Hackers Steal Data Of 4.5 Million US Hospital Patients 111
itwbennett (1594911) writes Community Health Systems said the attack occurred in April and June of this year, but it wasn't until July that it determined the theft had taken place. Working with a computer security company, it determined the attack was carried out by a group based in China that used 'highly sophisticated malware' to attack its systems. The hackers got away with patient names, addresses, birthdates, telephone numbers and Social Security numbers of the 4.5 million people who were referred to or received services from doctors affiliated with the company in the last five years. The stolen data did not include patient credit card, medical, or clinical information.
Re:why internet connected? (Score:5, Insightful)
This is utterly ignorant.
Many (if not most) healthcare providers in the US are affiliated with a larger organization, such as Community Health Systems. The branch offices need to have access to patient data from other affiliated providers, and given that this includes emergency rooms and other urgent-care facilities, the information must be available as quickly as possible. Physical separation is not a reasonable option.
Re:why internet connected? (Score:5, Insightful)
Re:Well I for one (Score:5, Insightful)
Your supposedly confidential records are not confidential.
My name, address, and phone number are already public information, and in the phone book. The only "confidential" information they got was the SSN, and that should be fixed by making it illegal to use SSNs as authentication. I am required to disclose my SSN to employers, contractees, financial institutions, creditors, etc. It is ridiculous to then assume that mere knowledge of my SSN is "proof" that I am me.
Re:VPNs don't solve this on their own (Score:5, Insightful)
You need properly trained and aware users
In other words, we're doomed.