US Health Insurer Anthem Suffers Massive Data Breach

An anonymous reader writes Anthem, the second-largest health insurer in the United States, has suffered a data breach that may turn out to be the largest health care breach to date, as the compromised database holds records of some 80 million individuals. Not much is known about how the attack was discovered, how it unfolded and who might be behind it, but the breach has been confirmed by the company's CEO Joseph Swedish in a public statement, in which he says they were the victims of a "very sophisticated external cyber attack." The company has notified the FBI, and has hired Mandiant to evaluate their systems and identify solutions to secure them. Swedish said the breach is extensive: the vulnerable data included "names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data," though "no credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised." (Also covered by Reuters.)

That's why nobody sensible wants them

[3.5+stripes]

Huge databases full of personal info are gigantic targets, and properly securing them is very very difficult (and what's worse, uneconomical, since most of them are owned by publicly traded companies)..

Pandora's box is open now, but don't say the tinfoiled warriors didn't warn you..

Re:That's why nobody sensible wants them

[SQLGuru]

PII should be classified based on sensitivity. At a certain level, that PII must be encrypted during transit. At the highest level, it must be encrypted during transit and at rest. SSN falls in the highest sensitivity level. SOP for years. This doesn't guarantee you won't get hacked, but it reduces / minimizes the impact if you are hacked.

PII - Personally Identifiable Information
SSN - Social Security Number
SOP - Standard Operating Procedure

Re:That's why nobody sensible wants them

[jeffmeden]

PII should be classified based on sensitivity. At a certain level, that PII must be encrypted during transit. At the highest level, it must be encrypted during transit and at rest. SSN falls in the highest sensitivity level. SOP for years. This doesn't guarantee you won't get hacked, but it reduces / minimizes the impact if you are hacked.

PII - Personally Identifiable Information
SSN - Social Security Number
SOP - Standard Operating Procedure

Out of curiosity since you are familiar with the subject, where is the acceptable place to keep the encryption key? During a compromise it doesn't do much good when it's on or near the same server as the DB with the data. Two servers, with two distinct access control credentials?

Re:That's why nobody sensible wants them

[RenderSeven]

It wont stop until we start arresting the CIO's for being complicit in the breaches. My 10-year-old kids get it - "it may not be your fault but its your responsibility" - so why do overpaid do-nothing executives get a free pass when they utterly fail at their job?

Re:That's why nobody sensible wants them

[jellomizer]

HIPAA requires all PHI to be encrypted when transmitted.
The hack got into the systems after the data is at rest. As are most data breaches. There are very few hacks from packet sniffing. (Our infrastructure tends to be using Switches and Routers, instead of the old Hubs, so there is less packets being spread to less than trustworthy areas)
If you were to encrypt the data a rest, where would you store the key? And if someone could gain access to that key you are in just as much trouble.

Better rules would be for systems that access PHI, to be off the Internet entirely. So you will have two networks. That are physically on different networks. One where you have the PCs that are hooked to the normal intranet and internet. Then one system just for PHI.
Now how do we send data from one institution to the next (say from the hospital to the insurance company) Then you will need a trusted point to point encrypted channel. Once the data is send, that point to point needs to be closed, and perhaps physically unplugged from the internet.

Re:That's why nobody sensible wants them

[alvinrod]

If it really needs to be exceptionally secure and you're dealing with a system that is constantly running, why not just keep any encryption keys in memory only where it's that much harder to get them and have them manually be entered by someone if the system needs to be brought down. That or use some module with the encryption baked in at a physical level to handle encryption and decryption. Yes, it's more expensive, but these systems are already hugely expensive and it makes it incredibly difficult for anyone without physical access to get at the actual data.

Is there some practical reason why it couldn't be done this way or something else that I'm missing outside of the obvious that there's another, cheaper way of doing things?

Re:That's why nobody sensible wants them

HIPAA? The Health Information Privacy Awareness Act?

Re:That's why nobody sensible wants them

Search google for memory dump tools....

Re:That's why nobody sensible wants them

That sort of thing only happens in China. Remember when melamine in baby formula killed some kids? Two of the owners of the company were EXECUTED.

Re:That's why nobody sensible wants them

[Frigga's+Ring]

It's a bit premature to suggest that the breach was a result of negligent security. Look at the Hannaford's Supermarket breach a few years back: they had just had (and passed) their PCI review but being PCI Compliant didn't prevent their breach. To use your analogy, your son may be held accountable if he brought his 3DS to school and it was stolen, but the consequences are different if the 3DS was stolen from his desk compared to having it stolen from his locked school locker.

Re:That's why nobody sensible wants them

[jeffmeden]

If it really needs to be exceptionally secure and you're dealing with a system that is constantly running, why not just keep any encryption keys in memory only where it's that much harder to get them and have them manually be entered by someone if the system needs to be brought down. That or use some module with the encryption baked in at a physical level to handle encryption and decryption. Yes, it's more expensive, but these systems are already hugely expensive and it makes it incredibly difficult for anyone without physical access to get at the actual data.

Is there some practical reason why it couldn't be done this way or something else that I'm missing outside of the obvious that there's another, cheaper way of doing things?

Putting the key alongside the data is a bad idea no matter how the key gets there. Finding it in RAM would be no different than finding it somewhere on the disk (assuming the disk approach is more complex than c:\config\crypto.key) so that's out. There are TPM solutions that can make it secure (storing the key in tamperproof memory, never releasing it, doing the encryption/decryption only at the request of signed binaries) but at this scale I don't know if the TPM can keep up or if doing it all on one closed system is enough of a safeguard. Would security go up by having one hardened database server and one hardened decrypt server in different auth realms, or would it go down since the attack surface is larger?

Re:That's why nobody sensible wants them

[qwijibo]

Encryption is not a panacea.

I'm in full agreement that sensitive data should be encrypted, but I've seen too many cases where encryption (even bad encryption) is an excuse for lazy and bad security decisions.

SSN is a bad "secret" for anything, given how simple and ubiquitous it is. The idea that shared secrets establish identity has been wrong for many years and it's just going to keep getting worse until we, as consumers, can make companies leverage public key cryptography for authentication.

Policies that require encrypting SSN at rest and PII in transit usually results in a database table with:
Name
Address
Date_of_Birth
Encrypted_SSN

That sounds like a step in the right direction, unless you consider that how easy it is to decrypt the SSN. On my laptop, it takes 62 seconds to go through every possible SSN using a script that took me less than 60 seconds to write. Add some time for doing an encrypt operation and lookup for each possible value, but it's clearly possible to brute force the entire SSN range on any computer in a very short amount of time. Ultimately, once someone can get access to the data, they can easily generate every possible encrypted SSN and match up actual value to what's in the table.

Real world example:
Cox insisted on having my SSN to get internet service through them. The last 4 of the SSN is used to confirm the user on the web site. They insisted that storing SSN on the internet was safe because it's encrypted. They really want the SSN to be able to track you down if you don't pay and skip town. Most of their customers aren't going to argue with them because they hear that encryption is magic. I eventually convinced a supervisor that their security is a joke and we agreed that my SSN would be in their system as 3.14159265, without the decimal point.

When people believe that encryption makes their data safe, it allows people to decide to make riskier choices with where the data resides. Encryption is a step in the right direction, but it's just one piece of the security puzzle.

Re:That's why nobody sensible wants them

How dare you say that about a job creator! He rakes in that 15% profit Republicans by law forced him to take!

Re:That's why nobody sensible wants them

[dclydew]

There are a number of solutions to the problem. There are data protection appliances that can be integrated to databases or applications (via API) where encrypted data is sent to for decryption and available only in the result set; never written to disk in the clear. In this scenario, even root or dba don't have access to the sensitive data, unless authorized by the appliance. Another option, (becoming more popular) is tokenization. The sensitive data is replaced by consistent non-sensitive token values. This often allows for many business analytic processes to operate on non-sensitive data. In many scenarios, all of the work in the main application/database can be done with tokens and then a secure 'detokenize' app is provided to specific users that may need the real data. Tokens can also retain some of the original data. So if we tokenized SSN 123-45-6789, we could generate a token that kept the same last 4 digits, 541-30-6789. If customer support uses the last four digits of SSN to verify customers on the phone, they can now do it without being exposed to the real sensitive data.

(Disclaimer: I work for a data protection company that does this kind of stuff)

Re:That's why nobody sensible wants them

[jeffmeden]

HIPAA? The Health Information Privacy Awareness Act?

Ahem, no, the Health Insurance Portability and Accountability Act. The name doesn't get at the parts of concern here, which are a number of privacy and confidentiality measures in Title II of the act, which sets guidelines on info systems that contain personal and/or medical data.

Re:That's why nobody sensible wants them

[BoRegardless]

They do NOT get a free pass. They contribute heavily to PACs!

Re:That's why nobody sensible wants them

[Lab+Rat+Jason]

The trouble here is that there are HUGE fines for allowing PHI to leak out... but it's a tiny slap on the wrist to leak everything else. So whether it's true or not, this press release appears to be a bit of PR in hopes of evading the HIPAA penalties, or at least calls for HIPAA penalties, which at this magnitude would probably crush the company like a beer can.

It is truly time to pass two laws: 1) leaking identity info should be punished similarly to PHI, and 2) We need to move away from SSN as a credit identifier... it was NEVER EVER intended to be that... it was strictly for government identification for the social security program. It was later co-opted by creditors for lack of a better method of identifying individuals. A secure national identity where access is strictly controlled by the owner (not the government) is needed.

Re:That's why nobody sensible wants them

[UnderCoverPenguin]

Tokens can also retain some of the original data. So if we tokenized SSN 123-45-6789, we could generate a token that kept the same last 4 digits, 541-30-6789. If customer support uses the last four digits of SSN to verify customers on the phone, they can now do it without being exposed to the real sensitive data.

While it is very common practice in the US to verify customers using the last 4 digits of their SSN, this practice is actually poor security.

If you know someone's place and date of birth, you can determine the first 5 digits. This is because SSN assignment was done by regional offices, each assigned a block from which to allocate SSNs.

Even though centralized SSN assignment is now used, vast numbers of US citizens were assigned their SSNs from the regional blocks.

Re:That's why nobody sensible wants them

You appear to fundamentally misunderstand encryption, and it seems you may be confusing it with cryptographic hashes, specifically unsalted hashes. Please review the following example:

lolwut@urmom:~/how2crypto# echo "111-22-3333" > ssn-plaintext.txt
lolwut@urmom:~/how2crypto# ls -lah *.txt
-rw-r--r-- 1 root root 12 Feb 5 12:33 ssn-plaintext.txt
lolwut@urmom:~/how2crypto# cat ssn-plaintext.txt
111-22-3333
lolwut@urmom:~/how2crypto# gpg --armor -o ssn-encrypted-1.txt --symmetric --cipher-algo AES256 --compress-algo none ssn-plaintext.txt
lolwut@urmom:~/how2crypto# ls -lah *.txt-rw-r--r-- 1 root root 226 Feb 5 12:33 ssn-encrypted-1.txt
-rw-r--r-- 1 root root 12 Feb 5 12:33 ssn-plaintext.txt
lolwut@urmom:~/how2crypto# cat ssn-encrypted-1.txt
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.12 (GNU/Linux)

jA0ECQMCvOfXlNAuxlhg0k4BcUGNIJvbtDwdB7HybxyvOTzKYQnpiw55HjqYXgJY
0H1U+u7nk8CJAwCilLsHfDyJeLYJ6PuTPpH6DATE77jJInPP+Da2WZgaPockNSE=
=SoHo
-----END PGP MESSAGE-----
lolwut@urmom:~/how2crypto# gpg --armor -o ssn-encrypted-2.txt --symmetric --cipher-algo AES256 --compress-algo none ssn-plaintext.txt
lolwut@urmom:~/how2crypto# ls -lah *.txt-rw-r--r-- 1 root root 226 Feb 5 12:33 ssn-encrypted-1.txt
-rw-r--r-- 1 root root 226 Feb 5 12:34 ssn-encrypted-2.txt
-rw-r--r-- 1 root root 12 Feb 5 12:33 ssn-plaintext.txt
lolwut@urmom:~/how2crypto# cat ssn-encrypted-2.txt -----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.12 (GNU/Linux)

jA0ECQMCgkBEraATVWpg0k4BchxD/8JaT/KyJUxwBXdmeZp3tWmajvngzVV8VJdO
o7dWjdnAES1UlPSoWsVPL+rxWH79t3FPVxbWsICh0tglHVdte23uvW/gzONqme0=
=rWhJ
-----END PGP MESSAGE-----

Please provide your referenced script for trivially brute forcing the contents of either ssn-encrypted-1.txt or ssn-encrypted-2.txt. You're certainly correct in your statement that encryption is only one piece of the security puzzle, but it's a critically important piece, and it appears you truly do not have a firm grasp on the topic.

(philip.paradis posting as AC for the moment)

Re:That's why nobody sensible wants them

[UnderCoverPenguin]

there are HUGE fines for allowing PHI to leak out

Except that those fines are levied against the corporation, not the responsible people. While the corporation could recuperate that from the responsible people, it usually doesn't because the responsible people based their decision on advice from experts, then chose what sounded "good enough" while minimizing the implementation cost. So the blame gets transferred to the experts - the one for giving bad advice and the others for failing to adequately counter the one - who then get fired. Then the corporation then passes the costs through to its customers - and gets to deduct the costs from its taxable revenue.

Re:That's why nobody sensible wants them

[sexconker]

It's not a matter of "why not just" anything. Keys in memory just mean an attacker runs a memory dump once the system is online. Keys in a file means an attacker reads that file. All major database servers will use an encryption keystore to encrypt the keys with the credentials of the service account the database runs under. They're not plaintext files, they're protected as strongly as the service account itself. If this is set up properly, it means an attacker that can get at the key on disk you can also run a memory dump to get the key in memory. The only additional things "key-in every boot" protects against are someone absconding with your physical disks / servers or you using a trivial password for the account. (Potential vulnerabilities that let you get into the account's keystore are traded for potential vulnerabilities that let you dump memory you shouldn't have access to.)

You can't encrypt your data and decrypt it without the key and data existing in the same place at some point.
Even if you have a hardware module the handles the encryption and decryption, it's going to be sending out unencrypted data (or data encrypted only by something like HTTPS) - this means any legitimate device downstream gets the unencrypted data. Compromise any legitimate device downstream (web server, report server, lackey's laptop, etc.) and you win.
Encryption only protects data at rest and data in transit. Data in use is always as vulnerable as the device using it.

Further, at-rest encryption means you can't search for shit.

[Last Name] [First Name] [SSN] [Date of Birth]
SELECT * FROM Suckers WHERE [Last Name] = 'Smith'

If [Last Name] is encrypted, your search will involve the decryption of all data for that column, or all distinct data for that column if you indexed it and store the index in a separate file (or used some transparent database-wide feature to do so). With millions to billions of rows, complex queries, and wide tables, this becomes impractical.
There are hacks that let you "sort of" search by doing stupid shit like using a hash of the last name or having a separate column in plaintext, such as for the last initial, but these all expose some portion of data in order to somewhat increase performance.

Re:That's why nobody sensible wants them

[sexconker]

There are a number of solutions to the problem. There are data protection appliances that can be integrated to databases or applications (via API) where encrypted data is sent to for decryption and available only in the result set; never written to disk in the clear. In this scenario, even root or dba don't have access to the sensitive data, unless authorized by the appliance. Another option, (becoming more popular) is tokenization. The sensitive data is replaced by consistent non-sensitive token values. This often allows for many business analytic processes to operate on non-sensitive data. In many scenarios, all of the work in the main application/database can be done with tokens and then a secure 'detokenize' app is provided to specific users that may need the real data. Tokens can also retain some of the original data. So if we tokenized SSN 123-45-6789, we could generate a token that kept the same last 4 digits, 541-30-6789. If customer support uses the last four digits of SSN to verify customers on the phone, they can now do it without being exposed to the real sensitive data.

(Disclaimer: I work for a data protection company that does this kind of stuff)

Exposing plaintext data, even a portion of it, defeats the entire point of encryption.
The last 4 digits of an SSN are a terrible thing to expose.
A typical practice is leaving the first 4 digits of a credit card account number in plain text so you can search against them.
The last 4 are easy to get (rummage through mail, or call up customer service and say you didn't get the bill, they'll say it was paid, you'll ask "what card was it on", they'll say "I can only tell you the last 4 digits and the fact that it was a Visa, etc.).
Armed with the first 4, last 4, and the fact that it's a Visa, you significantly narrow down the possibilities due to the algorithms used in generating account numbers.
Another practice is exposing the first few letters of the last and first name. This lets you search and sort better, but it makes your shit that much more vulnerable.

But if you're going to do it, tokenizing it in that manner is ridiculous - you should be using an encrypted column for the real deal and a plaintext column for the exposed shit. None of this whackery where a single column has the same length and characteristics of the real deal, AND you've got the real deal encrypted elsewhere. If 123-45-6789 is real it should be encrypted (fully) in some other column. The column with 541-30-6789 should simply be a column with 6789.
If your 541-30- is based on 123-45- at all, then you're obfuscating only 5 fucking digits. Given someone's date of birth you can guess the first 1 or 2 digits. You can to 2 or 3 based on address as well in many cases.
If your 541-30- is random, then it serves zero purpose and there's no need for it. Storing, fetching, and indexing the column without that extra shit will give you performance increases. You can store 9999 as a 2-byte int, where as you need 11 bytes of char data for 541-30-6789, or 4 bytes of integer data if stored as 541306789. Further, the index will be much more effective when it's only indexing the shit that matters.

Re:That's why nobody sensible wants them

[sjames]

Actually, what we really need is a general recognition that "Identity Theft" is not actually a thing. It's nothing more than a way for a careless bank to pass the losses on to an innocent 3rd party. If a bank is careless enough to hand scads of cash to someone fraudulently claiming to be me, the crime is bank fraud and it has nothing to do with me. That also means that they need more than "because we said so" to validate that I owe them anything at all.

Should they continue to attempt collection after I have denied the debt and they have nothing better than "our records show" to counter my denial it is fraud and harassment. If the bank reports the debt to a credit agency representing it to be mine, they are guilty of libel. If the credit agency in any way passes that information on (including by lowering my credit rating), they are also guilty of libel.

Finally, if they "sell" that debt, the bank has defrauded the collection agency and at the same time joined it in guilt for any harassment that may be inflicted on me.

Re:That's why nobody sensible wants them

[Charliemopps]

...properly securing them is very very difficult...

No it's not. You can hire a person with a degree in computer security starting around $40k a year. You can get someone with 10yrs+ experience for under $100k/yr. Then its a matter of doing what they say, and not letting executives over-rule every inconvenient policy they put into place.

Re:That's why nobody sensible wants them

[Khashishi]

And it stopped happening, didn't it?

Re:That's why nobody sensible wants them

If you were to encrypt the data a rest, where would you store the key?

1. On a smartcard incorporated into an authorized employee's badge...
2. On a HTTPS server that only utilizes individually assigned PKI certificates for access...
3. On a windows share of an 802.1x network that requires credentials and encryption to access...
4. On a USB token issued to an authorized employee...
5. On a server that will only make it available with a one-time password provided via employee cell phone...
6. etc.

Re:That's why nobody sensible wants them

[Jawnn]

There are a number of solutions to the problem. There are data protection appliances that can be integrated to databases or applications (via API) where encrypted data is sent to for decryption and available only in the result set; never written to disk in the clear. In this scenario, even root or dba don't have access to the sensitive data, unless authorized by the appliance.

Fail. At some point, somebody has to have access that allows them to view/copy/steal sensitive data in that system. We can, and should, make the path to gaining that access as tortuous as practically possible, but if you've got system-wide admin creds (and it sounds like the attackers had that) all the encryption in the world isn't going to help.

What might have actually helped a fucking ton, would have been some awareness of what was going on in their network. Bad guys were in there for over a month before anyone noticed. For an outfit with that much sensitive data, that's inexcusable.

Re:That's why nobody sensible wants them

But, but, 314-15-9265 is my social security number!

No wonder Cox is trying to go after me for missed bill payments.

Re:That's why nobody sensible wants them

[Lab+Rat+Jason]

While I agree, it would be nice... It's a reality that we can't move backwards on this. Nobody is going to dismantle the idea of "credit for everybody", because to some degree, everybody needs credit. The only reasonable path to take is to move forward with this and improve the system.

To some degree, what you have said is already available to you. If someone uses your identity to get credit, you can dispute it. You are welcome to sue the credit company, and you are welcome to sue the credit agencies who incorrectly besmirched your name. But it is pretty unlikely that you are going to win enough statutory damages to break even.

The point is, you can live off cash, and not participate in the "credit" system, and by doing so, you can largely ignore any letters from creditors asking you to pay up... because if you never take credit, it's pretty easy to prove it. But in the end, you are either in the system or out of it. You can't go to an agency and ask for credit, but tell them to their faces that you intend to buck the system they have put in place. Right or wrong, it's the system we have. Change it or GTFO.

Re:That's why nobody sensible wants them

You iterated through a 128 or 256 bit number for each one of 1 billion social security numbers in 62 seconds on your laptop?

If so, I hope for the sake of your future progeny, that you weren't holding it on your lap given the heat that would have been generated during that time interval.

I highly suspect, what you were actually doing, was executing a brute force attack on the first pre-image resistance of a cryptographic hash function which was applied to a known and inappropriately sized enumeration field. We design and build systems which address these issues appropriately. If your contention is that the fundamental security primitives are indeed insecure what SSN maps to the following value:

a49dc3c0cb0c284d7f3b2ef418415d3261832a0be6b77d39822549d771058ab0

Your observations do help illuminate, though, why we are struggling with security issues.

I believe you would find a discussion of the von-Neumann/Landauer limit and irreversible thermodynamics illuminating.

Re:That's why nobody sensible wants them

[sjames]

Where did I suggest doing away with credit? It would necessitate banks being a lot more careful to document extended credit, but that's it.

The things I said are already true but being studiously ignored. All we need to make it so is to fairly enforce the existing laws.

It's not completely without precedent. A few county sheriffs pretty much ended foreclosures in their counties simply by insisting that the banks show evidence of the loan in default. None of them could.

Re:That's why nobody sensible wants them

[Mr.123]

This is not true. The ones that were executed were not owners of the company. http://en.wikipedia.org/wiki/2... One was a dairy farmer and the other one was a supplier to the company.

Re:That's why nobody sensible wants them

[graymatter1945]

Store it with the encryption hardware such as provided by those obsolete IBM Mainframes. The master key for the system is stored in tamper proof piece of hardware. That same hardware handles encrypting user encryption keys which are then stored in a protected file that is accessible only by the encryption started task (daemon).

Re:That's why nobody sensible wants them

[graymatter1945]

Use a system such as z/OS where there is no person that has root access.

Re:That's why nobody sensible wants them

and this is why we can totally trust the market and giant corporations to secure our PII and PHI and the rest, and why a government database containing SSNs and such would be so much worse....... .......naaah. Just kidding.

Give me a single-payer system with all its warts and let the profiteering insurance company bastards rot. The private system can declare bankruptcy and weasel out of responsibility for the effects of the data breach, and leave the CEOs and investors holding onto ill-gotten wealth. A gov't system, as flawed as they all are, at least doesn't have profit as one of its stated goals....

Re:That's why nobody sensible wants them

Horseshit. If you get hacked at this kind of a level, you're negligent, period. This is what comes of CEOs and CIOs running staff at the edges and making strategic decisions to risk a breach because they estimate the costs are lower than hiring enough staff for that.

At one company I worked at years ago, the powers-that-be ruled against implmenting COBIT etc rules regarding electronic records retention, because their reasoning was that a fine for missing data was lower than the liability from what that data contained. That's the kind of venal and sociopathic behavior that privileges profit over the effects of their bad behavior on their paying subscribers.

Re:That's why nobody sensible wants them

You iterated over a 128 or 256 bit number, once for each of 1 billion SSN's, on your laptop, in 62 seconds?

I'm hoping, for the sake of your future progeny, that you didn't have the laptop in your lap when you did that, given the
amount of heat that would generate.

I suspect what you actually did was to implement a first pre-image attack against a cryptographic
hash function which was using a known input pattern over a limited enumeration space. We design and build
systems which address this problem correctly. If you think the problem is secondary to a weakness in the
cryptographic primitives which are available, what SSN gives rise to the following mapping:

a49dc3c0cb0c284d7f3b2ef418415d3261832a0be6b77d39822549d771058ab0

Your observations do provide illumination into why we are struggling with security in our industry.

I would strong advocate you review the work of Landauer and von-Neumann on the computational
principals surrounding irreversible thermodynamic processes.

Re:That's why nobody sensible wants them

[stoborrobots]

Further, at-rest encryption means you can't search for shit.

Yep, that's a major issue we have with the encryption technologies we use at the moment. That's where the need for homomorphic encryption and other similar searchable encryption comes from.

Dan Boneh, Giovanni Di Crescenzo, Rafail Ostrovsky, Giuseppe Persiano: Public Key Encryption with Keyword Search. EUROCRYPT 2004: 506-522

Dawn Xiaodong Song, David Wagner, Adrian Perrig: Practical Techniques for Searches on Encrypted Data. IEEE Symposium on Security and Privacy 2000: 44-55

Eyal Kushilevitz, Rafail Ostrovsky: Replication is NOT Needed: SINGLE Database, Computationally-Private Information Retrieval. FOCS 1997: 364-373

Re:That's why nobody sensible wants them

[antdude]

Your children/kids should be the next CIOs. ;)

Re:That's why nobody sensible wants them

[dclydew]

Yes, SSN isn't the best example because that data could be manipulated. Another example would be exposing the first 6 and last 4 digits of a credit card. This provides the same security as 123456******1234 and is considered secure by the PCI standard. Properly implemented tokenization would mean that there is a 10^6 possible values (10^5 if you do luhn check verification) and that there is no way to mathematically verify which of the 10^5 values it is.

Re:That's why nobody sensible wants them

[dclydew]

In a properly implemented tokenization scheme, your solution is actually less secure. For example, lets say we have a value of 123-45-6789. We tokenize this value using proper randomization and get 4968-34-6789. There is no mathematical connection between the token value and the original value meaning that there are ~10^5 possible combinations and ANY of them could be valid.

When the ciphertext is stored alongside some of the plaintext, you open up the possibility of a known plaintext attack. Since tokens are not mathematically connected to the plaintext, partial text doesn't necessarily reduce the security of the scheme.

That being said, SSN isn't the best example. A credit card stored as 1234 56TT TTTT 9876 (where the T represents a tokenized digit) is equally secure as 1234 56** **** 9876 (difficulty of 10^5 and no verification to determine which of the 10^5 possible values are correct).

Also, having the encrypted data stored 'somewhere' is part of the older token design, where there is a vault that stores both the encrypted value and a token paired with it. Newer tokenization solutions do away with the valut completely.

Re:That's why nobody sensible wants them

[dclydew]

A number of data protection solutions today (including the company I work for) actually prevent admin access. Basically, a policy can be defined by a security administrator on a Management server. The policy is deployed to the database as an encrypted package. The database has an agent which queries the policy. Only users listed in the policy have permission to decrypt/detokenise the data. If admin, root, dba, sa etc are not in the policy, they will only see the protected data. If they try to change their account to a privileged user, that action should generate an alert.

There are solutions like this implemented in many companies and they actually work.

I also agree with your additional point. Security event monitoring, intrusion detction, audits etc should all be in place, no matter what data protection method you're using.

Re:That's why nobody sensible wants them

Real world example:
Cox insisted on having my SSN to get internet service through them. The last 4 of the SSN is used to confirm the user on the web site. They insisted that storing SSN on the internet was safe because it's encrypted. They really want the SSN to be able to track you down if you don't pay and skip town. Most of their customers aren't going to argue with them because they hear that encryption is magic. I eventually convinced a supervisor that their security is a joke and we agreed that my SSN would be in their system as 3.14159265, without the decimal point.

Do what I have started doing. Tell them you don't have a SSN. There are reasons why someone might not have one. Maybe I'm an illegal alien. They don't know and that's not their concern either. They want your business and your money. The worst I've been asked to do as a result is pay for the upcoming service rather than being trusted to simply pay for the month I already got.

My SSN for my ISP is 000-00-0000

Re:That's why nobody sensible wants them

Putting the key alongside the data is a bad idea no matter how the key gets there. Finding it in RAM would be no different than finding it somewhere on the disk (assuming the disk approach is more complex than c:\config\crypto.key)

Yup, exactly. That's exactly what happened with HeartBleed. Keys should always be kept separate from the data.

Re:That's why nobody sensible wants them

[LessThanObvious]

SSN should not be the universal identifier. I really think we need to get rid of this model where private industry treats Social Security Numbers as an identifier. When the same number is used over and over again it loses all it's value as an identifier. Treating a SSN as anything other than an account number for social security benefits and nothing more is just entirely flawed logic.

Re:That's why nobody sensible wants them

A TPM is just as bad as storing the keys in memory. If you can compromise and gain control of a signed binary's (and therefore * trusted *) thread, you can use the compromised thread as a proxy to gain access to the TPM and use it as an oracle.

The real issue is the "OMG! I NEED IT NOW!" mentality that the data must deal with. Ease of access VS. Security is ALWAYS a war of compromises. The more security something requires, the harder it is to access it. THAT'S THE ENITRE POINT OF SECURITY. To make it harder for an adversary to access that which must be protected.

Because that data * MUST * be immediately accessable when a partner (doctor's office, government agency, etc.) needs it, the data is on a public network facing server, with little oversight on who accesses what beyond the server doing an auth check and logging the result. The result of this is much like the summary describes. Eventually a breach will occur, and when it does it makes headlines due to the sheer amount of data that * HAD * to be readily available 24/7/365.

The real question is just how much of that data be so easily accessable and where a delay in access is (or should be for everyone's sake) acceptable?

Personally I don't think a person's financial info should exist on a health insurance company's public network facing servers. (Nor the person's personally identifying information for that matter, you should know who it is if you are filling an insurance claim on them. And if it's an emergency, then you have better things to do than filling an insurance claim. Like treating your patient FIRST. (I think health care should prioritize the person's health instead of some bottom line on a balance sheet, so sue me.))

That information should only be accessable internally, with hashes used as a placeholder. If you want the info, call the company (after the person recovers / dies) and give them the hash data, then and only then should the insurance company hand out that information. Does this mean profits may take a hit? Yes, yes it does. But if I did not make my opinion clear I will restate it for you:
I think health care should prioritize the person's health instead of some bottom line on a balance sheet, so sue me.

Incompetent IT in a health care industry?

[BVis]

The hell you say! I'm sure all that money they saved not building an adequate infrastructure is much more than this breach will cost them. Oh, wait...

Re:Incompetent IT in a health care industry?

[jellomizer]

Working in Health Care, the issue is much harder then you think.
We have conflicting rules and regulations that we must follow.
We are by law demanded to keep our data safe, at the same time, we need to share it with others (Insurance Companies, Legal Cases, Governments, individuals, competing health care professionals) at a whim. Complex rules for what is acceptable and not are in place, meaning there is an IT Infrastructure that is older, because it contains an organic set of rules. Dumping the old systems for new ones that are more secure are a major undertaking.
Even with a skilled IT Staff larger then most organizations it is nearly impossible to keep up with all the changes required by law, and focus completely on security. Putting in a code freeze until we get security fixed cannot happen.

Re:Incompetent IT in a health care industry?

[BVis]

Excuses. Clearly you don't have enough staff for the workload, or for some reason you can't find a consulting company to help you with either the code or the security.

I would suggest that security should be the top priority ahead of everything else. If, after starting to fix the security issues, you find that you can't keep up with the necessary code changes, hire more people.

Re:Incompetent IT in a health care industry?

[Nutria]

I would suggest that security should be the top priority ahead of everything else.

This to a country (world, really) where Windows in the dominant desktop OS?

BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!

Re:Incompetent IT in a health care industry?

Sure, but that all costs more money. We will gladly add all that and jack up your rates even higher to pass on the costs.

Re:Incompetent IT in a health care industry?

[sumdumass]

I'm not going to knock windows as for all it's faults, it has been easy enough to use that any idiot can own a computer.

That said, i have met these idiots personally. I caught one walking around trying to plug an RJ45 into every phone outlet (RJ11) he could find. He thought it was the network.he was trying to connect his laptp to the network because it had several virus' and he wanted the company anti virus to remove them. I caught another trying to disable the firewall. Someone in a chat room gave her a program that "would make her job easier" but it wouldn't run. It just popped up a screen and closed it quickly So she connected back to the chat room and he was trying to remote in. She said "oh, its ok, i've known him for 3 months in this chat room now and he's always doing things with computers".

Re:Incompetent IT in a health care industry?

[Nutria]

The worst part is that these people vote for the people that lead my country.

Re:Incompetent IT in a health care industry?

[houghi]

Where I work we are by law demanded to keep the data safe. We are also required to share it with others (government) and this on a whim. We also contact govenment for data verification. All this is done over the Interwebs.
We also need to follow strict privacy laws.

Yet somehow we are able to do this in a safe and secure manner. We only send and receive critical information needed, so not other stuff that might be not needed, like the name of his dog.

The protocols used are pretty standard in sending information from and to. (OK, perhaps not NSA safe).

We are a small company and can easily keep up with the legal requirements. It is so integrated in what we do that if somebody asks if it is secure, they look at you like a cow looks at a train.

And if you are still talking about updating your systems, you are at least 20 years too late. The systems should already be secure. That leaves the transfer of data part.

The moment we receive a legal request for additional information, the IT part is the easiest part. Extract the needed data form the data base and send it to where it needs to go over a secure method. Or know where to get it from over a secure method.

Exchange of the keys is already included in that. Both for the test servers as for the live servers.

And please note: I said the IT part was the easiest part, not that it was easy.

Re:Incompetent IT in a health care industry?

[ibpooks]

I would suggest that security should be the top priority ahead of everything else.

I would rather they have patient care as their number one priority. Their focus should be the health and welfare of patients, because if they don't, people literally die. If it comes down to doctors spending their time treating patients and nurses double-checking medicine doses versus keying in lengthy crypto sequences on their tablet and meeting with IT vendors -- I would much rather they choose the former.

Re:Incompetent IT in a health care industry?

[BVis]

I wasn't saying ALL of health care should focus on security, I was saying health care IT should. Part of that focus should be determining where the compromise point between security and convenience lies.. and in a HIPAA environment, security wins if there's a conflict.

Yes, there will be some inconvenience. That's not avoidable with increased security. Minimizing it is key to ensuring compliance. If the nurses bitch because they have to enter a password where they didn't before, well, tough shit. Part of the effort should also be giving security policies some teeth; when someone gets caught breaking policy (sharing passwords, etc) they should be punished progressively, eg verbal warning -> written warning -> suspension -> termination. Doctors, nurses, aides, upper management, everyone. Once a C-level gets fired for violating policy, I think you'll find everyone else falling in line.

Re:Incompetent IT in a health care industry?

Can we add the cost of that to your medical insurance premium?

Re:Incompetent IT in a health care industry?

Doctors are gods at some places and good luck getting them fired for breaking IT rules.

Re:Incompetent IT in a health care industry?

[div_2n]

It's almost always a lack of will to spend the money required or accept the pain necessary and NOT technical feasibility. If you build your systems to the strictest of standards or beyond, then you are by default in compliance with the rest.

Doing things "right" almost always gets hamstrung by the dollar figures required or by "business" push-back. "Do we really need to install IDS/IPS equipment in every little branch network we have?" Yes, yes you do if you want to prevent and catch breaches early. "What do you mean I shouldn't use my iPad pool-side while on vacation to do my work? I'm the CEO." Yes, but that guy taking pictures of your screen behind you on the balcony isn't and the guy that's going to steal your iPad while it's unlocked when you get up to get your margarita certainly isn't.

Re:Incompetent IT in a health care industry?

[beanpoppa]

I would prefer that my doctor have a couple of concerns with higher priority than security.

I would suggest that security should be the top priority ahead of everything else.

Re:Incompetent IT in a health care industry?

[BVis]

As I indicated in another reply, that was referring to health care IT, not doctors or other caregivers.

Re:Incompetent IT in a health care industry?

I'm not going to knock windows as for all it's faults, it has been easy enough to use that any idiot can own a computer.

Which may indeed be one of its biggest faults.

Re:Thanks Obama

[BVis]

Grind your axe somewhere else. You don't like the ACA? Write your congressman. Fuck off.

80 Million?

[giltwist]

So of the roughly 300 million people with SSNs, nearly a third of them are nearly compromised? Great.

Re:80 Million?

[wezelboy]

Might be a great excuse to replace SSNs with something better- like a key pair.

Re:80 Million?

That is actually an excellent idea. Public/private key pair. This is an idea I can get behind. The NSA should help with it, instead of spying on all of us. They can earn that secure part of their name. They may even have a clue how to make it secure.

Lets do this. SSN is not proper tech anymore. It is 1930s tech. We have much better ways of doing this.

We should get a petition on the whitehouse.gov site. We should also start suggesting it to senators.

This is a *GOOD* idea.

Re:80 Million?

[Drethon]

Sir, I lost my keyfob and can't log into my medical website, can you help me?

Re:80 Million?

What a stupid argument. If people are too dumb to keep their own security infrastructure, then they can keep their insecure 9 digit "secret." But why force everyone to use that weak sauce?

Re:80 Million?

[Drethon]

Lowest common denominator? Not that I like it either.

Re:80 Million?

Sure swing by your local SS office and stand in line and we can get you a new one after we verify a few things.

Re:80 Million?

[sumdumass]

But i put it in the shoe box with all the other important stuff. It was lost when our house was robbed or caught fire last month.

A lot of things happen to a lot of people. Its not always their stupidity.

Re:80 Million?

Yeah but, you know, only nearly.

income data?

[SemperUbi]

Why is a healthcare insurance provider collecting income information on the people they insure? That's none of their business. The answer is probably 'just because they can,' but that doesn't mean I have to like it.

Re:income data?

Because perceived income is a good sign of strength. People who declare a low income (either because they have a low income, or they're not prepared to bluff about having a higher income) tend to be easier to bully.

There's nothing that sets hierarchy quicker in casual social situations, too.

Re:income data?

[Drethon]

Or those with higher income are more likely able to pay their medical bills. Of course the point of view should be that lower income needs insurance more than higher income but since insurance is a for profit buisness...

Re:income data?

[cdrudge]

Marketing demographic information most liklely. It doesn't say how accurate or what the source of that portion of the data is.

Like many companies, my company has various different methods that we obtain leads. We automatically run every lead through a service to obtain demographic information about the email address that can tell us household size, residence value, own or rent, income, education level, field of employment, interests, age, etc. All those go towards scoring the lead as it relates to our target market.

While a data breach is a data breach, if it's somewhat public information or otherwise readily available from any number of other sources it's not like the damage from having income information is catastrophic.

Re:income data?

[Motard]

Why is a healthcare insurance provider collecting income information on the people they insure?

I've worked in employee benefits for over 25 years, and the usual reason is that they are administering more than your health insurance. Often you also have short-term and/or long-term disability insurance, or life insurance. The benefits of these are based on some percentage of your salary. Your short term disability benefit may be 60% of your salary, or your life insurance benefit may be 2 X salary.

In all my time working for insurers like Anthem I have never been asked to pull salary data for anything not related to the above.

Re:income data?

[jeffmeden]

Marketing demographic information most liklely. It doesn't say how accurate or what the source of that portion of the data is.

Like many companies, my company has various different methods that we obtain leads. We automatically run every lead through a service to obtain demographic information about the email address that can tell us household size, residence value, own or rent, income, education level, field of employment, interests, age, etc. All those go towards scoring the lead as it relates to our target market.

While a data breach is a data breach, if it's somewhat public information or otherwise readily available from any number of other sources it's not like the damage from having income information is catastrophic.

In this case, it was one less step the miscreants have to go through to grade each record set for sale on the black market. No doubt they are going to (or already have) sort by income descending, break them into nice 100 ID chunks, and sell them to the highest bidder.

Re:income data?

[SemperUbi]

You're probably right. These data collection practices probably started in the pre-ACA era, when insurers could get away with more. Also, maybe they want to know what they're up against if an insured party threatens them with legal action.

Re:income data?

[SemperUbi]

I can see that as a likely explanation. PII is supposed to be handled as securely as PHI, and companies are supposed to make an active effort to minimize how much they store. But who has time?

Re:income data?

[SemperUbi]

I get that perceived income has some value. I just don't see an insurance company being able to extrapolate that from the data they have access to.

Re:income data?

[jedilowe]

It is employee income data that was breached. There is no income data on the insured.

Re:income data?

[dclydew]

Monetization of data. All big companies do it. They collect as much data as possible and then sell subsets of data (perhaps anonymized) to 3rd parties, or they may provide roll-up analytic reports to third parties... Stuff like:

I want to build a for profit practice that specializes in cancer treatments. What part of the country am I most likely to find a high number of cancer patients who make enough money to afford what I want to charge for my services?

I buy a service from a data analytics company, they have deals with some insurance companies, medical research labs, big pharma groups etc. They submit the request to these companies. The companies do some research on their huge data sets and return their best results. The data analytics company makes a nice report and gives it to me. I know know that Somerich City, Alabama is totally where I want to build my practice.

In this scenario, no individual private data was provided... but its available at the source companies. This makes them prime attack destinations if the PII data isn't protected.

In some European countries though, the laws are strong enough that this kind of behavior is extremely limited and under heavy audit.

Re:income data?

[mordred99]

Credit score and income level are two key indicators on how high your rates will be, and how much government assistance you will get.

Re:income data?

To calculate your subsidy under the Affordable Care Act (aka Obamacare)

Re:Thanks Obama

[Richard_at_work]

What, you weren't buying medical insurance before Obamacare? I find that hard to believe...

SSN as an ID not password

[Himmy32]

Always stuck me as silly that your SSN was supposed to be secret and is used as a password. But you can never change it and you have to give to everyone including companies like this that lose it. Seems like the SSA should also give you a password that you can update that places could authenticate against. That way if you suspect a breach and you could update that number. Something like they you come in verify your identity and give you a new PIN.

Re:SSN as an ID not password

[santiagoanders]

The silly part is that knowing an SSN and a few other pieces of publicly available information is enough for someone to grant credit, and then for collections of such credit to be enforceable in court against the supposed borrower.

Re:SSN as an ID not password

[Cmdr-Absurd]

It gets better. secure.ssa.gov currently gets an F rating at ssllabs. (Vulnerable to Poodle both sslv3 and TLS).

Re:SSN as an ID not password

My credit card provider gets a B based on that, but what SSLLabs doesn't tell you is that they only have one-factor authentication on thier site. They ask you for a username and password, and then a memorable word. THAT'S ALL ONE FACTOR, SAINSBURY'S BANK.
 
I don't care if they get an A rating, they still suck at online security.

Re:SSN as an ID not password

[mordred99]

The issue you are talking about is not exactly right. SSN is an ID .. that is a fact. ID's are never, ever, supposed to be secret. They are in fact supposed to be public so we can discern whom is who. However what you are railing against is the proof of identity, which is a separate issue. For example, knowing someone's SSN should not be proof of identity. The issue is that banks/insurance companies/etc. are using insecure practices when it comes to establishing proof of identity.

Re:SSN as an ID not password

[Solandri]

Your SSN was never supposed to be secret. Your SSN was supposed to be used only by the SSA for collection and disbursement of social security payments. It was never intended to be used as a national ID. However, in light of there being no other ID which uniquely identifies each individual in the country, everyone glommed onto using the SSN for that purpose. Which is when it started to become important to keep it secret.

Front office workers doctor's office

When I see a new doctor, they always demand a SS# along with all of your personal information.

And when I tell them that I am uncomfortable with it, I always get a stern and rude demand. Any explanation of how insecure medical is - those people email and fax that information willy nilly - I get this "I'm full of shit look."

I hope those people get their identity stolen and their credit ruined so they can learn a lesson.

Re:Front office workers doctor's office

[jellomizer]

SS# isn't a demand from the Dr. but from the Insurance Company... Yell at them for requiring it.

Also of a note. Your doctor probably has a patient list of around 25,000 people. That he must record and track by law. The SS# is one of the easier ways to insure you have the correct patient matched in the system. Bigger institutions can work around it, ones with a large IT Staff. But the small Dr. Office is quite limited, and subjected to the whims of the vendors.

Re:Front office workers doctor's office

[rossdee]

" Your doctor probably has a patient list of around 25,000 people."

Thats a huge practise for just one doctor. Even for a GP

Re:Front office workers doctor's office

[jellomizer]

Small practices usually range 5,000 - 40,000 patients. 15,000 patients per doctor. I have done a lot of practice data conversions, those are the numbers I tend to see.
You have the following calculation.
Normally about 50% of the visits are from new patients.
8 hour day, with 10 minute intervals. for 5 days a week for 50 week. That is 6000 patients. They will need to keep 4-5 years of data on the patent. So we go up to 25,000 range.

Now we have variances based on specialty, and level of care, but 25,000 for a small practice is rather normal.

Re:Front office workers doctor's office

I recently got into it with a medical rep on the phone. My wife had a procedure done and they called and wanted EVERY piece of PII/PHI they could get their hands on .Then, when my wife was done, they wanted all the same info from me. I refused over and over again - my insurance number and name were all they needed and I knew they had the rest on file anyway. In the end, the rep gave up. She called back an hour later and apologized because she realized how invasive their questions were and "it was starting to bug" her.

Re:Front office workers doctor's office

While SS# may be legally required for many things, it absolutely sucks as an identifier, encrypted or not.

There's no check digit, so a simple transposition error or misreading a 3 as 8 or some such will not be caught. (Compare vs credit card numbers.) The combination of SSN and birthdate is only slightly better -- transpose the last two digits and you could well match the SSN of somebody else with the same birthday (and may still live in the same town as you), since they're allocated sequentially (by region).

Adding to that, doctors, hospitals, and health services and health insurance companies all seem to have totally different ways of actually tracking information (and none of them have apparently ever taken a course in basic bookkeeping, as witness the incomprehensibility of medical bills), so they tend to regard the whole IT thing as vaguely magic anyway.

Free credit monitoring!

[fastgriz]

Don't worry, they are going to give you a free trial of credit monitoring... The credit monitoring company probably even gives them a kickback for referring 80 million potential new customers after the 1 year trial subscription expires!

Re:Free credit monitoring!

That's what bothers me. "Oh, your most private of information and something that can ruin you if it falls into the wrong hands was stolen. Don't worry, we'll pay the $9.95 for someone to 'watch for suspicious activity' for the next year. After that, you're on your own".

They should be required to pay for monitoring for life.

Badum-tish!

[Dr.+Eggman]

Maybe they should change their name to Anathema Insurance

Re:Thanks Obama

[internerdj]

My congresscritter has managed to vote to repeal ACA 50+ times since it was passed. Got any ideas on how to make him stop? Letter writing didn't help. Voting against him didn't help either.

Re:Thanks Obama

[smooth+wombat]

Hard to believe someone wasn't handing their money over to a private company because the government told them they had to, isn't it? Imagine that, someone taking responsibility for themselves rather than being forced to pour their money down a black hole just to make sure some CEO gets their bonus.

The mind wobbles.

And no consequences?

[gstoddart]

Sadly, in the absence of data protection laws which makes corporations liable for this, this will continue.

Unless companies carry a real cost for failing to secure this stuff, they'll continue to treat this as an afterthought.

But apparently forcing corporations to not be clueless and careless idiots would somehow be a bad thing.

Sorry, but if you need to have private information like that, you need to be accountable. If you aren't going to make companies accountable, don't allow them to have the data in the first place.

Re:And no consequences?

[rhsanborn]

The scary thing is that this is in the industry with the most consumer data protection laws (healthcare). We've never had a breach this large, so we have no idea on the fine size. The largest fine levied so far was a combined $4.8M split between two entities. Unfortunately, I suspect the cost of securing a network this large accumulated over 5 years is probably more than the fine. The bigger pain will be the knock on effects of lost business, remediations, etc. The only other similar breach is Community Health Systems who lost ~4.5M records around August. Fines haven't been announced that I know of, but the all-in estimate is about $100-$150M.

Re:And no consequences?

[random+coward]

The data protection laws need to target the credit agencies. If Experian or Equifax had unlimited strict liability if they added a loan to your report that didn't belong to you they'd change what they allow which would in turn force the credit issuers to be sure to get real proof of identity, otherwise they lose all recourse in trying to get the debt payed back.

Re:And no consequences?

[iMadeGhostzilla]

I'm not sure more laws will help. The health industry is already under tons of laws like HIPAA and this still happened. I also believe that past some reasonable point, more and more regulations make people who do the actual work in the field (doctors in this case) resentful about their jobs.

Re:And no consequences?

[kbdd]

At least it looks like the HIPAA data was not leaked. That is probably due to the HIPAA regulation and if so, they did work, so let's not throw the baby with the bath water.

Re:And no consequences?

Oh, but the cost of the free credit monitoring they give you!
OH WAIT, there's no cost to them for that, it's free to them too. Because the monitoring services give it to them that way, because they know they will make money upselling you extra shit you don't need, AND from selling off the new data they got about you for "monitoring" from the company that got hacked. It's a datamining goldmine. And you're the victim three times over even if no criminal EVER uses the stolen data.

Re:And no consequences?

Keep in mind that there is NO REASON WHATSOEVER for credit companies to exist.
YOU are completely capable of keeping all the financial records about yourself needed to prove your payment reliability to anyone you wish to extend terms to you.
But NO, YOU opted for the NANNY STATE.
So you got what you paid for, idiots.

names, birthdays, medical IDs/social security

[l3v1]

Simply WTF. If nothing else but "names, birthdays, medical IDs/social security numbers" would've been stolen, that in itself would've been much more then acceptable. Hell, one would expect the most sensitive data of people would be more protected... At the very least, the company should cover IDtheft protection expenses for _all_, for at least a year, maybe more. Plus, they should be fined, with such a large amount that they'd get scared, and start implementing _real_ data protection policies. Yeah, you wish...

At companies and agencies handling such data, _all_ kinds of data leaks or thefts should be treated as criminal offenses and they should be punished, I mean really punished. If you can't handle the protection of the data, don't handle them in the first place.

While I also consider the thieves to be criminals, I'm more angry with those, who simply are inept to protect their best assets, even more so since they have the money, manpower and resources to do so.

Also, I'd like to see a national blacklist established, with all companies and agencies on it, who had similar massive data breaches, and made publicly available, so as everyone could judge and decide whether they'd like to entrust their data to such idiots.

Re:names, birthdays, medical IDs/social security

An idea regarding fining them. Punish them by issuing a large fine.

Then, use half of the fine to fund the improvements they need to make with respect to security.

This forces them to address the issue and sets aside the funds to do so.

Spread the improvement fund over several years and have it controlled by an independent oversight organization.

Re:names, birthdays, medical IDs/social security

Also, I'd like to see a national blacklist established, with all companies and agencies on it, who had similar massive data breaches, and made publicly available, so as everyone could judge and decide whether they'd like to entrust their data to such idiots.

Hindsight is 20/20. The problem with your thinking is that your blacklisted companies could possibly be the very ones who are _now_ doing a better job of information security. That a company has not _yet_ been breeched does _NOT_ make them safe.

Sadly the problem with this whole thing is that all of this technology has been pushed into widespread usage without being throughly tested. And by a free-market system that only cares about, and is fully run by and motivated by profit. And that those people who run these corporations are well protected from legal liability. Look at the mortgage banking disaster of 7 years ago and how very few prosecutions have happened or ever will.

Even the very core foundation of our security technology (SSL) is shown to have bugs and holes.

Acronym usage

[gcnaddict]

If you're only using an acronym once, expand it in-line. For instance:

Personally identifiable information (PII) should be classified based on sensitivity. At a certain level, that PII must be encrypted during transit. At the highest level, it must be encrypted during transit and at rest. Social security number falls in the highest sensitivity level. Standard operating procedure for years. This doesn't guarantee you won't get hacked, but it reduces / minimizes the impact if you are hacked.

Not saying this to be a dick. Saying it because the way you come across right now is as someone who takes pride in stuffing jargon in the faces of others.

Re:Acronym usage

Not saying this to be a dick. Saying it because the way you come across right now is as someone who takes pride in stuffing jargon in the faces of others.

Let's be honest - you couldn't resist being a dick.

Re:Acronym usage

[GTRacer]

Let's be honest - you couldn't resist being a dick (deftly inlining concrete knowlwdge)

Fixed the fix for ya both!

Re:Acronym usage

[sexconker]

Let's be honest - you couldn't resist being a dick (deftly inlining concrete knowlwdge)

Fixed the fix for ya both!

I'm not even going to fix the fix for the fix for your fucks.

Re:Thanks Obama

[BVis]

Well, that's democracy in its current form for you. In 2010 the GOP got to re-draw congressional districts, and they gerrymandered them in such a way that anyone other than a staunch right-wing Republican will never ever get elected. You could run Jesus against the GOP candidate and it would be close.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Notice is 2 Months Late

[Cigamit]

Its nice that they notified us today that our information was breached, but the real question is why they didn't notify us sooner.

They setup a specific website about this breach.
http://anthemfacts.com/

The problem to me is that they just now notified us, yet they registered the domain for the breach on 2014-12-13. Which goes to show that they knew about the breach nearly 2 months (or possibly more) before deciding to inform us.

Re:Notice is 2 Months Late

[Cigamit]

The website didn't exist 2 months ago.
The wayback machine shows no record of it until today.
According to the DNS history, the domain seems to have been parked until they updated the DNS yesterday.
Google shows no mention of this domain by Anthem or anyone else until today.
Anthem specifically says they setup this dedicated website for the breach information.

All that would point you to that this domain was setup for this breach.

Re:Notice is 2 Months Late

Perhaps they've waited for two months not only to set up a PR campaign but to work out a deal with hackers which ultimately failed?..

Re:Notice is 2 Months Late

[Cigamit]

You just circled back to my point. I could care less about their need for a PR campaign to spin it which ever way they think is best. That is still 2 months that the hackers would have had our data to abuse, and Anthem leaving you completely unaware that you immediately need to start monitoring your credit.

Re:Notice is 2 Months Late

[raind]

I think we are beyond the point where you need to monitor your credit report, now you need to monitor your bank, credit cards, paypal, etc on a weekly basis. By now anyone who is not off the grid should assume your personal info has been gained.

Re:Notice is 2 Months Late

They recently changed their name from Wellpoint to Anthem. They may have registered the domain for that reason, not because of the breach.

Re:Notice is 2 Months Late

[mordred99]

Because as any good Security person knows, you have to follow the trail, and find as much information as possible about the hack. Notice they did not say a lot about how it was done, and they cannot even tell what was taken. They need time to work on that, and that is why they hired a digital forensics company to do that. They were required by law to disclose after a certain time frame (2 months), so they did. Otherwise they would have sat on this so they could answer every person's question properly and not say "we don't know" for a lot of the really basic questions. The more time they take, the less bad PR they take because a lack of a definitive answer to the press means you have speculation, and that is more hurtful to companies than bad things happening.

Re:Notice is 2 Months Late

Well since you could care less, could you please go ahead and do so?

Re:Notice is 2 Months Late

They were required by law to disclose after a certain time frame (2 months), so they did. Otherwise they would have sat on this so they could answer every person's question properly and not say "we don't know" for a lot of the really basic questions.

This. Also, and I'm not well-versed in HIPAA disclosure rules specifically, but breach notification generally involves a dialogue before hand with the police or FBI. I don't think disclosure delay is always fully under the control of the firm, investigators can put the release on hold if they feel that their search will be advantaged by not having the information public.

Income?

Why does a Health Insurer need information about income?
And why is all that data in the same database and is anyone allowed to pull ALL data?
I am actually surprised that a private insurance got hacked before healthcare.gov, is the government actually better in securing their data?

Notice is 2 Months Late

Lol, you can't seriously think they bought this domain just for this.

Re:Thanks Obama

[ScentCone]

and they gerrymandered them in such a way that anyone other than a staunch right-wing Republican will never ever get elected

You mean, like the Democrats have done forever in places like Maryland? The way they've tortured the district boundaries in that state is a showcase for craven political monoculture at the state legislature level. That even Marylanders got so sick of the lefty power plays that they refused to coronate the dem governor's anointed successor and went with a relatively unknown Republican in November is pretty telling.

That is not true anymore.

Yell at them for requiring it.

I don't yell; I sue and file criminal complaints.

In the old days, the insurance companies used your SS# as your member #. They stopped doing that years ago but the doctor's office workers do not know that.

But they also demand it for collection reasons.

That's the REAL reason doctors office demand it: collections. Meaning when you go and the insurance doesn't cover everything and you can't pay the balance, off to a collections agency.

I thinks that all bullshit in this country. If a doctor signs a contract with my insurer for payment amounts, they should take that amount and none of this BS of coming for the balance from the patient. I also think it's unethical.

Re:That is not true anymore.

If a doctor signs a contract with my insurer for payment amounts

The same insurance company you signed a contract with to have them pay 80% of the costs and you pay the remaining 20% after the $2000 deductible has been met?

Re:Thanks Obama

Thanks to the ACA, I was able to switch insurance companies (away from Anthem) this year. Since I have cancer and am in active treatment, no company would have taken me just a few years ago. So, yeah, thanks, Obama!

Unfortunately, Anthem probably still has my SSN, so I'm still hosed. Damn, the magic password leaks again...

Re:Thanks Obama

[tibit]

So, you've got a 100k of disposable income sitting around just in case you had to say in the hospital for a week? Well, good for you, but I don't want the likes of you setting public policy, you know.

Re:Thanks Obama

Ever think it might be because the Democap party, in its current form, sucks so bad that people will take ANYTHING thats not a democrat?

Can they tell us what did work out good?

[rvw]

Swedish said the breach is extensive: the vulnerable data included "names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data," though "no credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised."

Security was breached, personal information was stolen, but no CC or medical information. Can they tell us what prevented the theft of medical information? How can that information be used to prevent the future theft of data with other companies? Using the same methods, could it protect things like employment info and income data? Can systems be designed to be more bullet proof?

My first guess is that the medical information was on different servers, maybe at different locations, and access to those systems was not that easy. Given the fact that systems will be broken into, how can you design these big information systems in such a way that only a limited amount of data can be stolen?

Re:Thanks Obama

[BVis]

Yes, the behavior is totally defensible because the other side does it as well.

Except, you know, not.

What was the attack vector?

[mdecheser]

Has any information been release regarding how the attack was performed?

Re:What was the attack vector?

[mdecheser]

Still working to confirm this, but the vector may have been a 0-day Adobe Acrobat vulnerability. Far from sophisticated. http://krebsonsecurity.com/201...

Re:Thanks Obama

So it's so gerrymandered towards Democrats a Republican got voted in....yeah seems legit. I just looked at the Delaware voting districts and they really don't look too tortured. Do yourself a favor and look at Texas if you want a good example of gerrymandering. They literally break up cities into chunks with large swaths of rural areas so that there is no way a Democrat could reasonably win, it's actually a very purple state, same with Massachusetts, though I don't think that Mass is gerrymandered, they regularly have Republicans elected into office. I'm not saying it doesn't happen in Democratic states, but that there are a few states in the south where it's comically so and they happen to be Conservative states.

Silver Lining

Every new huge data breach means more opportunities for identity theft. More and more ruined (and practically irreparable) credit records.

Eventually enough people will have such bad credit scores, justly or not, that lenders will have to either a) not lend or b) assume higher and higher risk thresholds.

Once a critical mass is reached, the whole rotten credit industry comes crashing down. Panic ensues.

Maybe then we'll get something like effective reform. Or a primitive cash-or-barter economy. Either would be an improvement.

Re:Thanks Obama

I'm not saying you're this stupid, but why is it that many "libertarians" seem to think that not having insurance and depending on everyone else to pay for their emergency room visits is somehow personal responsibility?

"Taking responsibility for yourself" means by definition not freeloading off the system, as so many "I'm not signing up" douchebags choosing to do. I say let them opt out, and if they get hit by a bus or fall down some stairs or get cancer, fine-- no ambulance, no ER visit, no treatment at all-- leave their rotting carcasses out in the street so everyone else can see a libertarian dying by the terms of their rugged individualism and self-sufficiency. Yes that's sarcastic.

Taking responsibility for yourself means signing up for insurance and not mooching off those who DO pay for your health care when you need it.

Or... feel free to die in the street from treatable illness/injury as a warning to others. I really have no problem with that. Unfortunately as part of having a "society" and all, others are more compassionate for the losers who freeload without stepping up and self-insuring.

Just like the anti-vaxing idiots who opt for "personal freedom" by placing a severe risk of death on those around them and mooching off the herd immunity of others, not signing up for insurance is just selfish freeloading that makes others pay for your benefits and puts others in harms way by raising the systemic costs of those benefits for those who actually do the paying for it.

Don't want insurance? Jesus. The mind wobbles.

Info needs to be accessible to them, IRS(ACA), bil

[raymorris]

The information needs to be accessible. The insurance company has to access it, of course, as well as partners like billing and collection companies, doctors and hospitals query the system, and to enforce ACA the IRS needs access, the state exchange you bought it through ... Probably three more types of entities I'm not thinking of off the top of my head. I'd bet there are at least a dozen different government agencies involved with ACA who can query your information.

If the IRS, the insurance company, the hospital, the state, and the billing company can read the data, the bad guy can read it too. The data may very well be encrypted on-disk, so if someone stole the hard drive they couldn't easily read it. It has to be decrypted by the system, though in order to be useful. Therefore, any encryption used must be mostly "feel good" encryption that doesn't actually do much to protect your data.

To protect it, we first need address the issue that all of these different companies and government agencies get access - treat it as PRIVATE data, not to be passed around. THEN effective measures could be put in place to ensure it never leaves the insurance company's network.

I'll specifically address two things you mentioned:

> why not just keep any encryption keys in memory only where it's that much harder to get them

So the computer system has access to the decrypted data, because it has the key. The bad guy has control of the computer system ...

> these systems are already hugely expensive and it makes it incredibly difficult for anyone without physical access to get at the actual data.

So only the guy in the server room can access any patient^H^H^H^H^H^H customer data, for a company with millions of customers? That's going to be one busy guy! Roughly everyone who works at the insurance company needs some access to their customers' information, so it has to be on the network. The IRS demands access too, so the insurance company has to connect it to the internet.

They gathered data needed for future attacks

"Employment information" would potentially cover a lot of different things. Employer, job title, years of service, etc. Verifying title against income, an attacker could easily target employees who would have access to key systems within a corporation, and use the given email address as a starting point to launch those attacks.

Attacking an insurance company provides a goldmine for any nation-state looking that wants to perform espionage against US companies. My first guess is that they didn't WANT the financial information.

Re:Thanks Obama

Democracy is a big fat fail. Fortunately it's always replaced eventually by a dictatorship.

Re:Thanks Obama

[DarkOx]

Its not just naked hypocrisy though. The situation is more like you have a gun on someone, who wants you to put it down; but you are like 99% certain the moment you do they are going to run over pick it up and point it at you.

Dems have use gerrymandering in the past, they would again if positioned to do so; or resort to some other dirty trick like trying to limit corporate donations while leaving the door open for unlimited union contributions. Or for that matter attaching a major heal care overhaul to the budget reconciliation process for the express cause of preventing the other side from having a floor vote or the opportunity to propose amendments they were sure would cause the legislation to fail.

No you can't expect one side to unilaterally disarm. It would be political suicide for those who are in it for the power, and needless surrender for those who are actually fighting for something on principle. The problem is our political system does not really allow for the creation of an enforceable bilateral agreement to "cut the crap" and actually behave democratically rather than seeing what you can get away with via process tricks and legal wrangling. In short there really is no solution until one side manages to suppress the other entirely (where we all lose).

The real question is can the DNC run out the clock until such time the GOP demographically can't win; or with GOP first succeed in sufficiently controlling participation and eligibility such that it won't matter. I am pretty pessimistic that the idea of "government by and for the people" has much chance for survival. So I say choose your sides folks, you can have the socialist boot in your face, or the fascist boot up your ass, its mostly likely going to be one or the other.

Info is accessible to hosptial, IRS, state, billin

[raymorris]

Under the current set of regulations, the information needs to be accessible. The insurance company has to access it, of course, as well as partners like billing and collection companies, doctors and hospitals query the system, and to enforce ACA the IRS needs access, the state exchange you bought it through ... Probably three more types of entities I'm not thinking of off the top of my head. I'd bet there are at least a dozen different government agencies involved with ACA who can query your information.

If the IRS, the insurance company, the hospital, the state, and the billing company can read the data, the bad guy can read it too. The data may very well be encrypted on-disk, so if someone stole the hard drive they couldn't easily read it. It has to be decrypted by the system, though in order to be useful. Therefore, any encryption used must be mostly "feel good" encryption that doesn't actually do much to protect your data.

To protect it, we first need address the issue that all of these different companies and government agencies get access - treat it as PRIVATE data, not to be passed around. THEN effective measures could be put in place to ensure it never leaves the insurance company's network. So long as the IRS demands access to query it, it has to be accessible via the internet.

Re:Thanks Obama

[ScentCone]

So it's so gerrymandered towards Democrats a Republican got voted in....yeah seems legit.

You're (deliberately, no doubt) confusing congressional elections with gubernatorial elections. That you're even putting forth an opinion on the matter while being (or pretending to be) that clueless is pretty funny. Or would be, if it wasn't clear whether or not you vote using that same brain.

I think i know how to decipher this..

"very sophisticated external cyber attack."

Some some kid walked into the server room with a usb key and copied all the files.

The era of SSN as a primary key is over

That's 80 million social security numbers connected to personally identifiable information.

It should now be illegal to use it as the "secure" way to identify someone.

Time to isolate the data-warehouse?

[davidwr]

For sensitive information like financial or medical data, it may be time to physically isolate the main data warehouse so any non-insider breach would only compromise records that had been copied to a "front end server" for short-term use.

Here is how it might work:

You have a back-end data warehouse that holds all of your records.

You have a "smart filter" that mediates access to this back-end database. This filter looks for suspicious behavior and alerts real human beings when things start to look funky. Ideally this "smart filter" would be "invisible" to both the "back-end data warehouse" and the "front end cache" which I will describe shortly. This "invisibility" will make it much harder to compromise.

You have a "front-end cache" that contains holds copies of information from the back-end data warehouse for a very short time - hours or days for most types of information.

It is this "front end cache" that bank tellers, ATM machines, home-banking web servers, etc. access.

If the front-end cache gets compromised and all of its data stolen, there will be a loss but it won't be nearly as big as the loss of having the entire data warehouse compromised.

If the front-end cache gets compromised in a way that causes it to start querying the back-end data warehouse for lots of data, alarms will go off.

This system is designed to mitigate damage, not prevent it entirely. It is meant to augment, not substitute, for existing security measures. By itself, it does nothing to protect against spear-phishing or to protect against a non-greedy adversary who is content to get only a small fraction of the total data available. But depending on how much it limits the damage when a breach does occur, it may be well worth the cost.

Re:Time to isolate the data-warehouse?

Congratulations, you just invented an overly-complicated intrusion detection system!

Re:Thanks Obama

[Ol+Olsoc]

I'm not saying you're this stupid, but why is it that many "libertarians" seem to think that not having insurance and depending on everyone else to pay for their emergency room visits is somehow personal responsibility?

Because what passes for "Libertarianism" htese days is selfish pricks that don't want anyone to tell them what to do.

Also that they pay nothing for an emergency room visit that they allow the rest of us to pay for.

Which to me sounds like a socialist money redistribution scheme. Just filtered through our insurance companies/Guvmint in the form of rate hikes.

Anyone that has a brain could see that we were in a positive feedback loop with people falling out of the insured due to price, then getting emergency room care as their primary care, and the costs being passed upwards, and more people dropping off the insured lists. So eventually we were going to get an insane sort of universal health care system that didn't work for shit.

And yet, all these other countries have not performed a divide by zero operation with their health care systems.

Delegation of authority/responsiblity

[davidwr]

That sort of thing [holding higher-ups accountable] only happens in China

In theory and I'm sure sometimes in practice, it also happens in the US military. In some situations, if a service member violates orders and his boss doesn't fix the problem pronto or fails to see a problem that it's his job to see, he gets punished.

I say "in theory" because as with many organizations where "who you know" and "your perceived value to the organization" are unwritten factors in who takes the blame when things go wrong, there are probably plenty of times when the rules say such punishment should happen but the reality is that it does not.

Re:Delegation of authority/responsiblity

[UnderCoverPenguin]

A few of my friends were in the US military. Based on things they said at various times, my understanding is that commanders have a lot of discretion when prescribing punishment. In many cases, purely administrative discipline can be sufficiently obfuscated that it has no long term - or even medium term - effect.

Re: Thanks Obama

Youre full of shit.

The dems are the ones who gerrymander to gain the minority swing vote.

Regardless, the electoral college sucks. Just.tally the.damn votes and.pick.a winter already.

Re: Thanks Obama

You're an actual retard. The GOP gerrymandering of late has been all over the news. Oh that's right, you ONLY trust Fox News because you ARE A MORON.

Not just individuals at risk

[EvilSS]

The potential exposure for individual financial fraud and identity theft is really bad with this but it's not the only concern. With this breach they have SSN plus detailed employment info for what probably amounts to nearly every employee at any company who uses Anthem for their health plans. What do 90% of helpdesks ask for when resetting something like a password or issuing one-time use tokens for 2-factor authentication? Last 4 of your SSN. With a little work to figure out a few things like login ID formats this data could be used as a jumping off point to target any of the thousands of companies that use Anthem for their employee health plans, across who knows how many industries. This could be the breach that keeps on breaching for a long time to come.

Offer to pay in advance

[davidwr]

If you pay for services in advance and tell him you will file your own insurance paperwork for reimbursement, then he will not only want your business more than if you don't, but he won't have any insurance/banking/collection reason to need your SS#.

This will leave only a few reasons why he might ask for it:
* Some federal or state law requires it (doubtful, but possible)
* He's part of a larger practice which requires the SS# (possible)
* His patient-tracking or -payment system chokes without it (very likely) and he doesn't know how to work around that problem (also very likely).

Lost keyfob? Go to paper backup

[davidwr]

A private key should be easy enough to print out.

If everyone had such keys I would make at least two encrypted copies, one each with the public keys of people I trusted and who I believed would be accessible, such as my parents or a sibling if they lived nearby.

Then I would print out the encrypted copies. I would keep one of each for myself and store one of each someplace else.

This way, if I lost my key-fob I could go to one of them and get it re-made. If my house burned down taking my key-fob and my printed copies with it, I could still re-create the key fob.

Re:Info needs to be accessible to them, IRS(ACA),

[jeffmeden]

So only the guy in the server room can access any patient^H^H^H^H^H^H customer data, for a company with millions of customers? That's going to be one busy guy! Roughly everyone who works at the insurance company needs some access to their customers' information, so it has to be on the network. The IRS demands access too, so the insurance company has to connect it to the internet.

The notion of an operator-provided or operator-unlocked key is the way it used to work "back in the days" when every server had a monitor plugged into it. You would provide a password on bootup which was a mini-key to decrypt the actual SSL/TLS keys. It would get stashed in memory at that point and (hopefully) operator intervention wouldn't be needed again until the next scheduled reboot. Before too long, the threat of in-memory attacks far eclipsed the threat of physical server theft and this practice was ditched.

Credit reporting agencies are RICO

[random+coward]

NO.

The better way to fix this is to require strict liability to the Credit reporting agencies. If they put data in your credit report that is false, If they link you to debt that you actually didn't take out, then they have unlimited liability to damages to you plus statutory punitive damages.

The hell, if when they come and sell me credit protections services isn't extortion i don't know what is.
"Nice credit score you have. It would be a shame if someone stole your identity and messed that up so that we had bad info for you in our database. Pay us per month and we will ensure that doesn't happen"


When credit agencies actually start pushing banks and other creditors for ACTUAL proof that it was that person, then the whole industry will quit using SSN's as ID's, which they aren't.

Re:Credit reporting agencies are RICO

I may be impacted by this breach but I won't know until "a few weeks" if I receive a letter from them... I went to the credit report websites and saw that they charge the consumer to freeze (and unfreeze) your report to avoid other people using the stolen data to open accounts in your name. So even if you don't want to participate, you still have to pay them.

Re:Credit reporting agencies are RICO

I like your thinking here, sir. The lack of accountability of credit agencies is astounding.

Re:Thanks Obama

[Rockoon]

Yes, the behavior is totally defensible because the other side does it as well.

This coming from the person that (a) was the one that brought up gerrymandering, (b) only mentioned the GOP, and (c) vilified the GOP.

A very consistent thinking process you have. You will slam them publicly when the GOP does it, but you will also make every attempt to avoid saying that the DNC is also doing it.

When confronted with your hypocrisy you shrug it off and again make sure to not directly say that the DNC is also guilty but instead say "the other side."

