Coming soon to a health care provider
near you!
By Dissent,
December 9, 2012 5:31 pm
Stephanie Bedo reports on that a
medical center’s worst nightmare has occurred. From Goldcoast:
A Gold Coast
medical centre is being held to ransom by an international computer
hacker who wants $4000 to unlock thousands of patient files.
The Miami
Family Medical Centre has been without the patient files for
more than a week after its computer system was hacked and all the
patient files encrypted with a military-grade encryption program.
It gets worse, but what struck me is
that they’ve had similar situations in that area in this past year:
It is the latest
in a string of 11 similar medical extortion cases
that have taken place across the state this year.
I’m not finding any other such
stories on their site or in a Google search. I’d love to know more
about these other cases.
And here’s how a bad situation
becomes worse:
Dr Munira Butt
said the system was hit over a weekend, with the hackers then sending
emails from an untraceable overseas account demanding $4000 if the
business wanted to get the records back.
“They’ve
corrupted all our back-up discs too,” Dr Butt said. [Best Practice:
Make sure you backups are readable then make sure no one else can
access them. Bob]
“They have
hacked us really well because they’ve been in and disabled quite a
number of programs.
“That’s
seven years worth of data missing or gone.”
Without the
clinical files, doctors are effectively blind when treating patients
as they have no access to patient history, known allergies, blood
test results, blood pressure readings or even cancer results.
So what the heck are the police doing
to help? Nothing, reportedly:
She has refused to
give in but has had no success getting help from police so far.
Dr Butt said she
spent all of last week contacting cybercrime squads within the
Australian Federal Police and has left several messages but no one
has responded to her or investigated the case.
An AFP spokeswoman
said the scam was an issue for the police.
“I’ve
contacted all the e-crime squads and no one’s getting back to me,”
Dr Butt said.
Read more on GoldCoast.com.au
[From the article:
A QPS spokesman said they had provided
previous warnings. "This type of computer extortion is a
world-wide trend which is challenging for law enforcement agencies to
address," the spokesman said.
"In essence an offender, believed
to be from Russia, exploits security weaknesses in business computer
systems and enters the systems through that weakness and encrypts the
system. That encryption effectively renders the business computer
useless."
Hardly unexpected (see the Comments)
"Security researchers have
identified a botnet controlled
by its creators over the Tor anonymity network. It's likely that
other botnet operators will adopt this approach, according to the
team from vulnerability assessment and penetration testing firm
Rapid7. The botnet is called Skynet and can be used to launch DDoS
(distributed denial-of-service) attacks, generate Bitcoins — a type
of virtual currency — using the processing power of graphics cards
installed in infected computers, download and execute arbitrary files
or steal login credentials for websites, including online banking
ones. However, what really makes this botnet stand out is that its
command and control (C&C) servers are only accessible from within
the Tor anonymity network using the Tor Hidden Service protocol."
I'm sick of following up on this
tremendoud failure of leadership in South Carolina. Read this one
yourself... Better yet, assign some reasonably bright students to
compile a list of the state's “Worst Practices” to contrast with
“Best Practices” implemented by organizations with a collective
IQ above room temperature.
Update
and commentary on SCDOR breach: Where would they be without media
coverage?
“EVERYTHING NOT FORBIDDEN IS
COMPULSORY” T. H. White Is “you can't do that” sufficient to
“deny authorization?” I'd say yes. (By the way, sharing
passwords is ALWAYS a bad idea.)
Cheng
v. Romo and Applying
Unauthorized Access Statutes to Use of Shared Passwords
December 10, 2012 by Dissent
Orin Kerr writes:
The federal
computer crime statutes punish unauthorized access to a computer. As
regular readers know, courts are hopelessly divided on what this
language means, and in particular what makes an access to a computer
authorized versus unauthorized. In Cheng
v. Romo, 2012 WL 6021369 (D. Mass. Nov. 28 2012), Judge
Casper authored an opinion on an interesting wrinkle that I’ve
pondered but that hasn’t come up before in published decisions:
How do computer crime statutes apply when one party gives his
password to another party for some limited uses, but the latter party
uses the password for broader uses? Is the accessing with the
password but beyond the implicit or explicit limit “unauthorized”
for purposes of the computer crime laws?
Read more on The
Volokh Conspiracy
Clear and present danger question? At
what point would “dangerous technology” force governments to shut
it down? (Are there some people who shuld be culled from the gene
pool?)
Australian
Police Warn Against Apple Maps, Citing “Potentially Life
Threatening” Misdirection
Police in Victoria have
urged motorists to avoid the use of Apple Maps, warning that
faulty directions on the much-criticized app have left motorists
stranded in the Australian outback for up to 24 hours without food or
water.
Perspective Interesting slide show...
Really worth looking at.
… It’s a deep look at what we all
did online (and offline) over the past year and is worth closely
examining when you have the time.
Another perspective
Global Warming ! Global Warming !
Shifting perspective...
"More precise modeling has
changed
some long term climate predictions: sea levels to rise almost a
meter more than present over the next century, but past dire warnings
of stronger storms or more frequent droughts won't pan out. Instead
there will be less strong storms, but peak winds in the tropics might
be slightly higher. Temperature rise of global average will be about
3 degree C total, including the 1 degree C rise over the 20th
century. In places where precipitation is frequent, it will become
even more frequent; in arid areas, the tendency will be to become
even drier. Some new arid areas are expected to appear in the south
of N. America, South Africa and Mediterranean countries. Overall,
hardly a doomsday scenario."
No comments:
Post a Comment