back to article In the US? Using Medicaid? There's a good chance DXC is about to boot your data into the AWS cloud

Wonderful news for some US Medicaid patients: king of the cost-cutters DXC is planning to shunt their data into Amazon's cloud. In a memo seen by The Register, software, services and severance outfit DXC said it has signed off on migrating systems that are used by millions of US state Medicaid recipients to AWS from its …

  1. Pascal Monett Silver badge

    The countdown to disaster has started

    Given the chaos that DXC appears to be, putting data into the cloud is practically a guarantee that there will be a ginormous cockup that will leave millions of private people's data for the world to see.

    That decision is going to cost a lot more than DXC is ready to budget for, I am sure.

    1. Doctor Syntax Silver badge

      Re: The countdown to disaster has started

      "That decision is going to cost a lot more than DXC is ready to budget for, I am sure."

      It should, but probably won't.

      1. Mike 16

        Re: Going to cost who?

        You can bet it won't be any of the folks making this decision, and it won't come from the smoking hulk they leave behind unless you can engage a top-notch Turnip Phlebotomist.

    2. Kevin McMurtrie Silver badge

      Re: The countdown to disaster has started

      Now Bezos can spend all of Amazon's money trying to invent warp drive and the government will have to pay for it to keep Medicaid online.

    3. Anonymous Coward
      Anonymous Coward

      Re: The countdown to disaster has started

      "That decision is going to cost a lot more than DXC is ready to budget for, I am sure."

      Nah,

      history has shown that victims of the upcoming data breach will just be given a free 12 month subscription to Equifax

      1. EatsRootsAndLeaves

        Re: The countdown to disaster has started

        Not even that. As it's Medicaid the victims whose data will be released are poor people. While they won't deserve it they won't have the wherewithal to complain and no one will likely champion their cause.

        1. G Olson

          Re: The countdown to disaster has started

          Incorrect, not just poor people. Almost every medical insurance policy in the USA requires all policy holders which are of Medicaid age to file all claims with Medicaid FIRST. Then the private insurance pays the leftover. Thus, except for the fabulously rich 1%, every other person in the USA over 65 years of age will have their data in DXC.

    4. Halfmad

      Re: The countdown to disaster has started

      Which is why we need legislation to hold executives personally liable for breaches that occur under their watch, particularly if they took any decisions which weakened protections around it or prevented protections being put in place.

  2. fredesmite
    Mushroom

    Remember - Cloud computing

    Is nothing more than putting your crap on someone else's computer that others are using , and expecting the owner to care more about it than you do..

    1. Martin M

      Re: Remember - Cloud computing

      Cloud or not, I think it’s fair to say that if you’ve given any part of your infrastructure to DXC, that boat has already sailed (with the exception of the multi-user bit).

      I’ve seen a lot of on-prem infrastructure in organisations large and small, and it’s been almost universally horrible. Inflexible, poorly designed, poorly maintained and offering only the most basic services. DXC have been near the epicentre of some of the worst of this, but it’s true for other suppliers and internally managed data centres too.

      On the other hand, using AWS provides access to probably the most sophisticated virtual data centre infrastructure in the world, built by some of the best engineers in the world, with a wide breadth of pre-canned services that can be accessed in minutes with a few lines of Terraform rather than a multi-week/month procurement/design cycle. And then run by a company that has a track record of generally delivering on its promises.

      So while it’s technically true that you’re running on someone else’s computer, in the sense that most of AWS is software, it’s kind of missing the point. Your “that others are using” comment is also mostly irrelevant nowadays; noisy neighbours haven’t been a problem for ages. If you’re worried about the sort of attacker profile that could pull off attacks through hypervisor escalation etc., fair enough, but you probably should be completely airgapping your entire desktop and server infrastructure from the Internet in that case. Rowhammer was fixed in AWS before it was even public, was your on-prem vSphere? It’s a somewhat niche requirement.

      Most organisations, IMHO, would be better off concentrating on fixing their “crap” that they’re deploying rather than trying to replicate AWS internally, badly, with a fraction of Amazon’s resources and starting from where Amazon was circa 7 years ago. Perhaps where you work is the exception...

      You do need platform engineers good enough to not leak keys via public GitHub repos, though. And a fair amount of up-front thinking/design on the foundational design. This is hard, but not as hard as the equivalent on-prem.

  3. nematoad Silver badge
    Happy

    " And yes, it really has a DC called Mid-Atlantic."

    Then they are all at sea.

    But we knew that anyway

  4. Mayday
    Alert

    Oh Dear

    Incoming "We take privacy seriously" canned response and a bunch of free subscriptions to Equifax in 3...2...1...

    Not that Equifax have a great track record either.

  5. Anonymous Coward
    Anonymous Coward

    "DXC reckons the transition of its Medicaid systems to AWS will be "seamless." "

    Yeah, I bet it does...I mean everything looks rosy to someone with zero experience, knowledge or awareness of customer requirements.

  6. Anonymous Coward
    Anonymous Coward

    Probably a Good Idea

    I am going to be controversial and state that after 25 years in the IT industry working for some very large Red and Blue companies and looking into some of the largest government and commercial IT teams and facilities I can state that giving the infrastructure component to AWS to manage is probably a good idea as there is less chance of AWS stuffing it up :-) As to the Application Layers and the Migration Project in the "Shared Responsibility Model" I am sure that there are many El Reg readers with a better insight into this organisation.

  7. NeilPost Silver badge

    HIPPA anyone ??

    https://en.m.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act

    Another opportunity for Federal Money slurping for breaches ?!

  8. Anonymous Coward
    Anonymous Coward

    And just how, exactly, will DXC migrate this to AWS when they have no skilled, experienced staff left ?

    1. Fading
      Paris Hilton

      Badly?

      (just a guess)

  9. Anonymous Coward
    Anonymous Coward

    Medicaid UK

    sounds neat, eh? Think of all the money saved!!! And lives!!! And children!!! And terrorists!!!

    1. Anonymous Coward
      Anonymous Coward

      Re: Medicaid UK

      Https://www.ukauthority.com/articles/nhs-scotland-digital-platform-to-use-public-cloud/

  10. JLV Silver badge

    https://www.investopedia.com/articles/personal-finance/081114/medicaid-vs-medicare.asp

    >Medicare is an age-based federal health insurance program that guarantees coverage for individuals ages 65 and over and some younger people with disabilities. By contrast, Medicaid is a public assistance program for needy Americans of all ages.

    In other words, 1 of the 2 is considered politically expandable. Yes, the DXC-bound one, why do you ask?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like