Virginia Incident Illustrates Need for Better Data Protection
A recent threat by hackers to disclose personal information on millions of Virginia residents if a $10 million ransom demand is not met is only the most recent in an escalating series of attacks on sensitive data and critical computer networks.
According to Fred H. Cate, director of the Center for Applied Cybersecurity Research and distinguished professor at the Indiana University Maurer School of Law, it is also the latest evidence of how ill-prepared much of the country is for potentially devastating cyberattacks.
"These threats are not new," Cate said. "For example, we have seen threats by individuals in Southeast Asia processing medical records outsourced from the United States to publish those records if the processors' salaries were not paid."
Hackers claim to have acquired medical records and prescription information for millions of Virginians in what could be one of the biggest breaches of personal data in the United States. The group is demanding a $10 million ransom to keep from releasing the information, which it claims was hacked from a state agency database.
"Report after report has indicated how vulnerable data and networks in the United States are to attack," Cate said. "Until we take cyberthreats seriously and create appropriate regulatory and other incentives for the government and industry to secure their systems better, we will increasingly be vulnerable to attacks by hackers, organized crime and terrorists, who don't even have to enter the country to steal our most sensitive data and infiltrate our most critical computer systems."
The White House recently concluded a 60-day cybersecurity review ordered by President Barack Obama, but has not yet released its findings. Cate submitted comments to that review.