Originally published at: https://boingboing.net/2018/10/19/hacked-u-s-centers-for-medic.html
…
2 Likes
This is bad. The records you create on the FFM contain every damn thing - SSN, income, employers, everything. No health history, of course, but financial fullz. Fortunately for my clients, I do not use direct enrollment, due to crappy laptop.
2 Likes
I wonder if this “issue” could be considered as a HIPAA violation?
If so, 75,000 records would constitute a big ass problem in terms of fines and penalties.
2 Likes
Depends how they got in - probably not.
1 Like
It also depends on what proactive security testing was done and yes, how they got in and if they are related (e.g. HIPAA Security Risk Analysis, Vunerability Assessments and Penetration Testing, etc.). Assuming this is real there must be some good monitoring since the notice and detection are 3 days apart is pretry quick. Good to shut it down temporarily and put good resources available from Federal OCR & InfoSec departments and the White House.
Serves you right granny, for wanting your damned EARNED entitlements!
This topic was automatically closed after 5 days. New replies are no longer allowed.
