Anthem, Major Health Insurer, Suffers Hack Attack

Started by garbon, February 04, 2015, 11:31:23 PM

Previous topic - Next topic

The Brain

Quote from: garbon on February 05, 2015, 03:40:47 PM
Quote from: The Brain on February 05, 2015, 03:38:56 PM
Quote from: garbon on February 05, 2015, 03:36:40 PM
Quote from: The Brain on February 05, 2015, 03:15:39 PM
Companies won't realistically be able to protect themselves against "a very sophisticated attack" when it comes to systems that cannot be completely isolated.

Do you think a company spokesperson would say an attack wasn't "sophisticated"?

What does it matter?

Your statement is irrelevant if most of the attacks aren't actually very sophisticated.

Why do you believe the statement is irrelevant if most attacks aren't very sophisticated?
Women want me. Men want to be with me.

Siege

Quote from: garbon on February 05, 2015, 03:45:05 PM
Quote from: Siege on February 05, 2015, 03:43:31 PM
Fucking Garbon sucks at thread naming even worst than Jacob.
And that's saying a lot.

If you take issue with the headline, you can take it up with Pete Williams of NBC News.

Strawman!!11


"All men are created equal, then some become infantry."

"Those who beat their swords into plowshares will plow for those who don't."

"Laissez faire et laissez passer, le monde va de lui même!"


garbon

Quote from: The Brain on February 05, 2015, 03:51:50 PM
Quote from: garbon on February 05, 2015, 03:40:47 PM
Quote from: The Brain on February 05, 2015, 03:38:56 PM
Quote from: garbon on February 05, 2015, 03:36:40 PM
Quote from: The Brain on February 05, 2015, 03:15:39 PM
Companies won't realistically be able to protect themselves against "a very sophisticated attack" when it comes to systems that cannot be completely isolated.

Do you think a company spokesperson would say an attack wasn't "sophisticated"?

What does it matter?

Your statement is irrelevant if most of the attacks aren't actually very sophisticated.

Why do you believe the statement is irrelevant if most attacks aren't very sophisticated?

You statement posits that companies can't be expected to protect against very sophisticated attacks. If the attacks are not very sophisticated, then who cares about that?
"I've never been quite sure what the point of a eunuch is, if truth be told. It seems to me they're only men with the useful bits cut off."
I drank because I wanted to drown my sorrows, but now the damned things have learned to swim.

The Brain

Quote from: garbon on February 05, 2015, 03:58:06 PM
Quote from: The Brain on February 05, 2015, 03:51:50 PM
Quote from: garbon on February 05, 2015, 03:40:47 PM
Quote from: The Brain on February 05, 2015, 03:38:56 PM
Quote from: garbon on February 05, 2015, 03:36:40 PM
Quote from: The Brain on February 05, 2015, 03:15:39 PM
Companies won't realistically be able to protect themselves against "a very sophisticated attack" when it comes to systems that cannot be completely isolated.

Do you think a company spokesperson would say an attack wasn't "sophisticated"?

What does it matter?

Your statement is irrelevant if most of the attacks aren't actually very sophisticated.

Why do you believe the statement is irrelevant if most attacks aren't very sophisticated?

You statement posits that companies can't be expected to protect against very sophisticated attacks. If the attacks are not very sophisticated, then who cares about that?

You're not making any sense.
Women want me. Men want to be with me.

garbon

Quote from: The Brain on February 05, 2015, 04:01:40 PM
Quote from: garbon on February 05, 2015, 03:58:06 PM
Quote from: The Brain on February 05, 2015, 03:51:50 PM
Quote from: garbon on February 05, 2015, 03:40:47 PM
Quote from: The Brain on February 05, 2015, 03:38:56 PM
Quote from: garbon on February 05, 2015, 03:36:40 PM
Quote from: The Brain on February 05, 2015, 03:15:39 PM
Companies won't realistically be able to protect themselves against "a very sophisticated attack" when it comes to systems that cannot be completely isolated.

Do you think a company spokesperson would say an attack wasn't "sophisticated"?

What does it matter?

Your statement is irrelevant if most of the attacks aren't actually very sophisticated.

Why do you believe the statement is irrelevant if most attacks aren't very sophisticated?

You statement posits that companies can't be expected to protect against very sophisticated attacks. If the attacks are not very sophisticated, then who cares about that?

You're not making any sense.

Thanks, g. :rolleyes:
"I've never been quite sure what the point of a eunuch is, if truth be told. It seems to me they're only men with the useful bits cut off."
I drank because I wanted to drown my sorrows, but now the damned things have learned to swim.

MadImmortalMan

Quote from: garbon on February 05, 2015, 03:11:31 PM
Quote from: dps on February 05, 2015, 03:06:33 PM
There's nothing you can really do to keep a professional from stealing your car off of a parking lot if he wants it badly enough.  But locking is still an appropriate security measure--it at least at least helps to deter the amateurs a bit.

We seem to have increasingly companies not taken measures that could prevent a lot of these instances but perhaps aren't doing so because of the cost. Maybe it is just rosy memories (and poorer reporting previously) but it feels like all the time now I get notices of how my personal info has been leaked or stolen.

