this post was submitted on 14 Nov 2023
212 points (98.2% liked)

Technology

59135 readers
2921 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
212
Nude “before and after” photos stolen from plastic surgeon, posted online, and sent to victims' family and friends (www.malwarebytes.com)
submitted 11 months ago by L4s@lemmy.world to c/technology@lemmy.world
12 comments fedilink hide all child comments
 

Nude “before and after” photos stolen from plastic surgeon, posted online, and sent to victims' family and friends::The FBI is investigating a data breach where cybercriminals were able to steal patients’ records from a Las Vegas plastic surgeon's office and then publish them online.

you are viewing a single comment's thread
view the rest of the comments
[–] HeyJoe@lemmy.world 68 points 11 months ago (2 children)

Found the info I was looking for in the article. The documents did not appear to be stored with any kind of encryption... so yeah this was terrible it happened, but it happened partially due to not spending enough on IT resources to guide them on proper practices for handling documents with confidential information and violated HIPAA. As someone who works in the field all patient information must be encrypted at rest or another form of encryption on the data must exist for it to fall within compliance. On top of this only the bare minimum amount of people should have access to this data and absolutely should have audit logs for anyone accessing the data normally through the 3rd party application used to store and lookup the information.

[–] Treczoks@lemmy.world 13 points 11 months ago* (last edited 11 months ago) (1 children)

Not that the audit logs would help anyone except listing "these files were copied by [user account used by hacker] on [date the office was hacked]".

The real issue is that most medical offices still rely on Windows, Active Directory, and Exchange, and most of them are far, far away from up-to-date, patched versions (which actually don't prevent hacks, but make them a bit more difficult).

[–] HeyJoe@lemmy.world 3 points 11 months ago

I was more referencing the application that they, hopefully, use to store their documents. I really hope they are not just stored in a directory, but I guess who knows... some of the applications I have used reference everything in audit logs from when it was uploaded, to who and when it is viewed, any changes, and more. Without the application the data is encrypted at rest so the files are useless without using the application to open them. We have others that are stored within an encrypted database or use blob storage thats encrypted. Anything, but never plain old windows for storage!

[–] alienzx@feddit.nl 11 points 11 months ago

I hope they get the full fines