Home | Login      
What a coincidence - The Virginia Health database has been compromised.
Yesterday I stated that the high-profile breaches have been the catalyst for a flury of regulation and the need for database auditing. Today we learned that the Virginia Health database has been compromised, and now hackers are seeking a $10M ransom for return of the records. "I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions," the hacker said in a ransom note. "Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password." The Virginia Prescription Monitoring Program website is used to help pharmacists track prescription drug abuse, and has the records of 8 million state residents available through the network. The network, along with other portals connected to the Virginia Department of Health Professions, is still unavailable at the moment. State health officials are now working with the FBI to try and identify and locate those responsible for bringing down the network. As the case is ongoing, the FBI hasn't issued a statement regarding the intrusion, though will be looking for sources both in the United States and across the world. Online data breaches unfortunately are becoming more common, though this is one of the first times a ransom note has been left in exchange for data records. Extortion-based hacking attempts continually concern security experts, as there appear to be more foreign-based hackers launching attacks against U.S. computer networks. Social Security numbers, personal medical information, and financial information are all popular targets for hackers, who can either sell the information to spammers and people involved with credit fraud, or hold the information for ransom. Could SoftTree's DB Audit Expert have mitigated the the Virginia Health database attack? Absolutely! DB Audit Expert delivers essential visibility into all database activity, enabling database administrators to identify both weaknesses and successes in the systems, as well as the processes and procedures used to secure the data. DB Audit Expert also provides a comprehensive solution for managing database logins, users, security settings and permissions. Once database access controls have been implemented, database auditing helps to verify that access controls are working properly. DB Audit Expert helps track who accessed data to provide an additional layer of data security. Perhaps most importantly, DB Audit Expert enables daily review of audit logs, and the ability to reconstruct a range of events tied to cardholder information. DB Audit Expert monitors and tracks all access and changes to data, including: Who the username of the person who made the change When the date and time of the change What the name of the table and column that was changed Type of change (insert, update or delete) What it was the data value before the change What it is the data value after the change The source of the data change (query tool, application, etc.) The machine name of the user or source that made the change

Share this blog topic
Add to Digg it   Add to Twitter   Add to StumbleUpon   Add to Del.Icio.us   Add to Facebook   Add to Technorati   Add to Reddit   Add to YahooMyWeb   Add to Google bookmarks


This blog article does not have any comments.

  This blog article is locked. New comments are not accepted.