http://paloaltoonline.com/square/print/index.php?i=3&d=&t=18235


Town Square

Hacker holds dental office database for ransom

Original post made on Jun 14, 2012

A Palo Alto dentist's database was hacked and an unknown individual held its contents for $3,000 ransom, police said.

Read the full story here Web Link posted Thursday, June 14, 2012, 2:46 PM

Comments

Posted by Backup-Your-Data-Frequently, a resident of Another Palo Alto neighborhood
on Jun 14, 2012 at 3:05 pm

> such attacks originate outside the United States.

So .. what was the domain name of the email address? "What is" is a service that lets people see who the owner of a given domain might be. This information includes the domain name owner, and the owner's contact information. Of course, if this is an anonymous email site, the owner's name could be fraudulent. People generally have to pay for registering an Internet domain, so there is probably some EFT data that might also link back to the domain's owner.

> The dentist's office contacted an IT service provider
> to try to recover and reconstruct the data.

It sounds like the Dentist might not have been backing up his data. This becomes a problem for his patients, since it's their data that has been compromised. People should become more aware of their doctor's handling of their personal data. The article says that no personal information was taken. This might be hard to know, depending on the kind of server being used by the Dentist. We are long past time that the government needs to start demanding that all personal information be encrypted and that all Internet access be logged.

It could never hurt to demand that doctors provide your medical records on disc, or flash-drive. Most doctors probably would not be happy about complying with such requests, but if they can't protect your data—then you should be keeping a duplicate copy.


Posted by Anon., a resident of Crescent Park
on Jun 14, 2012 at 10:21 pm

In the same way that some police go crazy when they get a little power, people seem to not think about the tech people in charge of their data, and the systems they depend on.

As an IT person myself it is hard for me to underestimate the moral integrity of many of the people I see in this industry. I know of very smart experts in computer systems that routinely leave holes, bombs and backdoors in companies they work for, not to mention designing systems that fail and demand expensive maintainence on a regular basis, and the people who hire them seem to have no idea.

This century will be a lot about average people getting up to speed on the systems and languages that we all use. When I think about the TCP/IP protocols being so full of holes and the internet being so easily hacked and manipulated and so hard to find technically and then politically to prosecute I wonder why it is that we do not have a new system that is safer and more private.

I don't think peolpe want a better system because the one we have generates so much money - in security and maintenance, and that seems more important that actually getting anything done in a safe and professional manner.


Posted by Outside Observer, a resident of another community
on Jun 14, 2012 at 11:18 pm

Anon has a good take on this, but let me take it one step further.

Much of the problem is in the monopoly of Mircosoft and the defective consumer products they produce.

The "anti-virus" software industry is a money maker indeed, but it is an illegitimate industry that attempt to protect people from the inherent flaws in Microsoft products. Were this any other industry, the government would break the monopoly, and jail the owners. If you doubt that, just consider what would happen if your car were as safe and reliable as Microsoft products.

If history judges anything about our current computer technology, it will judge that the Microsoft monopoly made the most defective consumer products ever.


Posted by Vikas Bhatia, a resident of another community
on Sep 14, 2012 at 1:34 pm

Information or cyber security starts with an acknowledgement by the business acknowledging that they have sensitive data and then going about a set of processes that go beyond the remit of "IT".

Often non-technical people rely on "IT" to be responsible for their adherence to regulation and industry best practices. This is similar to obtaining car insurance from a mechanic.

With interconnected networks, mobile devices and the "it wont happen to me" mentality these types of attacks are becoming more common, particularly given the lack of controls. A firewall will NOT fix the problem, or stop the regulators from distributing fines in the event of a breach.

A documented security policy, education and technical controls can be used to reduce, not eliminate, cyber risks.