|
 Today a funny thing happened on the way to the corner deli. As I came to the store I could see the local newspaper's headlines as I approached... "Madrona patients may face ID theft". As Madrona Medical Group is a local health-care provider in this reporters local area I decided to dig further.
Paying my $0.50 for the newspaper, I immediately scramble to read about this local breach. Let's see.. blahblah "breach" foobla "6000 paitents" etcetc "addresses, Social Security numbers, dates of birth" and the usual you hear seemingly everyday as of late. First glance at the article this appeared to be a simple case of an employee having data on his laptop stolen or... but nooooo...
We have a genuine insider hack here folks!
According to the newspaper article, Mr Timothy Kiel was not your typical employee that simply quit his job and still had some data or whatever left on his laptop either!
The story goes something like this... Mr Keil, it seems, downloaded many differing materials from his employer's network, including software, license keys for said software, and patient data on Dec 17, 2005... Timothy quit his job Dec 20th, for reasons unbeknownst to his employers to this day. Then as records indicate, he thought he was pretty smart and figured he would still try to do dirty deeds after he had resigned. He then accessed remote systems more than 50 times in a 3 week period ending sometime around Jan 15, 2006. He deleted items from at least one server including email, backups, HR department materials and logs to cover his tracks [ obviously failing horrible with the later ]. According to the information provided, he was arrested June 8, 2006, a full 4 months after his pillaging began, and a trial date has been set for Sept 19th.
In researching the details of this story further, Zone-h contacted the medical company and left messages to help fill in the blanks, Mark Johnson of Madrona Medical Group was kind enough to return our call and help sort out the story.
We wanted to ask some key questions including:
1. What is the patient data loss probability?
Apparently Mr Kiel either never intended nor did he utilize the patient data and the 6000 or so records appear to be ancillary files stemming from the main attack(s), according to forensics data.
2. What was the position held by Mr Kiel?
A manager in the company IT department with intimate knowledge of the internal network structure. In a statement to patients, Madrona had the following to say:
"We would like to emphasize that this employee had high security clearance while employed at Madrona Medical Group, due to the nature of the position within our organization. This level of access is rare and limited to very few members of the staff here at Madrona Medical Group."
3. Were background checks and clearances run when Mr Kiel was hired?
Full standard background and security checks as required by a person with a sensitive position within the company.
4. Was there any warning signs of a possible "bad seed" at the company?
None that anyone noticed and he was considered a good employee and had great performance reviews.
5. What was the motive behind the attack?
Evidentially there was some issues with either the HR department or one of it staff members. While the exact specifics are not totally clear, Mr Johnson stated:
"this individual wanted to capture HR records from a fellow HR employee (for what exactly, who knows) and inadvertently captured certain patient records in the process. The HR info contained various types of data about a variety of subjects. It doesn't appear, from on own data analysis or from the police data report, that this person did anything with the data other then view it for their own information".
Zone-h would like to stress the facts about insider employee threats.
We can see from this story the importance of the possible threat from insiders [ employees ] are as serious, if not more, than the threat of so called hackers. Zone-h wrote about this in another article not long ago, and offered much insight to this growing threat. Often times it is difficult to verify rouge insider activity in the workplace as most security implementations are postured on the perimeter of the network. Another hot topic is that of employee monitoring, of which Madrona believes in the employers right to monitor corporate assets. Fortunately in this case it appears the company had in place not only employee monitoring along it's network, but also multiple and redundant logging capabilities, even some apparently beyond even Mr Kiel's knowledge or reach. This is what ultimately was used in bringing Mr Kiel to answer for his alleged actions, and was confirmed in the follow up call with Mr. Johnson.
Accordingly, Zone-h is pleased to see that not only was Madrona Medical diligent in it's security posture, but notified it's clientele as soon as possible about a possible security issue.
Powered by a Zone-H(ified) version of AkoComment 3.0!
DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice. |
