Heartless hackers break into Florida cancer clinic network – 2.2 million records exposed US cancer clinic 21st Century Oncology has admitted that a breach on its systems may have exposed private information on 2.2 million patients and employees. Unidentified hackers were able to access sensitive patient and employee data, including names, SSNs, diagnosis and treatment details and insurance information after …
exactley what will happen to the UK health.care.data.slurp. or whatver the hell it's calling itself.
Guaranteed...
That much data on that many people is just too much of a goldmine to not hack.
Either by social engineering or just careless practice and it will be a fuck-ton more than 2.2 million records..
Once THAT genie is out of the bottlle, there is no putting it back. Trust in the system is low now, imagine how low* it will be after the inevitable data theft.
*if it could get any lower...
To me it seems reasonable to have both within the same system...patient data cos the system is about patients, and employee data because presumably there's a list of employees allowed to access the data, references in patient data to doctors/specialists who have treated patients, etc.
...the judicial system needs to mead out serious prison sentences for hackers. The crims should not see the light of day for a minimum of 25 years. You won't be able to stop all hacking but you can bet if these lowlifes are in solitary confinement for 25 years, they won't be hacking any time soon.
Seems our daily quota has been reached for the day.
Time for a cold one, then.
Perhaps the headline could have read: "Cancer clinic fails to protect the data of its patients and employees - hackers blamed".
That "the clinic was informed of the breach by the FBI" does not really inspire confidence in the way access to the data was controlled and/or audited.
"... no evidence that the leaked data has been misused ...".
Surely the fact that somebody accessed it (and the FBI noticed before the company did) could be considered evidence of misuse.
As it happens, today we read that the recommendation is that 'leccy companies keep, and share, a database of customers who have been on the standard tariff for a while.
There will have been organised gangs planning to hack this even before the ink on the report had dried
The value of that data to scammers is beyond imagining.
"Hello, is that Mr Elbow of the Grange, Wimbleshire? I'm calling from your electricity company EDF ( or whatever). Could you just tell me your password and bank account details and we will send you a special refund.
Or something along these lines. Probably more sophisticated than I can imagine.
"The clinic was informed of the breach by the FBI in November 2015 but the Feds asked 21st Century to hold off from disclosing the incident until a thorough investigation had been completed. This explains why the clinic only went public in admitting the breach this week. Hackers accessed the systems at the beginning of October last year."
What exactly were the FBI up to that they were romping through the access logs or whatever and found the data had been copied? Are they working on the side as commercial pen testers now? Or is this something where companies invite them to look over the systems? It's obviously not live monitoring so it's not like the were responding to a "burglar alarm". Do they do this unannounced and will they be do doing the same with the providers "protected" by Privacy Shield holding EU data? How deep is their access?
"there’s no evidence that the leaked data has been misused"
What reason would anyone have to break in to access such data other than to misuse it? Given that knowing much of that data would constitute misuse . Or are there guerilla free oncologists out there trying treat patients locked into 21st Century Healthcare's methods?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
