Change Healthcare Breach Hits 100M Americans October 30, 2024

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
10,169
Reaction score
8,174
Credits
70,534


Somebody (the government, I guess) needs to start holding these business accountable. I'm not holding my breath.
 
Hows the government going to anything they can't even keep their own websites from being compromised.

The problem is most facilities hire out to the lowest bid and you get what you pay for.

When I worked for the state dept as a pipe fitter our computers were never secured or kept updated.
 
Somebody (the government, I guess) needs to start holding these business accountable. I'm not holding my breath.
You want to hold the victims accountable? not much different than holding a store owner liable for somebody breaking in and steeling the guns he was legally selling.

The people that need to held accountable are the ones doing it. They are never touched because they are in countries that don't care or condone this behavior. Maybe if people like from the movie "The BeeKeeper" were sanctioned by the governments, people would be afraid to be cyber criminals.

Let's not hold victims responsible for criminals actions. Make the criminal responsible.

Hope I didn't cross that politics line.
 
You want to hold the victims accountable?

If businesses are are too sloppy taking care of their customers' data, then yes, they should be held accountable. Contributory negligence. I think your comparison to a store owner doesn't hold water. Just my opinion.

Hows the government going to anything they can't even keep their own websites from being compromised.

That's why I worded it the way I did. ("I guess" -- "not holding my breath") :confused:
 
Somebody (the government, I guess) needs to start holding these business accountable. I'm not holding my breath
I am assuming that what you mean here is that the business's that are hacked, and as a result information relating to a significant number of people is spread across the landscape like butter over a sandwich.....then the company involved (in this case, Change Healthcare), should be held accountable for the losses suffered by their customers.

While I find that approach attractive, it has a few flaws and a zillion questions are created

Was Change Healthcares approach to securing their customers data, sufficient?...could it or should it have been better ?

Who exactly makes the decision?....who sets the bar where this has/is happened ?....Is there a bar, and who put it there.....is it policed at all?

We all know/are aware of the countless "blurbs and platitudes" that come from the various government departments etc etc that we are doing all we can and blah blah blah

But the reality is that horrendous hacking and distribution of people's data continues on at a pace that is hard/impossible to keep track of. The fallout from this is in addition to the hardships people are already facing from cost of living hikes.

Perhaps a handful of contributory negligence cases handed out with accompanying penalties might give some pause for constructive thought ?
 
If a company is flat out negligent in handling then yes they are accountable. But that is a dangerous and slippery slope. Starts holding big companies accountable then next thing a small business gets hacked and they are liable. If a place takes reasonable precaution to keep data safe then they should not be held accountable for a creative or stubborn hacker that outdid them. Now if they tried to hide it and not inform people, then they are part of the problem.

thing is, where do you draw the line and really should we draw a line. I still think the criminal is at fault. We should never change that unless you want to be held accountable yourself at some point. Remember that once you get courts and government involved you end up with regulations made by people that know nothing about the field. And you get a system that no longer works.
I still say go beekeeper on them.
 
Trust no one.

Trust nothing.
 
Who exactly makes the decision?....who sets the bar where this has/is happened ?

For the sake of discussion, the answer to that question is 'a judge and jury', perhaps...

There probably should be a minimal security level required for businesses that store personal and private information. We require all sorts of other things, from worker safety to HIPPA (here in the US - but your country likely has something similar).

As for victim blaming, there's a 'reasonable personhood' (or business-hood, I guess) for judgement. In many court cases, the result isn't black and white. The courts may find that both parties share some responsibility to various percentages.

If you're openly wearing expensive jewelry and flashing cash, you probably should not then go into dark alleys. Sure, it's the criminal who robs you and they deserve to be held accountable - but you're darned idiot for doing so.

Some places now charge if they have to rescue you. If you go climb a mountain without the right gear and get stuck up there - you just might be paying for all (or part) of your rescue costs.

I am perfectly okay with that...

This is a similar principle, I suppose...

Now, what would those laws look like? Well, I guess they'd have to be sort of generic and have to change with the times. A court can easily judge (with the help of friends to the court - experts in the field) a case like this. The key terms could be 'to a reasonable standard' or similar.

I go to great lengths to protect any personal data I save. People have chosen to trust me with that data. I'm not a business in this sense but I'd be mortified to violate that trust.
 
There probably should be a minimal security level required for businesses that store personal and private information. We require all sorts of other things, from worker safety to HIPPA (here in the US - but your country likely has something similar).
I would agree.
Perhaps the standard may vary depending on the nature of the data required by each individual business/corporation etc

If said business wants the 'whole monty'....dob, full name, address, licence number, medicare number/social security number, gender, passport number, occupation, place of work, contact names/relatives details etc etc.......then they get to have a seriously well locked down system to protect that info/data....under threat of prosecution if they are breached, and more so if a set of steps are not adhered too properly in order to protect that info/data
Perhaps when that data is supplied to a company a ?watermark? or some identifying process needs to be 'attached to it so it is provable the info was purloined from xyz company. I have zero idea if that is possible....but it would take away the guesswork of whether the info was simply badly handled by the customers themselves.

omg, wouldn't that open up a can of worms !

As far as I know, nothing of this nature actually exists. It should. Peoples data is beyond invaluable!.....that is the very reason that bad actors go to so much trouble to steal it !!!
And further, it is why exorbitant amounts of money are paid for that data.

Common Sense?......I think so.
 
I have zero idea if that is possible....

Automatically adding meta data to a file would be trivial to do. Existing fields could be used. (Files contain all sorts of meta data, so this is nothing new.)

Make it a unique number assigned to the business and it should be good...

Maybe a standards board of sorts could be used. In order to even store that data on a computer that accesses the internet, they have to meet minimal standards.

I am not sure what the laws would look like, but it seems possible. I'm not really a fan of more legislation but this has gone on long enough. It's a breech of trust, often for data that you didn't even consent for them to retain or have in the first place.

The penalty should be great enough to offset any profits. This should not be a trivial matter. It should not be a cost of doing business. As it stands, companies often profit more than they're fined for bad actions. This should be expensive enough to offset that mentality/business practice.
 
Also, if this is too political, let me know. I don't think so, as it stands, but it's worth getting opinions should my biases be incorrect.
 
not even a whiff of politics.

All good.
 

Staff online


Top