Sunday 10 May 2009

Are NSW Health electronic patient records vulnerable to criminal hackers?


This was posted on Wikileaks on 3 May 2009:

On Thursday, April 30, the secure site for the Virginia Prescription Monitoring Program (PMP) was replaced with a $US10M ransom demand:
"I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."
The site,
https://www.pmp.dhp.virginia.gov/pmpwebcenter/login.aspx appears to have been entirely disabled and is presently unavailable.

On 8 May The Wall Street Journal confirmed this ransom demand but details of patient data vulnerability are unclear.

Reports which leave an uncomfortable feeling behind when I recall that the data centre and software which run NSW Health electronic patient records have experienced extensive systems failure recently.

No comments: