back to article US House reps, staff health data swiped in cyber-heist

Health data and other personal information of members of Congress and staff were stolen during a breach of servers run by DC Health Care Link and are now up for sale on the dark web. The FBI is investigating the intrusion, which came to light Wednesday after Catherine Szpindor, the House of Representatives' chief …

  1. jake Silver badge

    Idiots running the place.

    "Put it all in the cloud", they said. "It's fast, cheap and safe", they said. "What could possibly go wrong?" ...

    1. Anonymous Coward
      Anonymous Coward

      Re: Idiots running the place.

      The article doesn't actually say whether the company "DC Health Care Link" ran their own servers or contracted out to Amazon or some other cloud company.

      Either way, the hackers probably got in through an employee (victim or collaborator) working in the "DC Health Care Link" office, to get the passwords necessary to access the database, so it wouldn't really matter whether they ran their own servers or not. Unless of course "DC Health Care Link" just left their data in an unsecured AWS bucket.

      I have yet to hear of a break-in on the Amazon or Google side to enter the clients data from those cloud vendors. Smaller vendors - yes.

    2. Blazde Silver badge

      Re: Idiots running the place.

      Can anyone articulate this common 'cloud is insecure' argument for me?

      As far as I can see:

      Unsecured AWS bucket == unpassworded SQL server of old

      Idiots using cloud resources == idiots running their own host of old

      If anything the homogeneity of cloud resources and broadly competent providers (Amazon, Google, eh maybe less Microsoft) has made things much more secure. There are more idiots putting more things online, but that's a progress problem not a cloud problem.

      People putting personal photos on the cloud instead of on a disconnected device is a bit silly, but health insurance data like this wouldn't have been air-gapped 20 years just like it isn't now.

  2. jmch Silver badge

    Good-ish???

    I wouldn't exactly say 'good' since it's anyway people's data and all that....

    BUT

    I hope there is a silver lining in there somewhere that will get representatives and senators to look beyond their partisan goggles and the interests of their lobbying fund-masters to understand that *everyone's* personal data needs more protection, and not only from it being stolen but also from being hoovered up in large quantities just because it's possible.

    1. trindflo Bronze badge
      Megaphone

      Re: Good-ish???

      And here we have the arrest: Peekskill Herald coverage of arrest of Conor Brian Fitzpatrick AKA pompompurin

      Interesting how quickly that got resolved.

  3. Anonymous Coward
    Anonymous Coward

    1. Use inadequate precautions to safeguard data. 2. Blame everyone but your organization.

    1. Throatwarbler Mangrove Silver badge
      Thumb Down

      Victim blaming! Drink!

  4. IGotOut Silver badge

    Finally...

    ...maybe this will be the data equivalents of The Great Stink.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like