CBC reporters have verified health record files provided by hackers who say they acquired them by breaking into the computers of CarePartners, a company that contracts with the Ontario government.
The records date back to 2010, and include detailed health information, tax forms, credit-card numbers, and biographical information. The hackers claim to have "tens of thousands" of these records (the CBC has seen 80,000 records; Carepartners says it may be as many as 237,000 records). They say that they informed CarePartners about the defects in its security and provided detailed instructions for fixing them, and that they expect to get paid for this service.
The attackers told CBC News in an encrypted message that they discovered vulnerable software on CarePartners' network that had not been updated in two years "by chance," and were able to exploit those vulnerabilities and weak passwords to remove hundreds of gigabytes "completely unnoticed."
"This data breach affects hundreds of thousands of Canadians and was completely avoidable," the group told CBC News. "None of the data we have was encrypted."
While Ontario's privacy commissioner requires that personal health information be encrypted when stored on mobile devices, there is presently no similar requirement for desktop computers or servers.
Thousands of patient records held for ransom in Ontario home care data breach, attackers claim [Matthew Braga, Lori Ward and Andrew Culbert/CBC]
(Image: Bill Ward, CC-BY)
"The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies"
Hackers working for China's government targeted firms working on coronavirus vaccines, and stole hundreds of millions of dollars worth of intellectual property and trade secrets, claims the Justice Department in a statement Tuesday announcing criminal charges.
This is quite a major hack. Now is a good time to change your Twitter password, if you are a user. Hackers pumping a cryptocurrency giveaway scam appear to have compromised the Twitter accounts of leading exchanges, prominent individuals, major corporations, and at least one news organization.
After a successful round of funding on Kickstarter, Fluster: The Social Card Game is now ready to help turn a party or game night into the engaging, surprising, and enlightening social affair you always hoped it would be. A deck of 100 cards, Fluster is chock full of unusual, funny, and thought-provoking questions inspired to […]
Physics may have been that class you sleepwalked your way through in high school. But while it might have just slipped under your radar throughout your academic career, you probably shouldn't have given it such shallow attention. Sure, we could focus on the immediate pluses of a career as a physicist, like the more than […]
If you're out of work…well, first, you have our sympathies. Right now, about 31 million Americans are drawing some form of unemployment benefits, which makes competition for virtually any job savagely fierce. But since nobody wants to wallow in the miseries of unemployment, the only legitimate course left open is to scrap like crazy to […]