Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Healthcare Records Offered For Sale Online

Posted by msmash on from the security-woes dept.

An anonymous reader writes:Three U.S. healthcare organisations are reportedly being held to ransom by a hacker who stole data on hundreds of thousands of patients. The hacker has also put the 650,000 records up for sale on dark web markets where stolen data is traded. Prices for the different databases range from $100,000 to $411,000. Buyers have already been found for some of the stolen data, the hacker behind the theft told news site Motherboard. No information about the size of the ransom payment sought by the data thief has emerged, although he did say it was "a modest amount compared to the damage that will be caused to the organisations when I decide to publicly leak the victims."

88 comments

  1. Why not find and execute the hacker? by Anonymous Coward · · Score: -1

    Can anyone give me one reason why the authorities shouldn't find the hacker and promptly execute him?

    Yeah, didn't think so...

    1. Re:Why not find and execute the hacker? by blueshift_1 · · Score: 1

      The government will probably just hire him or her.

    2. Re:Why not find and execute the hacker? by Opportunist · · Score: 1

      Because it's usually not easy to find them, and once you do, you notice that they sit in a country that doesn't even pick up the phone when you call them to ask for them to be handed over.

      Nobody outside the "west" gives a shit about data theft.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re: Why not find and execute the hacker? by Anonymous Coward · · Score: 0

      Because they likely aren't in America moron.

    4. Re:Why not find and execute the hacker? by mi · · Score: 4, Insightful

      I can recall several reasons — all of which I've encountered here on /. over the years and they've achieved acclaim and high moderations:

      1. Information wants to be free!!
      2. The leak exposes security flaws in the organizations — and it is their CIOs, who should be executed instead. The hacker needs to be hired as the CIO of all three.
      3. The data exposes corruption and abuses at the organizations. The leaker may have broken the law, but Obama should pardon him.
      --
      In Soviet Washington the swamp drains you.
    5. Re:Why not find and execute the hacker? by Anonymous Coward · · Score: 0

      Can anyone give me one reason why the authorities shouldn't find the hacker and promptly execute him?

      Yeah, didn't think so...

      Because "Enhanced Interrogation" would be a lot more fun.

      And while we're at it, serve up some to the bean-counters at the affected organizations who likely thought that "IT doesn't matter".

    6. Re:Why not find and execute the hacker? by arth1 · · Score: 1, Insightful

      Can anyone give me one reason why the authorities shouldn't find the hacker and promptly execute him?

      Yeah, didn't think so...

      Short answer: Jurisdiction

      But can anyone give me one reason why the authorities shouldn't find the person responsible for implementing these insecure systems and promptly put them in a pillory?

    7. Re: Why not find and execute the hacker? by Anonymous Coward · · Score: 0

      That's OK, it is within striking distance of a B-2.

      Eventually people will care.

    8. Re:Why not find and execute the hacker? by Anonymous Coward · · Score: 0

      Found the hacker (well, close enough). Hellfires, away!

    9. Re:Why not find and execute the hacker? by bill_mcgonigle · · Score: 2

      But can anyone give me one reason why the authorities shouldn't find the person responsible for implementing these insecure systems and promptly put them in a pillory?

      Because he's a rich white CIO and has plenty of money and corporate power behind him to make sure he faces no consequences?

      Oh, sorry, that might have been four reasons, not one.

      Now, then, who's gonna do one damn thing about the system that perpetuates such circumstances? I'll be out back listening to the crickets.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    10. Re:Why not find and execute the hacker? by Captain+Splendid · · Score: 1

      It's telling that most of the posts advocating violence in this thread come from ACs. What's wrong boys, afraid to stand behind you rhetoric?

      --
      Linux, you magnificent bastard, I read the fucking manual!
    11. Re:Why not find and execute the hacker? by Anonymous Coward · · Score: 0

      Well, these people can barely eat or master the wheel, so I'm not crushed by their attitude.

