BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Premera hack: Another sign that data in the U.S. is under attack

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 18 Mar 2015 19:33:52 -0600
http://www.networkworld.com/article/2899073/security0/premera-hack-another-sign-that-data-in-the-u-s-is-under-attack.html


Yes, it's happened again—an emormous breach of healthcare data. Eleven
million users of Premera Blue Cross insurance will likely get free credit
monitoring for a year, as this were somehow recompense for bad security,
inept IT, bad asset management, and insulting the dignity of their
clientele. And this is not the end.

It should be considered that most insurance companies, if not all, are
under attack. It's also likely that financial institutions, major
retailers, and especially the U.S. government are as well. Have we any
shouts from the White House or Congress that we're under attack and need to
deploy (data) troops? No. They sit and twiddle their thumbs in budgetary
brinkmanship, paying off campaign contributors by allowing foreign heads of
state to thwart constitutionally endowed foreign policy, and so forth.

It's your data and my data, folks. Cloud-based or locked away in an
ostensibly protected data vault, it's ripe for the picking. Whether Anthem,
Premera, Target, TJ Maxx, ad infinitum, we're getting hacked, while we're
spending money on fake cellphone towers to monitor cellphone conversations
and location-based data.

Where is the hue and cry? How much data assets do people have to lose
before strong and visible action is taken? Should they ALL be flushed away,
along with our dignity and our personas? The mind reels.

Even when healthcare data is used legally, we have no standards, and
privacy standards are largely an oxymoron. Add the legal use/misuse, the
stolen data, and the future doesn't look very bright. Worse: don't expect
government intervention to do much. They're busy arguing about the rantings
of obscure orthodoxy and campaign contributors.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: