescription drug information and wants $10 million for its return.

    The Virginia Prescription Monitoring Program’s secure site tracks drug abuse and contains 35.5 million prescriptions along with enrollees’ personal information such as names, social security numbers, and addresses. The hacker claims to have encrypted it with a password and deleted the commonwealth’s back-ups. The Web site has been temporarily disabled and there is speculation as to whether the commonwealth has a back-up of the data.


    More information:
    Hacker says he stole confidential medical data on 8 million Virginia residents | Healthcare IT News
     
  2. Stev0

    Stev0 Honorary Hong Kong Cavalier

    Joined:
    Sep 23, 2006
    7,200
    1,065
    0
    Location:
    Northampton, MA
    Vehicle:
    2006 Prius
    Model:
    N/A
    Hacking into website? Sure, that's easy (so I heard) on an unsecured site.

    Stealing patients' info? Other personal info has been stolen, so it's possible.

    Deleting backup? Unless he can magically log into a non-connected machine, there is no way he can do this. I call bull. And if this is bull, point number two is probably bull, too.
     
  3. daniel

    daniel Cat Lovers Against the Bomb

    Joined:
    Feb 25, 2004
    14,487
    1,512
    0
    Location:
    Spokane, WA
    Vehicle:
    2004 Prius
    Hijacking of web sites for ransom appears to be a standard sort of crime nowadays. Also (though very different) hijacking of cargo trucks. So domestic piracy is very much a real problem.
     
  4. eagle33199

    eagle33199 Platinum Member

    Joined:
    Mar 2, 2006
    5,122
    267
    0
    Location:
    Minnesota
    Vehicle:
    2015 Prius v wagon
    Model:
    Two
    +1. For anything sensitive, backups are the name of the game. A number of years ago my university lost one of it's mail servers - poof, the hard drive was unrecoverable. As luck would have it, so was the 1st tier backup... but that's ok, because they stored everything on tape in an offsite location.

    The only problem was scraping together enough machines to read all that data off the tapes in time for all of the grant proposals that needed to happen.

    You can be sure that someone storing confidential medical records have secure backups like that as well.
     
  5. jayman

    jayman Senior Member

    Joined:
    Oct 21, 2004
    13,439
    618
    0
    Location:
    Winnipeg Manitoba
    Vehicle:
    2004 Prius
    If this was a successful hack of confidential patient data, they are in violation of HIPAA (Health Insurance Portability and Accountability Act). Specifically Title II HIPAA

    They are also in violation of the proposed HITECH (Health Information Technology for Economic and Clinical Health act)

    Generally, HHS has standards like 45 CFR 160, 162, and 164. Violation of the mentioned rules will result in very stiff fines and legal action
     
  6. daniel

    daniel Cat Lovers Against the Bomb

    Joined:
    Feb 25, 2004
    14,487
    1,512
    0
    Location:
    Spokane, WA
    Vehicle:
    2004 Prius
    People who hijack web sites and demand ten million dollars ransom don't usually care about stuff like HIPAA. I doubt if HHS will even get involved. Probably falls more in the jurisdiction of the FBI, if they're not too busy spying on peace protesters and taking pay-offs from organized crime.
     
  7. jayman

    jayman Senior Member

    Joined:
    Oct 21, 2004
    13,439
    618
    0
    Location:
    Winnipeg Manitoba
    Vehicle:
    2004 Prius
    Yeah, good point. These regulations are supposed to protect us, but more often they're used as CYA for those involved

    The few projects I've had that recently touched on these issues, I had to CYA (Document my nice person off) to "prove" the system was compliant
     
  8. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,027
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    Couldn't you simply use WOM (Write-Only Memory). I find that WOM is excellent for use in high security applications.

    Tom
     
  9. jayman

    jayman Senior Member

    Joined:
    Oct 21, 2004
    13,439
    618
    0
    Location:
    Winnipeg Manitoba
    Vehicle:
    2004 Prius
    It was a civillian project, not a military one. Trust me, concepts like wom would fly right over their heads.

    Actually, I recall that pretty much the entire project sailed over the heads of the stakeholders. Kind of scary actually. For that reason, I no longer offer any consulting to the private sector health industry.

    The primary stakeholders/decision makers are bean counters, not engineers
     
Loading...