    12. Re:Why not find and execute the hacker? by Anonymous Coward · · Score: 0

      Great. I can become a victim at any time and never even know it.

      We should find some clever way to watermark data so we know where it leaked from, but I know that problem is intractable and has no possible technical solution. Steganography might partially work. Encryption at a minimum, c'mon guys.

    13. Re: Why not find and execute the hacker? by Opportunist · · Score: 1

      You don't do that with countries that have nukes.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    14. Re:Why not find and execute the hacker? by Opportunist · · Score: 1

      Ask the content industry how well that worked out.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    15. Re: Why not find and execute the hacker? by jedidiah · · Score: 1

      You can always do it the old fashioned way.

      --
      A Pirate and a Puritan look the same on a balance sheet.
    16. Re:Why not find and execute the hacker? by fustakrakich · · Score: 1

      You forgot the best reason:

      The "hacker" was an agent used to "leak" the documents, sell them to the pharma companies, and provide plausible deniability when people start complaining about all the junk mail they're getting.

      --
      “He’s not deformed, he’s just drunk!”
    17. Re: Why not find and execute the hacker? by ArmoredDragon · · Score: 1

      Send them a strongly worded letter about how angry you are with them!

    18. Re:Why not find and execute the hacker? by Anonymous Coward · · Score: 0

      Post your email and i'll send you a signed personalized threat of intense physical violence.

    19. Re:Why not find and execute the hacker? by Kierthos · · Score: 1

      Yeah, you can pretty much bet that outside of someone completely incompetent setting up their network security (which is always a possibility), it came down to "Secure implementation costs $X. Less secure implementation costs $LESS_THAN_X." and some exec or bean-counter said "Go with $LESS_THAN_X".

      --
      Mr. Hu is not a ninja.
    20. Re:Why not find and execute the hacker? by Applehu+Akbar · · Score: 2

      Can anyone give me one reason why the authorities shouldn't find the hacker and promptly execute him?

      Yeah, didn't think so...

      Our FBI can do that only if it can be shown that the hacker annoyed Hollywood in some way. To protect yourself in the future, see your doctor and ask if there isn't some way you can work a copyrighted song lyric into your medical file.

    21. Re: Why not find and execute the hacker? by ArmoredDragon · · Score: 1

      There is a saying that only way to truly secure your server is to disconnect it from the network. However HIPAA requires EMR, so that's not an option.

      So I have to ask, why are you calling for the victim to be executed and replaced with somebody who is known for less than ethical behavior?

      This is similar to how Islamic countries give lashings to raped women for adultery and then let the rapist go scott free because it wasn't his fault that the woman's looks were tempting.

    22. Re: Why not find and execute the hacker? by Penguinisto · · Score: 1

      I think he meant kidnapping (see also the practice of 'extraditing' former Third Reich fugitives to Israel in the 1950's, 1960's, 1970's... not so much these days, mostly due to attrition).

      Could be a new and improved use of Guantanamo Bay, truth be told.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    23. Re: Why not find and execute the hacker? by Penguinisto · · Score: 1

      However HIPAA requires EMR, so that's not an option.

      Curious as to why that can't be on its own network (or at least a network of VPNs...)

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    24. Re: Why not find and execute the hacker? by mi · · Score: 1

      So I have to ask, why are you calling for the victim to be executed and replaced with somebody who is known for less than ethical behavior?

      Woooosh...

      --
      In Soviet Washington the swamp drains you.
    25. Re: Why not find and execute the hacker? by Anonymous Coward · · Score: 0

      Worked for bin laden right?

    26. Re: Why not find and execute the hacker? by ArmoredDragon · · Score: 1

      Because you inevitably have to be able to transfer those records to another health care provider (and/or the patient himself) when the patient either requests it or authorizes it, as per the law. Sure, you can keep it within a secure network, but there is basically no such thing as perfect security.

