a thoughtful web.
commentspostsbadges
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment
kleinbl00  ·  3070 days ago  ·  link  ·    ·  parent  ·  post: 9.3M Patient Records Hacked

You really want to point fingers at this so you don't have to think about it. But let's take a real example: Synolocker.

So you keep your records on a Synology DSM because your IT department is small, you can't afford licenses and it's easy to deploy. As a plus, you can strap a few other things on it - like maybe Asterisk or Crashplan. And things are good.

Except you have a HIPAA decision from your legal counsel on DSM 4.3, but not 5, because Synology 3rd parties some of their protocols and they can't give you an answer. So you can't roll up to DSM 5 because HIPAA. And while the office phones you bought seem to work fine on DSM 4.3 with Asterisk, you keep hearing scary things about Asterisk under 5, so you don't roll up to 5. So while you could patch things over, you might blow shit up when you do.

Never happens, right? Tell that to every single "Windows 7 from my cold dead fingers" people on here, let alone out amongst the world.

And yeah - if you cook off the admin account, you're good. And if you change the default ports, you're good. And if you're running DSM 5, you're good. So you have to fail three different ways in order to be vulnerable to Synolocker, yet it still hit dozens of organizations. Not because of money, but because whoever deployed the NAS did it between 3am and 5am to minimize downtime and the whole "reconfigure accounts" thing never got approved as soon as it was working because hell, it was working, right?

And obviously hospitals should all be running Oracle and obviously their IT managers should be an army and obviously all those ill-gotten gains they're getting from healing people can be better spent to protect their integrity but LOOK:

My wife takes insurance. Every insurance contract she's got requires her to hire a translator if she runs across a patient who doesn't speak English. And unless things go perfect for her, she doesn't get 70% of what she's billing for.

It's still lucrative. There's still money in it. We wouldn't be doing it if we couldn't make a living. But that money-grubbing sonofabitch who is jeopardizing your data?

It's me.

Collecting unemployment.

and googling shit like "is Google for Business HIPAA compliant."


markup tips  ·  0


about
tutorial
faq
rss
tmi
random
privacy & terms
weather
donate
login