Anthem, Major Health Insurer, Suffers Hack Attack

[The Brain]

Companies won't realistically be able to protect themselves against "a very sophisticated attack" when it comes to systems that cannot be completely isolated.

Do you think a company spokesperson would say an attack wasn't "sophisticated"?

What does it matter?

Your statement is irrelevant if most of the attacks aren't actually very sophisticated.

Why do you believe the statement is irrelevant if most attacks aren't very sophisticated?

[Siege]

Fucking Garbon sucks at thread naming even worst than Jacob.
And that's saying a lot.

If you take issue with the headline, you can take it up with Pete Williams of NBC News.

Strawman!!11

[garbon]

Companies won't realistically be able to protect themselves against "a very sophisticated attack" when it comes to systems that cannot be completely isolated.

Do you think a company spokesperson would say an attack wasn't "sophisticated"?

What does it matter?

Your statement is irrelevant if most of the attacks aren't actually very sophisticated.

Why do you believe the statement is irrelevant if most attacks aren't very sophisticated?

You statement posits that companies can't be expected to protect against very sophisticated attacks. If the attacks are not very sophisticated, then who cares about that?

[The Brain]

Companies won't realistically be able to protect themselves against "a very sophisticated attack" when it comes to systems that cannot be completely isolated.

Do you think a company spokesperson would say an attack wasn't "sophisticated"?

What does it matter?

Your statement is irrelevant if most of the attacks aren't actually very sophisticated.

Why do you believe the statement is irrelevant if most attacks aren't very sophisticated?

You statement posits that companies can't be expected to protect against very sophisticated attacks. If the attacks are not very sophisticated, then who cares about that?

You're not making any sense.

[garbon]

Companies won't realistically be able to protect themselves against "a very sophisticated attack" when it comes to systems that cannot be completely isolated.

Do you think a company spokesperson would say an attack wasn't "sophisticated"?

What does it matter?

Your statement is irrelevant if most of the attacks aren't actually very sophisticated.

Why do you believe the statement is irrelevant if most attacks aren't very sophisticated?

You statement posits that companies can't be expected to protect against very sophisticated attacks. If the attacks are not very sophisticated, then who cares about that?

You're not making any sense.

Thanks, g.

[MadImmortalMan]

There's nothing you can really do to keep a professional from stealing your car off of a parking lot if he wants it badly enough.  But locking is still an appropriate security measure--it at least at least helps to deter the amateurs a bit.

We seem to have increasingly companies not taken measures that could prevent a lot of these instances but perhaps aren't doing so because of the cost. Maybe it is just rosy memories (and poorer reporting previously) but it feels like all the time now I get notices of how my personal info has been leaked or stolen.

This seems a rather big issue given that it is personal information and in this most recent example something that you pretty much need to have in the US (health insurance) as opposed to say a credit card. Given the importance / impact this could have on the general public, it seems like the gov't ought to do something if major corporations are not.

All that said, perhaps major corporations are taking all of the reasonable precautions that are needed and this really just is the work of professionals who will get in no matter what.

When it comes to retailers, I still say the best way to protect customers' data is to not collect it in the first place. They don't need it.

Health insurance is a different story though. It's actually illegal for them to share the data under HIPAA, but I don't know if that applies if the share it involuntarily. But obviously they do need to collect it.

Incidentally, I bet at least half of the posters on this board are covered by Anthem in one form or another.

[dps]

When it comes to retailers, I still say the best way to protect customers' data is to not collect it in the first place. They don't need it.

That's technically true for most cash purposes, but not if the retailer accepts checks and debit/credit cards.  Also, there are some sales in which the retailer is required to get customers' data--firearms sales, for example--and other transactions in which it is necessary for other reasons, such as warranty registration.

[The Brain]

Companies won't realistically be able to protect themselves against "a very sophisticated attack" when it comes to systems that cannot be completely isolated.

Do you think a company spokesperson would say an attack wasn't "sophisticated"?

What does it matter?

Your statement is irrelevant if most of the attacks aren't actually very sophisticated.

Why do you believe the statement is irrelevant if most attacks aren't very sophisticated?

You statement posits that companies can't be expected to protect against very sophisticated attacks. If the attacks are not very sophisticated, then who cares about that?

You're not making any sense.

Thanks, g.

I'm white and... er... not gay.

[garbon]

I suppose grumbles was gay once until homosexuals stole the term.

[MadImmortalMan]

I suppose grumbles was gay once until homosexuals stole the term.

I doubt it. The Sioux called grumbler Anger-With-Long-Legs.

The ancient Medes say that Ahura Mazda removed the rage from the eternal fire so that it would only be a source of warmth and love. But he had to put the rage somewhere, so he put it in grumbler.

[Baron von Schtinkenbutt]

"Our security precautions are so lacking, a rank amateur using a 386 and a 28K external modem could completely steal all of our data in about 60 seconds."  Yeah, not something they are going to say.

OTOH, I don't really know enough about cybersecurity to know what precautions are and aren't reasonable (beyond really basic things like "Don't use "PASSWORD" as your password"), nor how hard or easy even good security is to get around.

From Hacker News:

Having spent almost 4 years in healthcare IT. Very few healthcare organizations take security seriously. There is very much a security by anonymity ideal. I worked for a small medical company that had access to 20,000 PHI records, and I was explicitedly told, "why would anyone want to hack us, we are small potatoes." I left that company shortly there after.

Yet companies I work with now big and small look at security as just a bunch of checkboxes on a government audit form. As long as upper management continue to see security as a cost loss center, and continue to only do the minimum nessissary to pass said audits. These breaches will continue to happen.

[CountDeMoney]

From Hacker News:

Having spent almost 4 years in healthcare IT. Very few healthcare organizations take security seriously. There is very much a security by anonymity ideal. I worked for a small medical company that had access to 20,000 PHI records, and I was explicitedly told, "why would anyone want to hack us, we are small potatoes." I left that company shortly there after.

Yet companies I work with now big and small look at security as just a bunch of checkboxes on a government audit form. As long as upper management continue to see security as a cost loss center, and continue to only do the minimum nessissary to pass said audits. These breaches will continue to happen.

Funny, when I say it, Berkut gives me a ration of shit.

[MadImmortalMan]

Yep. That's the problem with most organization and their IT departments. They see it as a cost center. A lot of them actually have the head of IT report to somebody in finance. Stupid.