      Remember, the employees are typically the weakest link. No CIO in the world (or anybody else for that matter) can 100% guarantee the security of any system that has more than one authorized user, no matter the circumstances.

  2. Where do I sign up? by Anonymous Coward · · Score: 5, Interesting

    Where do I sign up?

    The last time I requested my medical records from my doctor I was told that they could not provide many of them (especially the expensive MRI images), and of those they could provide they would charge a high fee for duplication. I was looking at paying somewhere between $50-100. I'm fairly certain they were doing this to prevent me from moving to another practice.

    If this guy had my records I'd be happy to pay him $10 for them.

    1. Re:Where do I sign up? by Anonymous Coward · · Score: 1

      That's interesting. I had some CT's taken, I asked for the 'image data' (I work in the 'healthcare industry' & have specific knowledge of the format of this data. So besides even thinking of taking it elsewhere I was going to 'play with it' some day to make a 3D model of the area of my body they imaged just for 'shits & giggles'), I was given it on CD in 10 minutes.

      You're mileage varies I guess.

    2. Re:Where do I sign up? by Anonymous Coward · · Score: 0

      I asked if I could get a copy of my heart cath and the guy was really excited, I guess nobody ever asks. He popped a CD into one of the machines and it burned a disc complete with all the data and a program to render it as a video, pretty neat. Of course they billed my insurance some ungodly amount for the procedure so they didn't charge anything for the CD.

    3. Re:Where do I sign up? by PCM2 · · Score: 1

      I can echo the GP's experience. One doctor I went to wouldn't transfer any records of any kind to another doctor without being paid a fee, which I think was something like $75. Such practices seem self-defeating, to me, but I guess they're common enough.

      --
      Breakfast served all day!
    4. Re:Where do I sign up? by NetNed · · Score: 1

      Yeah, not sure why that got modded up. Every MRI I have taken they give you a CD without even asking.

    5. Re:Where do I sign up? by jedidiah · · Score: 1

      A lot of doctors use HIPPA as an excuse to cash in.

      --
      A Pirate and a Puritan look the same on a balance sheet.
    6. Re:Where do I sign up? by Kierthos · · Score: 1

      Once upon a time (a decade ago), there was a medical study done at/near the local university for some sort of drug trial. Maybe you got the placebo, maybe you got the drug, right? Run on a treadmill or use an exercise bike for so many minutes, they run some tests, and take some scans (including brain scans). And they were going to pay some cash, plus you got a copy of the brain scans.

      If I had met the qualifications (I was outside the age range they were looking for), I would have done it just for the brain scans.

      --
      Mr. Hu is not a ninja.
    7. Re:Where do I sign up? by Hussman32 · · Score: 1

      They charge because the law says they are allowed to, the cost per page varies from state to state. Seems ridiculous and frankly unprofessional as those records may have information that could save your life or prevent your early death.

      --
      "Who are you?" "No one of consequence." "I must know." "Get used to disappointment."
    8. Re: Where do I sign up? by ArmoredDragon · · Score: 1

      I'm pretty sure that's illegal. Under HIPAA, you as a patient have the final say in who has access to your medical records, and I'm fairly certain that it's an ethics violation for your doctor to deny you the ability to get a second opinion. In fact, if you run into a doctor that hates second opinions then you should find a new one anyways, as every good doctor is willing to accept that sometimes they're wrong and even appreciates a second opinion, and their ultimate goal is your health, not their ego.

    9. Re: Where do I sign up? by ArmoredDragon · · Score: 1

      What? As somebody with a chronic disease, I see lots of doctors and haven't had this once. If they do something like this then they're blatantly breaking the law, because HIPAA explicitly guarantees you the right to have access to your own records, in addition to you being allowed to control who else can or can't access them.

      http://www.hhs.gov/hipaa/for-p...

    10. Re:Where do I sign up? by cdrudge · · Score: 1

      Just don't ask about the photocopier.

