Monday, August 15, 2016

Politicians get a very bitter taste of the very same medicine they've forced onto clinicians and the public

This is a case of education - I hope - by fire on electronic information security, and why "going electronic" can be a risky business.  This is a lesson deeply needed by our government leadership who have been pushing an unfettered national rollout of electronic medical records systems, despite known and exploited security concerns of EHRs, among other concerns discussed at this blog.

I've written dozens of posts, just based on casual searches of news, illustrating breaches of healthcare information technology security and privacy of information, as have others focusing primarily on these issues such as Patient Privacy Rights DOT org (https://patientprivacyrights.org/).  

Examples of my own occasional posts in this domain are at query links such as:
http://hcrenewal.blogspot.com/search/label/medical%20record%20confidentiality

http://hcrenewal.blogspot.com/search/label/medical%20record%20privacy

http://hcrenewal.blogspot.com/search/label/computer%20security

Our wise political leaders, however, have been pushing this technology, despite its numerous drawbacks  - full steam ahead - on clinicians and patients, now under the gun of Medicare payment cuts for "refuseniks."

Now, the political leadership has just gotten a bitter taste of the dish they've been serving up:

Hacker releases cell phone numbers, personal emails of House Democrats
By Daniella Diaz, CNN
Updated 4:04 PM ET, Sat August 13, 2016
http://www.cnn.com/2016/08/12/politics/guccifer-2-0-hacker-dnc-dccc/

The hacker who goes by "Guccifer 2.0" is claiming credit for the release of personal cell phone numbers and private email addresses of Democratic House members.

The data -- posted to their WordPress blog on Friday night -- also contains the contact information for staff members and campaign aides.

In the trove of information released on Friday "Guccifer 2.0" also uploaded files to the blog post that contains login information to subscription services used by the Democratic Congressional Campaign Committee, including Lexis-Nexis and Washington newspapers ... In addition to lawmakers' personal information, the hacker uploaded documents analyzing candidates for Florida's 18th congressional district, and a fundraiser memo to House Minority Leader Nancy Pelosi about Morgan Carroll's congressional campaign in Colorado.

In a statement, DCCC Press Secretary Meredith Kelly said: "As previously noted, the DCCC has been the target of a cybersecurity incident, and we are cooperating with federal law enforcement in their ongoing investigation. We are aware of reports that documents claimed to be from our network have been released and are investigating their authenticity."

Rep. Adam Schiff of California, the ranking Democratic on the House Intelligence committee, suggested a law enforcement probe is necessary. 

Perhaps a probe of the competence of those responsible for electronic security hired by our wise government officials should come first.

"The unauthorized disclosure of people's personally identifiable information is never acceptable, and we can fully expect the authorities will be investigating the posting of this information," Schiff said.

But it's just fine to keep rolling out insecure electronic records systems.

... The hacker wrote in the blog post, "It's time for new revelations now. All of you may have heard about the DCCC hack. As you see I wasn't wasting my time! It was even easier than in the case of the DNC breach."

Remarkable incompetence on the part of the politicians.

... The hack of the DNC was originally discovered as being two separate breaches, both by hacking groups identified by cybersecurity experts as working for the Russian military and intelligence complex. One hack was said to have lasted a year and targeted internal communications, the other was for a few months and targeted opposition research on Donald Trump.
 
Federal investigators had tried to warn the DNC months before, sources told CNN, but by the time the suspected Russian hackers were kicked out of the systems damage had been done: Nearly 20,000 emails between a handful of DNC officials were dumped on the web by WikiLeaks as the Democratic National Convention was kicking off. The emails showing opposition to Vermont Sen. Bernie Sanders during the primary led to the resignation of DNC Chairwoman Debbie Wasserman Schultz on the eve of the convention and departure of more party officials later.

The politicians of both parties behind the EHR mandate, in effect at least since the HITECH Act of 2009, should have heeded those questioning EHR security before mandating a national rollout.  My only comment is that I hope the politicians unabashedly pushing EHR's on the public may have learned a valuable, needed, and well-deserved lesson about electronic information security from these events.  

However I am not optimistic about that.

-- SS

No comments: