According to a story by Nancy Ferris of Government Health IT, the Department of Homeland Security believes Russian, Chinese and other off-shore hackers are trying to gain illegal access to health care records of American citizens.
Early last year, a virus made its way to a web site run by the Centers for Disease Control and Prevention in Atlanta. In April, a Military Health System server holding Tricare records was hacked. Mark Walker, of DHS’ Critical Infrastructure Protection Division, revealed the breaches during a recent security workshop at the National Institute of Standards and Technology but added that the department does not know why it is happening.
“The hackers’ primary motive seems to be espionage,” Walker said. “We don’t know why they are attempting to exfiltrate health care data but we want to know why.” He offered a theory that medical information of a nation’s leaders might be of interest to potential enemies. “They have been focused on military data but now are spreading out into the health care private sector.”
Urging the NIST audience to spread the word that healthcare providers should be vigilant and report data breaches to the authorities, Walker said DHS is increasing its analysis staff to monitor such threats and will be issuing more alerts about cyber threats to health care data.
“Today, only the Veterans Affairs Department consistently reports health data breaches,” he added. “As a result, our understanding of the cyber threat to health and human services is vague at this point.” One thing DHS does know, he concluded, is that poor security practices among those who use health information systems and disgruntled employees are as much of a threat as foreign cyber intruders.
Not the first time
There are echoes here of a similar incident that led the government to accuse one of its multi-million dollar contractors of sloppy security practices just last September.
A Congressional probe found that the Department of Homeland Security (DHS) and Transportation Security Agency (TSA) systems run by government contractor Unisys were hit by 844 cyber-security incidents between 2005 and 2006. Lawmakers at that time accused Unisys of incompetence and possible illegal activity related to its handling of Department of Homeland Security network security and hacks originating in China.
Unisys, based in Blue Bell, Pa., won a $1.7 billion contract with the DHS in 2002 to build, manage and protect networks at TSA and DHS headquarters. Since then, according to a report by the House Committee on Homeland Security, the systems have been hit by 844 cyber-security incidents in the 2005 to 2006 time period.
“Dozens of DHS computers were compromised by hackers. These incidents were not noticed until months after the initial attacks,” Rep. Bennie Thompson (D-Miss.), chairman of the Committee on Homeland Security, wrote in a Sept. 21 letter to DHS Inspector General Richard L. Skinner. Thompson asked Skinner to initiate an immediate inquiry into the issue and, if necessary, refer the matter for criminal investigation.
Thompson wrote, “Hackers exfiltrated information out of DHS systems to a Web hosting service that connects to Chinese web sites.” Thompson’s committee became involved in the security of government networks after a series of 2006 hacking incidents that targeted the systems of the Departments of State and Commerce. Thompson said the attacks were “most likely” from China.
Thompson said the hackers used a rootkit program that allows hackers to mask their presence while gaining privileged access to the system. “Although IT specialists discovered the incident in October 2006, they could not determine the date of the initial hack or the amount of information that was exfiltrated out of Commerce systems,” he wrote.
“Although DHS contracted for network intrusion detection systems … these systems were not fully deployed at the time of the initial incidents,” Thompson wrote. “If network security engineers were running these systems, the initial intrusions [might] have been detected and prevented.”
Thompson further claims contractors provided “inaccurate and misleading” information to DHS officials about the source of the attacks and “attempted to hide security gaps in their capabilities.” Unisys said in its statement, “We believe that a proper investigation of this matter will conclude that Unisys acted in good faith to meet the customers security requirements.
Recent Comments