    11. Re:Where do I sign up? by Fencepost · · Score: 1

      The cost for this is basically an administrative time charge, and is regulated by the states with a base cost, a cost per page, and I believe generally a maximum charge. You can find more information on the per-state charges here: http://www.lamblawoffice.com/medical-records-copying-charges.html

      This is an area that's kind of in flux - as practices have moved to EMRs, many of them have only scanned in key items from records - the rest is still in a manila folder either on a shelf in the office or if you haven't been seen in a while in a box at an offsite storage facility. What they're charging for when you request a full copy is to retrieve those records (whereever they may be), copy or scan them, and send that copy along to you. Depending on the chart, etc. that might well be an hour or two of staff time (occasionally more) so offices are allowed to charge but are regulated by state laws/regulations as to how much they charge.

      For practices that are fully electronic it may be simpler, but even then some EMRs don't provide a good way to dump the entire chart - you have to print/PDF all of the notes/records, then separately go in and print any attached or scanned documents one at a time.

      Finally, if you're moving to a new practice ask the staff at the new practice to request your chart from the old one - I could be wrong, but I don't practices charge each other the same way they charge patients both as a reciprocal thing and because frankly they're not set up for charging other practices.

      --
      fencepost
      just a little off
    12. Re:Where do I sign up? by budgenator · · Score: 1

      Sure you can fix that by suing the Bastard in the Court that charges $5.00 a page for copying their court transcripts; we charge $15.00 for records copy from our dental office, the Hospital charged me $150.00 when they managed my MD's office.

      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
    13. Re:Where do I sign up? by Archangel+Michael · · Score: 1

      A lot of doctors are quitting medicine, because the state has declared them to be indentured servants required to perform services for little or no pay.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    14. Re:Where do I sign up? by tlhIngan · · Score: 1

      That's interesting. I had some CT's taken, I asked for the 'image data' (I work in the 'healthcare industry' & have specific knowledge of the format of this data. So besides even thinking of taking it elsewhere I was going to 'play with it' some day to make a 3D model of the area of my body they imaged just for 'shits & giggles'), I was given it on CD in 10 minutes.

      Well, if they have the data available immediately, then making a copy for you is basically free because it's right there.

      The problems arise once the data hits your charts and gets archived. It's LESS accessible now because it's now part of your chart and since it can be fairly large, it gets put into cold storage almost instantly. And once it hits there, it takes time and effort to retrieve the data, and some cold storage providers charge to retrieve the data.

      Plus, this is for medical records, which are often scattered about - electronic, paper (those manila folders aren't going away - most practices haven't digitized those even if they use EMRs), paper stored in an offsite facility, etc.

      If you ask immediately while the data is still on the hard drive prior to archival (to your medical record) and deletion (off the local hard drive), the cost is practically zero

    15. Re: Where do I sign up? by Anonymous Coward · · Score: 0

      They are allowed under HIPPA to charge a "reasonable" fee though.

      There was one woman who, due to HIPAA, wasnt allowed to know what the procedure code was that she was being billed thousands for.

    16. Re: Where do I sign up? by ArmoredDragon · · Score: 1

      That's only true if they give the records to you, the patient. However you always have the right to have them transferred to another practitioner without charge.

    17. Re:Where do I sign up? by Anonymous Coward · · Score: 0

      A lot of doctors are quitting medicine, because the state has declared them to be indentured servants required to perform services for little or no pay.

      Do you have any sources for this? From what I can find, most doctors are quitting medicine due to other reasons such as lack of job satisfaction (doctors are viewed as the enemy, malpractice lawsuits, second guessing, etc), long hours (80 hour weeks are common in the medical profession), lack of doctor/patient bonding (doctors are viewed as replaceable cogs in the medicinal machine) and onerous requirements set by medical boards/corporations...

