backtop

Print E-mail del.icio.us 22 comment(s) - last by SiliconAddict.. on Aug 19 at 11:03 PM
Company linked to hospital data leaks buried under fallout

Washington-based Verus Incorporated, an IT company providing solutions for hospitals, went out of business after being implicated in numerous data leaks regarding clients’ patient data. The leaks, which started in April with reports coming in as late as yesterday, tell of critical lapses in server security as Verus’ IT department accidentally left the firewall turned off to a critical server during maintenance actions.

Unprotected private data, which included names, addresses and social security numbers, soon became world-visible. At one point Google indexed the data. A woman searching for the details of a deceased friend discovered the indexed information on May 22.  Soon thereafter, the first story officially broke. The 1,000 records belonged to Kennewick General Hospital in Washington. The hospital implicated Verus, who processed the hospital’s online payments.

The next day, more news broke reporting an additional 9,000 records leaked from Concord Hospital in New Hampshire. According to the report, the patient data had been freely available on the internet “for a period of time.”

Leaks continued to surface, with each reporting similar findings throughout the summer. In total, the amount of data leaked came close to 100,000 records, with the latest contributions coming in yesterday with another 31,000 records from Sky Lakes Medical Center in Oregon, according to Darkreading.

Verus’ web site is currently not responding, with all requests timing out. Calls made to Verus’ offices instead go to MedSeek, who seems to have taken over Verus’ support obligations. According to David Levin, who is the Vice President of Marketing at MedSeek, Verus’ closure may have been brewing for a while, despite the sudden shutdown that yielded no formal announcements.

“We're not sure if the breaches were the only reason why they closed down -- there might have been other issues as well,” said Levin. “But we know we got the call to support the [Verus] customers very soon after the breach was supposed to have happened."

According to Darkreading, Verus’ investors pulled the plug “eight to 10 weeks ago” and the company quickly disbanded.

“All of the breaches were the result of an IT error, as opposed to any problems with the software,” said Levin. “They made a huge mistake, and it literally shut the company down. It's really a cautionary tale.”

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Other related stories
By PLaYaHaTeD on 8/16/2007 7:21:33 PM , Rating: 5
In other news, an area IT professional was severely injured by an unrelated data leak. When explaining what had occurred, he was quoted as saying, "Before I even knew there was a leak, I was under a stream of attacks. I didn't expect it to byte me so hard. In fact I was bit so many times, I didn't think I would survive."

When asked if he would return to the IT industry after his recovery, the man said "Yes, but I just want this incident out of my memory. It's diskgusting that this even happened, but going through something this hard will drive me to be more cautious."




RE: Other related stories
By Tmansport on 8/16/2007 7:35:55 PM , Rating: 1
A bit bored were we?


RE: Other related stories
By IceTron on 8/16/07, Rating: -1
RE: Other related stories
By TomZ on 8/16/2007 7:46:27 PM , Rating: 3
Higher risk should pay more, doesn't it?


RE: Other related stories
By scavio on 8/17/2007 8:28:42 AM , Rating: 3
Should... but doesn't. I don't miss those days (selling our wares to doctors offices and hospitals). It's all about the bottom line and most places try to do as little as they can as cheap as they can to keep in line with HIPAA.


RE: Other related stories
By Hoser McMoose on 8/17/2007 11:30:32 AM , Rating: 3
I agree. A significant part of the blame here needs to rest firmly on the shoulders of the people making the decisions at these hospitals. They went for their cheapest bidder and they got exactly what they paid for... at their patients expense.


RE: Other related stories
By Christopher1 on 8/18/2007 2:58:28 PM , Rating: 3
That is the problem with most businesses today - they are always trying to 'save money' and it turns out that in the long run it WASTES them more money because they have to do things two or three times instead of doing it right or near right the first time.

It's time for the federal government to mandate that any business that has one of these personal information leaks is closed down forever. I know that is harsh, and some people will say unduly harsh...... but it's gotten to the point that is the only way that big business is going to listen.


RE: Other related stories
By SiliconAddict on 8/19/2007 11:03:31 PM , Rating: 1
And this is different from any other company how? Seriously 90% of the companies out there treat IT as something that isn't their company's business so lets pawn it off on someone else and while we are at it lets do it as cheaply as possible.
*shrugs* Same shit...different date\company.


RE: Other related stories
By arazok on 8/16/2007 7:54:24 PM , Rating: 2
You've been waiting an eternity for just the right article to write something like that, haven't you? lol


RE: Other related stories
By PLaYaHaTeD on 8/16/2007 8:28:09 PM , Rating: 2
I figured at least someone would get a laugh from it. Oh well, I thought it was pretty funny.


RE: Other related stories
By Xerio on 8/16/2007 8:52:21 PM , Rating: 2
Well, you got one from me. I needed a good laugh!


RE: Other related stories
By Hypernova on 8/16/2007 9:09:40 PM , Rating: 2
And it was indeed.


RE: Other related stories
By Xerio on 8/16/2007 8:15:07 PM , Rating: 2
That's exactly what I was thinking when I read the title.


RE: Other related stories
By SilthDraeth on 8/17/2007 9:15:20 AM , Rating: 2
I laughed.


Contractor death?
By Puddyglum1 on 8/16/2007 7:08:00 PM , Rating: 2
Glad to hear it was a company. Was confused and worried for a few seconds!




RE: Contractor death?
By Polynikes on 8/16/2007 8:08:16 PM , Rating: 2
The first image that came to mind for me reading that headline was of endless little zeros and ones leaking out of someone's network cable, filling the room and drowning them.

Imagine warning labels on every piece of computer hardware, like on cigarettes. I can see the new Truth commercials now: Data Kills.

My imagination is back in hyper mode again...


RE: Contractor death?
By Zirconium on 8/16/2007 8:10:48 PM , Rating: 3
The title of the message confused me too. But just to be on the safe side, I think I'm going to plug my ethernet cable in extra tight.... OH NO! I'M ON WIRELESS! AAAAHHHHHH!


RE: Contractor death?
By masher2 (blog) on 8/17/2007 8:41:49 AM , Rating: 3
Reminds me of scene where Dilbert tells his boss the "token" fell out of his token-ring network, and he spends a day looking under his desk for it...


RE: Contractor death?
By Polynikes on 8/17/2007 1:00:53 PM , Rating: 2
Oh no, they're popping out of thing air!


Good
By DigitalFreak on 8/16/2007 6:54:50 PM , Rating: 4
Sucks for any competent employees they had, but it doesn't sound like there were too many. It's good to see companies start going out of business because of careless data management practices. Maybe it will cause others to take a long, hard look and see where they could do better.




VERUS leak
By tioedong on 8/17/2007 7:58:21 PM , Rating: 2
Umm...this is a major HIPAA violation.
http://www.hipaa.org/

If I, as a doctor, leak personal information about a patient, I face jail time and a $250thousand dollar fine.

But these bozos release the hospital bills of 100 000 people, and not one federal official (let alone litigation lawyer) bothers to follow up the leak? Heh.




RE: VERUS leak
By AtaStrumf on 8/18/2007 4:31:04 AM , Rating: 2
Well I don't know what the situation is in the US, but as a pharmacist, I can tell you that in Ireland, you can get almost any information you want just by calling a doctors surgery, hospital, pharmacy. The law says that you shouldn't, but in practice it's just too easy. I'm quite sure other countries aren't much different.


"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard

DailyTech Poll
Which web browser do you use on your primary personal machine? 






44 Comments







botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki