Submitted via IRC for SoyCow4463
A security breach at a billing company has resulted in nearly 20 million patients of LabCorp and Quest Diagnostics getting their information stolen from them. The breach was first disclosed Monday by Quest Diagnostics, which reported in a Securities and Exchange Commission filing that a breach at third-party collections vendor American Medical Collection Agency (AMCA) compromised 11.9 million customers. Today, LabCorp indicated that 7.7 million of its patients were also affected by the AMCA breach.
The attack targeted at AMCA's website is just the latest in a series of breaches that have managed to skim personal information from major companies. Similar attacks hit British Airways, Ticketmaster and Newegg late last year.
Source: https://www.engadget.com/2019/06/05/quest-diagnostics-labcorp-amca-data-breach/
Previously: Billing Details for 11.9M Quest Diagnostics Clients Exposed
(Score: 3, Insightful) by SemperOSS on Thursday June 13 2019, @02:12PM (2 children)
As a software architect who mostly work directly for public services and for their suppliers, I find it very difficult to get developers to take security seriously beyond token measures to cover the bare minimum. Trying to get people higher up in the hierarchy to take action is probably even more difficult as their bonus targets are cost and delivery time, both of which could be affected negatively by doing security right — at least in their books. As long as that is the case and as long as specific security measures are not baked in to the tenders and contracts, this is not going to change.
I don't need a signature to draw attention to myself.
Maybe I should add a sarcasm warning now and again?
(Score: 1, Insightful) by Anonymous Coward on Thursday June 13 2019, @05:17PM
It seems that the most direct way to solve this long term is to make it far more expensive for them when the inevitable data breach occurs than it would have been to get their product out the door at minimum cost and on time delivery; make them pay huge exorbitant fines and possible jail time to boot and then they will start to take security issues seriously. While the stick is rather a brute force method to get them to do the right thing, I don't see much of any carrot to offer instead.
(Score: 0) by Anonymous Coward on Thursday June 13 2019, @06:02PM
those aren't "developers" those are windows and mac users.