Slashdot Mirror
Six Missing HDDs Contain Health Information of Nearly a Million Patients (corporate-ir.net)
Lucas123 writes: Health insurer Centene Corp. revealed that it is looking for six HDDs with information on 950,000 customers that went missing during a data project that was using laboratory results to improve the health outcomes of patients. The drives not only contain sensitive personal identification information, such as addresses, dates of birth and social security numbers, but they also contain health information. "While we don't believe this information has been used inappropriately," said Michael Neidorff, CEO of Centene.
"While I usually praise the high standard of editing," said readers of Slashdot everywhere.
Bernie is the only person that has offered a true solution.
I had an immediate family member doing federally funded research for a state university with "human subjects". The requirements for protecting the data was very clear. The competence of anyone in the department to know how to protect that data was not evident, because it wasn't a computer science department.
In the end I hosted the data and nothing bad happened. But I imagine that most personal data used in most human subjects research is kept in a ramshackle mess of spreadsheets and R files on laptops with no version control, backups, encryption, integrity protection or firewalling.
Those republicans shoved the ACA down our throats
They want our personal health information to be make public.
You just know they ordered this corporation to do this
They will destroy us all.
If you compile information into huge databases, this is what you can expect. Personally, I want all my medical records on paper charts stored in my doctor's office. Unless you agree to have your information published on the internet, don't accept electronic records. I assume that in this specific case the ssd's were lost. Even if they end up on eBay, the new owners will most likely clear the old data.
We have no hope.
Bernie us our only hope. He is the only person with a plan.
Backup, encryption
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Just as they wont let us have privacy.
Have you checked Hillary's server?
we editors like to keep you in"
captcha: beginner
We're left helpless watching corporations destroy our lives.
It is dangerous to fight them
The AMA could help the people, but instead they only stand for those wealthy doctors.
I just think it's hilarious you can take away everything that makes a free market insurance plan really insurance and expect Americans not to notice. I disagree a lot with what Bernie believes in, but he's the only Democratic candidate that actually says stuff that doesn't sound like complete lunacy when it comes to healthcare. Obama Care is a means to an end which is a single payer system. I'm not saying I agree with that, but the Obama Care system will collapse into a single payer or back into a free market insurance system. Although the middle ground may have been easier to pass than single payer, it's simply doesn't work. It was useful at setting up bureaucracies though.
With that said the government has a terrible history with protecting our information. I wouldn't hold then up as a shining beacon of light if I were you.
If you compile information into huge databases, this is what you can expect. Personally, I want all my medical records on paper charts stored in my doctor's office. Unless you agree to have your information published on the internet, don't accept electronic records. I assume that in this specific case the ssd's were lost. Even if they end up on eBay, the new owners will most likely clear the old data.
That policy choice would kill a lot of people because it would prevent data mining to learn how to generate better health outcomes.
Trade offs.
Personal health information wants to be free, or so the Open Sores folks told me.
There are practically no real-world consequences for HIPAA violations like this.
Everybody will be fine. Except the patients. And who the fuck cares about those jerk-offs anyway?
I think shipping any sensitive data unencrypted should be a punishable offence even when the data is not stolen. Similar to driving around without your seatbelt. Its irresponsible behaviour that is easily prevented and comes from being lazy
If an experiment works, something has gone wrong.
..or did they. https://www.youtube.com/watch?...
If they are encrypted no worries. If they are not encrypted the board should each be given jail time 5 year minimum
Yes, goy. The geriatric communist cuckhold is the best choice for president. I mean, his special snowflake type of communism has never been tried before, so it will work, right?
Some IT guy took the drives home, wiped them, and is now using them in his home file server, or just straight-up sold them on Ebay. This happens all the time, I've seen it happen at every company I've worked for over the past 20 years. TFA has little actual information (and neither does the Reuters write up)...were they shipped some place? Were these in a server, laptops, desktops?
on 950,000 customers that went missing
-- Make America hate again!
They're professionals. The drives will be encrypted, right? Right?
I want a list of atrocities done in your name - Recoil
Have they never heard of HIPPA? I worked for about 14 months doing exome sequencing for the Million Man thing at the VA - or at a contractor to the VA. All the external drives were encrypted with 16 digit pins. And after so many tries they'd lock up completely. So no brute forcing. The drives were made by Apricorn and carried FIPS 140.2 certifcations.
the Obama Care system will collapse into a single payer or back into a free market insurance system.
I don't really mind paying taxes for other peoples healthcare. If that means that they take care of their issues before it becomes a problem then it means that more people will get back to work and share the cost.
What doesn't make sense is to have the government pay the insurance company. The function of an insurance company is to pool/average costs among a lot of people. Taxes serves the same purpose.
Having both only means that you pay for administration twice without any added benefit.
With that said the government has a terrible history with protecting our information. I wouldn't hold then up as a shining beacon of light if I were you.
While true, free market doesn't even attempt to protect it.
Hey, do You remember those HP printers hosting illegal files? I think some hospitals may hold some of that too. I best thos HDD have something. Also, I'm thinking this could be a retaliation for something that a cyber criminal organization had lost. Keep it sharp boys, I would start by injecting truth serum at each IT worker at that hospital.
One of the for-profit health insurance companies who just raked in a huge windfall as a result of the largest government-to-corporate handout in the history of government were too drunk on their power to bother with data security.