Intellectual honesty is only intact when its from start to finish. When it isnt from start to finish, you are just a partisan asshole.

Re:Thanks Obama

[Rockoon]

Because what passes for "Libertarianism" htese days is selfish pricks that don't want anyone to tell them what to do.

Its selfish to not want to be told by someone else what to do?

It is the people that think they have an automatic right to tell others what to do that are selfish. This seems to be a common theme in politics today, where a group guilty of something like being selfish, label those that oppose them with what they themselves are actually guilty of.

It is not selfish to want to avoid other peoples tyranny. You dumb fuck.

Re:Thanks Obama

[oodaloop]

So both sides are doing it, but you only want to vilify the GOP for doing it. Is that about right?

Re:Thanks Obama

[BVis]

I wasn't vilifying anyone. Nowhere in that statement did I refer to the GOP, or indeed any particular organization, person, or group. I was making a statement that bad behavior is bad behavior, even when everyone does it. Gerrymandering is hurting our country, and that's gerrymandering both by the GOP AND the DNC.

Now I'm going to vilify someone: Your bias and knee-jerk politics are showing. You're seeing persecution where none exists. I bet you're a fundie, too.

I was hit by Countrywide and Target breaches too

[peter303]

Seems to be annual ritual now. Just watch accounts and credit histroy.

Re:Lost keyfob? Go to paper backup

[Drethon]

That is not a bad idea.

Re:Thanks Obama

[CrimsonAvenger]

In 2010 the GOP got to re-draw congressional districts

Interesting notion, since congressional districts are drawn by STATE governments, and the GOP didn't (and doesn't) control all State governments.

Then, it has to be vetted by the Justice Department. You remember that one, it's run by Eric Holder. And Obama is Holder's boss, not the GOP.

Re:Thanks Obama

[LifesABeach]

The Greeks figured this problem out about 3600 years ago. Don't kill the stupid-f*, go to town and cause everyone else to want to go and kill the stupid-f*. Then go home and watch it on CNN, with a cheap cold beer in your hand.

But Your Credit Card Data is Safe

[LifesABeach]

The bad guys took every other piece of relevant data about you, but not your credit card data; ya, right.

Paper Security

The key thing here is that most of these details are write-once, read-rarely. How often is a Social Security number actually needed? At sign-up and then only if there is a problem, like unpaid debts. So why is it even in the computer to begin with? Put it on a piece of paper, file it in a well organized records room and in that rare case of needing it, have a couple of minimum wage people on staff whose job is to go pull paper records. Same thing with date of birth - nobody needs the specific date, for all medical purposes the year alone is more than sufficient, probably even a 5-year range is good enough.

With paper the risk of wholesale data-theft is reduced to the people who have access to the room and how many file folders they can sneak past a security guard.

The only reason this stuff is in the computer anyway is because of a "collect it all mentality" nobody has considered the risks of electronic records, only the benefits such that even the most minimal benefit is considered sufficient reason to justify putting it in a database. Start doing a full cost/benefit analysis and many of these database choices will look like bad ones.

Re:Thanks Obama

[BVis]

The GOP controls enough state governments to put them in a majority in both houses of Congress, despite their unpopularity with the general population. Whether it's the national org or the state ones, it's still the same thing. The state parties do what the national party tells them, more or less, lest they find themselves primaried.

Justice is supposed to follow the law, not make decisions based soley on politics. If there were something illegal or unethical in the re-districting that they could make a case against, then they would. If it's clean (albeit distasteful) then what the hell is Justice supposed to do about it? Should Holder have rejected it because he reports to a Democratic president? Sure, Holder can play politics by deciding what to prosecute and how to exercise his executive authority, but if there's nothing there, there's nothing there. And I guarantee you they went over that redistricting with a microscope.

Re:Lost keyfob? Go to paper backup

It placed a SHIT LOAD of trust in the key fob, thus making identity theft a shit load easier!

The more security is put in place, the less it is questioned by those checking authentication. The end result is a less-secure system.

whew!

[Lab+Rat+Jason]

though "no credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.

Whew... what a relief! I was really worried there for a minute...

why and how do they have income data?

[kbdd]

Why would my health insurance have my income data? What does it have to do with my health?

How did they get it in the first place? Probably through my employer of course.

Of course, they do not even acknowledge it on their FAQ any more, that was quickly removed.. Now it only says "employment information".

Re:why and how do they have income data?

You provide it when you sign-up for certain non-group plans so they can warn you if you should be using the procedure to obtain a government subsidy to help offset their jacked-up rates that they still lose money on so they can get a kickback from the "risk corridor" --all part of the Affordable Care Act (aka Obamacare)

Re:Info is accessible to hosptial, IRS, state, bil

[JesseMcDonald]

If the IRS, the insurance company, the hospital, the state, and the billing company can read the data, the bad guy can read it too. The data may very well be encrypted on-disk, so if someone stole the hard drive they couldn't easily read it. It has to be decrypted by the system, though in order to be useful.

That isn't really true. A well-designed system (they do exist) would leave the decryption to a dedicated security module, separate from where the data is stored. To gain access to the data you first establish a secure connection to the data store, authenticate yourself, and retrieve the encrypted data. You then connect to the security module, re-authenticate, and present the encrypted data along with a (crypographically signed) request for decryption. The security module logs and validates the request, decrypts the data, and sends the plaintext back to the client through the encrypted connection. At no point does any system other than the security module and the client's computer have access to the plaintext, and the rules for validating requests can be as strict as you like.

The security module is an obvious target for attack, but it's also a single-purpose system on which you can focus all your security-hardening efforts.

Re:Thanks Obama

[MightyMartian]

Not that political parties up here in Canada don't pull self-serving stunts, but how the US has allowed the architecture of its electoral system to become part of the partisan machine boggles the mind.

i'm probably one of these 80MM

[bugs2squash]

By now my SSN must have been stolen several times from several different organizations that simply did not do their jobs properly. If there are consequences of this breach for me and I sue Anthem they'll just point to any of the many other ways in which my PII has been mishandled as a reason to dodge blame. Everyone uses the SSN, even costco asked for my SSN to join (I refused, but I bet there are many who didn't).

The change has to be in the meaning of the SSN, If the government wants a unique numeric name for any individual I understand, but it's not the same as proof of ID. Proof of ID needs to be either something biometric or something to do with your relationships to other people (but then, Anthem gave away as much of that as they possibly could too).

Massive HIPPA violation

[mrflash818]

"Someone's gonna kiss the donkey." -- Battleship

Re:Thanks Obama

[Ol+Olsoc]

Its selfish to not want to be told by someone else what to do?

It's called civilization. If I want to masturbate in public, or kill people, or be a pedophile, or be a cannibal. Or steal from my neighbors and sell their stuff on ebay, or force my neighbor's wife to have sex with me. I'm not allowed to do those things, It's an infringement upon my freedoms. I am not free to do any of those things without societal repercussions. And I agree with punishments for those things. People should not have the freedom to do those things.

We are a whole lot less "free" than some of us think.

It is the people that think they have an automatic right to tell others what to do that are selfish. This seems to be a common theme in politics today, where a group guilty of something like being selfish, label those that oppose them with what they themselves are actually guilty of.

Read this

http://talkingpointsmemo.com/l...

Now let's discuss.

Okay, I am certain that washing hands after using the toilet is one of those selfish things that intrude upon freedom. It actually is a restriction. If I have to do something, I am not free from doing exactly as I wish. I am restricted from my freedom to get my coliform bacteria laden shit on people's food. And senator Sen. Thom Tillis (R-NC) agrees with that.

Do you? Is fundamental freeddom do whatever you feel like doing so sacrosanct that you would be willing to allow your child to die with their internal organs destroyed be a massive e coli infection just so someone doesn't have to wash their hands? Even if we're not in "Think of the Children mode", are you willing to die because an employee enjoys greater freedom to

He is fine with that. And his other bit of batshit crazy supidity was that he supported restaraunts having to put up a sign saying they didn't require employees to wash their hand after a steaming hot crap. if they don't want to require their employees to have to wash their hands.

Which of course is a regulation, and regulations are bad, and it infringes upon the freedoms of the owner of the restaurant. I is the final answer "Eat Shit and die, it's the way of freedom"?

This is the problem when Libertarianism gets married to Fundamentalist Republicanism. We end up making insane statements. Probably very few people want to eat fecal matter. It's been a known disease vector for a long long time. But when you decide that every law and regulation is an assault upon your freedom, and therefore evil, you get stuck in a potatofest of having to support insane ideas like a complete abandonment of basic hygiene, with Two Girls, One Cup notwithstanding.

It is not selfish to want to avoid other peoples tyranny. You dumb fuck.

Meh, Define that tyranny? Is it being required to wash your hands? Is it not allowing you to kill anyone you feel like killing? Not being allowed to have sex with your daughter? All are societal restrictions on your freedom. You would be much more free if you could do any of those things, without society judging or impeding you.

This is where all of the faux libertarian arguments fail. Everything a litmus test, and when hoist by your own petard, you end up having to make up things like requiring employers to put up sighns that only violate your own litmus tests. There is no civilization without restrictions on behavior. The faux libertarian world is nothing more than modern day crypto-anarchy.

And you calling me a "dumb fuck" is just illustrative of every conversation I have with faux libertarians. All insult, no content.

Re:Thanks Obama

[ShanghaiBill]

So both sides are doing it, but you only want to vilify the GOP for doing it. Is that about right?

Yes. Gerrymandering by the Republicans and gerrrymandering by the Democrats are not the same. The Democrats started it (Gerry was a Democrat) but the Republicans are much better at it. There are plenty of geographic regions that are more than 90% democrat. These are mostly urban areas with large minority populations. But if you go to the reddest of the red states, say some rural county in Utah, you will find that it is only about 70% Republican. Democrats are just inherently more concentrated, and it is easier to isolate their votes into a few urban districts where they overwhelmingly dominate, leaving the Republicans to sweep the suburbs with 55% or so.

Re:Thanks Obama

Grind your axe somewhere else. You don't like it when people stand up to poor legislation? Write your congressman. Fuck off.

Lies, all lies

"or medical information, such as claims, test results or diagnostic codes were targeted or compromised."

This is an out and out lie. They are just trying to avoid being on the hook for a bankruptcy-sized HIPAA violation.

Re:Lies, all lies

[kogut]

This is an out and out lie. They are just trying to avoid being on the hook for a bankruptcy-sized HIPAA violation.

If you're right, that was a very, very bad lie. Proof of the lie would be extremely damanging to Anthem.

And if you're right, somewhere out there has the proof. Which is now worth a ton of money to the criminal.

Re:Thanks Obama

[sexconker]

I wasn't vilifying anyone. Nowhere in that statement did I refer to the GOP, or indeed any particular organization, person, or group. I was making a statement that bad behavior is bad behavior, even when everyone does it. Gerrymandering is hurting our country, and that's gerrymandering both by the GOP AND the DNC.

Now I'm going to vilify someone: Your bias and knee-jerk politics are showing. You're seeing persecution where none exists. I bet you're a fundie, too.

Well, that's democracy in its current form for you. In 2010 the GOP got to re-draw congressional districts, and they gerrymandered them in such a way that anyone other than a staunch right-wing Republican will never ever get elected. You could run Jesus against the GOP candidate and it would be close.

Try again, dipshit.

Re:Thanks Obama

[smooth+wombat]

Yes, I do have that much money available but I'm not the one forcing people to hand over their money to a private company.

If someone WANTS to do so, that's fine, but the government telling people they MUST hand over their money, at virtual gun point, is not the way to go.

Considering how adamantly opposed to the government sticking its nose into people's personal lives and the rantings against corporations, it sure is funny how you folks have managed to laud and support both the things you despise.

Updated my info

[sentiblue]

Upon learning about this incident... I immediately logged in and changed my pw at anthem.com. I've also updated passwords on every other thing that I have access to on the internet....

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Thanks Obama

[rahvin112]

The only solution to improve fairness in the US political system is a vast reworking of the entire electoral process. We've got a system right now designed around electing people not parties but have a party based election anyway. If we moved to a weighted party vote system like used in europe rather than an individual based system with a party thrown on top we would do much to return the elections to represent the people.

