Friday’s cyberattack is a shot-over-bow for healthcare (updated)

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2015/03/26ED4A2300000578-3011302-_Computers_are_going_to_take_over_from_humans_no_question_he_add-a-28_1427302222202.jpg” thumb_width=”150″ /]Friday’s multiple distributed denial-of-service (DDoS) attacks on Dyn, the domain name system provider for hundreds of major websites, also hit close to home. Both Athenahealth and Allscripts went down briefly during the attack period. Athenahealth reported that only their patient-facing website was affected, not their EHRs, according to Modern Healthcare. However, a security expert from CynergisTek, CEO Mac McMillan, said that Athenahealth EHRs were affected, albeit only a few–all small hospitals.

A researcher/spokesman from Dyn had hours before the attack presented a talk on DDoS attacks at a meeting of the North American Network Operators Group (NANOG)

The culprit is a bit of malware called Mirai that targets IoT–Internet of Things–devices. It also took down the (Brian)KrebsOnSecurity.com blog which had been working with Dyn on information around DDoS attacks and some of those promoting ‘cures’. According to Krebs, the malware first looks through millions of poorly secured internet-connected devices (those innocent looking DVRs, smart home devices and even security devices that look out on your front door) and servers, then pounces via using botnets to convert a huge number of them to send tsunamis of traffic to the target to crash it. According to the Krebs website, it’s also entwined with extortion–read, ransomware demands. (Click ‘read more’ for additional analysis on the attack)

Here we have another warning for healthcare, if ransomware wasn’t enough. According to MH, “even for those hospitals with so-called “legacy” EHRs that run on the hospital’s own computers, an average of about 30 percent of their information technology infrastructure is hosted (more…)

The drip of data breaches now a flood: 4.5 million records hacked–update

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2014/08/keep-calm-and-encrypt-your-data-5.png” thumb_width=”150″ /]Breaking News–updated at end  Earlier this year [TTA 23 Apr] this Editor commented on the fourth annual update from the Ponemon Institute plus a qualitative study from IS Solutions that contained mostly unwelcome news for healthcare IT departments in the US. Ponemon’s new estimate of data breaches’ cost per year: $5.6 billion. While making some progress in the existential threat that data breaches present to institutional and personal security, both reports also outlined the disconnect between HIT professionals busy dealing with and sealing off the mice of internal causes versus the looming, huge menace of the external criminal threat. We now know that Godzilla has arrived and he’s stomping ‘n’ chomping. Community Health Systems of Franklin, Tennessee claimed today as part of a SEC regulatory filing that hackers originating in China breached sensitive information in 4.5 million patient records accumulated over five years during April and June using cyberattacks and sophisticated malware.  (more…)