Hospital records of 4.5 million stolen by Chinese hackers

By on August 19, 2014 11:06:54 AM from JoeUser Forums JoeUser Forums

DrJBHL

Join Date 04/2002
+2159

 

They’ve done it again. This time from Community Health Systems, Inc. What was stolen? Personal data including Social Security numbers and other personal data like weight and height. The health records are supposed to be safe. This appears to be the work of the same group which has stolen info from several major industries. The FBI is said to be investigating.

So how could this affect you? Well, the loss of the Social Security number isn’t good. However, from the Healthcare industry’s point of view, the major impact might well be stolen medical identity.

How would that work? According to one CIO, say an uninsured person needs a procedure – say, open heart surgery. He/she would buy the data of a person he/she resembles physically (6’2”. brown eyes, gray hair) and that person’s policy number, etc. Then he would sign into the hospital using that person’s data and get the procedure done.

The real ‘John/Jane Doe’ would end up with the bills. Of course, the ‘real’ person would find it easy to prove he/she didn’t have the procedure (for many procedures, though not all). Also, Community Health Systems, Inc. is insured against such losses…so, your health insurance will increase in cost.

So, this is just another of those great news items which sweeten our lives daily.

Source:

http://www.dailymail.co.uk/news/article-2728347/Personal-data-belonging-4-5MILLION-Americans-stolen-cyber-attack-Chinese.html

43 Replies
Search this post
Subscription Options


Reason for Karma (Optional)
Successfully updated karma reason!
August 19, 2014 1:55:42 PM from Elemental Forums Elemental Forums

I really think cyber warfare will be the tune for the future. Most people don't understand the risks and don't understand what can be done. Stuck with the idea that a "hacker" is some pimple-faced teenager, in reality it's state-funded offices filled with pros. This story is just one piece of the puzzle, every government wants a piece of the pie now that the lid has come off. 

Reason for Karma (Optional)
Successfully updated karma reason!
August 19, 2014 4:15:15 PM from WinCustomize Forums WinCustomize Forums

If they stole my records the Chinese would have a whip-round for me

Reason for Karma (Optional)
Successfully updated karma reason!
August 19, 2014 5:25:59 PM from WinCustomize Forums WinCustomize Forums

I used to work for Community. Let me assure you, at minimum.. 30% of physicians will share their passwords with staff, spouses, etc., install random software on their PC's, visit malicious websites, etc. Do you think they are held accountable? NO. Do you think they actually care about what they are doing or the necessity adhering to policy? HELL NO.

Their overall IT infrastructure is a joke at best.

Community is EXTREMELY dishonest. They recently settled with the federal government (out of court) on a charge of unnecessarily admitting patients that were on medicare/medicaid (so they could get more $$$ from insurance) for a mere $98 million. Trust me, that is chump change to these guys. They admitted to no wrong doing.

I can tell you first hand that I've had physicians tell me that they were instructed by community to perform unnecessary admissions for this reason.

 

So in essence.. don't believe the media story on this 100%. 

Reason for Karma (Optional)
Successfully updated karma reason!
Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.
August 20, 2014 2:33:07 PM from Sins of a Solar Empire Forums Sins of a Solar Empire Forums

In reply to Phoon (seems I still can't quote... lol),

As an IT tech for a paper company... you're first paragraph is spot on for here, too.  We try telling people all the time, don't share or write down your passwords.  They still do.  We tell them, don't install anything without clearing it with us first.  Yet every time I have to go work on someone's system for a virus, I find all kinds of other things installed on there... some (of the laptop users) even joke/admit to their kids using/playing games on em.  WTF?

Reason for Karma (Optional)
Successfully updated karma reason!
August 20, 2014 2:48:29 PM from WinCustomize Forums WinCustomize Forums

That means that the hacking was ok? The fact that the IT structure is poor? That's ITs fault for not exposing the company's defects to the FBI, etc....as for fraud? That should be dealt with using the DoJ...and has nothing to do with the hacking.

If the computers were run the way IT knows how, the hacking would have been VERY difficult, but still not impossible.

Reason for Karma (Optional)
Successfully updated karma reason!
August 20, 2014 3:25:38 PM from Stardock Forums Stardock Forums

Quoting DrJBHL,

That means that the hacking was ok? The fact that the IT structure is poor? That's ITs fault for not exposing the company's defects to the FBI, etc....as for fraud? That should be dealt with using the DoJ...and has nothing to do with the hacking.

If the computers were run the way IT knows how, the hacking would have been VERY difficult, but still not impossible.

