Medical Server Hacked by Call of Duty Gamers

Friday, January 14, 2011



A network server at Seacoast Radiology was illegally accessed by hackers intent on using it to host "Call of Duty: Black Ops" gaming sessions.

The server provides storage for records for over 230,000 individuals including the medical information, social security numbers, names, and addresses of patients.

The unauthorized access to the server was discovered in early November, and authorities believe the hack may have originated in Scandinavia.

Seacoast Radiology has brought is specialists to investigate the details of the breach.

The duration of the unauthorized access has not been released, and there has been no indication that officials believe the medical data specifically had been compromised.

Seacoast Radiology has reported the event to the Department of Health and Human Services as is required by HIPAA/HITECH regulations, and also notified patients with a recommendation they monitor their credit reports for signs of identity theft.

The company also notified the New Hampshire attorney general's office.

The HITECH Breach Notification Interim Final Rule requires that "health care providers and other HIPAA covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500 individuals.  Breaches affecting fewer than 500 individuals will be reported to the HHS Secretary on an annual basis."

The HIPAA-HITECH Final Rule is to be published in March, and will finalize compliance requirements for healthcare provider Covered Entities (CE), Business Associates (BA) and BA subcontractors.


Possibly Related Articles:
HIPAA Privacy HITECH Healthcare Headlines Servers hackers HHS breach Call of Duty
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.