Saturday, October 08, 2011

New Incidents of Hacking and Data Losses

Just when you thought the threat couldn't get bigger we find out that the most effective weapon in the war on terror has now been breached. Wired reports that,

Image courtesy of Creech AFB

"A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system."

Keylogging is a common technique for capturing valuable information including Social Security numbers, bank accounts, passwords, credit card numbers and accounts, and other vital information. Most computers do not have a keylogging protection system which makes them highly vulnerable to someone dropping keylogging maleware on the device.

Think of what this means for civilians. If the military which is investing hundreds of millions in computer and Internet security can have its most valued and newest weapon system compromised we civilians need to also ramp up another mega-notch our security systems. That applies to the medical profession in particular because breaches of medical data bases and losses of patient information have become an endemic problem.

The New York Times reported on October 11, 2011, "Private medical data for nearly 20,000 emergency room patients at California’s prestigious Stanford Hospital were exposed to public view for nearly a year because a billing contractor’s marketing agent sent the electronic spreadsheet to a job prospect as part of a skills test, the hospital and contractors confirmed this week. The applicant then sought help by unwittingly posting the confidential data on a tutoring Web site."

In another incident, "In Orlando, officials with Florida Hospital reported that three employees had improperly combed through emergency department records of 2,252 patients, apparently to forward information about accident victims to lawyers. The employees were fired, and law enforcement officials are investigating."

So now ambulance chasing has also become a threat to identity information theft.

Finally, we need to share with you that, "Science Applications International Corporation disclosed that computer backup tapes containing medical data for 4.9 million military patients had been stolen from an employee’s car in San Antonio. The data included Social Security numbers, clinical notes, laboratory test results and prescriptions. The company said the risk of harm was low because retrieving data from the tapes would require specialized knowledge, software and hardware."

We are betting the farm that the bad guys have more than enough knowledge and equipment to extract this information.

In September 2009 a new federal law kicked in requiring disclosures of medical privacy violations involving at least 500 people.There have been over 330 incidents.

However look at this metric. " ... a report from the Department of Health and Human Services' Office of Civil Rights noted that nearly 8 million Americans were affected by almost 31,000 health information breaches in the course of a year. Alarmingly, nearly 70 percent of the investigations into data breach incidents that affected 500 people or more remain open." The Baltimore Sun Sept 19, 2011

That is not a reassuring statistic and it makes clear that we have to ve VERY careful not to incur data losses in the first place. Incompetent, sloppy or downright criminal third party providers of information services are often the primary cause. 


Post a Comment

<< Home

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft -