“The event attracted no notice and only a few electrons on a disk drive registered the event at all. A junior DBA clicked on an email from a favorite technical site with a survey link. He clicked it, and the site looked wrong. Realizing it might be a trick he killed the connection. It was too late. Another IT admin noticed a multi-gig download from a remote DBA login during the next weekend but chalked it up to the junior working overtime.
Quietly, 3 gigs of data went from the hospital to a smirking technician in an unnamed Asian republic. The Stormcloud started as a line on a report that was seen and ignored.”
Doctors, patients, administrators, and IT staff continued on with their day without knowing that anything was amiss. This was not unusual because the average time to detect a breach is 69 days.
Although the hospital was relatively small, the hackers were able to extract over 100,000 records of confidential identity and medical data.
Comments