Over 40 Million People Had Health Information Leaked This Year 25
Over 40 million people in the United States had their personal health information exposed in data breaches this year, a significant jump from 2020 and a continuation of a trend toward more and more health data hacks and leaks. The Verge reports: Health organizations are required to report any health data breaches that impact 500 or more people to the Office for Civil Rights at the Department of Health and Human Services, which makes the breaches public. So far this year, the office has received reports of 578 breaches, according to its database. That's fewer than the 599 breaches reported in 2020 (PDF), but last year's breaches only affected about 26 million people. Since 2015, hacks or other IT incidents have been the leading reason people have their health records exposed, according to a report (PDF) from security company Bitglass. Before then, lost or stolen devices led to the most data breaches.
Ok so 8-9 more times and (Score:3)
More like four times or so. (Score:1)
26 million last year, 40 million this year, that's 66 million and a factor of 1.5. So the next leak would be a 100 million or so. Assuming no dupes, but that just pushes us back one time. O the joys of exponential functions.
Actually we'd see logistic growth rather than exponential growth because the population is finite. So the last few will take a while, but most by far will have been leaked by the fifth iteration.
And you can never really un-leak. You can only hope your information won't end up abused, a
Re:More like, it's already done. (Score:2)
26 million last year, 40 million this year, that's 66 million and a factor of 1.5. So the next leak would be a 100 million or so. Assuming no dupes, but that just pushes us back one time. O the joys of exponential functions.
Try assuming Greed won't ever admit that the fuck-up that lead to the hack was bad enough to warrant criminal charges because as usual, profits and convenience, were put above security.
More than likely everyone has already been hacked. You just won't hear about the rest. Not like were persecuting Corporate Greed with any sort of real deterrent for lack of security compliance.
Ever.
Re: Ok so 8-9 more times and (Score:3)
The Future of IT Security (Score:3, Insightful)
We got here, because Corporate Greed continues to put profits over all. And of course, those in charge who are making the financial decisions to minimize or otherwise ignore the risk of shitty security, will never actually be punished for being the core reason the hack happened.
No, instead they'll blame the IT Security person in charge. The usual bullshit scapegoat.
Greed can barely even get people to work right now during the pandemic. You expect them to stretch their neck across the chopping block and become the CEO's personal scapegoat while potentially facing criminal charges because the Office of Societal Outrage had an anal flareup over the latest hack that included "famous" YouTube celebrities? Yeah, good luck hiring for that shit.
TL; DR - Keep this up, and hiring your future IT Security person will make hiring a doctor look easy. Expect an obscene salary, three lawyers on retainer, and a metric fuckton of liability insurance.
Re:The Future of IT Security (Score:4, Insightful)
It's common in America that IT departments are seen as a drain on finances that produces no profit. And security is a very expensive service. The number of companies that consider the net costs (to themselves and others, the costs from lawsuits, the loss of revenue due to reputational damage, etc) is remarkably low.
Where there's a lack of competition, that can be understandable. If there are no meaningful alternatives, reputational damage has no impact. Microsoft has demonstrated that for decades. And the costs from lawsuits are typically seen as cost of doing business as they're very low compared to the cost of actually doing things right.
Which leads to two conclusions. Firstly, turnkey security solutions are too expensive - partly because they don't sell well because IT managers don't see the need for them, so a high price tag is necessary to cover costs and make a reasonable profit. You can't change just one side of this equation and it's going to require some sort of intervention.
Secondly, since a lot of applications have security holes, it is reasonable to conclude that programming is taught poorly from the start and that self-learners aren't being given sufficient access to examples of good practices (in books, on the web and in circulating code). It shouldn't be hard to compile a list of the current tools, guidelines and recommendations on the Internet. Although much harder, it should still be possible to provide recommendations on when any particular piece of advice is good and how useful it is in that context, and on which advice should never be followed. To go with that, it should be possible to link to particularly good examples of programming practice.
