Thanks, all, for the comments and advice. I have given your recommendations and comments to my friend.
I was particularly struck by Mr. Guarino's story about receiving support from Cryptowall's operators after he paid the ransom. That's a great story, even if it portends badness for our time. Just to add a couple data points that I became aware of after I posted... * This is Cryptowall, so no easy key recovery like has been reported with CryptoDefense or others. * The malware arrived through a fake fax attachment in Outlook that a receptionist opened. * He did have backups, as many have asked about, but they must have been through a connected drive because they were encrypted as well. His IT was outsourced to a local firm. In talking with someone at a local cloud company yesterday, I learned that a number of large organizations in our town, including banks, have been hit with Cryptowall in the past few weeks. On the news this morning was a report of a sheriff's office in TN paying the $500 ransom after working with FBI. Crazy stuff. Thanks again. On Thu, Nov 13, 2014 at 6:32 PM, David Lang <da...@lang.hm> wrote: > You also don't know if the records were tampered with. The fact that they > were able to encrypt them shows that they had the capability to tamper with > them. > > It's not a likely attack (too much money to be made with the simple > approach), but it's possible. > > David Lang > > > On Thu, 13 Nov 2014, Morgan Blackthorne wrote: > > My thought would be that if something got into the setup enough to encrypt >> the files, it could have also transmitted them. >> On Nov 13, 2014 1:56 PM, "Bill Bogstad" <bogs...@pobox.com> wrote: >> >> On Thu, Nov 13, 2014 at 7:42 PM, Tracy Reed <tr...@ultraviolet.org> >>> wrote: >>> >>>> On Thu, Nov 13, 2014 at 10:11:28AM PST, Morgan Blackthorne spake thusly: >>>> >>>>> I'd be wondering if HIPPA requires him to disclose the breach to his >>>>> clients since it is medical information. >>>>> >>>> >>>> Yes. >>>> >>>> >>>> http://www.hhs.gov/ocr/privacy/hipaa/administrative/ >>> breachnotificationrule/ >>> >>>> >>>> But if he didn't even have separate backups I doubt he will be overly >>>> >>> concerned >>> >>>> about this. For better or worse, odds are DHHS will never know about it >>>> >>> unless >>> >>>> one of his patients reports him so likely nothing will come of it. >>>> >>> >>> I'm not so sure. If the data was encrypted in place (never left his >>> systems) then >>> it was never disclosed to inappropriate parties and my reading of that >>> link is that this would not be considered a breach. Not that this >>> would make me happy as a patient... >>> >>> Bill Bogstad >>> >>> > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > >
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