 

Agreed.

 

Not having proper IT structure in place is no real excuse.  However, I suppose once enough of these types of stories break (who knows when enough is truly enough) management might make use of the controls IT already has at their disposal.  In the modern IT world there is no reason for a user to be allowed the privilege elevation necessary to install anything.  If the internal systems (database servers, edge communication servers etc. etc.) are secured properly and good use is made of things like group policy and network access quarantine there is no reason why a simple user sharing their password around (or leaving it lying around) should cause catastrophe.  When breaches like this happen, it is almost without exception the fault of poor planning/structure on the part of IT to blame.  Of course getting management to allow for the planning/structure necessary to secure things as best as possible is not always easy or even possible and a discussion for another time.

Reason for Karma (Optional)
Successfully updated karma reason!
August 20, 2014 3:31:58 PM from Sins of a Solar Empire Forums Sins of a Solar Empire Forums

Let me jump back in and say, it's not IT's fault (at least, when it comes to my company).  Some of the users I talk about for around here... are VPs... even our own CEO is that way.  Essentially, we got no teeth.

 

<- See?  No teethies.

Reason for Karma (Optional)
Successfully updated karma reason!
August 20, 2014 3:50:46 PM from Stardock Forums Stardock Forums

Quoting furyofthestars,

Let me jump back in and say, it's not IT's fault (at least, when it comes to my company).  Some of the users I talk about for around here... are VPs... even our own CEO is that way.  Essentially, we got no teeth.

 

<- See?  No teethies.

 

Believe me I understand. 

Management are often the biggest culprits in circumventing their own security measures.  In my experience there has never been a case where an executive needed elevated privileges on their account to 'do their job'.  Do they sometimes 'want' those privileges?  Sure.  If so, I always ask the executive exactly how important the security of their system (ie. explain potential breach scenarios etc.) is to them.  Without fail they always say 'very important' and should be number one in their IT policy.  Then I tell them 'If that's true let's do things my way, when you find you can't do something come to me and if necessary and/or possible I will find a way to make it happen that won't compromise the first point of your IT policy which we just agreed on right'?  Sometimes they grumble, but in the end (as long as you show you are working with them to get them what they want while not allowing them to undermine themselves) I find they let you lead.  Sometimes a painful and lengthy process, but the results will speak for themselves.

Then again, maybe the management I've dealt with to date have been more understanding of their job description.......

Reason for Karma (Optional)
Successfully updated karma reason!
August 20, 2014 3:58:42 PM from WinCustomize Forums WinCustomize Forums

Quoting the_Monk,

In the modern IT world there is no reason for a user to be allowed the privilege elevation necessary to install anything.  If the internal systems (database servers, edge communication servers etc. etc.) are secured properly and good use is made of things like group policy and network access quarantine there is no reason why a simple user sharing their password around (or leaving it lying around) should cause catastrophe.  When breaches like this happen, it is almost without exception the fault of poor planning/structure on the part of IT to blame.  Of course getting management to allow for the planning/structure necessary to secure things as best as possible is not always easy or even possible and a discussion for another time.

Quoting the_Monk,

Management are often the biggest culprits in circumventing their own security measures.

Absolutely. 100% correct.

Reason for Karma (Optional)
Successfully updated karma reason!
August 20, 2014 4:04:06 PM from Sins of a Solar Empire Forums Sins of a Solar Empire Forums

lol... yeah, I think yours is more understanding.  Ours... well, as an example (and maybe it's coincidence), we've been through a few VPs because they didn't think our CEO's idea was the best....

 

But it's funny you mention "elevated privileges".  We have to set up all of our users as local Administrators on their PCs.  Why?  Because we have some in house software that requires access to the registry.  Our Apps team claims that "there is no other way".  Course, until we got off from XP, Outlook wouldn't work, either, if the user wasn't local Admin.  *sigh*

Reason for Karma (Optional)
Successfully updated karma reason!
August 20, 2014 5:01:43 PM from WinCustomize Forums WinCustomize Forums

Quoting DrJBHL,

That means that the hacking was ok?

Of course not Seth, and I didn't say anything of the kind.

I'm pointing out that until end users (Physicians) are knocked off their pedestals and held accountable for their negligence then these things will happen. 

Until upper management is knocked off their pedestals and held accountable for their actions, then these things will happen.

I also pointed out that indeed, upper management has not demonstrated accountability for what I KNOW are illegal actions. They settled with DOJ, out of court and publicly announced that they did nothing wrong. They just broke out their wallets and made it go away...