Re: (Score:2)
And absolutely nothing you have said, would prevent an embarassed but arrogant CxO from turning the security person into a scapegoat when the inevitable happens, and that "expensive" IT Security proves it was actually worth its weight in platinum when 30% of revenue, simply evaporates. Or a company finds themselves out of business because they thought those cheap "cool" cloud solutions prevented ransomware from destroying it all. Permanently.
There are already lists of current tools and guidelines. We of
Security will not fix code, old software, vendors (Score:2)
Security will not fix bad code, old software, 3rd party vendors.
And in Health some 3rd party vendors are like you can't even install windows updates on our systems.
Re: (Score:2)
Security will not fix bad code, old software, 3rd party vendors. And in Health some 3rd party vendors are like you can't even install windows updates on our systems.
You sound like someone who fails to recognize where the true problem far too often lies; in between the keyboard and the chair.
Bad code, is bad. A ignorant user (or should I say decision maker), makes it far worse. Complete lack of accountability, makes that problem, perpetual.
It's way more (Score:1, Interesting)
Burried the lead! (Score:3)
40 million people having their health information leaked isn't a lot because there are 8 billion people.
40 million people in the US having their health information leaked is a LOT because it's over 10% of the population!
Re: (Score:2)
Re: (Score:2)
But the 'medical details' are just the fact that you have or haven't been vaccinated.
Uh, a hell of a lot more than 40 million Americans have been asked, coerced, or flat out demanded to reveal their HIPPA-protected information related to vaccine status, because for some fucked-up reason HIPPA went out the damn window with COVID.
Re: (Score:2)
Re: (Score:2)
"entirely legitimate and legal."
You sound like a banker or hedge fund manager. That should tell you everything about that shit defense.
Millions of people suffer every day, and Greed N. Corruption gets away with it because it's "legal." Grow up and stop pretending that defense is still "legitimate" in the eyes of society. It's not, and Greed makes it obvious as to why.
Re: (Score:2)
Re: (Score:2)
Almost 800k Americans have died from the virus. There are more than 100k new infections per week, and more than 1k new deaths per week. It's a national emergency, and knowing your vaccine status has absolutely nothing to do with greed and corruption.
The numbers are so grossly skewed as compared to the rest of a fucking planet for the same damn reason; Greed found out it could profit to a corrupt level by jumping up and down like a rabid monkey and blaming every death on COVID.
No other country comes close, because no other country is that corrupt in the medical system. 1K deaths per week? 1200 people die every day from tobacco use, and a million abortions happen every year in the US. The fucking flu will become more deadly, so let me know when we sta
Re: (Score:2)
Re: (Score:2)
So many baseless claims. Everything is a CONSPIRACY, lol.
Baseless? Do you have a better explanation as compared to every other first world country that fared far better? Going to blame the political civil war on American COVID accuracy as if cheerleading for any of that shit is beneficial at this point? Or perhaps you'll go with the American obsession with "thicc" people slaying the concept of obesity being deadly as that "fashion" statement ravages a population. That'll go over like a lard-filled balloon in the global medical community too.
When it comes to G
Re: (Score:2)
Re: (Score:2)
... a lot more than 40 million Americans have been asked, coerced, or flat out demanded to reveal their HIPPA-protected information related to vaccine status, because for some ... reason HIPPA went out the ... window with COVID.
It has not gone out the window. HIPPA does not prevent you from disclosing your own medical information, nor does it prevent others from asking you for it. What HIPPA prevents is everyone else disclosing your medical information without your permission.
In the "good old days", your employer-provided-insurance would have generated an all-employees report for your employer. In a HIPPA world, this is nearly-impossible and is precisely why your employer is now asking, coercing and flat out demanding you provi
Re: (Score:2)
... a lot more than 40 million Americans have been asked, coerced, or flat out demanded to reveal their HIPPA-protected information related to vaccine status, because for some ... reason HIPPA went out the ... window with COVID.
It has not gone out the window. HIPPA does not prevent you from disclosing your own medical information...and is precisely why your employer is now asking, coercing and flat out demanding you provide the information instead.
Threatening your employment and livelihood, is not what I call a "choice", so I think we can stop trying to sell the idea that HIPPA hasn't gone out the window with COVID.
It irrationally and illegally has.
dawn news (Score:1)