Since October 2009, [US] health care providers and organizations (including third parties that do business with them) have reported more than 1,140 large breaches to the Office for Civil Rights, affecting upward of 41 million people. They’ve also reported more than 120,000 smaller lapses, each affecting fewer than 500 people.
In a string of meetings and press releases, the federal government’s health watchdogs have delivered a stern message: They are cracking down on insurers, hospitals and doctors offices that don’t adequately protect the security and privacy of medical records.
But as breaches of patient records proliferate – just this month, insurer Anthem revealed a hack that exposed information for nearly 80 million people – federal overseers have seldom penalized the health care organizations responsible for safeguarding this data, a ProPublica review shows.
Related Stories
Wired and others report that ProPublica has become the first "major" news outlet to launch a version of the site using Tor:
On Wednesday, ProPublica became the first known major media outlet to launch a version of its site that runs as a "hidden service" on the Tor network, the anonymity system that powers the thousands of untraceable websites that are sometimes known as the darknet or dark web. The move, ProPublica says, is designed to offer the best possible privacy protections for its visitors seeking to read the site's news with their anonymity fully intact. Unlike mere SSL encryption, which hides the content of the site a web visitor is accessing, the Tor hidden service would ensure that even the fact that the reader visited ProPublica's website would be hidden from an eavesdropper or Internet service provider.
"Everyone should have the ability to decide what types of metadata they leave behind," says Mike Tigas, ProPublica's developer who worked on the Tor hidden service. "We don't want anyone to know that you came to us or what you read."
ProPublica accepts news tips using a SecureDrop hidden service. The recent move to include a Tor hidden site was motivated by concerns that Chinese readers could be put at risk by reading reports about the country's Web censorship.
The site can be reached at: propub3r6espa33w.onion
ProPublica often collaborates with The New York Times, NPR, PBS, The Intercept and others to publish stories. Here are a few ProPublica stories that have made it to our front page:
Somebody's Already Using Verizon's ID to Track Users
Fines Remain Rare as Health Data Breaches Multiply
NSA Monitors Americans' International Internet Traffic to Hunt Hackers for FBI
Fairview: AT&T's Collaborative Relationship with NSA Revealed
Psychology Practice Revealed Patients' Mental Disorders in Debt Lawsuits
(Score: 4, Funny) by Geezer on Tuesday March 03 2015, @12:08PM
We can't have the government interfering in how businesses handle sensitive information. It could stifle investment and innovation! We must let the invisible hand of the marketplace work it's wonders and reap the universal benefit that derives from free, unbridled capitalism.
(Score: 0) by Anonymous Coward on Tuesday March 03 2015, @12:16PM
What do you expect? If they'd penalize those orgs, they'll publicly admit they are incompetent even at screwing up the heath system.
And, when it comes to screwing (no matter if the heath system or anything else), the bureaucrats - as a class in the Marxist sense - struggle to get a monopoly.
(Score: 2) by Kilo110 on Tuesday March 03 2015, @01:17PM
"they'll publicly admit they are incompetent even at screwing up the heath system."
If only. They'll likely pay the fine yet still insist they did no wrong.
(Score: 3, Insightful) by E_NOENT on Tuesday March 03 2015, @01:34PM
What if I told you that a fully secure Internet isn't possible, and that some data should never be exposed to it?
Choose carefully...
I'm not in the business... I *am* the business.
(Score: 0) by Anonymous Coward on Tuesday March 03 2015, @03:26PM
Too late for that particular genie. Better to start punishing those companies that are not taking security seriously. Light or no fines tells these companies that they don't need to spend any time or effort securing our data.
(Score: 0) by Anonymous Coward on Tuesday March 03 2015, @05:08PM
Then you'd be useless. There is a difference between desiring a reasonable level of security (which these rich companies don't use) and desiring perfect safety. Security is about mitigating risk, not making it nonexistent.
(Score: 0) by Anonymous Coward on Tuesday March 03 2015, @06:54PM
I think the nuance of the OP's point has been lost on you. He said "some data should never be exposed" that's not perfect security, that's compartmentalization.
The most criminally valuable personally identifiable information tends to be the least necessary for daily operations. For example, social security number and date of birth are basically read-once - used to initially establish identity and then ignored unless there are debt collection issues. So instead of putting that info online, put it on a piece of paper filed away in a well-organized and physically secure records room. On the rare occasion that it is needed, have an archivist walk into the room and pull out that specific file. That reduces the threat from every hacker on the planet to someone willing and able to physically penetrate a locked and guarded room - which for all practical purposes will be no one.
(Score: 0) by Anonymous Coward on Tuesday March 03 2015, @04:06PM
This is the federal government. What about the individual states? Mass has a hefty penalty per resident's PII/PHI. Any source for similar numbers by state rather than the (flaccid) feds?