Doctors didn’t think it was possible to loathe the world’s biggest health care profiteer any more. Then came the hack that set half their bookkeeping systems on fire.
Get ready for clay tablets and possibly cuneiform record keeping. I saw this coming from a mile away before health records and billing were due to go live online, and everyone pooh-poohed my alarms. We can’t go back to all paper, we’re still squandering life-breathing trees. But a lot of this is simply board members and C-Suite not allocating enough dollars for proper hardware, software, and strongly knowledgeable minds to implement good security.
But a lot of this is simply board members and C-Suite not allocating enough dollars for proper hardware, software, and strongly knowledgeable minds to implement good security.
The stolen data was encrypted, so all the hackers were doing was stopping business from being run. With that being said, if you think it’s just about ‘implementing good security’ I think you’re out of depth when it comes to just how large of an attack vector it is and how sophisticated the attacks can be. We’re talking about an industry where people are willing to cough up millions of dollars to recover data in some cases, meaning that it attracts some of the best talent in the world to coordinate attacks and the attacks can be extremely sophisticated.
Sure. Allow me to give you a little background about my area, from personal experience a hundred years ago in the industry: security by obscurity was the standard, a CTO had zero experience with anything computer related, beyond powering his on and pecking out emails, was not interested in learning about (let alone learning any) current or new technology, coding, or security related. The sysad couldn’t code a lick, depended on an online scanner for malware removal (and it was a persistent problem), and did absolutely zero auditing, wondering why the better team members stayed long enough for a reference and ran screaming. This was the worst, but not by much, company I worked for in the industry in a very wealthy area. I’m sure things have changed over the years, but from friends in the industry, not by much. They still stay long enough for the reference of official experience, then end up moving companies, or the better ones go on to self-employme t, often contacting for the same companies, at 4x the hourly rate, because it’s still cheaper than getting sued by by clients or the government.
The weird thing is, I’m about to try to re-enter the industry, personal and industry issues aside, at a later point in the year.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !news@beehaw.org
Breaking news from around the world.
News that is American but has an international facet may also be posted here.
Guidelines for submissions:
Where possible, post the original source of information.
If there is a paywall, you can use alternative sources or provide an archive.today, 12ft.io, etc. link in the body.
Do not editorialize titles. Preserve the original title when possible; edits for clarity are fine.
Do not post ragebait or shock stories. These will be removed.
Do not post tabloid or blogspam stories. These will be removed.
Social media should be a source of last resort.
These guidelines will be enforced on a know-it-when-I-see-it basis.
Get ready for clay tablets and possibly cuneiform record keeping. I saw this coming from a mile away before health records and billing were due to go live online, and everyone pooh-poohed my alarms. We can’t go back to all paper, we’re still squandering life-breathing trees. But a lot of this is simply board members and C-Suite not allocating enough dollars for proper hardware, software, and strongly knowledgeable minds to implement good security.
The stolen data was encrypted, so all the hackers were doing was stopping business from being run. With that being said, if you think it’s just about ‘implementing good security’ I think you’re out of depth when it comes to just how large of an attack vector it is and how sophisticated the attacks can be. We’re talking about an industry where people are willing to cough up millions of dollars to recover data in some cases, meaning that it attracts some of the best talent in the world to coordinate attacks and the attacks can be extremely sophisticated.
Sure. Allow me to give you a little background about my area, from personal experience a hundred years ago in the industry: security by obscurity was the standard, a CTO had zero experience with anything computer related, beyond powering his on and pecking out emails, was not interested in learning about (let alone learning any) current or new technology, coding, or security related. The sysad couldn’t code a lick, depended on an online scanner for malware removal (and it was a persistent problem), and did absolutely zero auditing, wondering why the better team members stayed long enough for a reference and ran screaming. This was the worst, but not by much, company I worked for in the industry in a very wealthy area. I’m sure things have changed over the years, but from friends in the industry, not by much. They still stay long enough for the reference of official experience, then end up moving companies, or the better ones go on to self-employme t, often contacting for the same companies, at 4x the hourly rate, because it’s still cheaper than getting sued by by clients or the government.
The weird thing is, I’m about to try to re-enter the industry, personal and industry issues aside, at a later point in the year.