back to article 185K people's sensitive data in the pits after ransomware raid on Cherry Health

Ransomware strikes at yet another US healthcare organization led to the theft of sensitive data belonging to just shy of 185,000 people. Michigan-based Cherry Health reported a data breach to regulators on Wednesday caused by a ransomware attack back in December 2023. The health center, which operates across six counties …

  1. Pascal Monett Silver badge

    "In an abundance of caution"

    You mean, the abundance you did not put into securing your network and training your people ?

    And I see that you have found the boilerplate yada yada for failling to ensure the security of the data in your care. Well done. It sounds just as reliable now as it has the last million times we've already heard it.

    You might want to actually put some millions behind your words soon, because it has cost some other health company $800+ million just to clean up.

    You have that kind of money ? If so, carry on mouthing your platitudes.

  2. Mike 137 Silver badge

    There ought to be a rubber stamp for this

    '"We take the privacy of information in our care very seriously. At this time, there is no evidence that any of your information has been, or will be, misused. ..."

    Why doesn't someone make a million selling a rubber stamp carrying this text? Preferably suitable for printing on toilet paper as this is really just a bum cover.

    No evidence of harm is not evidence of no harm. And do they have a crystal ball to see into the future? In any case it's probably impossible to find out as any evidence of a connection between this breach and any subsequent fraud on some individual will be really tenuous.

    1. DJV Silver badge

      Re: There ought to be a rubber stamp for this

      Any institution uttering that (or similar) phrases should be subject to an immediate multi-million $/£/€ fine!

  3. Doctor Syntax Silver badge

    Someone down at the bottom of the heap was probably saying "Look what happened to them. If we don't do something about it it could happen to us." and it got propagated through the reality distortion field as "It couldn't happen to us.".

  4. JustAnotherDistro

    Not as important to you as it is to us

    These many firms--and the tempo is accelerando--are not so much unwilling, as they are unable, to secure this intensely personal, legally highly restricted, information. After watching the latest supply chain attack fail by a hair, the good guys seem very near to losing the contest decisively.

    The last people so far able to protect their IT assets, namely the banks, surely are next, no? Maybe then we'll see a bit of action taken on this front.

    Was it Coleridge who declared poets "the unacknowledged legislators of the universe"? Turns out it's actually insurance companies.

    1. Claptrap314 Silver badge

      Re: Not as important to you as it is to us

      No, the techies who they are employing or using almost certainly are capable of defending against the bulk of the attacks. What the organization is incapable of is prioritizing security so that it in fact is implemented.

      And why should they? Nobody have gone to jail for one of these. Yeah, there was that one company where a couple of people lost their job, but only one. Our insurance is going to pay out the costs.

      Insurance company or no, they are publicly owned. Their job is to make money for their shareholders.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like