Last modified: Thursday, May 7, 2009
Virginia incident illustrates need for better data protection
FOR IMMEDIATE RELEASE
May 7, 2009
BLOOMINGTON, Ind. -- A recent threat by hackers to disclose personal information on millions of Virginia residents if a $10 million ransom demand is not met is only the most recent in an escalating series of attacks on sensitive data and critical computer networks.
According to Fred H. Cate, director of the Center for Applied Cybersecurity Research and distinguished professor at the Indiana University Maurer School of Law, it is also the latest evidence of how ill-prepared much of the country is for potentially devastating cyber-attacks.
"These threats are not new," Cate said. "For example, we have seen threats by individuals in Southeast Asia processing medical records outsourced from the United States to publish those records if the processors' salaries were not paid."
Hackers claim to have acquired medical records and prescription information for millions of Virginians in what could be one of the biggest breaches of personal data in the United States. The group is demanding a $10 million ransom to keep from releasing the information, which it claims was hacked from a state agency database.
"Report after report has indicated how vulnerable data and networks in the United States are to attack," Cate said. "Until we take cyber threats seriously and create appropriate regulatory and other incentives for the government and industry to secure their systems better, we will increasingly be vulnerable to attacks by hackers, organized crime and terrorists, who don't even have to enter the country to steal our most sensitive data and infiltrate our most critical computer systems."
The White House recently concluded a 60-day cybersecurity review ordered by President Barack Obama, but has not yet released its findings. Professor Cate submitted comments to that review.
Fred H. Cate is a Distinguished Professor and the C. Ben Dutton Professor of Law at the IU Maurer School of Law. IU is considered a leader in information assurance. The National Security Agency has designated the university as both a National Center of Academic Excellence in Information Assurance Education and a National Center of Academic Excellence in Information Assurance Research.