You. Quest and LabCorp. Explain these medical database super-hacks, say US senators as 425,000 more people hit As healthcare companies come forward to confirm hackers would have been able to access millions of patients' personal information from a compromised American Medical Collections Agency (AMCA) database, US senators are demanding answers. Quest Diagnostics was yesterday on the receiving end of an open letter (PDF) issued by …
This post has been deleted by its author
I feel like a fool, a comfortable position to be in.
I can't seem to delete a duplicate posting without bolluxing even more of this site.
One would think that after 20-30 years of playing around with forums and other boardy things that we'd have come up with a fool-proof way to deal with fools like me.
Or is everything still home-invented and quaint?
etc., etc.
They won't even have any idea of what was stolen. They'll pretend that their audit logs didn't show any leaks.
If they had real auditing in place the leaks would have been detected during normal log auditing cycles (hourly, daily).
Obviously security is not as important as the bottom line and the C-suite salaries.
Won't improve until these C-suite types get jailed and massively fined - personally.
"Won't improve until these C-suite types get jailed and massively fined - personally."
Nail, meet hammer.
The big paycheck should be balanced with oversized responsibility. Yes, you could be compensated in the millions per year as a Cxx, but you could wind up spending a decade locked up for being a cheap screw. Wouldn't it be worth it to sacrifice one million of that salary for 8 good, fully supported IT experts to prevent being uncomfortably confined?
I heard about this fiasco indirectly. What I understood was AMCA screwed the pooch and Quest was caught as someone in the middle. This highlights a problem of outsourcing some of your operations. You are now at the mercy of a potentially unreliable third party. This should be a wake up call, if you want to protect customer/client information you should be very wary of releasing it to third parties. If that means bringing some activities back inhouse and onshore, then do it.
I'm sure that as Quest, Labcorp & Opko all have 'We take your privacy seriously' notices plastered about the place they'll have undertaken a detailed security audit of the AMCA operation before trusting them with any data. The 'It wasn't us' line doesn't absolve them and I assume AMCA does business with many other companies so why have only these three put their hands up to a breach.
FBI investigators looking into the audit & security process of all parties would I'm sure bring about some very quick improvements.
We really need a Déjà vu icon.
It's a sticking plaster of epic proportions (over a gaping wound). While somebody might not be able to open new credit in your name, it's more information about you in a black database that can be used in other ways to separate you from your money. People get money stolen from man in the middle email spoofing on real estate transactions and that's not covered by anyone. The more information the baddies have, the easier it is to convince a third party that they are you or they are somebody you are dealing with on a transaction such as buying a home or business.
Credit monitoring doesn't always work either. Some of those "angels" are to blame for leaks.
Even worse, LabCorp is one of those places where employers who require piss tests ("pre employment drug screening") require people to go there to get it done. So a bunch of these people who have their info leaked probably didn't even go there by real choice or for legitimate medical workers.
Only the financial details should have been compromised. (and that's bad enough) AMCA don't need access to any medical details to chase payments.
Anything beyond 'You owe $amount$ for medical services provided by $provider$ at $location$ on $date$' is completely out of scope.
Neither the execs nor the major stockholders nor the politicians really care. They look at bottom line numbers. Execs' bottom line is their bonus and options, the stock holders for revenue numbers, and the politicians for the PAC donations.
They give lip-service to security. Even Intel's now Ex-CEO (Brian K) doesn't go to prison. Equifax? The less said the better.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
