Stories
Slash Boxes
Comments

SoylentNews is people

Big Cyber Hack of Health Records is 'Only a Matter of Time'

posted by n1 on Thursday July 03 2014, @06:53PM   Printer-friendly
from the suffering-in-silence dept.
Security

Cryptonymous Coward writes:

From Politico:

The health world is flirting with disaster, say the experts who monitor crime in cyberspace. A hack that exposes the medical and financial records of tens of thousands of patients is coming, they say it's only a matter of when.

As health data become increasingly digital and the use of electronic health records booms, thieves see patient records in a vulnerable health care system as attractive bait, according to experts interviewed by POLITICO. On the black market, a full identity profile contained in a single record can bring as much as $500.

This discussion has been archived. No new comments can be posted.
Big Cyber Hack of Health Records is 'Only a Matter of Time' | Log In/Create an Account | Top | 16 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Foobar Bazbot on Thursday July 03 2014, @07:07PM

    by Foobar Bazbot (37) on Thursday July 03 2014, @07:07PM (#63744) Journal

    Really, "Cyber Hack"?

    • (Score: 3, Funny) by ScriptCat on Thursday July 03 2014, @07:22PM

      by ScriptCat (4389) on Thursday July 03 2014, @07:22PM (#63755)

      I went to cyber space just the other day and a cyber punk wanted to steal my wallet.

      • (Score: 0) by Anonymous Coward on Thursday July 03 2014, @07:46PM

        by Anonymous Coward on Thursday July 03 2014, @07:46PM (#63767)

        Was he a cyber bully?

      • (Score: 2) by bugamn on Friday July 04 2014, @03:41PM

        by bugamn (1017) on Friday July 04 2014, @03:41PM (#64199)

        Don't you mean your bitcoins?

    • (Score: 2) by etherscythe on Thursday July 03 2014, @08:02PM

      by etherscythe (937) on Thursday July 03 2014, @08:02PM (#63778) Journal

      Well, the Social Hack probably works just as well. People behind the counter have not changed (see the kerfluffle that sprang up about Duchess Kate's condition being divulged to unverified recipients over the phone by her hospital staff). However, it is no longer a matter of the Mechanical Hack of breaking into the office with a crowbar and rifling through the filing cabinets. So, yes.

      --
      "Fake News: anything reported outside of my own personally chosen echo chamber"

    • (Score: 2) by n1 on Thursday July 03 2014, @08:07PM

      by n1 (993) on Thursday July 03 2014, @08:07PM (#63784) Journal

      Got to say, I didn't like it either.... It is the title of TFA and submission though, bad excuse but there it is.

    • (Score: 0) by Anonymous Coward on Thursday July 03 2014, @10:07PM

      by Anonymous Coward on Thursday July 03 2014, @10:07PM (#63831)

      Sorry, that should obviously be "a big e-iCyberHack, except on a computer"

    • (Score: 2) by davester666 on Friday July 04 2014, @06:16AM

      by davester666 (155) on Friday July 04 2014, @06:16AM (#64005)

      I'll show them! I refuse to go to the doctor, so there won't be any of my records being exposed!

  • (Score: 4, Interesting) by TestablePredictions on Thursday July 03 2014, @07:52PM

    by TestablePredictions (3249) on Thursday July 03 2014, @07:52PM (#63773)

    How soon until it is possible to use this information to extract ransoms? The exploit would work something like this:
    1.) From health records, identify elderly (or not) people depending critically on some regularly cadenced medication or another. E.G. Blood pressure/stroke, or thyroid pill, or something

    2.) Intercept regular delivery of said medication, using address and other lifestyle knowledge from health records. Demand a ransom to be paid.

    3.) Profit.

    Honestly, what would such people do? Use their emergency stockpile while locating/securing an alternate supply? Our shitty drug laws have made sure we're locked into a just-in-time methodology.

    • (Score: 0) by Anonymous Coward on Friday July 04 2014, @02:33PM

      by Anonymous Coward on Friday July 04 2014, @02:33PM (#64161)

      Just-In-Time methodology maximizes control, security, and demand of the pharmecutecals processed in this manner.

      When methamphetamines got out of hand, the Feds cracked down and regulated over-the-counter cold medicine! :P

      Now you gotta show ID to buy medicine to take care of a cold! :(

      Then sometime after that, we get the AWESOME TV show BREAKING BAD (2008 - 2013)

      http://www.imdb.com/title/tt0903747/ [imdb.com]

  • (Score: 4, Informative) by Cornwallis on Thursday July 03 2014, @08:03PM

    by Cornwallis (359) on Thursday July 03 2014, @08:03PM (#63779)

    It looks like it has already happened in Wyoming:

    http://www.computerworld.com/s/article/9249353/Montana_data_breach_exposes_1.3_million_personal_records [computerworld.com]

    and five years ago in Virginia:

    http://voices.washingtonpost.com/securityfix/2009/05/hackers_break_into_virginia_he.html [washingtonpost.com]

    I'm waiting for it to hit the fan here in Vermont since I know what a mess the Vermont Health Connect site is and how generally screwed up the state's IT infrastructure is. But the legislature isn't interested...

    • (Score: 2) by AnonTechie on Thursday July 03 2014, @08:46PM

      by AnonTechie (2275) on Thursday July 03 2014, @08:46PM (#63805) Journal

      If data breaches exposes millions of records, could each record be worth US$ 500 ? Also, would somebody actually pay US$ 650 Million, for example, for the Montana Data of 1.3 Million records ?

      --
      Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."

  • (Score: 2, Interesting) by Anonymous Coward on Thursday July 03 2014, @08:19PM

    by Anonymous Coward on Thursday July 03 2014, @08:19PM (#63793)

    The hard part is proving that a records breach resulted in harm. When a credit-card number is stolen and then somebody uses it, that's obvious. But when your personal information like birth date and city, SS#, family members, phone number, etc are used to impersonate you for things like opening a brand new credit account it is not clear where those facts were sourced from nor even how exactly they were used since you as the victim only see the end result of a bogus credit account in your name.

    People, as a species, suck at making connections that require more than one hop. The more hops, the more ambiguity and the harder it is to be confident that you got each hop right. The best we can do is identify "stupid points" - points in the chain that are ripe for exploitation - and then fix them. But even then, somebody legitimately benefits from the status quo of each "stupid point" and will lose out when they are fixed (typically an increased cost of doing business) so there are always people with an legitimate interest in stopping the fixes.

  • (Score: 1) by kwerle on Thursday July 03 2014, @09:58PM

    by kwerle (746) on Thursday July 03 2014, @09:58PM (#63829) Homepage

    Oops. Too late.

  • (Score: 2, Insightful) by PizzaRollPlinkett on Thursday July 03 2014, @10:27PM

    by PizzaRollPlinkett (4512) on Thursday July 03 2014, @10:27PM (#63839)

    You can be an oracle, too, by following these simple rules:

    If you want to predict something is going to happen, don't say when.

    If you predict when something is going to happen, don't say specifically what.

    Five-year predictions are safe. No one will remember your prediction in five weeks. Anything less is asking for accountability.

    --
    (E-mail me if you want a pizza roll!)

  • (Score: 0) by Anonymous Coward on Friday July 04 2014, @12:58AM

    by Anonymous Coward on Friday July 04 2014, @12:58AM (#63906)

    nevada where the most atoms have been split explosively.
    also n.y. city after tiny island blow up would be interesting?