Telehealth Monitor

The Cyber Secure Institute, an analysis and advocacy institute for effective cyber security, has released recommendations for safeguarding heath data in the wake of recent breaches.

Last month, hackers broke into a Virginia government Web site that tracks prescription drug abuse and attempted to ransom almost 8.3 million patient records and 35.5 million prescriptions for $10 million.  And last December, Lawanda Jackson pleaded guilty to violating federal privacy laws by selling private medical data from celebrities, including Britney Spears, Farah Fawcett and Maria Shriver, to the National Enquirer tabloid.

Last October, someone hacked into Express Scripts, one of America’s largest processors of pharmacy prescriptions, and threatened to release personal information of millions of Americans unless their demands were met. That investigation is ongoing.

“These recent attacks provide cause for real concern among cybersecurity experts and healthcare professionals alike. Inadequate cybersecurity systems put our most personal data at risk,” said Rob Housman, executive director of the Cyber Secure Institute.

via Advocacy organization calls for improved protection of online health data | Healthcare IT News.

Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the sites homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents.

Wikileaks reports that the Web site for the Virginia Prescription Monitoring Program was defaced last week with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file.

Wikileaks has published a copy of the ransom note left in place of the PMP home page, a message that claims the state of Virginia would need to pay the demand in order to gain access to a password needed to unlock those records:

“I have your [expletive] In my possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :For $10 million, I will gladly send along the password.”

via Security Fix – Hackers Break Into Virginia Health Professions Database, Demand Ransom .

The Conficker worm infected several hundred machines and critical medical equipment in an undisclosed number of U.S. hospitals recently, a security expert said on Thursday in a panel at the RSA security conference.

“It was not widespread, but it raises the awareness of what we would do if there were millions” of computers infected at hospitals or in critical infrastructure locations, Marcus Sachs told CNET News after the session. Sachs is the director of the SANS Internet Storm Center and a former White House cybersecurity official.

It is unclear how the devices, which control things like heart monitors and MRI machines, and the PCs got infected, he said. The computers are older machines running Windows NT and Windows 2000 in a local area network that was not supposed to have access to the Internet, however, the network was connected to one that has direct Internet access and so they were infected, he said.

Conficker spreads via networked computers as well as through removable storage devices and a hole in Windows that Microsoft patched in October, but these machines were too old to be patched, according to Sachs.

In the U.K., PCs at hospitals in Sheffield were found to be infected with Conficker in January, The Register reported.

The situation illustrates the dangers of connecting critical networks, like in hospitals and in SCADA (Supervisory Control and Data Acquisition) systems used by utilities and other critical infrastructure providers, with networks connected to the Internet, he said during the panel “Securing Critical Infrastructures: Infrastructure Exposed.”

via Conficker infected critical hospital equipment, expert says | Security – CNET News.