Hacker May Have Accessed DHH Database

[Christine Fulgham <christine () opensecurityfoundation org>]

http://www.2theadvocate.com/news/105946193.html


Some 56,000 emergency medical technicians were advised this week that a
hacker may have gained access to personal information about them contained
in a state licensing database.

The state Department of Health and Hospitals sent letters to the emergency
medical technicians, notifying them of the incident that occurred Sept. 17.

“The Federal Trade Commission recommends that consumers whose personal
information may have been compromised take steps to detect or prevent its
misuse,” the letter advised.

It also directed readers to the Federal Trade Commission website for
guidance.

Department of Health and Hospitals spokeswoman Lisa Faust said Bureau of
Emergency Medical Services personnel discovered the database breach. The
unauthorized entry gave the hacker access to an individual’s name and
personal information, including Social Security numbers.

“What we don’t know is whether the hacker was able to access any
information,” Faust said.

A computer screen displayed the message “You have been hacked,” Faust said.
“Since we don’t know one way or the other we sent notices out to 56,000
people that there’s a potential that the information was compromised.”
“Although we have no indication that information was actually released, we
know that it was accessed,” Tony Keck, DHH’s deputy secretary, said
Wednesday.

Both the East Baton Rouge Parish Sheriff’s Office and the Louisiana Attorney
General’s Office are investigating, Keck said.

The people in the database are individuals applying for classes or
certifying as first responders or EMTs in the state of Louisiana. Anyone who
has applied for a refresher class, state reciprocity or to take an EMT class
is listed on the site. The list includes high school seniors who are in
EMS-related programs through the education department.

The letter to EMTs and first responders said because instructors and other
authorized people throughout the state use the database, the portal is
Internet accessible.

The letter to EMTs said the agency has taken steps to prevent a computer
breach in the future, including strengthened password requirements and other
security measures to prevent unauthorized access.

Faust said the delay in notifying the EMTs came because the agency had to
find the money to cover the cost of printing the letters and stamps. “It was
an unusual circumstance,” she sa

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/