Yep, absolutely nobody is surprised by this in the least. Turns out hookers and blow don't manage this stuff very well on their own.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Why is a person's SSN and date of birth 'sensitive information.'
Now, I know that the Credit Industry wants to be able to use this information to obligate us to assume responsibility for any debt they might choose to inflict on us.
But how is it in our benefit for this to be Secret Information? The Social Security Administration was not intended to issue 'secret numbers' to people.
The Government should publish all SSNs and in effect disallow the Credit Agencies from using this information against us. It wouldn't even take the government to shut down this system. If 10% of the population decided that enough was enough and disclosed their SSNs with a statement 'this is not enough information to authorize credit disbursement' it would take down the system.
Comment removed based on user account deletion
Health insurer Centene Corp should be sued out of existence.
Huh? Obamacare is about forcing people to buy PRIVATE insurance. How is this a single payer system?
"While we don't believe this information has been used inappropriately," said Michael Neidorff, CEO of Centene.
And?
American idiots.
where i work, if the drive cannot be DBAN'd i take it apart, and destroy it with standard technician tools,
first the magnet (i like to see it suffer trying to read parts that i have swiped the magnet over).
then i start scratching the platters with a screwdriver,
then i will start poking all of the parts (heads, ramps, cabeling, etc).
if it's a glass disk (mobile drives usually are), I will bend them until they shatter, and then toss out all the little pieces.
If it's a regular disk (metal usually), After torturing it, i will pull the platters out and mangle them with a pair of pliers, bending them until they can't be bent any more.
Then i recycle all the metal parts (our recycle guy pays us for that).
We have to abide by HIPAA guidelines as well. Usually though the drives are fine, in which i just do a goverment wipe with DBAN (it takes forever, but it's the safest)
They view it as a large "click" in the ever-leftward ratchet.
"Reducing costs" involves treating the current medical treatments as a static tree to be plucked, hunter-gatherer style, rather than being a transient state in ever-increasing number of treatments and cures which, by definition, costs more.
Unlike a car or TV, medicine is a suite of different things, and you want corporations adding options hand-over-fist. There is simply more to buy year after year, and it naturally costs more.
How much more are new treatments desired than an iPhone? This driv3s investment. You will no more have new medicine at current rates (which is what saves lives) than you would have an iPhone under a single payer phone system.
A single-payer medical system is about as sensible as a single-payer consumer electronics system. Anyone wanna bet the rate of invention will keep up?
Not me, man. I want new stuff, electronics and medicine.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
A single-payer medical system is about as sensible as a single-payer consumer electronics system.
Of course, that's why basically every other industrialized nation has a single-payer system, and why our health care costs are the highest while actual medical outcomes are among tho worst.
America's healthcare costs are the highest because it's literally the only place that any money is available for R&D. All those countries that have single-payer? We're subsidizing them. And people say Americans don't support communism, we do it every time we go to the doctor or buy medicine. Only we're subsidizing the R&D that the entire world benefits from. Shove your single-payer up your red commie ass.
The HIPAA and HITECH Acts' Security Rule require hard drives containing personal health information (PHI) to be encrypted at rest.
Why weren't they?
Losing an encrypted drive is not a reportable incident. Losing one with 950,000 records in cleartext results in you getting your name up on the Wall of Shame at HHS' Office of Civil Rights (OCR) along with penalties of $100 to $50,000 _per_record_ up to a maximum of $1.5 million.
In this case, since Centene Corp. is guilty of "Willful Neglect", the penalty should be somewhere between $10,000 to $50,000 per record which puts them at the maximum penalty.
Seriously, all of these breaches and "loss" of information result in no one going to jail. I also think that our Social Security numbers are far too imperative to our lives. Someone gets a hold of that information, along with some basic public knowledge and they can destroy our lives. The government needs to do something about the tying of SS # to credit, and healthcare. I'm getting tired of getting those letters in the mail saying someone else now has my personal information.
Oh wait... Obamacare mandates the tying of SS# and healthcare for tax reasons. Yeah, about that? There has to be a better way.
Ummm what? The pill industry does most of the r&d. I don't see insurance companies doing r&d at all. The pill industry will be rich either way.
That's how those rich white men be.
Encryption, backup
The difference between a company losing your information and the government losing it is very simple. You can sue the company and the government will enforce the ruling should you win. If you attempt to sue the government not only can it decline to accept the suit in the first place but it can also choose how or even if it will enforce the ruling should you win.
Get Echo on the job, she'll find them in no time. Unless Alpha took them, then you're all screwed.
You misspelled bureaucrats
A single-payer medical system can be just as advanced as a private medical system. We see this every single day with new procedures being developed, tested, and made available to the general public in the many countries with single-payer systems. Quite a few of those systems have better outcomes than the US system for a whole range of diseases.
You've been lied to, and now you are arguing against your own future. Good jerrrrb!
You really believe that? Take a look at the medical research coming out of those countries before you proudly tell everyone just how little you know.
"While we don't believe this information has been used inappropriately," said Michael Neidorff, CEO of Centene.
That is the absolute lamest "don't worry" defense I've heard in a decade, hands-down.
So, what, you know an employee took it and wants hush money? No? Then how can you even claim data safety? OMFG.