Should Doctors Know the Top Black and White Hat Hackers?

Join Our Mailing List

Attention Medical Professionals, HIT Specialists and EHR Devotees

[By Staff Writers]

Question: What is LulzSec?

LulzSec, short for “LulzSec Security”, is a hacker group that claims responsibility for several high profile attack.

LulzSec has gotten attention since May 2011 for targeting high profile website with poor security.

Assessment

The most prolific anti-EHR / anti-EDR contributor to this ME-P is investigative reporter Darrell K. Pruitt DDS; friend or foe of HIPAA and HIT data security?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details

16 Responses

  1. Another I told you so

    “Medical ID theft: Double danger for doctors,” by Pamela Lewis Dolan was posted today on AmedNews.com.

    http://www.ama-assn.org/amednews/2012/08/06/bisa0806.htm

    “Medical identity theft is very much on the radar of Medicare and other agencies responsible for investigating identity theft. In recent years, it has become the fastest-growing type of identity theft in the world, according to reports. An estimated 2 million people become victims of identity theft each year.”

    I started questioning dental leaders about medical identity theft from EHRs in 2006. I’m still waiting for a response.

    “Physicians also face repercussions when their patients’ identities are stolen. Patients report losing trust in their physicians after a medical ID theft has occurred. There is also the potential for medical errors and bad outcomes caused by two patients using the same identity. Physicians also potentially could be subjected to violations of the Health Insurance Portability and Accountability Act [HIPAA] if they did not adequately protect the data from being stolen.”

    Sound familiar? Why does it seem less unprofessional for an AMA reporter than for a dentist to say such bad things about EHRs?

    While the AMA and the nation’s physicians have been working hard to protect practices and patients from the devastating consequences of identity theft, the expression of such concerns in dentistry continues to be censored as “unprofessional behavior.” What’s more, if an ADA member persists in questioning the safety of EDRs beyond the approved chain of dissent, the unprofessional behavior can be upgraded to “unethical behavior,” which includes the loss of membership and forfeiture of any dues refund for the unused portion of the year.

    I say risk some dues money, Doc. Be like a physician and demand more transparency concerning EHR dangers. You don’t want to find out the hard way that I’ve been consistently straight with you for years.

    D. Kellus Pruitt DDS

    Like

  2. Hackers’ ransom

    Hackers’ ransom – another important I told you so from years ago

    “Hackers Encrypt Health Records and Hold Data for Ransom” was posted today on BloombergBusinessWeek.com by Jordan Robertson.

    http://www.businessweek.com/news/2012-08-10/hackers-encrypt-health-records-and-hold-data-for-ransom

    Today, Robertson revealed a growing liability for HIPAA-covered entities – extortion by hacker: “Unlike many other data breaches, the hackers made no attempt to keep their presence a secret. In fact, they all but fired a flare to announce the break-in, taking the extreme step of encrypting their illicit haul and posting a digital ransom note demanding payment for the password.”

    Almost four years ago, my reaction to this budding crime wave was, “Dentists must lose this danger or lose their computers.” (See “Extortion – The newest argument for de-identification,” Pruitt’s Platform, November 22, 2008).

    http://community.pennwelldentalgroup.com/forum/topics/extortion-the-newest-argument

    If one is counting, this is my third unpopular I told you so this week – even as dental leaders we depend on for representation continue to affect a stoic, professional image by remaining above such concerns of common dentists. Am I right or what?

    D. Kellus Pruitt DDS

    Like

  3. EHR hackers encrypt files, demand ransom

    Few data breaches are as malicious or as in-your-face as a recent attack on Surgeons of Lake County, a small practice in Libertyville, Ill. Hackers gained access to a server that stored emails and electronic medical records.

    http://www.fierceemr.com/story/ehr-hackers-encrypt-files-demand-ransom/2012-08-13

    They encrypted and password-protected the files and then posted a ransom note on the server demanding payment in exchange for the password to unlock the files.

    Ann Miller RN MHA

    Like

  4. Do you believe me yet, Doc?

    Is there anyone out there who still thinks the security of one’s medical identity is no more important than credit card numbers?

