

Hackers Steal, Encrypt Health Records and Hold Data for Ransom - millerski150
http://go.bloomberg.com/tech-blog/2012-08-10-hackers-steal-encrypt-health-records-and-hold-data-for-ransom/

======
icebraining
_It’s unclear whether the Illinois surgical center’s records were backed up
(...). The organization declined to comment._

This is where they get a huge lawsuit so they learn that they can't hire
incompetents to handle their systems, right?

~~~
larrys
Maybe maybe not.

But I can also see a scenario whereby they were backed up, but they are also
attempting to catch the culprits by pretending they have no backups.

------
gingerlime
_The attackers’ choice of tactics, particularly the use of encryption,
indicates a level of sophistication and targeting that suggests they knew what
they were doing_

Sounds a little strange to be honest. Using encryption shows sophistication?
My mum probably can figure out how to use an encrypted zip file. Using
encryption is generally quite easy. Breaking it will show much more
sophistication.

~~~
tomjen3
Depends on what kind of encryption they are using. If they have implemented
public/private encryption, where the virus only have the public key, then yes
it would indicate some form of sophistication.

~~~
Dylan16807
Yeah, but it's easy to phone home once for a password and then toss it out
when finished.

------
Pent
I'm assuming everything because the story is so vague. I'm thinking an
employee accidentally opened a malware executable with ransom-ware and
suddenly it's an elaborate personalized hack in the press.

~~~
TazeTSchnitzel
That's also my conclusion. Ransomware is not exactly unheard of in the malware
space, and why would hackers specifically target them when there are bigger
fish to fry?

------
alecco
Backup. Encrypt your backups. Store copies of the keys somewhere safe. Test
recovery from backups regularly.

------
sandycheeks
Short on important details. Specifically, what was the backup procedure and
frequency? Was the backup routine affected for some time prior to the
encryption and made to look like it was working but wasn't or was the backup
policy lax or nonexistent?

------
superchink
This article is light on detail, and heavy on FUD. It seems to me that the
author is (just doing his job) making a story out of something relatively
small and insignificant, while promoting fear of electronic medical records
and health information exchange.

Do we need to be careful about security? Yes, but we need to get over this
fear of efficiency in healthcare.

------
olalonde
Seems this would make an interesting use case for bitcoins.

~~~
makomk
It would make a very interesting use case for Bitcoins. Why is it that so many
of the possible uses for them make it seem like the world would be a better
place without them?

------
odin1415
This is right out of Reamde

~~~
sausagefeet
Off-topic, but is that worth reading? The plot synopsis didn't look very
visionary like I'd expect from Stephenson...

