On Thu, Nov 13, 2014 at 11:47 PM, Tracy Reed <tr...@ultraviolet.org> wrote: > On Thu, Nov 13, 2014 at 01:56:04PM PST, Bill Bogstad spake thusly: >> I'm not so sure. If the data was encrypted in place (never left his >> systems) then >> it was never disclosed to inappropriate parties and my reading of that >> link is that this would not be considered a breach. Not that this >> would make me happy as a patient... > > There are several issues here: > > 1. They likely have no assurance (in the form of some sort of network > monitoring, bandwidth graph, netflow/sflow, IDS, DLP, or whatever) that the > data never left his systems other than "that's how cryptolocker usually > works". > Whether the bad guys accessed your data in-place (and clearly they did access > it because they encrypted it) or whether they copied it out en-mass is a > significant technical difference but a breach nonetheless. Section 13402 of > the > HITECH Act (a sort of amendment to the HIPAA rules established years ago) > requires a Covered Entity (CE, such as a dentist) to provide notification to > affected individuals and to the Secretary of HHS following a discovery of a > breach of unsecured Protected Health Information.
The original poster didn't state how the ransomware got onto the system. If it came in via a network connection then I agree that there is a strong possibility that data was exfiltrated which would clearly be a breach. If it came in via physical media there might not even be a way for data to leave his system. This might be an unlikely scenario in the modern age, but it is possible. Under this scenario, it isn't obvious to me that this is technically a breach any more then a bad software update which causes a disk to get wiped would be. Pointers to documents that make this clearer would be welcome. Bill Bogstad _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
