Over 32,000 patients across 48 states were impacted by a security breach of their Protected Health Information (PHI) that Cogent Health had outsourced to M2ComSys. The PHI was sometimes even indexed by Google, exposing patients names, physician names, dates of birth, diagnosis description, treatment data, medical history and medical records numbers. According to the article below, the outsourcing company's site had its firewall down. The access to these notes through the site began May 5, 2013, and ended following Cogent Healthcare’s discovery of the lapse on June 24, 2013.
Once considered a secure alternative to traditional cupper lines the use of fiber has not stopped the GCHQ (the U.K. version of the NSA in the U.S.) to eavesdrop on communications that traveled across these major data pipelines. This is just another uncovering of a major privacy violation in the "free world" which has been pointing to other countries for their rather open practice of eavesdropping on Internet communication.
Only recently, over the last 3-4 years, the ties between physical and IT security have been understood and yet most organizations keep them separate, resulting in disconnects and potential attacks slipping through the cracks. Since more and more physical security systems use IT for communication they are becoming now targets for hackers. Latest victim being Honeywell’s Tridium Niagara Framework which is built around TCP/IP and meant to provide web-based management for building assets.
The FDA issued a safety recommendation to the medical community, advising about cyber security issues with medical devices. Medical devices are more and more becoming Internet/Network enabled, allowing for traditional cyber security threats to execute on those rather immature (from a security perspective) devices.
Links to third party Web sites on this Site are provided solely as a convenience to you. If you use these links, you will leave this Site. 1SSA has not reviewed all of these third party sites and does not control and is not responsible for any of these sites or their content. Thus, 1SSA does not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third party sites linked to this Site, you do this entirely at your own risk.
References/Quotes/Copyright It is hereby granted to Copy/Link/Quote material found on the 1SSA Blog, but only(!) when a reference to the 1SSA site or this blog is being made.