Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Medicine Security

Over 40 Million People Had Health Information Leaked This Year 25

Over 40 million people in the United States had their personal health information exposed in data breaches this year, a significant jump from 2020 and a continuation of a trend toward more and more health data hacks and leaks. The Verge reports: Health organizations are required to report any health data breaches that impact 500 or more people to the Office for Civil Rights at the Department of Health and Human Services, which makes the breaches public. So far this year, the office has received reports of 578 breaches, according to its database. That's fewer than the 599 breaches reported in 2020 (PDF), but last year's breaches only affected about 26 million people. Since 2015, hacks or other IT incidents have been the leading reason people have their health records exposed, according to a report (PDF) from security company Bitglass. Before then, lost or stolen devices led to the most data breaches.
This discussion has been archived. No new comments can be posted.

Over 40 Million People Had Health Information Leaked This Year

Comments Filter:
  • by oldgraybeard ( 2939809 ) on Thursday December 09, 2021 @05:18AM (#62062217)
    that should be everyone.
    • by Anonymous Coward

      26 million last year, 40 million this year, that's 66 million and a factor of 1.5. So the next leak would be a 100 million or so. Assuming no dupes, but that just pushes us back one time. O the joys of exponential functions.

      Actually we'd see logistic growth rather than exponential growth because the population is finite. So the last few will take a while, but most by far will have been leaked by the fifth iteration.

      And you can never really un-leak. You can only hope your information won't end up abused, a

      • 26 million last year, 40 million this year, that's 66 million and a factor of 1.5. So the next leak would be a 100 million or so. Assuming no dupes, but that just pushes us back one time. O the joys of exponential functions.

        Try assuming Greed won't ever admit that the fuck-up that lead to the hack was bad enough to warrant criminal charges because as usual, profits and convenience, were put above security.

        More than likely everyone has already been hacked. You just won't hear about the rest. Not like were persecuting Corporate Greed with any sort of real deterrent for lack of security compliance.

        Ever.

    • No problem. Just get a new identity. https://www.changeidentity.net... [changeidentity.net]
  • by geekmux ( 1040042 ) on Thursday December 09, 2021 @05:55AM (#62062287)

    We got here, because Corporate Greed continues to put profits over all. And of course, those in charge who are making the financial decisions to minimize or otherwise ignore the risk of shitty security, will never actually be punished for being the core reason the hack happened.

    No, instead they'll blame the IT Security person in charge. The usual bullshit scapegoat.

    Greed can barely even get people to work right now during the pandemic. You expect them to stretch their neck across the chopping block and become the CEO's personal scapegoat while potentially facing criminal charges because the Office of Societal Outrage had an anal flareup over the latest hack that included "famous" YouTube celebrities? Yeah, good luck hiring for that shit.

    TL; DR - Keep this up, and hiring your future IT Security person will make hiring a doctor look easy. Expect an obscene salary, three lawyers on retainer, and a metric fuckton of liability insurance.

    • by jd ( 1658 ) <imipakNO@SPAMyahoo.com> on Thursday December 09, 2021 @07:53AM (#62062453) Homepage Journal

      It's common in America that IT departments are seen as a drain on finances that produces no profit. And security is a very expensive service. The number of companies that consider the net costs (to themselves and others, the costs from lawsuits, the loss of revenue due to reputational damage, etc) is remarkably low.

      Where there's a lack of competition, that can be understandable. If there are no meaningful alternatives, reputational damage has no impact. Microsoft has demonstrated that for decades. And the costs from lawsuits are typically seen as cost of doing business as they're very low compared to the cost of actually doing things right.

      Which leads to two conclusions. Firstly, turnkey security solutions are too expensive - partly because they don't sell well because IT managers don't see the need for them, so a high price tag is necessary to cover costs and make a reasonable profit. You can't change just one side of this equation and it's going to require some sort of intervention.

      Secondly, since a lot of applications have security holes, it is reasonable to conclude that programming is taught poorly from the start and that self-learners aren't being given sufficient access to examples of good practices (in books, on the web and in circulating code). It shouldn't be hard to compile a list of the current tools, guidelines and recommendations on the Internet. Although much harder, it should still be possible to provide recommendations on when any particular piece of advice is good and how useful it is in that context, and on which advice should never be followed. To go with that, it should be possible to link to particularly good examples of programming practice.

      • And absolutely nothing you have said, would prevent an embarassed but arrogant CxO from turning the security person into a scapegoat when the inevitable happens, and that "expensive" IT Security proves it was actually worth its weight in platinum when 30% of revenue, simply evaporates. Or a company finds themselves out of business because they thought those cheap "cool" cloud solutions prevented ransomware from destroying it all. Permanently.

        There are already lists of current tools and guidelines. We of

    • Security will not fix bad code, old software, 3rd party vendors.
      And in Health some 3rd party vendors are like you can't even install windows updates on our systems.

      • Security will not fix bad code, old software, 3rd party vendors. And in Health some 3rd party vendors are like you can't even install windows updates on our systems.

        You sound like someone who fails to recognize where the true problem far too often lies; in between the keyboard and the chair.

        Bad code, is bad. A ignorant user (or should I say decision maker), makes it far worse. Complete lack of accountability, makes that problem, perpetual.

  • It's way more (Score:1, Interesting)

    by Anonymous Coward
    Considering the Corona access app used throughout Europe is one big breach of medical data, the number in the article is actually much higher, around 600 million people.
  • by Gravis Zero ( 934156 ) on Thursday December 09, 2021 @07:28AM (#62062401)

    40 million people having their health information leaked isn't a lot because there are 8 billion people.
    40 million people in the US having their health information leaked is a LOT because it's over 10% of the population!

  • Excellent and nice article. when a user wants to get important information then visit our site...my website [slashdot.org]

"I got everybody to pay up front...then I blew up their planet." "Now why didn't I think of that?" -- Post Bros. Comics

Working...