US Healthcare Records Offered For Sale Online

An anonymous reader writes:Three U.S. healthcare organisations are reportedly being held to ransom by a hacker who stole data on hundreds of thousands of patients. The hacker has also put the 650,000 records up for sale on dark web markets where stolen data is traded. Prices for the different databases range from $100,000 to $411,000. Buyers have already been found for some of the stolen data, the hacker behind the theft told news site Motherboard. No information about the size of the ransom payment sought by the data thief has emerged, although he did say it was "a modest amount compared to the damage that will be caused to the organisations when I decide to publicly leak the victims."

Where do I sign up?

Where do I sign up?

The last time I requested my medical records from my doctor I was told that they could not provide many of them (especially the expensive MRI images), and of those they could provide they would charge a high fee for duplication. I was looking at paying somewhere between $50-100. I'm fairly certain they were doing this to prevent me from moving to another practice.

If this guy had my records I'd be happy to pay him $10 for them.

Re:Why not find and execute the hacker?

[mi]

I can recall several reasons — all of which I've encountered here on /. over the years and they've achieved acclaim and high moderations:

1. Information wants to be free!!
2. The leak exposes security flaws in the organizations — and it is their CIOs, who should be executed instead. The hacker needs to be hired as the CIO of all three.
3. The data exposes corruption and abuses at the organizations. The leaker may have broken the law, but Obama should pardon him.

Re:Why not find and execute the hacker?

[bill_mcgonigle]

But can anyone give me one reason why the authorities shouldn't find the person responsible for implementing these insecure systems and promptly put them in a pillory?

Because he's a rich white CIO and has plenty of money and corporate power behind him to make sure he faces no consequences?

Oh, sorry, that might have been four reasons, not one.

Now, then, who's gonna do one damn thing about the system that perpetuates such circumstances? I'll be out back listening to the crickets.

Re:No one should care

[PCM2]

Say that after someone uses your name and SSN to open a property loan under your name (and default on it, naturally).

Curiosity Question

[jasnw]

If this hack was made on systems which were accessible from the Internet, why the frack were they accessible from the Internet in the first place?? If an organization is too cheap, or too lazy, or too inept, or all-of-the-above, to put in place the serious security protections needed for an Internet-facing server, then said organization should never put sensitive data on any of their Internet-facing servers. Even if the organization is on top of things security-wise, if there is no really REALLY good reason for said data to be on an Internet-facing server, do NOT put it on one. Network Security for Dummies.

See your own health record while you. An

[Applehu+Akbar]

Since HIPAA allows virtually everyone other than yourself to access your medical records, you might want to go to this site and buy access to your own records while the opportunity exists.

Re:Why not find and execute the hacker?

[Applehu+Akbar]

Can anyone give me one reason why the authorities shouldn't find the hacker and promptly execute him?

Yeah, didn't think so...

Our FBI can do that only if it can be shown that the hacker annoyed Hollywood in some way. To protect yourself in the future, see your doctor and ask if there isn't some way you can work a copyrighted song lyric into your medical file.