Reason for Karma (Optional)
Successfully updated karma reason!
August 20, 2014 5:07:21 PM from WinCustomize Forums WinCustomize Forums

Quoting the_Monk,

there is no reason why a simple user sharing their password around (or leaving it lying around) should cause catastrophe. 

I disagree. These passwords allow access to patient information, vpn access, and various other things.

If they are shared, then such information is/can be comprimised very easily.

Another good example of this is the fact that external email services ( hotmail, gmail.. etc ) are allowed for physicians. I'm not comfortable with my patient info being sent out from those services. It also takes the accountability out of the picture because IT security really has no audit trail once it leaves the corporate network. 

Had these emails been confined to the corporate exchange system only, then accountability/audit trail mechanisms are in place to a higher degree.

Reason for Karma (Optional)
Successfully updated karma reason!
August 20, 2014 6:44:25 PM from WinCustomize Forums WinCustomize Forums

Pedestals? Maybe they just know Medicine better than IT/computer security?

Why go reaching for insulting aspersions? Why not just try establishing sensible rules and explaining them?

I wonder if that approach was ever tried. Also, you neglected to mention Nurses, Nursing Ass'ts., Medical Ass'ts. PAs, NPs, etc. 

Anyone with 10 fingers or prostheses is an equal possible guilt sharer.

Reason for Karma (Optional)
Successfully updated karma reason!
August 20, 2014 6:53:41 PM from WinCustomize Forums WinCustomize Forums

Ya take care not to have your stuff compromised and then they hack the hospital you was in.  Great

Reason for Karma (Optional)
Successfully updated karma reason!
August 20, 2014 7:12:43 PM from WinCustomize Forums WinCustomize Forums

Quoting DrJBHL,

Pedestals? Maybe they just know Medicine better than IT/computer security?

Let me clear up a misconception... 

In my first comment I stated "at minimum.. 30%" of the physicians I knew. That means that 70% of them were stand up, great people that honestly cared.

Now... I don't give a rats ass if they know medicine better than IT. OF course they should!! 

HOWEVER.. they think the rules don't apply to them because of their positions. It doesn't matter HOW you explain it to them. They are arrogant and extremely elitist and think they are entitled to have the world bow down before them. They simply do not care about following security policy and they get away with it!
They are more concerned with the quantity of patients they see instead of the quality of care they give. ( and quite a bit of that is due to corporate management pressure to achieve the almighty $$ ). 

 

This story wreaks of false and misleading information. The big giant is crying and playing the victim when in fact. Their holier than thou attitudes and actions were mostly to blame and I sincerely hope that they are held accountable for their negligent behavior this time.

 

Quoting DrJBHL,

Also, you neglected to mention Nurses, Nursing Ass'ts., Medical Ass'ts. PAs, NPs, etc
The attitudes and actions of these people were saintly compared to the above mentioned 30%.

Reason for Karma (Optional)
Successfully updated karma reason!
August 20, 2014 7:39:01 PM from Stardock Forums Stardock Forums

Quoting furyofthestars,

But it's funny you mention "elevated privileges".  We have to set up all of our users as local Administrators on their PCs.  Why?  Because we have some in house software that requires access to the registry.  Our Apps team claims that "there is no other way".  Course, until we got off from XP, Outlook wouldn't work, either, if the user wasn't local Admin.  *sigh*

 

Yes poorly programmed software still does exist unfortunately. 

However I would be truly shocked if your 'apps team' was actually correct in stating 'there is no other way'.   I have presided over the structuring and/or management of many small and mid-sized entities in my time and have never come up against a situation that couldn't be solved by drilling deeper into privileges, user account rights and environments, changing problematic software service privileges/rights and/or modifying/forcing registry component changes via policies etc.  Sometimes the amount of effort/work required to come up with the 'work-around' is just not deemed worth it to IT or to their management.

One of my peers always used to say:  "upfront time is meaningless........it's all about how much time is or isn't required to maintain it later" whenever we had to plan for a new project.  It took him a while to convince upper management of that, but he was absolutely correct and I live by that mantra even today.

Reason for Karma (Optional)
Successfully updated karma reason!
August 20, 2014 8:33:19 PM from Sins of a Solar Empire Forums Sins of a Solar Empire Forums

Quoting the_Monk,
However I would be truly shocked if your 'apps team' was actually correct in stating 'there is no other way'.

Oh, believe me, I know.  I know exactly which registry access they "need" and quite frankly I think it's Bull.