  3. Inefficient fragmentation! by mi · · Score: 0

    Three U.S. healthcare organizations are reportedly being held to ransom by a hacker

    Can't wait for there being a single-payer system. The job of hackers world-wide will be much easier as they wouldn't need to waste efforts coming up with different ingenious ways of hacking different organizations.

    --
    In Soviet Washington the swamp drains you.
    1. Re:Inefficient fragmentation! by Anonymous Coward · · Score: 0

      There might be an argument for a "single point of ultimate protection" instead of underspending on a hundred variants of McAffee and underspending on a hundred secretaries that dump sensitives in plaintext and plainspaces.

    2. Re:Inefficient fragmentation! by wbr1 · · Score: 1, Insightful

      Mi, you don't have to worry. Obama sold out to the HMOs and conservative and took single payer off the table first thing. That is why we have a confusing and expensive morass of shit to deal with for the ACA.

      --
      Silence is a state of mime.
    3. Re:Inefficient fragmentation! by OhPlz · · Score: 1

      It's not about the insurers, it's about many of us not wanting to be forced into a system bigger and more corrupt than the VA. If you get screwed over by single payer, you have zero recourse. So then what, we have to have private insurance along with our single payer? I'd rather just have the private insurance and be done with it.

    4. Re:Inefficient fragmentation! by jedidiah · · Score: 1

      You're an idiot. We won't get the NHS. We will get more of what we already have in terms of Medicaid and Medicare. You lot are simply too cheap.

      The NHS would collapse based on what Americans of both parties are willing to spend on public healthcare.

      --
      A Pirate and a Puritan look the same on a balance sheet.
    5. Re:Inefficient fragmentation! by fustakrakich · · Score: 1

      Hey, if it leads to single payer, let's grease that slope and tilt it up to 90 degrees. The records are being made public anyway. We may as well get some service for it.

      --
      “He’s not deformed, he’s just drunk!”
    6. Re:Inefficient fragmentation! by Anonymous Coward · · Score: 0

      NO, we have a confusing and expensive morass of shit to deal with because Obama and THE FUCKING DEMOCRATS created the ACA to generate a new dependent class (lower middle class) who now have their health care paid for by the upper middle class. This shit fest is owned 100% by the Democrats, not one Republican voted for it because Obama wouldn't make any compromises with the Republicans, he only made compromises with his fellow Democrats. If you don't like the ACA, thank the Democrats.

      If you are making less than ~$20k/year, you get your health care subsidized by other insurance payers who have a real job. My rate for my family went from $450/month to $825/month in 2 years and coverage got worse, all because I am paying for other people's care. Oh and by the way, most of the HMO's are losing money (Blue Cross lost $1.5 billion last year), which is why they are jacking up the rates, you can't put this shit fest on them. Pull your head out of your ass and educate yourself a little. The health care usage of the working poor and those with pre-existing conditions has skyrocketed. Where they used to get care from the state run free clinics with long lines, now they have access to the same expensive doctors as those who can actually afford them, so what the hell, why not go in for every hang nail and rash that shows up, its free so use it... Problem is some one always has to pay.

      The root problem with socialized medicine (which is what the ACA is, it just moved the mechanism of cost redistribution from the federal government to the HMOs) is that someone always has to pay. In the US, we have a lot of personal freedom and a huge variety of people from every culture in the world. Socialized medicine may work in a country like Denmark, where there is a largely homogeneous population with homogeneous levels of responsibility, but in the US we have enclaves of peasant cultures imported from around the world, and the only way to reform and integrate them is by exposing them to the reality that they must work hard to better themselves and pursue productivity in order to obtain many of the benefits that America offers, one of which is the best medical care in the world. They can still visit the emergency room for critical care, they will not be turned away and the free clinics take care of health issues that are serious enough to warrant the 3h wait, but if you don't apply yourself as a productive member of society, you don't get to go the doctors office whenever for that rash on your ass, because someone has to fucking pay for that, and if you take something you can't afford it is known as stealing. Right now the middle class is being robbed to the tune of about $500/month per family and rising, and it is unsustainable, which is why Trump is on the rise. The fucking Democrats screwed the pooch on the ACA, the economy, terrorisim and a long list of other issues and now we are going to get a revolution at the polls, similar to the Brexit.

