Slashdot Mirror

← Back to Stories (view on slashdot.org)

Thousands of Patient Records Held for Ransom in Ontario Home Care Data Breach, Attackers Claim (www.cbc.ca)

Posted by msmash on from the security-woes dept.

CBC reports: The detailed medical histories and contact information of possibly tens of thousands of home-care patients in Ontario are allegedly being held for ransom by thieves who recently raided the computer systems of a health-care provider. CarePartners, which provides home medical care services on behalf of the Ontario government, announced last month that it had been breached. It said only that personal health and financial information of patients had been "inappropriately accessed," and did not elaborate further. However, a group claiming responsibility for the breach recently contacted CBC News and provided a sample of the data it claims to have accessed, shedding new light on the extent of the breach. The sample includes thousands of patient medical records with phone numbers and addresses, dates of birth, and health card numbers, as well as detailed medical histories including past conditions, diagnoses, surgical procedures, care plans and medications for patients across the province.

5 of 33 comments (clear)

  1. Once again . . . by hduff · · Score: 3, Insightful

    Once again, a company that is supposed to protect sensitive personal information fails to provide available security measures and exposes sensitive personal information to a host of bad actors. This kind of neglect usually is not at the IT level, but all the way at the top.

    --
    "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
    1. Re:Once again . . . by ole_timer · · Score: 2

      from the story: "...Under Ontario's Personal Health Information Protection Act, health-care providers are required to "take precautions to safeguard against theft, loss, as well as unauthorized collection, use, disclosure, copying, modification or disposal of your personal health information" and ensure that health records are retained securely. Violations of the act can lead to prosecution. If found guilty, companies can be fined up to $500,000, while individuals may be fined up to $100,000..."

      --
      nothing to see here - move along
    2. Re:Once again . . . by nuckfuts · · Score: 3, Insightful

      Yes, protecting sensitive data is an important corporate responsibility, but you seem to be placing 100% of the blame on the victim.

      Having worked as a System Administrator, I can tell you it's not easy to make anything completely secure. There are zero-day exploits. There are hackers who reverse engineer the latest security patches before you arrive at work and have a chance to evaluate & install them. There are extremely talented individuals who work relentlessly, day and night, to find new ways to circumvent your defenses.

      So when, inevitably, someone's security is breached, save a bit of your condemnation for the person(s) committing the crime. There are people holding companies for ransom with no regard for the amount of damage they create. This is what's truly reprehensible.

  2. Re:Not as critical in Canada vs US by snapsnap · · Score: 2

    That's not true at all. From: https://www.healthcare.gov/coverage/pre-existing-conditions/ "No insurance plan can reject you, charge you more, or refuse to pay for essential health benefits for any condition you had before your coverage started." It's one of the reasons health insurance is so expensive since you can just wait until you need it.

  3. Re:Not as critical in Canada vs US by sjames · · Score: 2

    That's actually why the ACA had a penalty for not being insured. Trump and the GOP did away with that hoping to make it all blow up since they couldn't manage to repeal it properly after trying 85 times.

    In turn, the penalty was a problem because too many red states did their best to make it hard to get coverage.