back to article It is with a heavy heart we must inform you, once again, folks are accidentally spilling thousands of sensitive pics, records onto the internet

Everything is insecure and everything is broken, exhibits A through Z: Plastic surgery biz botches storage, leaks patient records A software vendor specializing in record-keeping tools for plastic surgery clinics poorly secured a storage bucket hosted by Amazon Web Services containing hundreds of thousands of sensitive patient …

  1. Richard 12 Silver badge

    Four sig fig?

    Well, at least we now know not to believe any numbers coming from them, because 4999 is either a marketing lie or a tale told by an idiot, signifying nothing.

    1. elkster88

      Re: Four sig fig?

      Every time I encounter such unwarranted precision, I am reminded of this exchange:

      KIRK: Mister Spock, can we get those two guards? What would you say the odds on our getting out of here?

      SPOCK: Difficult to be precise, Captain. I should say approximately 7,824.7 to 1.

      KIRK: Difficult to be precise? 7,824 to 1?

      SPOCK: 7,824.7 to 1.

      KIRK: That's a pretty close approximation.

      SPOCK: I endeavour to be accurate.

      KIRK: You do quite well.

      1. jmch Silver badge

        Re: Four sig fig?

        It's easy to be precise. The thing is, precision is useless unless you have at least the same or better accuracy.

    2. Commswonk

      Re: Four sig fig?

      a tale told by an idiot, signifying nothing.

      You missed out the "full of sound and fury" but have an upvote for the Shakespearian quote anyway.

      Not enough of them on this forum...

  2. Steve Davies 3 Silver badge

    Just goes to show...

    that the old saying

    - To err is human but to really foul things up, you need a computer

    is just as true today as every it was. Add the two together and you have a recepie for disaster just waiting to happen.

    1. Muscleguy Silver badge

      Re: Just goes to show...

      Its inevitable, talent and diligence are not universal traits. Everyone and their budgie now has an IT system facing the internet and the talent is spread too thin. Add in the PFY scenario and offshoring things to countries where playing fast and loose with one's CV is standard practice and it's surprising TITSUP doesn't happen more often.

      I don't go trawling for vulnerabilities but it would seem the black hats are spoiled for choice and this sort of ecology keeps most vulnerable things safe. We have to see InfoSec as an ecology now.

    2. Rich 11

      Re: Just goes to show...

      Would you mind sharing your recipe for recepie, please? I'm getting hungry.

      1. Lotaresco

        Re: Just goes to show...

        "Would you mind sharing your recipe for recepie, please?"

        First catch your Rece.

        1. Rich 11

          Re: Just goes to show...

          Apparently 'rece' is the Romanian word for cold. You've just suggested I catch a cold. Unfortunately I'm way ahead of you there and probably won't be in work tomorrow.

        2. Sean o' bhaile na gleann

          Re: Just goes to show...

          Ooohhh that triggered a much-cherished memory.

          From "Round The Horne"... Kenneth Williams doing his "Rambling Sid Rumpold" bit, this time with a 'country cookery' lesson.

          "How to make Sheperds Pie..."

          "First, catch and peel two shepherds"

  3. Anonymous Coward
    Anonymous Coward

    I'd say that this is just a symptom of using the Cloud, where PHBs have decided that having their own IT people (admins and security) to safeguard things such as this are seen as a burden and aren't required.

    I deal with multiple customers, and this seems to be a depressingly common trend.

  4. Pascal Monett Silver badge

    Only $1.3bn of damage in the US ?

    What is Emsisoft trying to do, be reasonable ? That's not how you report virus damage at a country level. You speak of hundreds of billions, not a measly single billion. You're talking computer virus. It's Armageddon time, not beer o'clock. You're supposed to scare the bejeesus out of people, not deliver a school report.

    Go back and put some pizzaz on those numbers. I want to feel the fear, you understand ? FEAR.

  5. DJV Silver badge

    All those leaks

    Does that mean that when all these companies have data leaks and afterwards sheepishly announce "Our customers (and their data security) are our highest priority" that they MIGHT ACTUALLY BE LYING?!!

    Who'da thunk it!

  6. Lotaresco

    Personal Data Security

    I get reminded by my colleagues from time to time that sometimes we in the IT industry are more worked up about sensitive data than the public. Examples are, a friend who is running an experiment with an appropriately secure alternative to Facebook, no ads, no customer profiling, good server farms built by people who know what they are doing and rigorously tested. The catch is it's a subscription service, £70 per year. Uptake is low, as he expected. The conclusion is that to most people their personal data and that of their kids isn't worth £70 a year to protect.

    Last week a friend enthused to me about his experience of having surgery. His doctor sent him for X-Ray and by the time he got back to the consulting room the doctor was looking at the images on his personal tablet and phone. He got a rapid diagnosis which please him immensely. I asked if he was in any way concerned that these images and his personal data had been transmitted over public networks with no requirement for him to give informed consent or even know what the security was like on this distribution of sensitive patient data. He didn't care, not one bit.

    We get worked up about it, the customers don't seem to care at all.

    1. ds6

      Re: Personal Data Security

      Shill that Facebook alternative, friendo. It sounds interesting.

    2. Snake Silver badge

      Re: Personal Data Security

      "I get reminded by my colleagues from time to time that sometimes we in the IT industry are more worked up about sensitive data than the public.

      Very much so. I get reminded of this every time I (mistakenly) speak to my boss/business owner about malware, browser security and, sometimes, even data backups.

      I then have to hear him (self-righteously) rant that our data "doesn't contain anything important", doesn't contain anything sensitive, and "I'm wasting time" in the effort I place in securing the data. Never you mind the thousands upon thousands of manhours spent in building the data, nor the dozens to hundreds of hours that must be spent to mitigate any data loss.

      But he knows better :rolleyes: Luckily for (his) business I completely ignore his [childish] whining and continue to carry on with my data security policies.

      1. BuckeyeB

        Re: Personal Data Security

        He might not care about it now, but if something happened and it went public and the higher ups were on his ass, it'd be you his finger would be pointing at. After all, that's what I hired you for.

    3. Claptrap314 Silver badge

      Re: Personal Data Security

      It's not just privacy. It's lack of seamless interoperability with F. I've fooled around with alternatives to F, the lack of being able to talk to _anyone_ in my existing networks makes the effort...unsatisfying.

      As I previously mentioned, I only use F at all because it is my primary means of communication for family, religion, and politics. If I can just get those sorted, I'll be off it in a New York minute...

    4. spold

      Re: Personal Data Security

      ...depends on the data involved....

      Bank credit card data = meh, bank will cancel the transaction and reimburse me, send me a new card.

      Dodgy dating site the wife doesn't know about (I will cite the breached list of registered emails from Ashley Madison - just the email address field mind you) - holy ****!!!!

      Name and address from the adult mental health and addictions clinic site - ughh!!!

  7. IceC0ld

    HEADLINE - Iran accused of hacking vulnerable VPN, RDP servers

    ADVICE - Keep your external-facing remote-access systems up to date and patched, folks.

    yet the 'businesses' being hit are supposed to be providing 'secure' comms for their clients, we are STILL in a scary world, and we are STILL failing to learn from previous feck ups, where will it end ?

    not nicely, that's for certain :o(

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like