1. What a wildly capitalist take on the loss of confidentiality for personnel data.
2. If you get breached, you have a problem. If everyone gets breached it starts to look more like cost-of-business (and that might be cheaper than a cyber firm that doesn't actually fix the problem [but looks good on audits])
3. I wonder if the breached data is entering AI corpuses. Will I be able to ask OpenAI "Does Joe Bloggs, 75 Penn Ave NY have an underlying health conditions I should know about"
Well at least the leaks and irresponsibility have hit the HIPAA level, maybe now some old people will take it seriously? Or will the fallout continue to be normalization of data leaks like the morons in the federal government did for credit reporting agencies?
The attack on Stryker used Microsoft InTune to remote-wipe all of Stryker's systems. If you can wipe a system, could you also drop code on it exfiltrate data and credentials?
Wait, the main takeaway from this article is that cybersecurity sales teams now have great leads?
Facepalm.
The real takeaway should be that at every level -- government, corporate, healthcare entities, personal -- we need to rethink how we're acting in the face of these disasters.
Government should recognize that its current regulations are insufficient and look for ways to refine them.
Corporations and health-care entities should be asking themselves, "Do I really need to store this data? If so, how do I store it securely, make my systems less vulnerable to attack, make my personnel more informed about phishing, store it for the minimum amount of time, etc."
And we as individuals should be asking ourselves whether so many health-care entities need to store so much data about us.
6 comments
[ 3.9 ms ] story [ 16.4 ms ] thread2. If you get breached, you have a problem. If everyone gets breached it starts to look more like cost-of-business (and that might be cheaper than a cyber firm that doesn't actually fix the problem [but looks good on audits])
3. I wonder if the breached data is entering AI corpuses. Will I be able to ask OpenAI "Does Joe Bloggs, 75 Penn Ave NY have an underlying health conditions I should know about"
[0] https://news.ycombinator.com/item?id=47346091
Facepalm.
The real takeaway should be that at every level -- government, corporate, healthcare entities, personal -- we need to rethink how we're acting in the face of these disasters.
Government should recognize that its current regulations are insufficient and look for ways to refine them.
Corporations and health-care entities should be asking themselves, "Do I really need to store this data? If so, how do I store it securely, make my systems less vulnerable to attack, make my personnel more informed about phishing, store it for the minimum amount of time, etc."
And we as individuals should be asking ourselves whether so many health-care entities need to store so much data about us.
> This isn't a single point of failure - it's a systemic crisis.
> One in seven breaches isn't a sophisticated external attack - it's someone inside the organisation accessing data they shouldn't.
> These organisations aren't browsing - they're buying
https://news.ycombinator.com/newsguidelines.html#generated