BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Hackers hold health data hostage

From: security curmudgeon <jericho () attrition org>
Date: Mon, 13 Aug 2012 02:51:44 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.nextgov.com/health/2012/08/hackers-hold-health-data-hostage/57353/

By John Pulley
Nextgov
August 10, 2012

While identity theft is the primary concern when the security of medical 
records is compromised, a disturbing new trend is emerging: hackers 
holding the data for ransom.

A recent case involved the Surgeons of Lake County, a medical practice in 
Libertyville, Ill., where hackers were able to access electronic medical 
records and emails, Bloomberg reported today in its Tech Blog, citing an 
initial report by the privacy blog Dissent Doe. The hackers encrypted the 
records and demanded the practice pay money for a password to access the 
files, Bloomberg reported.

The practice declined to pay, shut down the server and notified 
authorities, according to Bloomberg. It was unclear from the report 
whether the practice was eventually able to access its EHR records, or if 
so, how.

Bloomberg blogger Jordan Robinson calls the case ?an unsettling new strain 
of opportunism that is emerging as criminals try to exploit the industry?s 
shift to digital medical records.?

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: