Data Breach Reported At St. Francis

A local medical provider in the Tulsa Area is dealing with the aftermath of a data breach. St. Francis Health System in Oklahoma is reporting that their systems have been hacked and patient data was stolen.

Databreaches.net (a clearing house that reports information on data breaches) reports that

“after working with forensics investigators, they discovered the information taken from the server appears to be a list of about 6,000 names and addresses. … Social Security numbers, driver’s license and financial information are not included on the list.

The hospital disabled the server and discussed the situation with law enforcement and decided not to act on the demand for payment.”

Early reports indicated that it was an attack by a hacker known as “The Dark Overlord” who demanded 24 bitcoins (about $14,000) or they would release the information.  Later reports suggest it was a copycat.

Even though the details of the investigation or incident haven’t been released St. Francis has indicated there was a data breach and a ransom that they aren’t paying.  I commend St. Francis for not paying the ransom. If they are willing to exploit or blackmail you once, they will exploit or blackmail you again.

St. Francis is investigating and offering to pay for credit monitoring for any of the victims of the data breach. At this point it doesn’t look like any personal health information was released, just personal information that could be used to steal someone’s identity.

Data Breach – The New Robbery

When Willie Sutton was asked, “Why do you rob banks?” he simply responded “That’s where the money is.”

Now the money is in people’s identities. If you were a robber would you rather the money in someone’s wallet or in the value in their bank account/credit worthiness?  Technology has made this possible.

Large companies such as hospitals employ IT admins and computer security professionals that work tirelessly to prevent attacks.  The bad guys are ALWAYS looking for vulnerabilities. It’s not that these organizations allow data breaches to happen. Sometimes its just a matter of the software and systems they are using (i.e. Microsoft Windows, Oracle, etc) being vulnerable. Vendors patch as fast as they can but it leaves a window of opportunity for attackers.

Preventing Your Information from Being Stolen

So what can you do to protect your information from a data breach? In short, nothing. You have to give your personal information to entities like hospitals and retailers to get services. That makes them a target and eventually, they are going to lose at least once to the bad guys

Your best bet – get credit monitoring. There are a number of services out there.

Fox News Story Link

by Mark Davis, Ph.D.