    7. Re:Inefficient fragmentation! by Anonymous Coward · · Score: 0

      So what you're saying is... if you don't have a job, you don't deserve healthcare.

      Yes, those fucking Democrats, indeed.

      (Oh, by the way: emergency-room care is waaaay more expensive than a regular doctor's visit.)

    8. Re:Inefficient fragmentation! by Anonymous Coward · · Score: 0

      Uh I don't get your point. You are saying a single payer system would be worse because.... it could get hacked?

      Assuming you think the existing system is superior, do you realize IT is the one that got hacked. Not sure what your point is.

  4. As a Cigma customer i have no worries by Anonymous Coward · · Score: 0

    since i have never received any healthcare (and according to my HC plan, never will), i have no health care records.

    PS: anybody know why my arm keeps going numb?

    1. Re:As a Cigma customer i have no worries by bill_mcgonigle · · Score: 1

      PS: anybody know why my arm keeps going numb?

      Yes, and keep it down - your mom is trying to sleep.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    2. Re:As a Cigma customer i have no worries by Nidi62 · · Score: 1

      since i have never received any healthcare (and according to my HC plan, never will), i have no health care records.

      PS: anybody know why my arm keeps going numb?

      If it gets bad enough just cut it off. Luckily since it's numb you won't even need to worry about anesthetic!

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  5. My medical records by Anonymous Coward · · Score: 0

    I've broken almost every bone in my skateboarding. I wear that as a badge of honor. If more ppl. knew that, I'd get mad rep.

    1. Re:My medical records by Anonymous Coward · · Score: 0

      Still won't get you laid, though.

  6. Under the GOP systems and blacklist is needed by Joe_Dragon · · Score: -1, Troll

    Under the GOP systems and blacklist is needed to keep the very sick from being able to get an plan and we need to make it easy for them to find a way to get your info so at the time when really need they can point to this list and say that is pre-existing.

    1. Re:Under the GOP systems and blacklist is needed by jedidiah · · Score: 1

      Under the GOP system there was already a risk pool of last resort.

      Much less intrusive than trying to re-engineer the entire industry and less of a constitutional issue than forcing a consumer product on people.

      --
      A Pirate and a Puritan look the same on a balance sheet.
    2. Re:Under the GOP systems and blacklist is needed by Archangel+Michael · · Score: 1

      Under socialistic systems, everyone gets the same crappy care. See VA hospitals for example.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    3. Re:Under the GOP systems and blacklist is needed by dave420 · · Score: 1

      Or look at the countries with better healthcare outcomes than the US, for much less money. I'll wait for you to complain about how large the US is, and I'll point out that healthcare scales very well - more people to serve = more taxpayers = money to pay for their care. Then I guess I'll wait for some nebulous argument about "diverse cultures" and how the countries which pay less for comparable or better care don't have such "problems" or some other nonsense, and point out that that argument has no bearing on anything what-so-ever, it is just a convenient excuse used by people to forgive broken systems without having to admit failings of anyone.

      You are flogging a dead horse. No, wait, you are the dead horse.

    4. Re:Under the GOP systems and blacklist is needed by Archangel+Michael · · Score: 1

      FYI, they also measure outcomes differently in different countries, so that even if the statistics are correct, they are measuring entirely different datasets.

      For instance, it is often touted that infant mortality rates are lower in certain countries. While that Statistic is accurate as a statement, the two countries are measuring it differently. In the US, Premature births of all types and kinds are included, where they are not in other countries. And if you include premature birth rates, the Actual statistics flip.