Reason for Karma (Optional)
Successfully updated karma reason!
August 21, 2014 12:31:10 AM from WinCustomize Forums WinCustomize Forums

Probably was just Wikileaks going commercial....

Reason for Karma (Optional)
Successfully updated karma reason!
August 21, 2014 4:59:44 AM from Elemental Forums Elemental Forums

Seems the Chinese government have embraced cyber warfare. Well, when Taiwans computersystems goes down we know who to blame 

 

 

About user priviligies. I was a computertechnician student and the townships computernetwork had a goddamn filter so we couldn't get to gamesites (and other sites). The filter was only active for all the computers belonging to the township so with your own computer at home you could do whatever you wanted.

The townships filter could be easily circumvented by proxyservers though.

 

Also, the boss of the computertechnicians wanted to be local Admin on his workcomputer but he finally let go of that after a long persuasion campaign from one of his trusted coworkers. Shows that people want power, which is natural.

Reason for Karma (Optional)
Successfully updated karma reason!
August 21, 2014 6:17:20 PM from WinCustomize Forums WinCustomize Forums

I would also like to point out a very important detail that I should have brought in from the start..

DrJBHL.. IS an upstanding and ethical man.

HE gets it, and in NO MANNER at all should be lumped in with the cesspool of pond scums that I mentioned earlier.

If you've been hurt by this post Seth, take heed.. you are outside the scope of these rants!!

Reason for Karma (Optional)
Successfully updated karma reason!
August 21, 2014 10:20:53 PM from WinCustomize Forums WinCustomize Forums

Please, Lord, if you are listening at all, please make it that one of these fucking hackers stole MY files and can figure out what the fuck is the proper course of treatment to end my fucking pain and depression and I will eat Chinese Take-Out and support the preservation of Giant Pandas for the rest of my life.

Reason for Karma (Optional)
Successfully updated karma reason!
August 22, 2014 6:38:23 AM from WinCustomize Forums WinCustomize Forums

We're cool, Duane. Always. I can understand why those two groups you mentioned were bad...comes from a G-d Complex. I actually met a Cardiac Surgeon who wore a button with that written on it. He didn't understand why I spoke Hebrew to him...until I explained it was Kaddish (the prayer for the dead), and why he should have understood it...for both reasons.

Quoting PoSmedley,

Please, Lord, if you are listening at all, please make it that one of these fucking hackers stole MY files and can figure out what the fuck is the proper course of treatment to end my fucking pain and depression and I will eat Chinese Take-Out and support the preservation of Giant Pandas for the rest of my life.

As for you Po'...with your luck, don't be surprised if Shiatsu and a Shih Tzu puppy are involved.

Reason for Karma (Optional)
Successfully updated karma reason!
August 22, 2014 7:00:00 AM from Elemental Forums Elemental Forums

lol, aw.. although your sense of humor is certainly quite healthy, i empathize with you Po.  i wish you well

Reason for Karma (Optional)
Successfully updated karma reason!
August 22, 2014 9:37:19 PM from WinCustomize Forums WinCustomize Forums

Quoting cardinaldirection,

although your sense of humor is certainly quite healthy, i empathize with you Po.  i wish you well

My 'sense of humor' is not much these days and when I see someone like Robin Williams with a REAL sense of humor decide that HE's too lonely and that HE hurts too much, it scares the crap out of me. Sometimes the only thing that gets me through the day is telling myself that someone else is worse off than I am, in more pain, feeling more alone or isolated and then someone who you think has everything throws in the towel.....it's all so confusing and not very hopeful.

But thank you for the empathy and the well wishes. Sometimes they are all I have to get through a moment or a day, so I'll take em when they come.

Reason for Karma (Optional)
Successfully updated karma reason!
August 23, 2014 5:15:14 AM from Elemental Forums Elemental Forums

well you made me laugh.

something i keep in mind as i spend thousands of dollars trying to fix my body is that organisms do heal naturally of their own volition.  the universe tends towards symmetry, balance, and harmony; and it takes a strong impediment to hinder this process.  just around the corner from every winter is a spring.  if i receive a cut, it will heal, with no outside influence whatsoever.  it may take a while; but our bodies have a good idea of what healthy is, and they struggle towards it constantly.  trusting in this phenomenon helps me immensely as i suffer through it.

Reason for Karma (Optional)
Successfully updated karma reason!
Stardock Forums v1.0.0.0    #108432  walnut2   Server Load Time: 00:00:00.0000266   Page Render Time:

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2014 Stardock Corporation. All Rights Reserved.