Slashdot Mirror

← Back to Stories (view on slashdot.org)

Contractor Folds After Causing Breaches

Posted by kdawson on from the left-holding-many-bags dept.

talkinsecurity writes "A single contractor, privately-held Verus Inc., has been traced as the source of no less than five hospital security breaches in the past two months — and those breaches have put the company out of business in a matter of weeks. Verus, which managed the websites of as many as 60 of the country's largest hospitals, has folded its entire business within the past few weeks, without a word to anyone. Apparently, a single IT error led to the exposure of at least five hospitals' patient data — at least 100,000 individuals' personal information — and caused Verus' primary investor to pull the plug. The hospitals, which initially reported their breaches separately, were left with no one to sue."

7 of 274 comments (clear)

  1. left with no one to sue by YrWrstNtmr · · Score: 5, Insightful

    The hospitals, which initially reported their breaches separately, were left with no one to sue."

    I'd start with the ex-CEO. The 'company' did not make decisions, people did. They should be held accountable.

  2. Can't pass the buck by nicolaiplum · · Score: 5, Insightful

    You can outsource work but you can't outsource responsibility.
    And if you think the supplier will always be around to sue later, and suing them is your only plan, you're a fool.

    --
    "For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled"
  3. Re:And that's the problem with corporations by grogdamighty · · Score: 4, Insightful

    Ah, so the board of directors should be sued for all of their personal assets in order to pay for Joe Coder's mistake in leaving a backdoor opens. How many people do you think would start up businesses if they knew mistakes made by any employee could bankrupt them?

    --
    My other sig is funny.
  4. Re:Capitalism Rules! by thc69 · · Score: 4, Insightful

    Unfortunately, when the company folds protecting the stakeholders there is nobody left to sue! Oooops! There goes that darn accountability!
    Eh? The company was destroyed. If you think the company should be punished, is there any better punishment? Isn't this a good thing? It means that the company is not going to do that again. Maybe it would satisfy people if the guy killed himself?

    Can he magically make the security breaches un-happen?

    At most, if the company stayed around, it could be sued for the costs involved in the cleanup -- but the only winners there would be the lawyers.
    --
    Procrastination -- because good things come to those who wait.
  5. Re:Capitalism Rules! by Opportunist · · Score: 4, Insightful

    Like you could sue a corporation when it still exists.

    Take Sony and the distribution of malware with its CDs. A person (read: human being) would be doing time for it. Read the law. Creation and distribution of malware on a commercial premise. Fits like a glove in this case. Punishable, depending on your country, with up to 10 years in jail. Especially when you can credibly claim that the person in question actually did pursue commercial interests (which is trivial in this case).

    But you can't do that to an international corporation! First of all, how do you imprison Sony? And think of all the jobs! And think of the tax (yeah, right, like I didn't pay more tax than Sony, in percent of my income...). And think of the political...

    Bullcrap. In a nutshell, corporations are above the law. They can break them as they want and if anything, they get a waggle of a finger and a puppy eyed "please, please don't do it again, mmmkay?"

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  6. Re:And that's the problem with corporations by Phanatic1a · · Score: 4, Insightful

    Reality check : Most programmers are under commercial pressures from managers and customers.

    Reality check: Most engineers are under commercial pressures from managers and customers. That doesn't mean that if my boss wants me to use paper clips instead of my recommendation of high-tensile steel bolts, I'm on firm ethnical ground saying "Okay, paper clips it is." I have a professional, ethical responsibility to not build shoddy product. Don't programmers?

  7. Re:Things did get done before corporations by CodeBuster · · Score: 4, Insightful

    Limited liability is a double edged sword to be sure, but IMHO society is better of with the concept than without it. Consider bankruptcy for example, that is a form of "limited liability" as it applies to the individual. It ensures that your creditors cannot pursue you until to your dying day for your last penny due to circumstances beyond your control. There are abuses sometimes yes, and do not think that this investor is home free, if a lawyer can prove negligence in the breaches AND that the investor knew about the problems and did nothing then the investor can be held accountable for negligence, limited liability or not. The concept of limited liability exists to protect people from personal ruin from forces beyond their control, but it is not carte blanch to commit fraud, breach contract, or engage in negligent behavior.