      If people die of cancer waiting for treatment, and they aren't counted as "cancer patients" because they never were.

      Statistics are meaningless unless they are being used the exact same way across the board, and they are not.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    5. Re:Under the GOP systems and blacklist is needed by whoever57 · · Score: 1

      For instance, it is often touted that infant mortality rates are lower in certain countries. While that Statistic is accurate as a statement, the two countries are measuring it differently. In the US, Premature births of all types and kinds are included, where they are not in other countries. And if you include premature birth rates, the Actual statistics flip.

      Got a citation for that? Because I have one that shows you are spouting more libertarian BS:

      "The reporting differences are a minor part of the story but not an excuse for why the U.S has such a high mortality rate."

      --
      The real "Libtards" are the Libertarians!
  7. No one should care by Anonymous Coward · · Score: 0

    Insurers used to insist on getting your health records before accepting you, and now are required to accept you in spite of preexisting conditions. Keeping your health records secret isn't so important as people make it out to be. Exposing them could have social consequences, but most people blab to the world about their medical problems, so that is not much of a point.

    1. Re:No one should care by PCM2 · · Score: 2

      Say that after someone uses your name and SSN to open a property loan under your name (and default on it, naturally).

      --
      Breakfast served all day!
    2. Re:No one should care by Anonymous Coward · · Score: 0

      Fraud is fraud. SSN's are not secret.

    3. Re:No one should care by Archangel+Michael · · Score: 1

      Identification (Numbers etc) isn't secret. That's what makes them useful. It is also way too easy to prove you're someone you're not, simply by providing enough (one??) piece of identifying information. Two Factor Authentication should be more or less standard operations now. But it is inconvenient.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  8. What a loser by Anonymous Coward · · Score: 0

    I cant imagine being so worthless that this is the only way I could make money.

  9. it wuz haxx0rz! by Anonymous Coward · · Score: 0

    You keep on invoking those bogeymen, but it never helps. And you never wonder why.

  10. The information by Anonymous Coward · · Score: 1

    My medical records have my d.o.b, SSN, name, address, and everything needed to use my ID to get credit, file taxes, and get a host of legal docs and IDs.

    1. Re:The information by Archangel+Michael · · Score: 1

      Sounds more like a problem with people trusting a bunch of numbers to describe you.

      IF we put the liability on people accepting falsified information, rather than the person being cloned, the problems would disappear.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  11. Curiosity Question by jasnw · · Score: 2

    If this hack was made on systems which were accessible from the Internet, why the frack were they accessible from the Internet in the first place?? If an organization is too cheap, or too lazy, or too inept, or all-of-the-above, to put in place the serious security protections needed for an Internet-facing server, then said organization should never put sensitive data on any of their Internet-facing servers. Even if the organization is on top of things security-wise, if there is no really REALLY good reason for said data to be on an Internet-facing server, do NOT put it on one. Network Security for Dummies.

    1. Re:Curiosity Question by Anonymous Coward · · Score: 0

      Hospitals and other health organizations are notorious for having poor security practices. Lack of separate/secure networks, default passwords on medical devices, inability to upgrade vulnerable software due to FDA regs... it's pretty much a s***show and this is not going to be the last time we see this kind of data leak.

    2. Re:Curiosity Question by budgenator · · Score: 1

      If this hack was made on systems which were accessible from the Internet, why the frack were they accessible from the Internet in the first place??

      Bwahahaha, How the fuck do you think we submit claims to your insurance company for reimbursement? Sure some stuff goes out over some vendor's private protocol over the internet, but most goes through the insurer's website. I can go to Delta's, log on and if your a Delta subscriber, find you and down load all of your Explanations of Benefits for the last 5 years as PDF; the judges love when we are suing for non-payment.

      Most Healthcare workers are functionally computer illiterate, an encrypted zip will send them into fits.

      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
  12. GET USED TO IT?? by Anonymous Coward · · Score: 0

    http://circanews.com/fbi-didnt-inform-some-americans-they-were-on-isis-kill-list/

    Most any effective hacker has an inside tract to the data and a motive. In the case of the FBI it goes immediately international because of the amount of moles and lack of trust within the FBI.

    Do not for one second think American spy agencies are safeguarding the Internet to protect you. They are the predators. They even named one of their drones Predator.

    If only Microsoft and Facebook and Google had the balls like Ed Snowden to sacrifice for all. Remember Ed told us what they were doing back then, it is much more international now.

  13. Lucky you! by Anonymous Coward · · Score: 0

    I was looking at thousands to keep a complete duplicate of my medical folder dating back to birth. Worst part about it was after the last couple of years with my last medical provider I haven't trusted the medical community enough to go back for anything that doesn't involve an emergency room (and about half of those visits, including a 106F temperature would have saved time and money by just staying in bed and seeing if I died.)

    Yay for health care!

  14. See your own health record while you. An by Applehu+Akbar · · Score: 2

    Since HIPAA allows virtually everyone other than yourself to access your medical records, you might want to go to this site and buy access to your own records while the opportunity exists.

    1. Re:See your own health record while you. An by Anonymous Coward · · Score: 0

      That's true, you should see the look on Doctors faces when I ask to see my OWN Records. I'm starting to think they're hiding something.

    2. Re:See your own health record while you. An by Anonymous Coward · · Score: 0

      I suspect your using a terrible doctor/hospital. The hospital I work in everyday offers all of a patient's records to the patient as often as they want them at no cost. Just ask our medical records department and they'll run you a CD with all your images as well.

  15. Where Obama? by Anonymous Coward · · Score: 0

    Wonder if this is actually being run out the White House and money funneled through British West Indies to Obama's Kenya bank accounts.

    Hmmmm

  16. Execute by Anonymous Coward · · Score: 0

    Yes, this guy should be found and executed. We simply have to up the penalty on these sorts of crimes. He thinks he's special and he's on an ego trip right now, but really he's just scum and should be removed from the planet immediately.

    1. Re:Execute by Anonymous Coward · · Score: 0

      > Yes, this guy should be found and executed. We simply have to up the penalty on these sorts of crimes. He thinks he's special and he's on an ego trip right now, but really he's just scum and should be removed from the planet immediately.

      I see the US government is getting to you. You are not alone.

  17. Deserving healthcare by mi · · Score: 0

    if you don't have a job, you don't deserve healthcare.

    You only deserve, what you paid for. Whether you have a job or not is irrelevant.

    emergency-room care is waaaay more expensive than a regular doctor's visit

    You don't deserve free emergency room treatment either.

    --
    In Soviet Washington the swamp drains you.
    1. Re:Deserving healthcare by Anonymous Coward · · Score: 0

      You only deserve, what you paid for. Whether you have a job or not is irrelevant.

      Yes, the ability to pay for medical care has nothing to do with whether or not you are employed.

      You don't deserve free emergency room treatment either.

      Feel free to argue in favor of ending emergency-room care to indigent people, then. You'll have a hard time convincing many that this is a good idea, but at least you'll be clear as to the logical endpoint of your views.

  18. Nobody cares by Anonymous Coward · · Score: 0

    Nobody cares about 99% of people's health issues, unless you have very well known people you just have a big pile of nothing.

    They have no more blackmail potential than a gossipy nurse really, probably less. Stupid hackers took useless data and then put their names out there because they thought it had value. Admited to the crimes with not real money making potential.

    Probably make more off ONE CC skimmer than ALL those health records AND if you get busted you face infinitely less time for the CC skimmer.. STOO PID hacker should crawl back into this corner of nothing.

  19. Summary by Anonymous Coward · · Score: 0

    they are all obese and sick with cancer, diabetes, and heart disease. These kind of "troves" become less and less worth by the year in a country like the U.S.