    Recently, ABC reporter Jim Avila posted a hard-hitting expose’ titled “Your Medical Records May Not Be Private: ABC News Investigation.” (It’s nothing new).

    http://abcnews.go.com/Health/medical-records-private-abc-news-investigation/story?id=17228986

    Avila maintains that healthcare organizations are failing to restrict access of patients’ medical records to only those who need the information to perform their duties. Thieves have discovered that the rampant carelessness in the healthcare industry is helping to create a growing source of stolen medical identities: “In fact, an ABC News investigation found that often medical information is so unprotected, millions of records can be bought online. Because so many people have access, the entire system is vulnerable to theft, experts told ABC News.” Avila continues: “Thieves might approach medical staff and offer upward of $500 per week for providing 20 to 25 insurance claim forms, medical records or health financing records, Porter said. Those documents fall under HIPAA security rules and are considered protected health information.”

    I first warned about medical identity theft over 6 years ago. (See: “Careful with that electronic health record, Mr. Leavitt,” WTN News, October 18, 2006).

    http://wtnnews.com/articles/3407/

    For years, my criticism of electronic dental records has been routinely censored by EDR stakeholders for selfish reasons without explanation or recourse – including some of the most popular dental practice consultants in the nation. I’m not complaining, but it sure seems to me that holding the HIT industry accountable for selling dangerous products to providers has suddenly become the hottest thing in investigative journalism. I guess my spot-on criticism in 2006 was just way too early to be credible.

    D. Kellus Pruitt DDS

    Like

  5. Mobile malware a major cybersecurity threat

    In the coming year, McAfee Labs expects that threats to mobile devices will become even more of a focus of cybercriminals, the influence of a major “hacktivist” group will decline, and large-scale attacks that attempt to destroy infrastructure will increase.

    http://www.physbiztech.com/news/mobile-malware-major-cybersecurity-threat-2013?email=MARCINKOADVISORS@MSN.COM&GroupID=90115

    What about eHRS?

    Simone

    Like

  6. ME-P READERS – Don’t open that bikini screensaver email!

    Not even the Italian one.

    http://www.nbcnews.com/technology/technolog/dont-open-bikini-screensaver-email-not-even-italian-one-1B7812868

    A harmful Trojan horse is invading inboxes via a holiday greeting that claims to contain photographs of women in sexy swimwear. So, be Safe.

    Dr. David Edward Marcinko MBA via NBCNews.com
    http://www.CertifiedMedicalPlanner.org

    Like

  7. A government warning

    Homeland Security urges computer users to disable Java.

    http://news.msn.com/science-technology/homeland-security-urges-computer-users-to-disable-java?ocid=ansnews11

    Why? Hackers have learned to exploit the Oracle software to commit crimes ranging from identity theft to making an infected computer part of a network that can be used to attack websites.

    Kevin

    Like

  8. The FED Hacked?

    The Federal Reserve just reported that one of its internal websites had been briefly breached by hackers, though no critical functions of the central bank were affected by the intrusion.

    http://www.nbcnews.com/technology/technolog/fed-says-internal-site-breached-hackers-no-critical-functions-affected-1B8263618?ocid=msnhp&pos=5

    Neal

    Like

  9. Beware “Black Shades”

    Feds charge alleged Blackshades hackers.

    http://www.usatoday.com/story/money/business/2014/05/19/blackshades-charges-sdny/9278721/

    After installing on an unsuspecting victim’s computer, an attacker could “access and view documents, photographs and other files … record all of the keystrokes entered … steal the passwords to the victim’s online accounts and even activate the victim’s Web camera to spy on the victim.”

    Related: http://www.nbcnews.com/tech/security/why-u-s-going-after-chinese-hackers-jobs-n109081

    Xavier

    Like

  10. There is no security … not yet!

    You in the mood for a scary story? Justin Shafer brought this article to my attention today:

    Why HTTPS and SSL are not as secure as you think,” by Scott Ogrin for Scott.net, March 12, 2014.

    http://www.sott.net/article/275524-Why-HTTPS-and-SSL-are-not-as-secure-as-you-think

    Excerpt:

    “You want to go to https://www.gmail.com. But some ‘hackers’ have used another type of hack to insert their server between you and Gmail. Normally, this would not be possible, because you’re using HTTPS! You’re SAFE!

    WRONG!

    As far as anyone knows, you are connected to gmail.com over HTTPS. But in reality, what’s happening is this:

    – You try to connect to https://www.gmail.com

    – The attacker diverts your request (perhaps using DNS cache poisoning or some other such attack) to a fake server

    – Since Attacker’s Server contains a falsely generated, perfectly valid SSL Web Site Certificate using the tricks outlined above, your browser doesn’t know any better. Everything appears to be legit.

