Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Privacy United States

US Healthcare Records Offered For Sale Online 88

An anonymous reader writes:Three U.S. healthcare organisations are reportedly being held to ransom by a hacker who stole data on hundreds of thousands of patients. The hacker has also put the 650,000 records up for sale on dark web markets where stolen data is traded. Prices for the different databases range from $100,000 to $411,000. Buyers have already been found for some of the stolen data, the hacker behind the theft told news site Motherboard. No information about the size of the ransom payment sought by the data thief has emerged, although he did say it was "a modest amount compared to the damage that will be caused to the organisations when I decide to publicly leak the victims."
This discussion has been archived. No new comments can be posted.

US Healthcare Records Offered For Sale Online

Comments Filter:
  • Where do I sign up? (Score:5, Interesting)

    by Anonymous Coward on Tuesday June 28, 2016 @01:49PM (#52407815)

    Where do I sign up?

    The last time I requested my medical records from my doctor I was told that they could not provide many of them (especially the expensive MRI images), and of those they could provide they would charge a high fee for duplication. I was looking at paying somewhere between $50-100. I'm fairly certain they were doing this to prevent me from moving to another practice.

    If this guy had my records I'd be happy to pay him $10 for them.

    • by Anonymous Coward

      That's interesting. I had some CT's taken, I asked for the 'image data' (I work in the 'healthcare industry' & have specific knowledge of the format of this data. So besides even thinking of taking it elsewhere I was going to 'play with it' some day to make a 3D model of the area of my body they imaged just for 'shits & giggles'), I was given it on CD in 10 minutes.

      You're mileage varies I guess.

      • by PCM2 ( 4486 )

        I can echo the GP's experience. One doctor I went to wouldn't transfer any records of any kind to another doctor without being paid a fee, which I think was something like $75. Such practices seem self-defeating, to me, but I guess they're common enough.

        • I'm pretty sure that's illegal. Under HIPAA, you as a patient have the final say in who has access to your medical records, and I'm fairly certain that it's an ethics violation for your doctor to deny you the ability to get a second opinion. In fact, if you run into a doctor that hates second opinions then you should find a new one anyways, as every good doctor is willing to accept that sometimes they're wrong and even appreciates a second opinion, and their ultimate goal is your health, not their ego.

      • by NetNed ( 955141 )
        Yeah, not sure why that got modded up. Every MRI I have taken they give you a CD without even asking.
      • Once upon a time (a decade ago), there was a medical study done at/near the local university for some sort of drug trial. Maybe you got the placebo, maybe you got the drug, right? Run on a treadmill or use an exercise bike for so many minutes, they run some tests, and take some scans (including brain scans). And they were going to pay some cash, plus you got a copy of the brain scans.

        If I had met the qualifications (I was outside the age range they were looking for), I would have done it just for the brain

      • by tlhIngan ( 30335 )

        That's interesting. I had some CT's taken, I asked for the 'image data' (I work in the 'healthcare industry' & have specific knowledge of the format of this data. So besides even thinking of taking it elsewhere I was going to 'play with it' some day to make a 3D model of the area of my body they imaged just for 'shits & giggles'), I was given it on CD in 10 minutes.

        Well, if they have the data available immediately, then making a copy for you is basically free because it's right there.

        The problems ar

    • They charge because the law says they are allowed to, the cost per page varies from state to state. Seems ridiculous and frankly unprofessional as those records may have information that could save your life or prevent your early death.

    • The cost for this is basically an administrative time charge, and is regulated by the states with a base cost, a cost per page, and I believe generally a maximum charge. You can find more information on the per-state charges here: http://www.lamblawoffice.com/medical-records-copying-charges.html

      This is an area that's kind of in flux - as practices have moved to EMRs, many of them have only scanned in key items from records - the rest is still in a manila folder either on a shelf in the office or if you have
  • Three U.S. healthcare organizations are reportedly being held to ransom by a hacker

    Can't wait for there being a single-payer system [cnbc.com]. The job of hackers world-wide will be much easier as they wouldn't need to waste efforts coming up with different ingenious ways of hacking different organizations.

    • Re: (Score:2, Insightful)

      by wbr1 ( 2538558 )
      Mi, you don't have to worry. Obama sold out to the HMOs and conservative and took single payer off the table first thing. That is why we have a confusing and expensive morass of shit to deal with for the ACA.
      • by OhPlz ( 168413 )

        It's not about the insurers, it's about many of us not wanting to be forced into a system bigger and more corrupt than the VA. If you get screwed over by single payer, you have zero recourse. So then what, we have to have private insurance along with our single payer? I'd rather just have the private insurance and be done with it.

    • by jedidiah ( 1196 )

      You're an idiot. We won't get the NHS. We will get more of what we already have in terms of Medicaid and Medicare. You lot are simply too cheap.

      The NHS would collapse based on what Americans of both parties are willing to spend on public healthcare.

    • Hey, if it leads to single payer, let's grease that slope and tilt it up to 90 degrees. The records are being made public anyway. We may as well get some service for it.

  • by jasnw ( 1913892 ) on Tuesday June 28, 2016 @02:37PM (#52408175)
    If this hack was made on systems which were accessible from the Internet, why the frack were they accessible from the Internet in the first place?? If an organization is too cheap, or too lazy, or too inept, or all-of-the-above, to put in place the serious security protections needed for an Internet-facing server, then said organization should never put sensitive data on any of their Internet-facing servers. Even if the organization is on top of things security-wise, if there is no really REALLY good reason for said data to be on an Internet-facing server, do NOT put it on one. Network Security for Dummies.
    • If this hack was made on systems which were accessible from the Internet, why the frack were they accessible from the Internet in the first place??

      Bwahahaha, How the fuck do you think we submit claims to your insurance company for reimbursement? Sure some stuff goes out over some vendor's private protocol over the internet, but most goes through the insurer's website. I can go to Delta's, log on and if your a Delta subscriber, find you and down load all of your Explanations of Benefits for the last 5 years as PDF; the judges love when we are suing for non-payment.

      Most Healthcare workers are functionally computer illiterate, an encrypted zip will send

  • by Applehu Akbar ( 2968043 ) on Tuesday June 28, 2016 @03:05PM (#52408387)

    Since HIPAA allows virtually everyone other than yourself to access your medical records, you might want to go to this site and buy access to your own records while the opportunity exists.

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...