Healthcare // Security & Privacy

Montana Health Department Hacked

State of Montana notifies 1.3 million patients of breach to Department of Public Health and Human Services server.

DPHHS website displays help line information for potentially affected patients (Source: Montana DPHHS)

DPHHS website displays help line information for potentially affected patients (Source: Montana DPHHS)

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
marcomputer
50%
50%
marcomputer,
User Rank: Apprentice
7/4/2014 | 10:07:04 AM
Husband love Inversion table
My Husband Buy It on Amazon and He love It So much.

He Create a Blog About Inversion table
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/30/2014 | 12:06:00 PM
Re: Re : Montana Health Department Hacked
That is a definite worry. Programmer Barnaby Jack hacked pacemakers -- for a good cause. And he died just before he was going to demonstrate how to attack implanted heart devices he said could kill someone from 30 feet away. If one person can do that, who knows how many other smart people can accomplish the same thing? Add a network to IoT implanted devices and you have a lot of potentially dangerous devices.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
6/30/2014 | 11:44:01 AM
Re : Montana Health Department Hacked
In a world that is going connected with IOT in healthcare systems as well (where everything is controlled using sensor outputs), hackers may be using this sensitive data to alter the healthcare systems offered to a patient (sounds sci-fi, but the scenarios can be present where hackers can remotely switch off the life support systems for a patient who is an important political figure).
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/30/2014 | 11:22:15 AM
Re: Unlawful brushing to servers on the increase
Providing 12-months of monitoring has become the default CYA whenever there's a breach. What happens on Day 366 or 367, I wonder? This question isn't aimed specifically at Montana. They're following the customary pattern, a pattern we see day in, day out. I can't think of a better solution and it's always easier to criticize than resolve a problem, but I do wonder if there isn't a better approach -- other than ensuring data is more secure from the get-go, of course!
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
6/28/2014 | 6:19:17 AM
Re: Unlawful brushing to servers on the increase
Hackers breached a server in the State of Montana's Department of Public Health and Human Services, prompting officials to notify 1.3 million people of the incident. No evidence has been found to show that this information was used maliciously but worse could have been done. The institution is right to offer free credit to patients offering them the security of their personal information and identity. Institutions should now be careful and cautious in order to avoid being victims of this rising of breaches into systems.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/27/2014 | 3:58:19 PM
Re: A least they notified everyone
I asked, @BryanB but they were really close-mouthed about the products, tools, or practices they use. And, to be honest, i can't blame them from not wanting to share what they use -- since that would probably make it easier for hackers to break in again. And they also didn't want to discuss their newer tools, unsurprisingly. It is impressive how fast they notified people, especially when you think about the long lapses often involved in retail data thefts.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/27/2014 | 3:56:31 PM
Re: The Other Side
That's a great point. The last time I applied for a credit card online I had to answer a secondary round of questions about past addresses, people in my household, and cars -- that really put my mind at ease because it adds a second layer of security. It really should be on credit card companies, loan companies, and other financial (and other) service providers to no longer merely accept those three pieces of information as adequate for opening an account.
BryanB881
50%
50%
BryanB881,
User Rank: Apprentice
6/27/2014 | 1:28:23 PM
A least they notified everyone
Atleast they reported it quicker than most private companies who never report a breach.  Curious what tools they used, multi scanning, dynamic or static analysis.  Really how they found the breach.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
6/26/2014 | 4:54:48 PM
Re: The Other Side
That is an issue that needs to be addressed. There need to be more mechanisms in place that make it harder to use someone else's identity. It's very similar to the cell phone kill switch that is now coming out. If we can find ways to take the value out of the stolen data by making it less usable, that will help address the demand.

It still doesn't negate the need for stronger security, though.
Number 6
50%
50%
Number 6,
User Rank: Moderator
6/26/2014 | 10:41:17 AM
The Other Side
The other side of these hacking stories needs to be covered, too. Why is it so easy for someone to get credit in your name with only 3 pieces of info- name, SSN, birthdate? Hackers gaining financially from the data they're stealing provides much of the motivation to do it.
Page 1 / 2   >   >>
Healthcare Data Breaches Cost More Than You Think
Healthcare Data Breaches Cost More Than You Think
Healthcare providers just don't get it. They refuse to see the need to fully secure their protected health information from unauthorized users -- and from authorized users who abuse their access privileges. As a result, they don't allocate enough budgetary resources for securing medical data.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.