    -You begin doing e-mail, but all your data is actually going encrypted to Attacker’s Server, being decrypted and recorded/modified, and then Attacker’s Server then passes the data on to the real https://www.gmail.com (using Gmail’s actual, valid SSL cert).

    – You have absolutely no clue that your ‘secure’ communications are not secure in the least!”

    Ogrin writes: “I have said it before, and I’ll say it again: There never was security or privacy on the internet, there is no security or privacy on the internet now, and most likely there never will be. Not unless some very big changes are made… ”

    DK Pruitt DDS

    Like

  11. Hackers can tap USB devices in new attacks?

    Hackers can tap USB devices in new attacks, researcher warns
    USB devices such as mice, keyboards and thumb-drives can be used to hack into personal computers in a potential new class of attacks that evade all known security protections, a top computer researcher revealed on Thursday.

    http://money.msn.com/business-news/article.aspx?feed=OBR&date=20140731&id=17821156

    Beware the thumb-drive hacker!

    Ben

    Like

  12. Justin Shafer discovered yet another security weakness in Dentrix’s electronic dental record system.

    “Found a Dentrix G5 server to hack over the internet! – Only took me 15 minutes to find it.. Makes you wonder! I alerted US-CERT and Dentrix and the FTC. Gotta have a proper mtclient.dll, but it works! This server is on Windows 2012. (port 3389 is also open). Dentrix uses 2 ports that are not well-known, so it is easy to find with nmap. One being 5712.”

    By Justin Shafer
    [My Dental Blog]
    October 30, 2014.
    http://justinshafer.blogspot.com/

    Evidently Henry Schein is chronically careless.

    Think about it. Dentrix is the most popular dental software on the market, serving tens of thousands of dentists and millions of patients. On behalf of vulnerable, otherwise uninformed Americans, I think someone in the dental industry owes Shafer a huge thank you. What do you think?

    D. Kellus Pruitt DDS

    Like

  13. “Cybercriminals start using Flash zero-day exploit leaked from Hacking Team breach”

    http://www.pcworld.com/article/2945472/cybercriminals-start-using-flash-zeroday-exploit-leaked-from-hacking-team.html

    This is an important article. Adobe has been hacked. It is recommended to enable “Click to play” on one’s computer to prevent the intrusion of malware. (It’s not a bad idea anyway. It will not only protect your computer, but it could speed it up as well).

    http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/

    Adobe is expected to deliver a patch later today.

    D. Kellus Pruitt DDS

    Like

  14. Healthcare Organizations Are Top Targets for Hackers

    1. 68 percent of the healthcare organizations analyzed have compromised email credentials
    2. Nearly 80 percent of the positive data set includes actionable password information
    3. An estimated 7,500 individual incidents occurred across the study where healthcare companies had email credentials compromised due to phishing or key logging attacks
    4. 23% of the passwords stolen were available for sale or trade on the Dark Web as unencrypted, clearly visible text

    Source: Evolve IP

    Like

  15. Remember TheDarkOverlord?
    [They are now extorting public school districts]

    It is widely known that one of TDO’s favorite targets are electronic dental records. In fact, some in the FBI have suspected that Justin Shafer – and by association, me – are part of the TDO. When two special agents interviewed me for an hour in a surprise visit to my office a few months ago, their questions – including the one about being paid in gift cards for helping TDO – clearly suggests to me that there is no case against Justin.

    Nor was there any reason for the FBI to raid his home three times. No charges have yet been filed against Justin, and so far, my home has not been raided. Justin and his family suffered a federal blunder, and TDO’s extortion continues unabated while FBI agents waste time and money.

    http://www.nbcmontana.com/news/kcfw/parents-react-to-cyber-hackers-ransom-letter-to-school-officials/622619694

    Kellus Pruitt DDS

    Like

  16. Healthcare orgs in California, Arizona send out breach letters for nearly 150,000 after SSNs accessed during ransomware attacks

    https://www.msn.com/en-us/health/wellness/healthcare-orgs-in-california-arizona-send-out-breach-letters-for-nearly-150000-after-ssns-accessed-during-ransomware-attacks/ar-AAOiAjM?li=BBnb7Kz

    Shelly

    Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: