This is something that you don’t see everyday. CarePartners which is a health care company that provides home medical care services on behalf of the Ontario government have been pwned by hackers. According to the company, the hackers only got access to a small amount of data.
Now I do admit that companies get pwned by hackers all the time sadly. But what’s unusual about this situation is that the hackers are speaking out:
However, a group claiming responsibility for the breach recently contacted CBC News and provided a sample of the data it claims to have accessed, shedding new light on the extent of the breach.
The sample includes thousands of patient medical records with phone numbers and addresses, dates of birth, and health card numbers, as well as detailed medical histories including past conditions, diagnoses, surgical procedures, care plans and medications for patients across the province.
Another document appears to contain more than 140 active patient credit card numbers and expiry dates, many with security codes.
The attackers claimed the sample was a subset of hundreds of thousands of patient records and related materials in their possession dating back to 2010.
“We requested compensation in exchange for telling them how to fix their security issues and for us to not leak data online,” they told CBC News.
CarePartners did not answer questions about the ransom, and it is not clear if or when the data will be posted online.
For the record, CBC was able to verify that the data they got was on the level. Which isn’t good if you’re CarePartners. Then there’s the fact that the company says that they take protecting data seriously. But the hackers say something entirely different.
The attackers told CBC News in an encrypted message that they discovered vulnerable software on CarePartners’ network that had not been updated in two years “by chance,” and were able to exploit those vulnerabilities and weak passwords to remove hundreds of gigabytes “completely unnoticed.”
#Fail. Clearly CarePartners don’t take the security of data seriously based on that.
Now I get why CarePartners might want to minimize the extent of this. But it’s not a workable strategy long term because in Canada there’s strong privacy laws and this sort of thing does get investigated by Canada’s Privacy Commissioner. So the truth will come out eventually and CarePartners will get smacked pretty hard. Thus if I were them, I would just come clean now and work with everyone from the Privacy Commissioner to law enforcement and security firms to address this.
Like this:
Like Loading...
Related
This entry was posted on July 17, 2018 at 9:28 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Health Care Company CarePartners Pwned By Hackers…. And The Hackers Are Speaking Out
This is something that you don’t see everyday. CarePartners which is a health care company that provides home medical care services on behalf of the Ontario government have been pwned by hackers. According to the company, the hackers only got access to a small amount of data.
Now I do admit that companies get pwned by hackers all the time sadly. But what’s unusual about this situation is that the hackers are speaking out:
However, a group claiming responsibility for the breach recently contacted CBC News and provided a sample of the data it claims to have accessed, shedding new light on the extent of the breach.
The sample includes thousands of patient medical records with phone numbers and addresses, dates of birth, and health card numbers, as well as detailed medical histories including past conditions, diagnoses, surgical procedures, care plans and medications for patients across the province.
Another document appears to contain more than 140 active patient credit card numbers and expiry dates, many with security codes.
The attackers claimed the sample was a subset of hundreds of thousands of patient records and related materials in their possession dating back to 2010.
“We requested compensation in exchange for telling them how to fix their security issues and for us to not leak data online,” they told CBC News.
CarePartners did not answer questions about the ransom, and it is not clear if or when the data will be posted online.
For the record, CBC was able to verify that the data they got was on the level. Which isn’t good if you’re CarePartners. Then there’s the fact that the company says that they take protecting data seriously. But the hackers say something entirely different.
The attackers told CBC News in an encrypted message that they discovered vulnerable software on CarePartners’ network that had not been updated in two years “by chance,” and were able to exploit those vulnerabilities and weak passwords to remove hundreds of gigabytes “completely unnoticed.”
#Fail. Clearly CarePartners don’t take the security of data seriously based on that.
Now I get why CarePartners might want to minimize the extent of this. But it’s not a workable strategy long term because in Canada there’s strong privacy laws and this sort of thing does get investigated by Canada’s Privacy Commissioner. So the truth will come out eventually and CarePartners will get smacked pretty hard. Thus if I were them, I would just come clean now and work with everyone from the Privacy Commissioner to law enforcement and security firms to address this.
Share this:
Like this:
Related
This entry was posted on July 17, 2018 at 9:28 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.