Do we need the Hulkster Running Wild against Hacking? It’s so heartwarming to see the mainstream press catch up to what your Editors have been whinging on for the past few years: that healthcare data is the Emperor With No Clothes. Here we have Reuters and the New York Times with a case of the vapors, seeking a fainting couch. Reuters dubs 2015 ‘The year of the healthcare hack’. The FBI is investigating the AnthemHealth breach, while their counterparts UnitedHealth, Cigna and Aetna are in full, breathless damage control mode. The Times at least delves into the possibility that it was at least partially instigated by China and the People’s Liberation Army (PLA) unit that trolls for intellectual property.
Our Readers, savvy to your Editors’ warnings since at least 2010, were aware that the drumbeat accelerated this past summer. (more…)
US health insurance giant AnthemHealth, which had a data breach of reportedly up to 80 million beneficiaries [TTA 6 Feb], was an inadvertent ‘inside job’. The Associated Press reported that the credentials of at least five employees were used to access information, at least one of whom was an administrator who viewed his credentials being used to query the data warehouse. It’s easier than you think to get them. In an analysis published by security firm Tripwire and also in MIT Technology Review, the writer Ken Westin outlines how easy it is to find that the Anthem warehouse is TeraData, and to match up employees engaged with it, through using public employee profiles on places like LinkedIn and job postings. Then it’s deductive to find exact email addresses (find the pattern–lead generation companies building business contact lists do this all the time) and send these key employees phishing emails (more…)
AnthemHealth didn’t encrypt, Blueprint Health collects, HealthSpot funds again, Sense4Baby goes to Europe, Apple Health pilots in hospitals and buddi gets bigger still.
Another hack attack claimed major US health insurer AnthemHealth, the former WellPoint. It’s estimated that 80 million of its customers, former customers and employees had data breached: names, addresses, dates of birth, emails, employment information, income, medical IDs and SSIs. The Wall Street Journal reports that Anthem didn’t encrypt data for analytics reasons. It’s unconfirmed where the hackers originated but Bloomberg’s latest report tags the usual Chinese state-sponsored suspects. Unusually, it was reported within days of discovery; Anthem has called in Mandiant (FireEye) to beef up its cybersecurity. Other reports: WSJ, Modern Healthcare….The Blueprint Health accelerator has a new initiative, the Collective. It is designed to pair up major healthcare providers and payers with startups and early stage companies. So far signed up are Aetna, AstraZeneca, HP, Montefiore, North Shore LIJ, New York-Presbyterian, Samsung, EmblemHealth, Philips and Razorfish Healthware. More information here….The HealthSpot Station telehealth/telemedicine kiosk is readying a $11.6 million funding round from four investors soon, based on (more…)