This seems a rather big issue given that it is personal information and in this most recent example something that you pretty much need to have in the US (health insurance) as opposed to say a credit card. Given the importance / impact this could have on the general public, it seems like the gov't ought to do something if major corporations are not.

All that said, perhaps major corporations are taking all of the reasonable precautions that are needed and this really just is the work of professionals who will get in no matter what.


When it comes to retailers, I still say the best way to protect customers' data is to not collect it in the first place. They don't need it.

Health insurance is a different story though. It's actually illegal for them to share the data under HIPAA, but I don't know if that applies if the share it involuntarily. But obviously they do need to collect it.

Incidentally, I bet at least half of the posters on this board are covered by Anthem in one form or another.
"Stability is destabilizing." --Hyman Minsky

"Complacency can be a self-denying prophecy."
"We have nothing to fear but lack of fear itself." --Larry Summers

dps

Quote from: MadImmortalMan on February 05, 2015, 04:11:54 PM
When it comes to retailers, I still say the best way to protect customers' data is to not collect it in the first place. They don't need it.

That's technically true for most cash purposes, but not if the retailer accepts checks and debit/credit cards.  Also, there are some sales in which the retailer is required to get customers' data--firearms sales, for example--and other transactions in which it is necessary for other reasons, such as warranty registration.

The Brain

Quote from: garbon on February 05, 2015, 04:02:17 PM
Quote from: The Brain on February 05, 2015, 04:01:40 PM
Quote from: garbon on February 05, 2015, 03:58:06 PM
Quote from: The Brain on February 05, 2015, 03:51:50 PM
Quote from: garbon on February 05, 2015, 03:40:47 PM
Quote from: The Brain on February 05, 2015, 03:38:56 PM
Quote from: garbon on February 05, 2015, 03:36:40 PM
Quote from: The Brain on February 05, 2015, 03:15:39 PM
Companies won't realistically be able to protect themselves against "a very sophisticated attack" when it comes to systems that cannot be completely isolated.

Do you think a company spokesperson would say an attack wasn't "sophisticated"?

What does it matter?

Your statement is irrelevant if most of the attacks aren't actually very sophisticated.

Why do you believe the statement is irrelevant if most attacks aren't very sophisticated?

You statement posits that companies can't be expected to protect against very sophisticated attacks. If the attacks are not very sophisticated, then who cares about that?

You're not making any sense.

Thanks, g. :rolleyes:

:mad: I'm white and... er... not gay.
Women want me. Men want to be with me.

garbon

I suppose grumbles was gay once until homosexuals stole the term.
"I've never been quite sure what the point of a eunuch is, if truth be told. It seems to me they're only men with the useful bits cut off."
I drank because I wanted to drown my sorrows, but now the damned things have learned to swim.

MadImmortalMan

Quote from: garbon on February 05, 2015, 04:41:52 PM
I suppose grumbles was gay once until homosexuals stole the term.


I doubt it. The Sioux called grumbler Anger-With-Long-Legs.

The ancient Medes say that Ahura Mazda removed the rage from the eternal fire so that it would only be a source of warmth and love. But he had to put the rage somewhere, so he put it in grumbler.
"Stability is destabilizing." --Hyman Minsky

"Complacency can be a self-denying prophecy."
"We have nothing to fear but lack of fear itself." --Larry Summers

Baron von Schtinkenbutt

Quote from: dps on February 05, 2015, 03:42:34 PM
"Our security precautions are so lacking, a rank amateur using a 386 and a 28K external modem could completely steal all of our data in about 60 seconds."  Yeah, not something they are going to say.

OTOH, I don't really know enough about cybersecurity to know what precautions are and aren't reasonable (beyond really basic things like "Don't use "PASSWORD" as your password"), nor how hard or easy even good security is to get around.

From Hacker News:

QuoteHaving spent almost 4 years in healthcare IT. Very few healthcare organizations take security seriously. There is very much a security by anonymity ideal. I worked for a small medical company that had access to 20,000 PHI records, and I was explicitedly told, "why would anyone want to hack us, we are small potatoes." I left that company shortly there after.

Yet companies I work with now big and small look at security as just a bunch of checkboxes on a government audit form. As long as upper management continue to see security as a cost loss center, and continue to only do the minimum nessissary to pass said audits. These breaches will continue to happen.

CountDeMoney

Quote from: Baron von Schtinkenbutt on February 05, 2015, 06:32:11 PM
From Hacker News:

QuoteHaving spent almost 4 years in healthcare IT. Very few healthcare organizations take security seriously. There is very much a security by anonymity ideal. I worked for a small medical company that had access to 20,000 PHI records, and I was explicitedly told, "why would anyone want to hack us, we are small potatoes." I left that company shortly there after.

Yet companies I work with now big and small look at security as just a bunch of checkboxes on a government audit form. As long as upper management continue to see security as a cost loss center, and continue to only do the minimum nessissary to pass said audits. These breaches will continue to happen.

Funny, when I say it, Berkut gives me a ration of shit.

MadImmortalMan

Yep. That's the problem with most organization and their IT departments. They see it as a cost center. A lot of them actually have the head of IT report to somebody in finance. Stupid.
"Stability is destabilizing." --Hyman Minsky

"Complacency can be a self-denying prophecy."
"We have nothing to fear but lack of fear itself." --Larry Summers