Slashdot Mirror

← Back to Stories (view on slashdot.org)

Contractor Folds After Causing Breaches

Posted by kdawson on from the left-holding-many-bags dept.

talkinsecurity writes "A single contractor, privately-held Verus Inc., has been traced as the source of no less than five hospital security breaches in the past two months — and those breaches have put the company out of business in a matter of weeks. Verus, which managed the websites of as many as 60 of the country's largest hospitals, has folded its entire business within the past few weeks, without a word to anyone. Apparently, a single IT error led to the exposure of at least five hospitals' patient data — at least 100,000 individuals' personal information — and caused Verus' primary investor to pull the plug. The hospitals, which initially reported their breaches separately, were left with no one to sue."

4 of 274 comments (clear)

  1. And that's the problem with corporations by Overzeetop · · Score: 5, Interesting

    Nobody is held accountable for the actions of a corporation. The board of directors and all officers should be held personally liable.

    (I happen to own a corporation, however as a professional engineer, I am also personally liable for everything which goes out the door.)

    --
    Is it just my observation, or are there way too many stupid people in the world?
  2. left with no one to sue by YrWrstNtmr · · Score: 5, Insightful

    The hospitals, which initially reported their breaches separately, were left with no one to sue."

    I'd start with the ex-CEO. The 'company' did not make decisions, people did. They should be held accountable.

  3. Can't pass the buck by nicolaiplum · · Score: 5, Insightful

    You can outsource work but you can't outsource responsibility.
    And if you think the supplier will always be around to sue later, and suing them is your only plan, you're a fool.

    --
    "For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled"
  4. External security auditors were needed by Dekortage · · Score: 5, Interesting

    Read the article. It was a single mistake -- leaving a firewall down after performing a transfer of data from one server to another. But, why would you need to take down a firewall to transfer data? Set up a VPN, or better yet, use hard drives and old-fashioned sneakernet to transfer the data.

    What the vendor really needed was a security audit by an external security firm. I bet you will see more of that in its competitors (or ex-competitors).

    --
    $nice = $webHosting + $domainNames + $sslCerts