> For his part, Tapio has denied committing an offence, and claimed that the responsibility for the breach fell on the shoulders of former members of the company's IT team.
Absolutely. It is also the job of management to put processes in place to have effective security and to require audits.
The fact the CEO accepts no responsibility and blames a mistake made by IT is worrying and he should not be allowed to hold management positions again.
Failing to protect medical records should be a criminal matter, and criminal negligence seems a common enough term I assume that it is real rather than a made up cop drama term.
Also the traditional justification for ludicrous compensation for CEOs etc is how much more risk and responsibility they have, and this seems to be the CEO baring (minimal) responsibility for the company’s actions.
7 comments
[ 4.8 ms ] story [ 30.3 ms ] thread> For his part, Tapio has denied committing an offence, and claimed that the responsibility for the breach fell on the shoulders of former members of the company's IT team.
This seems like yet another case where a company thinks keeping quiet and pretending nothing happened will be more profitable.
The fact the CEO accepts no responsibility and blames a mistake made by IT is worrying and he should not be allowed to hold management positions again.
His incompetence was exposed by a criminal act, but it isn't what compromised the patients.
Hacking doesn't just happen as random acts of God. Failing to protect against criminals should never be a crime in itself.
Also the traditional justification for ludicrous compensation for CEOs etc is how much more risk and responsibility they have, and this seems to be the CEO baring (minimal) responsibility for the company’s actions.