When all else fails, your PHR could stand to be a back up.  This is a strange case though as the extortion note says he wants to sell the medication imageinformation, well a lot of that has already been sold anyway by pharmacy benefit managers to insurance companies; although the demographics information could be a big risk.

The FBI is in on the investigation and it will be interesting to see how this one washes out.  This really makes a case to get the old law off the books with the MRIs not being updated too.  Everything better have some kind of protection.  

Hospital MRI and Other Medical Devices Infected with Conficker Virus – FDA Required 90 Day Notice before Windows Update Patch Could be Applied

We are at a place in time where security needs to be taken very seriously, everywhere, even the MRI machines. I wonder what ever happened to the extortion deal at Express Scripts?  BD

Express Scripts offers $1 million award to nab extortionist in data breach case

State and federal authorities are investigating a possible extortion demand that seeks $10 million for the safe return of more than 8 million patient records and 35 million prescription records that allegedly were hacked last week from the Virginia Department of Health Professions computers.

An extortion note posted on WikiLeaks, a Web site that publishes anonymous submissions and leaks of sensitive government and corporate information, reads:

"ATTENTION VIRGINIA I have your [stuff]! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :("

The note demands $10 million within seven days, but it does not say from what date the count began. Hackers apparently infiltrated the health professions' computers last Thursday.

M.A. Myers, a spokesman for the Richmond office of the FBI, confirmed late today that an investigation has begun but declined to provide specifics. He said the FBI received a referral from the Virginia Information Technologies Agency.

The ransom-note writer said if the money isn't paid in seven days, "I'll go ahead and put this baby out on the market and accept the highest bid."

If the prescription data can't be sold, the writer says, then "at the very least I can find a buyer for the personal data" -- which the note says includes names, ages, Social Security numbers and driver's license numbers.

Alleged hacker demands $10 mil for Va medical records | Richmond Times-Dispatch

Related Reading:

Security tightened over data loss – Flash Drives Can be One of HealthCare’s Biggest Nightmares

Malware attack - Department of Defense
It’s Raining Medical Records…They’re Blowing in the Wind
Conficker and Malware covered by CBS 60 Minutes

PHRs getting a new watchdog – The FTC to Help Protect Privacy

Laptop Theft Affects 14,380 Patients – Security Breach Medical Records with Stolen Computer

More Lost Medical Records

Express Scripts offers $1 million award to nab extortionist in data breach case

Keeping Private Health Data Private - "Inadvertent Disclosures" with Peer to Peer Networks

Healthcare Workers Sharing Music and they could also be sharing Medical Records and Files

Medical records turn up online – MRecord transcription services

Express Scripts offers $1 million award to nab extortionist in data breach case

0 comments :

Post a Comment

 
Top
Google Analytics Alternative