Comments
Montana Health Department Hacked
Threaded  |  Newest First  |  Oldest First
MikeW713
100%
0%
MikeW713,
User Rank: Apprentice
6/25/2014 | 8:15:51 PM
Leker and Thief
Web site leakes nad hacks...Darryl Issa must be in town.
Alison_Diana
100%
0%
Alison_Diana,
User Rank: Author
6/26/2014 | 9:40:14 AM
Re: Leaker and Thief
Very funny! Political humor aside, I think we can unfortunately expect more of these incidents to occur as hackers turn their attention to healthcare websites -- both government and commercial. Most, if not all, security experts agree that healthcare networks, databases, etc., are often woefully ill-secured, especially when you consider healthcare records are valued at between $20 to $50 EACH (experts I've spoken to have given me estimates at both ends of that scale). Figure 1M records quickly becomes a pretty good haul.

Last year, there was a lot of discussion about the insecurities surrounding Healthcare.gov, which has a lot more than 1.3M records. When you figure we can individually choose to avoid Target or Michael's or whatever store gets hacked, that's one thing. But when your health records are hacked and your employer's insurer is breached, it gets a lot more complicated than switching out your credit card.
Number 6
50%
50%
Number 6,
User Rank: Moderator
6/26/2014 | 10:41:17 AM
The Other Side
The other side of these hacking stories needs to be covered, too. Why is it so easy for someone to get credit in your name with only 3 pieces of info- name, SSN, birthdate? Hackers gaining financially from the data they're stealing provides much of the motivation to do it.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
6/26/2014 | 4:54:48 PM
Re: The Other Side
That is an issue that needs to be addressed. There need to be more mechanisms in place that make it harder to use someone else's identity. It's very similar to the cell phone kill switch that is now coming out. If we can find ways to take the value out of the stolen data by making it less usable, that will help address the demand.

It still doesn't negate the need for stronger security, though.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/27/2014 | 3:56:31 PM
Re: The Other Side
That's a great point. The last time I applied for a credit card online I had to answer a secondary round of questions about past addresses, people in my household, and cars -- that really put my mind at ease because it adds a second layer of security. It really should be on credit card companies, loan companies, and other financial (and other) service providers to no longer merely accept those three pieces of information as adequate for opening an account.
BryanB881
50%
50%
BryanB881,
User Rank: Apprentice
6/27/2014 | 1:28:23 PM
A least they notified everyone
Atleast they reported it quicker than most private companies who never report a breach.  Curious what tools they used, multi scanning, dynamic or static analysis.  Really how they found the breach.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/27/2014 | 3:58:19 PM
Re: A least they notified everyone
I asked, @BryanB but they were really close-mouthed about the products, tools, or practices they use. And, to be honest, i can't blame them from not wanting to share what they use -- since that would probably make it easier for hackers to break in again. And they also didn't want to discuss their newer tools, unsurprisingly. It is impressive how fast they notified people, especially when you think about the long lapses often involved in retail data thefts.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
6/28/2014 | 6:19:17 AM
Re: Unlawful brushing to servers on the increase
Hackers breached a server in the State of Montana's Department of Public Health and Human Services, prompting officials to notify 1.3 million people of the incident. No evidence has been found to show that this information was used maliciously but worse could have been done. The institution is right to offer free credit to patients offering them the security of their personal information and identity. Institutions should now be careful and cautious in order to avoid being victims of this rising of breaches into systems.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/30/2014 | 11:22:15 AM
Re: Unlawful brushing to servers on the increase
Providing 12-months of monitoring has become the default CYA whenever there's a breach. What happens on Day 366 or 367, I wonder? This question isn't aimed specifically at Montana. They're following the customary pattern, a pattern we see day in, day out. I can't think of a better solution and it's always easier to criticize than resolve a problem, but I do wonder if there isn't a better approach -- other than ensuring data is more secure from the get-go, of course!
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
6/30/2014 | 11:44:01 AM
Re : Montana Health Department Hacked
In a world that is going connected with IOT in healthcare systems as well (where everything is controlled using sensor outputs), hackers may be using this sensitive data to alter the healthcare systems offered to a patient (sounds sci-fi, but the scenarios can be present where hackers can remotely switch off the life support systems for a patient who is an important political figure).
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/30/2014 | 12:06:00 PM
Re: Re : Montana Health Department Hacked
That is a definite worry. Programmer Barnaby Jack hacked pacemakers -- for a good cause. And he died just before he was going to demonstrate how to attack implanted heart devices he said could kill someone from 30 feet away. If one person can do that, who knows how many other smart people can accomplish the same thing? Add a network to IoT implanted devices and you have a lot of potentially dangerous devices.
marcomputer
50%
50%
marcomputer,
User Rank: Apprentice
7/4/2014 | 10:07:04 AM
Husband love Inversion table
My Husband Buy It on Amazon and He love It So much.

He Create a Blog About Inversion table


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.