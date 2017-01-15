Hackers Corrupt Data For Cloud-Based Medical Marijuana System (bostonglobe.com) 26
Long-time Slashdot reader t0qer writes: I'm the IT director at a medical marijuana dispensary. Last week the point of sales system we were using was hacked... What scares me about this breach is, I have about 30,000 patients in my database alone. If this company has 1,000 more customers like me, even half of that is still 15 million people on a list of people that "Smoke pot"...
" No patient, consumer, or client data was ever extracted or viewed," the company's data directory has said. "The forensic analysis proves that. The data was encrypted -- so it couldn't have been viewed -- and it was never extracted, so nobody has it and could attempt decryption." They're saying it was a "targeted" attack meant to corrupt the data rather than retrieve it, and they're "reconstructing historical data" from backups, though their web site adds that their backup sites were also targeted.
"In response to this attack, all client sites have been migrated to a new, more secure environment," the company's CEO announced on YouTube Saturday, adding that "Keeping our client's data secure has always been our top priority." Last week one industry publication had reported that the outage "has sent 1,000 marijuana retailers in 23 states scrambling to handle everything from sales and inventory management to regulatory compliance issues."
" No patient, consumer, or client data was ever extracted or viewed," the company's data directory has said. "The forensic analysis proves that. The data was encrypted -- so it couldn't have been viewed -- and it was never extracted, so nobody has it and could attempt decryption." They're saying it was a "targeted" attack meant to corrupt the data rather than retrieve it, and they're "reconstructing historical data" from backups, though their web site adds that their backup sites were also targeted.
"In response to this attack, all client sites have been migrated to a new, more secure environment," the company's CEO announced on YouTube Saturday, adding that "Keeping our client's data secure has always been our top priority." Last week one industry publication had reported that the outage "has sent 1,000 marijuana retailers in 23 states scrambling to handle everything from sales and inventory management to regulatory compliance issues."
Re: (Score:2)
You can only perjure yourself in a court of law, under oath.
You can be charged with lying to a federal officer. Not perjury, but still a problem if it happens to you.
Shorter summary (Score:1)
Some idiot used Windows, didn't bother upgrading some old software because it was closed source and upgrades expensive and got what they deserved.
Top priority? Always? (Score:1)
The company's CEO announced on YouTube Saturday, adding that "Keeping our client's data secure has always been our top priority."
If your companies top priority is to keep data secure, they how/why did you get hacked. They always say that, but clearly that is not the Top Priority
Re: Top priority? Always? (Score:1)
Because not everybody is perfect, you smug asshole.
Re: (Score:2)
Not being smug at all. I've had my medical (hospital) information, insurance (2 different insurance companies), 3 credit card companies hacked over the period of the last 2 years and each time, they always say the same thing. Security is our top priority , but then you find out it really wasn't. They were doing unsecure processes which is how they got hacked, had been warned about their practices etc...
I have no choice if I use these services (other than to not get medical, insurance and use a credit ca
Re: (Score:3)
"I was gonna keep our clients' data secure . . . but then I got high . .
." -- Afroman, https://www.youtube.com/watch?... [youtube.com]
CEO is shown lying by his company's own actions (Score:2)
then
If the first was true, the second wasn't necessary.
Re: (Score:2)
Re: (Score:2)
HIPAA rules do not describe how to secure your data. It only tells you that you need to secure your data and the procedures to follow when you're not compliant. It doesn't prescribe a particular encryption or what needs to be encrypted.
Case in point, most hospitals do not use encryption when exchanging private health information (because systems from idiots like EPIC are simply incapable of it). HIPAA just says you have to document it and mitigate. In most cases, the mitigation is "our internal network is s
probably done by the competition (Score:2)
Re: (Score:2)
You, sir, win the Internet.
Dude.. (Score:2)