CBC reporters have verified health record files provided by hackers who say they acquired them by breaking into the computers of CarePartners, a company that contracts with the Ontario government.
The records date back to 2010, and include detailed health information, tax forms, credit-card numbers, and biographical information. The hackers claim to have "tens of thousands" of these records (the CBC has seen 80,000 records; Carepartners says it may be as many as 237,000 records). They say that they informed CarePartners about the defects in its security and provided detailed instructions for fixing them, and that they expect to get paid for this service.
The attackers told CBC News in an encrypted message that they discovered vulnerable software on CarePartners' network that had not been updated in two years "by chance," and were able to exploit those vulnerabilities and weak passwords to remove hundreds of gigabytes "completely unnoticed."
"This data breach affects hundreds of thousands of Canadians and was completely avoidable," the group told CBC News. "None of the data we have was encrypted."
While Ontario's privacy commissioner requires that personal health information be encrypted when stored on mobile devices, there is presently no similar requirement for desktop computers or servers.
Thousands of patient records held for ransom in Ontario home care data breach, attackers claim [Matthew Braga, Lori Ward and Andrew Culbert/CBC]
(Image: Bill Ward, CC-BY)
In 2014, Quentin Tarantino sued Gawker for publishing a link to a leaked pre-release screener of his movie "The Hateful Eight." The ensuing court-case revealed that the screeners Tarantino's company had released had some forensic "traitor tracing" features to enable them to track down the identities of people who leaked copies.
Ransomware has been around since the late 1980s, but it got a massive shot in the arm when leaked NSA cyberweapons were merged with existing strains of ransomware, with new payment mechanisms that used cryptocurrencies, leading to multiple ransomware epidemics that locked up businesses, hospitals, schools, and more (and then there are the state-level cyberattacks […]
This week, we learned that the notorious Israeli cyber-arms-dealer NSO Group had figured out how hijack your Iphone or Android phone by placing a simple Whatsapp call, an attack that would work even if you don't answer the call.
Heads up: The clock is winding down on a free-entry contest to win not only one of the best smartphones on the market but a handy pair of earbuds. A simple sign-up is all you need to be eligible to win a 256 GB iPhone XS Max, along with AirPods. And while “free” is tough […]
Kudos to those of us who have chosen a less wasteful third option to “paper or plastic” at the supermarket or club stores. Tote bags are reusable, but they can be a pain to tote around. Here’s an upgrade to that planet-saving measure. The Club Cart Lotus Trolley Bag is that rare tote you’ll want […]
Looking for a career in IT, gaming or software development? In the ever-changing world of the internet, versatility is your biggest asset. In other words, mastering Java might not cut it in an interview if you don’t know C#. However, there’s a bundle that covers the essentials in most any language. The Legendary Learn to […]