Town Square

Post a New Topic

Hacker holds dental office database for ransom

Original post made on Jun 14, 2012

A Palo Alto dentist's database was hacked and an unknown individual held its contents for $3,000 ransom, police said.

Read the full story here Web Link posted Thursday, June 14, 2012, 2:46 PM

Comments (4)

 +   Like this comment
Posted by Backup-Your-Data-Frequently
a resident of Another Palo Alto neighborhood
on Jun 14, 2012 at 3:05 pm

> such attacks originate outside the United States.

So .. what was the domain name of the email address? "What is" is a service that lets people see who the owner of a given domain might be. This information includes the domain name owner, and the owner's contact information. Of course, if this is an anonymous email site, the owner's name could be fraudulent. People generally have to pay for registering an Internet domain, so there is probably some EFT data that might also link back to the domain's owner.

> The dentist's office contacted an IT service provider
> to try to recover and reconstruct the data.

It sounds like the Dentist might not have been backing up his data. This becomes a problem for his patients, since it's their data that has been compromised. People should become more aware of their doctor's handling of their personal data. The article says that no personal information was taken. This might be hard to know, depending on the kind of server being used by the Dentist. We are long past time that the government needs to start demanding that all personal information be encrypted and that all Internet access be logged.

It could never hurt to demand that doctors provide your medical records on disc, or flash-drive. Most doctors probably would not be happy about complying with such requests, but if they can't protect your data—then you should be keeping a duplicate copy.

 +   Like this comment
Posted by Anon.
a resident of Crescent Park
on Jun 14, 2012 at 10:21 pm

In the same way that some police go crazy when they get a little power, people seem to not think about the tech people in charge of their data, and the systems they depend on.

As an IT person myself it is hard for me to underestimate the moral integrity of many of the people I see in this industry. I know of very smart experts in computer systems that routinely leave holes, bombs and backdoors in companies they work for, not to mention designing systems that fail and demand expensive maintainence on a regular basis, and the people who hire them seem to have no idea.

This century will be a lot about average people getting up to speed on the systems and languages that we all use. When I think about the TCP/IP protocols being so full of holes and the internet being so easily hacked and manipulated and so hard to find technically and then politically to prosecute I wonder why it is that we do not have a new system that is safer and more private.

I don't think peolpe want a better system because the one we have generates so much money - in security and maintenance, and that seems more important that actually getting anything done in a safe and professional manner.

 +   Like this comment
Posted by Outside Observer
a resident of another community
on Jun 14, 2012 at 11:18 pm

Anon has a good take on this, but let me take it one step further.

Much of the problem is in the monopoly of Mircosoft and the defective consumer products they produce.

The "anti-virus" software industry is a money maker indeed, but it is an illegitimate industry that attempt to protect people from the inherent flaws in Microsoft products. Were this any other industry, the government would break the monopoly, and jail the owners. If you doubt that, just consider what would happen if your car were as safe and reliable as Microsoft products.

If history judges anything about our current computer technology, it will judge that the Microsoft monopoly made the most defective consumer products ever.

 +   Like this comment
Posted by Vikas Bhatia
a resident of another community
on Sep 14, 2012 at 1:34 pm

Information or cyber security starts with an acknowledgement by the business acknowledging that they have sensitive data and then going about a set of processes that go beyond the remit of "IT".

Often non-technical people rely on "IT" to be responsible for their adherence to regulation and industry best practices. This is similar to obtaining car insurance from a mechanic.

With interconnected networks, mobile devices and the "it wont happen to me" mentality these types of attacks are becoming more common, particularly given the lack of controls. A firewall will NOT fix the problem, or stop the regulators from distributing fines in the event of a breach.

A documented security policy, education and technical controls can be used to reduce, not eliminate, cyber risks.

Don't miss out on the discussion!
Sign up to be notified of new comments on this topic.


Post a comment

Posting an item on Town Square is simple and requires no registration. Just complete this form and hit "submit" and your topic will appear online. Please be respectful and truthful in your postings so Town Square will continue to be a thoughtful gathering place for sharing community information and opinion. All postings are subject to our TERMS OF USE, and may be deleted if deemed inappropriate by our staff.

We prefer that you use your real name, but you may use any "member" name you wish.

Name: *

Select your neighborhood or school community: * Not sure?

Comment: *

Verification code: *
Enter the verification code exactly as shown, using capital and lowercase letters, in the multi-colored box.

*Required Fields

Draeger’s Los Altos eyes upgrades, expansion
By Elena Kadvany | 4 comments | 3,431 views

Is Coffee a Date?
By Laura Stec | 19 comments | 1,535 views

"the Summit" (CompPlan): Forewarned is Forearmed
By Douglas Moran | 22 comments | 950 views

Gratitude, Repairing and Avoiding Affairs
By Chandrama Anderson | 0 comments | 700 views

A quiet moment
By Sally Torbey | 8 comments | 690 views