Private Medical Data of Over 1.5 Million People Exposed Through Amazon

Gizmodo reports that a wide variety of information about 1.5 million people -- everything from police injury reports, doctor's notes about their patients, and social security numbers -- "all were inexplicably unveiled on a public subdomain of Amazon Web Services. Welcome to the next big data breach horrorshow. Instead of hackers, it's old-fashioned neglect that exposed your most sensitive information." From the article: Tomorrow, [Texas-based researcher Chris Vickers, who discovered the breach] will turn over the data to the the Texas Attorney General, where it will be destroyed. But that doesn’t mean Systema is in the clear. Vickers may not be the only person who downloaded those millions of records as they sat out in the Amazon cloud. We don’t know how long the information was available for everyone to see. But no matter what the timeframe, the neglect could be a HIPAA violation: Systema failed to protect the security of patients’ electronic medical information.

Not really related to Amazon.

Should probably be pointed out that this has nothing to do with amazon other than it was their web hosting used.

Re:Not really related to Amazon.

[Etherwalk]

Should probably be pointed out that this has nothing to do with amazon other than it was their web hosting used.

Amazon is a big name. Amazon is related to the story because it makes more people read the story. It's like if you have a story that Donald Trump's barber is secretly Sweeney Todd. The story becomes Donald Trump.

Re:Not really related to Amazon.

[paiute]

The bigger story would be that Trump had a barber.

Re: Not really related to Amazon.

[MyAlternateID]

Eh sorry to double-post, but there's another aspect to health insurance that complicates things.

Basically, if car insurance worked like health insurance, then every single time you got an oil change or put gasoline in your tank, you'd file a claim and make a co-payment. If homeowner's insurance worked that way, you'd file a claim and make a co-payment every time you re-shingled your roof, repainted your house, or replaced the mulch in some landscaping.

In every other instance, insurance is for rare and catastrophic events only. It's not something you use on a regular basis every time you perform what would be called routine maintainence in any other context. It's one reason contributing to why health insurance is so expensive.

Re: Not really related to Amazon.

[mrvan]

1) The car analogy actually works better than you think - nowadays 'private lease' is becoming more and more popular, where indeed the leaser/driver doesn't even pay for oil change and in some instances gasoline. You pay a fixed monthly sum and you get a car (and of course the lease costs are higher because people stop taking care of the car as well as they would with their own car)

2) Any insurance scheme (whether company or government) wants to minimize costs. This can be done by discouraging claims (with co-payments, thresholds, or exclusions) but also by encouraging good behaviour. Often, small medical costs (e.g. GP visit) should be encouraged rather than discouraged, even if only 1% of these visits can prevent (or spot early) a condition that can be tremendously expensive. A house insurance can force you to have a smoke detector installed, or they can pay a smoke detector for you - it doesn't really matter since in the end the costs come out of your pocket. Politically, it can be better to pay a GP visit for someone than to force them to visit a GP at their own expense, especially because enforcement is difficult and voiding someone's insurance in the case of serious illness without having made the required GP visits can be seen as inhumane, and emergency visits are often guaranteed by the state even for the uninsured, two risks which are less so with housing/car/etc insurance. So, just paying out the small claims can be easily a winning option if it prevents later costs. In the Netherlands, some (privately run) health insurance companies even subsidize gym/fitness subscriptions or diet advice, so apparently they believe that these costs can be recouped due to decreased risk and/or improved public image or sales.

3) Relating to an earlier post made above, that health insurance is a scam and as a healthy person you'd be better off paying out of pocket: It's correct that insurance encourages risky behaviour, and that people at risk are more likely to value insurance, which is for example why disability insurance for self-employed people is ridiculously expensive (at least down here). However, health insurance in general suffers a bit less from these problems than other forms of insurance, since people don't actually like being sick, and getting a $2M payout for your cancer treatment doesn't actually leave you any richer (of course, some people still engage in short-term behaviour with long-term risks such as listed by GP). Moreover, a lot of really catastrophic health risks are simply random and impossible to pay out of pocket unless you're Warren Buffet.

4) Relating to the GP that obamacare is bad because it forces people to buy insurance: By forcing everyone to participate, you reduce the problem that risky/unhealthy people are the only ones buying insurance, driving up the premiums and further discouraging health people from participating in the risk pooling. If there is a strong negative societal effect from uninsured people, it can be worth it to sacrifice some individual rights to self-determination to help avoid the vicious cycle of unhealthy insured people and high premiums.* And there are strong negative effects of uninsured people: the direct dollar cost of providing them with emergency service and (later) medicare for conditions that would have been cheaper to treat in an earlier stage; the indirect cost of decreasing taxes and increasing social spending when people are sick and disabled; and the humanitarian cost of having people suffer from treatable conditions just because they're poor and/or unlucky. So, there are strong benefits to universal coverage even for the healthy, and due to the risk premium the only way to achieve it is if it isn't voluntary.**

*) In fact, the reason why the US system of employer-tied insurance works at all is precisely because it forces healthy employees to participate, thus greatly reducing the premiums compared to buying private insurance (in the old system, at least).

**) Of course, if you're ideologically libertarian, you would simply not pay emergency service, medicare and social benefits and simply not care if some poor person dies from pneumonia, but in that case I'm not too sure I really want to have this conversation with you :)

Amazon?

[bondsbw]

So Systema is at fault for not securing the data, but the headline pins it on Amazon?

Re:Amazon?

[MobileTatsu-NJG]

Bear in mind that Slashdot generates revenue from clicks.

Re:Amazon?

[Cyberax]

Actually, Amazon _is_ suitable for medical data. It complies with all the HIPAA regulations and can sign a BAA with an organization willing to use Amazon services for sensitive data ( https://aws.amazon.com/ru/comp... ).

Of course, nothing can prevent a clueless operator from putting data on a publicly accessible share.

will be sold on Monday

[fermion]

Unfortunately, Paxton is being prosecuted for being a con man who convinced a number of people to invest under false pretenses. I can imagine that by Monday he will put the data up for sale on the 'Dark Web' to fund his defense and imminent life as a fugitive in an undisclosed tropical locations.

Jail, bankruptcy?

[whoever57]

So someone is going to jail for this and the company will soon be bankrupt, right?

Oh wait, none of this will happen, because the government is controlled by corporations. Just like the GM story where the cover-up led to people dying. No one will ever serve any time for killing people in this manner.

Re:but...but... the cloud

[PTBarnum]

Shockingly, AWS allows you to configure your servers in an insecure manner. Clearly, the cloud must be insecure.