CBC reporters have verified health record files provided by hackers who say they acquired them by breaking into the computers of CarePartners, a company that contracts with the Ontario government.
The records date back to 2010, and include detailed health information, tax forms, credit-card numbers, and biographical information. The hackers claim to have "tens of thousands" of these records (the CBC has seen 80,000 records; Carepartners says it may be as many as 237,000 records). They say that they informed CarePartners about the defects in its security and provided detailed instructions for fixing them, and that they expect to get paid for this service.
The attackers told CBC News in an encrypted message that they discovered vulnerable software on CarePartners' network that had not been updated in two years "by chance," and were able to exploit those vulnerabilities and weak passwords to remove hundreds of gigabytes "completely unnoticed."
"This data breach affects hundreds of thousands of Canadians and was completely avoidable," the group told CBC News. "None of the data we have was encrypted."
While Ontario's privacy commissioner requires that personal health information be encrypted when stored on mobile devices, there is presently no similar requirement for desktop computers or servers.
Thousands of patient records held for ransom in Ontario home care data breach, attackers claim [Matthew Braga, Lori Ward and Andrew Culbert/CBC]
(Image: Bill Ward, CC-BY)
Berlin-based security researcher Sébastien Kaul discovered that Voxox (formerly Telcentris) -- a giant, San Diego-based SMS gateway company -- had left millions of SMSes exposed on an Amazon cloud server, with an easily queried search front end that would allow attackers to watch as SMSes with one-time login codes streamed through the service.
Researchers at NYU and U Michigan have published a paper explaining how they used a pair of machine-learning systems to develop a "universal fingerprint" that can fool the lowest-security fingerprint sensors 76% of the time (it is less effective against higher-security sensors).
A year ago, the Norwegian Consumer Council commissioned a study into kids' smart watches, finding that they were incredibly negligent when it came to security and incredible greedy when it came to surveillance: a deadly combination that meant that these devices were sucking up tons of sensitive data on kids' lives and then leaving it […]
Got a gadget-minded geek on your holiday list this year? Don’t wait for Black Friday. The prices are already dropping on some quality tech toys, and we’ve got a roundup of some of our favorites. Force Flyers DIY Building Block Drone MSRP: $49.99 | Normally: $42.99 | Price Drop: $39.99 (20% Off) Compatible with everybody’s […]
Ever wondered what it takes to make the transition from amateur photography to a full career? If you answered “a better camera,” you’re half right. Before you get the equipment, get the know-how to use it with the Hollywood Art Institute Photography Course & Certification. Taught by experienced pros, this course is geared towards shutterbugs […]
Anyone can learn piano, but don’t tell that to the bored kids who had to endure hours of “Chopsticks” and similar drills in their music lessons. Today, there’s a better way. Pianoforall lets you jump right in to discover what makes music fun, leaving you eager to learn more. In a simple but innovative approach, […]