back to article Nearly 1M medical records feared stolen from City of Hope cancer centers

Nearly one million individuals' personal details, financial account information, and medical records may well have been stolen from City of Hope systems in the United States. Despite the name, City of Hope is a healthcare organization that operates cancer hospitals and outpatient centers in Duarte, California, as well as the …

  1. elsergiovolador Silver badge

    Way

    It's not how you do it.

    You create a company that specialises in processing data, especially medical records.

    Build some reputation over the years.

    Start lobbying politicians and people responsible for tenders.

    Get a contract from department of health or something for processing medical records.

    Make sure your lawyers sneak in terms that will allow you to choose subcontractors to process data virtually unrestricted.

    Now you got the medical records, they pay you for having them and nobody calls you a thief.

    Then instead of advertising on darknet, advertise that you look for subcontractors on the pedestrian web.

    Hire them to do processing they want to do while they pay you to your completely unconnected offshore vehicle.

    1. Anonymous Coward
      Anonymous Coward

      Re: Way

      Don't try it, Equifax will come after you for patent violations.

  2. Pascal Monett Silver badge

    "Is there no cure"

    Yes, there is.

    Cut the lines to Russia and China, which will also cut off North Korea.

    Problem solved.

    Of course, I'm not expecting that to happen any time soon.

    1. abend0c4 Silver badge

      Re: "Is there no cure"

      The cure is strict liability.

      A sign saying "bad guys keep out" only acknowledges your lack of adequate security, it does nothing to fix it. Of course end users can't fix the problem alone, the liability has to pass back through the supply chain.

    2. Anonymous Coward
      Anonymous Coward

      Re: "Is there no cure"

      The issue is that there's no discussions about how this was done. If the hacking acts are documented by the victims then we all have the chance to stop it locally, once the actual methods are seen. Locally I saw a lot of malware delivered via email to my company so I updated the mail server to quarantine every attachment. The mail server was doing AV scanning but missed detecting quite a few deliveries so I deleted them. I would often report an AV missing by sending the skipped attachment to the mail-server manufacturer, but they often rejected them as "infected" - that was accurate but their users mail-servers were not detecting them immediately.

      Sloppy AV updates result in a lot of much faster malware updates.

  3. Kev99 Silver badge

    "Is there no cure for this cyber-plague?" Yes there is. Quit putting confidential. proprietary, business critical data out on the bunch of holes held together with string / vapor just because it's free.

  4. ecofeco Silver badge
    FAIL

    I'm not surprised

    In general, U.S. corps are cheap, stubborn bastards about all things, to the point of penny wise/pound foolish absurdity.

    But hospitals and every level of government are even worse.

    This is not hyperbole. But it is just anecdotal direct personal experience. And I have the scars to prove it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like