Now that we have the internet the first thing we should do is an amendment to return the house to a system where each representative only represents about 30,000 people. Then we allow them to vote on bills via the internet. In such a system the staff would be reduced to almost nothing eliminating the problem of the staff in Washington actually doing everything with congresscritters just being the face on the work the staff does. You could even set it up where only two representatives from each state get to go to washington and the rest vote from home. In such a system we'd return the house to a system that represents the actual people. Parties would become almost meaningless in such a system because the house rep would probably actually know everyone in their district.

Re:Thanks Obama

[rahvin112]

Utah is the prefect example actually, there are enough democrats in Utah that one to two of the four representatives should be democrats. They've carved the urban area into little slices to try to eliminate that. Matheson finally gave up trying to fight after they moved him from district to district and kept slicing chunks off to try to get rid of him.

IRS administers ACA (Obamacare), with others

[raymorris]

>. Why does the IRS need access to medical records, anyway? Financial records, sure -- but diagnostics, etc? Seems a bit odd.

The IRS has a major role in administering the ACA (Obamacare). The agencies in part write their own regulations about what they want to have access to.

if the national system were sane, yes. Each insura

[raymorris]

It would be possible to architect a reasonably sane national system, yes. I was speaking from the point of view of one insurance company. They have to provide the various agencies that administer ACA the access that the agencies demand. They can't force HHS or IRS to to use the security hardware that the insurance company a selects.

Even with a sane national system, a hospital should be able to query certain information from the insurers. That actually means each low-level hospital employee handling claims can query the data. When the hospital employee clicks on Britney spearssextape.mpg.pif ...

Re:Thanks Obama

[rhsanborn]

It's an anachronism of the early concerns of the US founders. They wanted to balance the interests of the more populated colonies/states with the interests of the less populated colonies/states. So they setup the house that is strictly based on the proportion of population to "represent the will of the people, and the Senate which has 2 votes per state regardless of population to ensure smaller states aren't drowned out in this republic. They never foresaw the effects of gerrymandering on the House. It's the downside of being the first modern democracy, we had to work some kinks out. I think there is value in discussing proportional representation, but the existing interests would never let that happen.

Re:Thanks Obama

[BVis]

Nowhere in that statement did I refer to the GOP, or indeed any particular organization, person, or group.

The statement:

Yes, the behavior is totally defensible because the other side does it as well.

I don't see GOP anywhere. You try again, dipshit.

Probably Our Own Government

[BrendaEM]

We probably got hacked by our own government.

Re:Thanks Obama

[sexconker]

The post I quoted is the one everyone is attacking you for, and is the one everyone, including oodaloop, is referring to. You don't get to pretend you didn't type it, or that people were referring to something else.
Please DON'T try again, it's pathetic.

Re:Thanks Obama

[BVis]

Well, *I* know what I was talking about, and it wasn't GOP-related. Don't try to tell me what I meant.

Re:Thanks Obama

[MightyMartian]

Canada is little different in regards to its lower house. The House of Commons is elected based on first-past-the-post voting. I believe there is some language in the Constitution about the minimum number of seats in the House of Commons some provinces may have, which does create a long-standing inequity between the growing provinces in Western Canada and the original members of Confederation.

That being said, "riding" (what you call districts) boundaries are set by an independent non-partisan body called Elections Canada. The provinces have similar non-partisan commissions. The intent is to de-politicize the actual mechanics of elections and prevent gerrymandering.

Again, as I said in my first paragraph, there are inequities in the size of ridings (districts) based upon how the House of Commons was originally divided up in 1867, but all in all, there are very few accusations of gerrymandering at the federal or provincial level. Obviously I believe that proportional representation of some sort is needed to truly create a fairly elected legislature that more accurately reflects the will of the electorate.

And then there is the matter of the Canadian Senate, which was modeled on the British House of Lords as it stood in the mid-19th century; along with Bagehot's notion of life peerages (which didn't come into being in Britain until the 20th century). That body is completely partisan in nature; as it is the Prime Minister who advises the Governor General on who to appoint. But in general the Canadian Senate does not defy the will of the lower house, so it is not as big an issue as it seems.

Re:Thanks Obama

[tnk1]

Let me settle this once and for all.

"The word gerrymander (originally written Gerry-mander) was used for the first time in the Boston Gazette on 26 March 1812. The word was created in reaction to a redrawing of Massachusetts state senate election districts under the then-governor Elbridge Gerry (pronounced /ri/; 1744–1814). In 1812, Governor Gerry signed a bill that redistricted Massachusetts to benefit his Democratic-Republican Party."

Democratic-Republican. While, yes, the party being spoken of is different than either of today's parties, I find the naming to be meaningful. It's not the Democrats or the Republicans or the Federalists or the Whigs who are responsible for it. It's all of them.

One party blaming situations on gerrymandering is like pissing into the wind. Yes, they can't win elections because the other party gerrymandered. Of course, they both have done it when they had the power to do it, and will do it themselves again when the power comes back to them.

Nevertheless, things do change in the US, just like everywhere else, but that only really happens when you actually give people a choice of what they can vote for, as opposed to two sides of the same coin, only with one or two hot-button items to make it seem like they are different.

Re:if the national system were sane, yes. Each ins

[JesseMcDonald]

I was speaking from the point of view of one insurance company. They have to provide the various agencies that administer ACA the access that the agencies demand.

Under the system I described, the insurance company can provide any level of access required. Even a full database dump, if necessary—just make sure it's locked down so that such requests can only come the agency needing access. If they want to use their own transfer protocol, arrange for a hardened proxy server and do whatever protocol translation you need at that point. If your database gets hacked through an insecure interface demanded by some external agency, there will be a log entry recording that proxy as the source and everyone will know who is to blame.

Re:Thanks Obama

[tibit]

The solution is simple, then: consider how much the cheapest insurance would cost you vs. paying the IRS fines. Do whatever makes financial sense. It won't be a big expense for you. Consider it another tax - and if it happens to be paid to an insurance company, you could even, gasp use the benefits when the time comes to do so!

Front office workers doctor's office

Fuck you, I was required by law to get medical insurance and I ended up with Anthem. I didn't want this at all and now I'm a victim of it

Re:Thanks Obama

[bigfinger76]

The fact that you can only say it while screaming in pain kinda underscores the point.

Re:Thanks Obama

[Rockoon]

You're bitching because I didn't name the DNC specifically?

Nope. I'm pointing out that you are obviously a partisan asshole.

What I was saying was more of a generalized statement

Generalized to shaming specifically the GOP, and when pressed we get a nice progression to "the other side [also]" followed by irrational screaming when you finally have to include the DNC by name:

THE DNC ALSO ENGAGES IN GERRYMANDERING. Happy now?

Do you think that you are you intellectually honest now?

Re:Thanks Obama

The GOP are a bunch of hatemongering douchenozzles and no matter how much you defend them, it won't change that fact. Willful ignorance IS intellectual dishonesty!

You know nothing, Rockoon

Rich guy right here!

You've got 100K extra just lying around solely reserved for medical expenses? Sounds like it's time to get out the tax hammer and start whackin at your piggy banks, ya greedy prick.

Who's a dumb fuck?

It is not selfish to want to avoid other peoples tyranny. You dumb fuck.

Hey dumb shit! The proper syntax for that statement is one of the following:

It is not selfish to want to avoid other peoples tyranny COMMA you dumb fuck.

It is not selfish to want to avoid other peoples tyranny. You ARE a dumb fuck.

You know nothing, dumbfuck.

Google Analytics not from Anthem

The Google Analytics tag on their site is not from Anthem but from http://www.webteks.com/
It is silly that a medical site uses Google Analytics but it is even more silly that the data can be seen by an external small web developer.

Re:Thanks Obama

[LordLucless]

It's called civilization. If I want to masturbate in public, or kill people, or be a pedophile, or be a cannibal. Or steal from my neighbors and sell their stuff on ebay, or force my neighbor's wife to have sex with me. I'm not allowed to do those things

Unless you're the government. Then you're allowed to kill people and steal their stuff at will. One rule for the ruled...

"Second-largest"?

How can they be the "second-largest" when I've never heard of them, and they don't even show up in the top 125 list:

http://www.freedombenefits.net/affordable-health-insurance-articles/Largest-125-US-Health-Insurance-Companies.html

Re:Thanks Obama

Well, that's democracy in its current form for you. In 2010 the GOP got to re-draw congressional districts, and they gerrymandered them in such a way that anyone other than a staunch right-wing Republican will never ever get elected. You could run Jesus against the GOP candidate and it would be close.

The thing about this statement, IS Obama is a "staunch right-wing Republican" to many people.

He gave the NSA a free pass for their crimes committed under Bush II...
have torture investigations resulted in charges brought against anyone?

we must "move forward for the good of the country" ...just like after Nixon...

his immigration policies, are just like Reagan.

And to many people, the "staunch right-wing Republicans" are all godless communists.
(the dept. of edu. planning the economy, NSA spying...we have no individual souls).

Try again, dipshit.

Explain to us the difference between the GOP and the DNC then. The labels mean nothing.

The CIA runs things abroad either way. The foreign policy of either party is not relevant.

If Obama makes peace with Cuba, then you can rest assured the CIA has approved that action, for whatever
reason.

You can bash BVis all you want...but there is little difference between the GOP and the DNC anyways, it is a moot issue whether
BVis was playing favorites or not.

The GOP and the DNC have very little say in things. They are subservient to the CIA and the NSA and the FBI.

The thing is, the CIA readily admits to much more than gerrymandering abroad...what evidence do you
have they do not do such things at home?

What makes you think either party has much ultimate say, even if they successfully fix an election?

Re:Healthcare Record Security

[yuna49]

In the US you give blanket authorization for the healthcare provider to share your information with insurers and other third-parties when you signed that HIPAA authorization form at your first visit. You did read that, right?

Here's a sample authorization form: https://www.caring.com/forms/h....

"... we are only doing Skype interviews"

So, I saw this ad, on Craigslist.

Director of Information Technology (san jose north)

Intelicare direct is a leading edge, dynamic, and best of class customer contact center with offices in San Diego, Las Vegas, and now our newest location in San Jose. (www.intelicaredirect.com)

We are seeking a highly strategic and results driven Information technology professional that will collaborate with our management team and deliver effective strategies that will evaluate, maintain, plan, and execute on technology related projects/infrastructure.

The Director of IT will report directly to the CEO and be based in San Jose and will have responsibility for the entire IT team across all 3 offices.

Major Responsibilities:

Use your expertise in system administration and network engineering to translate business needs into effective technical solutions

Prepare for emergencies by creating and updating action plans

Ensure that all procedures and best practices are being followed and provide guidance and coaching as necessary

Support 7x24 systems including telephony by periodically providing off-hours, evening, and weekend support

Ensure that vendors are meeting performance expectations and service level agreements

Strive to continuously improve delivery and availability of IT services

Compose and maintain internal documentation

Perform other duties and tasks as assigned or requested

Now, what is described, here, is NOT so much a director's duties, but, rather, more, a senior systems administrator's duties.

And so, apparently, the "director" is title inflation, to offset the lack of salary - which was not mentioned.

But I replied, anyway ...

To whom it may concern,

Resume attached - in response to your ad, for a Director of Information Technology.

&lt snip &gt

I've been managing small teams of very technical people for over twenty years.

The Human Resources manager was quick to respond:

Thank you for your recent resume submission and interest in working for Intelicare Direct. I'd like to schedule a skype interview for you to meet with our CEO/President, Gabriel Bristol.

The available times are:

Friday, January 30, 2015 at: 10:00A, 10:15A or 10:30A.

Please let me know which time works best for you as soon as possible. I look forward to your response. Thank you and best regards.

I confirmed 10:00, Friday morning ... but never received a reply.

So I sent another email, asking for an acknowledgement.

I also informed them that, between an older version of Skype installed on an older computer, running an older operating system ... and my home's limited bandwidth ... that, as a result of previous experiences with Skype not delivering an adequate grade of interconnectivity ... might we not do the interview, via telephone?

Please let me know what time I should expect that call.

Also, if it is possible, I would prefer to do the interview via telephone - the quality of communications via my Internet connection is very low.

The Human Resources manager then, without replying to my request, rescheduled the interview:

Thank you for your email. My apologies for just getting back to you; however, it seems that I will need to reschedule your interview with our CEO for Tuesday, February 3, 2015 between 10A- 11A or 1P - 2P due to a scheduling conflict. Please let me know what time works best with your schedule for next Tuesday.

I look forward to your response.

I af