Why don't they just say "everything"?
> The full list of potentially impacted data includes:
[snip]
Everything.
Everything necessary to blackmail someone trying to sort their life out with a modicum of privacy. Well done Baymark. Great job.
BayMark Health Services, one of the biggest drug addiction treatment facilities in the US, says it is notifying some patients this week that their sensitive personal information was stolen. It sent notifications to recipients of substance abuse disorder support services on Wednesday, confirming that data, including the type of …
There's no suitable reason why a company that's the custodian of this sensitive of material should have it exposed online. None. I'll bet it was so it was "convenient" for them to move data files around and not have to faff about with gatekeepers.
Remedy, all execs barred from working in the health industry ever again with possible fines/jail time. The company fined to an inch of it's life. Sorry stockholders, your company did a bad thing and as an owner, you bear the brunt of the punishment. Just feel lucky you won't go to jail.
>Remedy, all execs barred from working in the health industry ever again with possible fines/jail time.
That won't worry execs much at all - they always have a golden parachute in the case the role is terminated early and many of them won't have any financial issues even if you fine them a whole years salary.
Even a month in a "resort prison" won't bother execs much either, when they can go cry over all the assets and money they've collected afterwards.
>The company fined to an inch of it's life
Any of such fines are always completely paid by the customers via price increases, so that is not effective at all.
What would be effective would be to fine the dividends - after all it is really the shareholders who decide which exec's are hired and should have to deal with the financial risk of negligent exec's (you'd soon see many exec's fired and never rehired).
... is that, unless you're rich and pay for your own doctors (and maybe not even then), one can't get medical services without offering up all sorts of exploitable personal information.
All the medicos truly need is a unique medical record number to index your treatment data under (a GUID?), but the data-sucking-and-reselling insurance companies, (and data-sucking governments, in the case of socialised medicine) refuse to work that way.
"and security of patient information, and apologize for the concern this may cause," it added. "We are offering complimentary identity monitoring services"
Well that's okay then, no harm done, nothing sensitive exposed that will cause any upset....
This is becoming my monthly moan about the same nonsense.
Data custodians leaking information and then thinking they can get out of the shite using an ID theft service.
Is this stuff covered by HIPPA? I'm not US side of the pond.
There's a real need to get ahead of the cyber criminals, yet these organisations keep leaking information, more than likely because the necessary controls aren't in place to begin with.