Slashdot Mirror

← Back to Stories (view on slashdot.org)

Private Medical Data of Over 1.5 Million People Exposed Through Amazon

Posted by timothy on from the pretty-soon-you're-talking-real-people dept.

Gizmodo reports that a wide variety of information about 1.5 million people -- everything from police injury reports, doctor's notes about their patients, and social security numbers -- "all were inexplicably unveiled on a public subdomain of Amazon Web Services. Welcome to the next big data breach horrorshow. Instead of hackers, it's old-fashioned neglect that exposed your most sensitive information." From the article: Tomorrow, [Texas-based researcher Chris Vickers, who discovered the breach] will turn over the data to the the Texas Attorney General, where it will be destroyed. But that doesn’t mean Systema is in the clear. Vickers may not be the only person who downloaded those millions of records as they sat out in the Amazon cloud. We don’t know how long the information was available for everyone to see. But no matter what the timeframe, the neglect could be a HIPAA violation: Systema failed to protect the security of patients’ electronic medical information.

4 of 106 comments (clear)

  1. will be sold on Monday by fermion · · Score: 3, Interesting

    Unfortunately, Paxton is being prosecuted for being a con man who convinced a number of people to invest under false pretenses. I can imagine that by Monday he will put the data up for sale on the 'Dark Web' to fund his defense and imminent life as a fugitive in an undisclosed tropical locations.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  2. Re: Not really related to Amazon. by Anonymous Coward · · Score: 0, Interesting

    That's kind of the point actually. Not specifically Amazon but it's an utterly predictable indictment of cloud computing.

    Setting up cookie cutter hosted servers and such is reasonably easy. Maybe too easy because doing it correctly still requires knowledge and skill.

    It is far too easy for the unskilled to set up critical systems and besides the absolute inherent insecurity and untrustworthiness of anybody's cloud infrastructure, not just Amazon's, the low barrier to entry practically guarantees this sort of thing regardless of the specific cause this time.

    So...Amazon's fault? Not really. Proof that public cloud computing is a dumb idea, especially for some workloads...absolutely.

  3. Re: Not really related to Amazon. by MyAlternateID · · Score: 3, Interesting

    Eh sorry to double-post, but there's another aspect to health insurance that complicates things.

    Basically, if car insurance worked like health insurance, then every single time you got an oil change or put gasoline in your tank, you'd file a claim and make a co-payment. If homeowner's insurance worked that way, you'd file a claim and make a co-payment every time you re-shingled your roof, repainted your house, or replaced the mulch in some landscaping.

    In every other instance, insurance is for rare and catastrophic events only. It's not something you use on a regular basis every time you perform what would be called routine maintainence in any other context. It's one reason contributing to why health insurance is so expensive.

  4. Re: Not really related to Amazon. by mrvan · · Score: 5, Interesting

    1) The car analogy actually works better than you think - nowadays 'private lease' is becoming more and more popular, where indeed the leaser/driver doesn't even pay for oil change and in some instances gasoline. You pay a fixed monthly sum and you get a car (and of course the lease costs are higher because people stop taking care of the car as well as they would with their own car)

    2) Any insurance scheme (whether company or government) wants to minimize costs. This can be done by discouraging claims (with co-payments, thresholds, or exclusions) but also by encouraging good behaviour. Often, small medical costs (e.g. GP visit) should be encouraged rather than discouraged, even if only 1% of these visits can prevent (or spot early) a condition that can be tremendously expensive. A house insurance can force you to have a smoke detector installed, or they can pay a smoke detector for you - it doesn't really matter since in the end the costs come out of your pocket. Politically, it can be better to pay a GP visit for someone than to force them to visit a GP at their own expense, especially because enforcement is difficult and voiding someone's insurance in the case of serious illness without having made the required GP visits can be seen as inhumane, and emergency visits are often guaranteed by the state even for the uninsured, two risks which are less so with housing/car/etc insurance. So, just paying out the small claims can be easily a winning option if it prevents later costs. In the Netherlands, some (privately run) health insurance companies even subsidize gym/fitness subscriptions or diet advice, so apparently they believe that these costs can be recouped due to decreased risk and/or improved public image or sales.

    3) Relating to an earlier post made above, that health insurance is a scam and as a healthy person you'd be better off paying out of pocket: It's correct that insurance encourages risky behaviour, and that people at risk are more likely to value insurance, which is for example why disability insurance for self-employed people is ridiculously expensive (at least down here). However, health insurance in general suffers a bit less from these problems than other forms of insurance, since people don't actually like being sick, and getting a $2M payout for your cancer treatment doesn't actually leave you any richer (of course, some people still engage in short-term behaviour with long-term risks such as listed by GP). Moreover, a lot of really catastrophic health risks are simply random and impossible to pay out of pocket unless you're Warren Buffet.

    4) Relating to the GP that obamacare is bad because it forces people to buy insurance: By forcing everyone to participate, you reduce the problem that risky/unhealthy people are the only ones buying insurance, driving up the premiums and further discouraging health people from participating in the risk pooling. If there is a strong negative societal effect from uninsured people, it can be worth it to sacrifice some individual rights to self-determination to help avoid the vicious cycle of unhealthy insured people and high premiums.* And there are strong negative effects of uninsured people: the direct dollar cost of providing them with emergency service and (later) medicare for conditions that would have been cheaper to treat in an earlier stage; the indirect cost of decreasing taxes and increasing social spending when people are sick and disabled; and the humanitarian cost of having people suffer from treatable conditions just because they're poor and/or unlucky. So, there are strong benefits to universal coverage even for the healthy, and due to the risk premium the only way to achieve it is if it isn't voluntary.**

    *) In fact, the reason why the US system of employer-tied insurance works at all is precisely because it forces healthy employees to participate, thus greatly reducing the premiums compared to buying private insurance (in the old system, at least).

    **) Of course, if you're ideologically libertarian, you would simply not pay emergency service, medicare and social benefits and simply not care if some poor person dies from pneumonia, but in that case I'm not too sure I really want to have this conversation with you :)