Ransomware crooks steal 3m+ patients' medical records, personal info Several California medical groups have sent security breach notification letters to more than three million patients alerting them that crooks may have stolen a ton of their sensitive health and personal information during a ransomware infection in December. According to the Southern California health-care organizations, which …
The British government would have just given it away.
Oh wait, maybe we are governed by criminals as shown by the 2 (or more?) previous attempts to hoover up all GP records. Saying they would have been anonymized just doesn't cut the mustard when the data contain enough information to localise the owner back to a household.
Was it founded by a guy who later become obsessed in the possibility of attaining a nobel peace prize and brushed shoulders with trafficker.
I’m surprised businesses still use that PoS, I though businesses was all about risk mitigation.
You know, a key that opens many locks is a master key
But a lock that is opened by many keys, is just a shitty lock.
I present to you, Microsoft, the shitty lock
I'm not defending Microsoft, but I wouldn't be surprised if low-security/no-security configurations create more vulnerabilities than errors in the OSes themselves.
Low-security/no-security configurations are created by techies who (a) are pressured by management to get it up and running ASAP, damn the torpedoes and "over-engineering" (aka "wasting" time/money on security), and/or (b) are ignorant/incompetent regarding reasonable system security.
I bought a Patriot-brand media box: you plugged a USB drive with video files into it, and played them on your HDMI-connected TV/display panel.
I was appalled to find: (1) my box was accessible via telnet, (2) anyone could log into the root account, which had NO password, and, (3) Patriot issued NO software updates for it.
I'm not buying that. Linux and MacOS are quite safe out of the box, but a fresh Windows machine first needs several TB worth of patches before it's even half as safe, mainly because its default settings are "hey, I'm bending over here, come and get me". And Defender doesn't, at least not enough.
What they DO do, immediately, is ship every bit of data they can grab to Microsoft the moment they go live - weirdly, that code always seems to work rather well..
I read a recent report about hospitals, much like big oil companies, enjoying record profits of late. It doesn't appear those excess dollars are being reinvested in protecting their customers' private information, and the token year of credit monitoring after the fact is being treated as just another cost of doing business. Steep, mandatory payouts directly to affected patients might help their administrations re-prioritize cybersecurity.
"It doesn't appear those excess dollars are being reinvested in protecting their customers' private information"
Remember capable and determined fellas can invade the US Pentagon, State Department, NASA, NSA - and some of those folks have bigger pockets and are used to kill for a living.
You don't need to steal medical data.
You just need to join certain organisation and grease a couple of hands, of people who work for that organisation and the government.
And all data is yours legally. You just have to share it with other corporations in that organisation.
And if someone starts looking? Organisation has an army of "information warriors", to ensure person looking gets smeared and not taken seriously.
As an IT bod, it pains me to say this
Just stop agreeing to the licensing terms
“I’m sorry, I cannot use your electronic crap because I’ve not read nor understand nor want to, this legalese”
Remember, you don't pay money for software, you are paying for the license agreement.
Privacy policy? Kinda meaningless when the data you collected is handed to malicious people through ineptitude
Lets be clear here, every single breach of a company by “sophisticated ” ahem… hackers, is a case of an inept staff member(s) doing something they shouldn’t, or not doing something they should .
I’ve worked at a lot companies and they’re all equally shit, staffed by lackies, with no understanding of infosec or even what ISO27001 is, and why placing it in a ridiculously narrow scope, which they know they can pass, briefly, momentarily, is not going to provide any operational protection
Maybe these companies should start employing competent and “sophisticated” staff, but that costs money and infestor shareholders looooove money so won’t want to give any of it up
Equifax donated my entire credit information and history to the dark web years ago (why are they still in business). I froze my credit then. Lately Experion decided to make their contribution to identity theft. Between the two of these monsters, what can a measly hospital do? It's to the point where it's hardly worth mentioning any more.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
