SoylentNews is people
SoylentNews
An inadvertent data leak that stemmed from a physician's attempt to reconfigure a server cost New York Presbyterian Hospital and Columbia University Medical Center $4.8 million to settle with the U.S. Department of Health and Human Services (HHS). The hospitals and HHS announced the voluntary settlement, which ends an inquiry into the incident, on Wednesday.
From the article:
The breach occurred in 2010 after a physician at Columbia University Medical Center attempted to "deactivate" a personally owned computer from an New York Presbyterian network segment that contained sensitive patient health information, according to the HHS.
In a joint statement, the two hospitals blamed the leakage on an "errantly configured" computer server. The error left patient status, vital signs, laboratory results, medication information, and other sensitive data on about 6,800 individuals accessible to all via the Web.
New York Presbyterian will pay $3.3 million, while Columbia will pay $1.5 million to settle the complaint. The hospitals also agreed to take "substantive" corrective action, including development of a new risk management plan and new policies and procedures for handling patient data. HHS will also be provided with periodic progress updates under the agreement.
(Score: 2) by Hairyfeet on Friday May 09 2014, @06:09PM
Sorry but if you have to deal with assholes you learn quickly the magic word is "sandbox". If they want X you give them X and ONLY X by having X in a sandbox locked down so only Mr Asshole can access it.
And where in TFA does it say he had his own server? Because I read it 3 times trying to parse WTF went on and its so vague for all I know he hooked his laptop into the network and somehow ended up with a blank password, the article is poorly written and so light on details it may as well read "doc did something to do with a server somewhere that was bad, costs lots of money" because as it is all I know is the doc did something wrong that involved a server, doesn't say if it was his, theirs, I can only guess theirs since patient records were on it but for all we know they were on his laptop. All we can do is pull scenarios out our ass at this point because there just isn't enough to go on to say one way or another.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by tangomargarine on Friday May 09 2014, @07:02PM
I assumed that "personally owned" parsed to "personally owned by the physician in question" which is admittedly perhaps not the best assumption to make. And you're right, the article is extremely light on any sort of detail.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by Hairyfeet on Friday May 09 2014, @09:35PM
All that means is he had a PC on the network,for all we know he hooked his laptop into the network and ended up with patient records on it. Having set up several doctor's offices frankly I find this a more believable scenario, docs just looove their laptops and prefer using it to an onsite computer and if the numbnuts (it says something about "errant settings") gave him a single password that gave him full access i could see where there would be a problem.
But again with so few details all we can do is speculate, there really isn't enough to go on to even know what happened, much less assign blame.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by mrbluze on Saturday May 10 2014, @02:07AM
If the stuff leaked via the hospital system it is the fault of IT, not the doctor. If the stuff leaked off his laptop the doctor should be prosecuted. IT systems are supposed to be designed to withstand abuse internally and externally. It's their policy decision to allow non corporate laptops access, if they don't know how to do that without protecting patient records then that's just plain stupid on IT's part.
Do it yourself, 'cause no one else will do it yourself.
(Score: 2) by Hairyfeet on Saturday May 10 2014, @05:10AM
You haven't ever done the whole consulting thing, have you? Oh how nice it must be to think logic and sanity actually exists in these big corps...BWA HA HA HA HA! In reality Dilbert is frankly being too kind, hell i have walked into the IT closet of a fricking LAW FIRM and found a shitload of DLink blue home routers and a dozen net connections all bastardized together because "He knew computers and was cheap".
See what you get is basically a twist on "upward failure". MBA douche fires competent staff, replaces them with dipshits, saves company a ton of money. MBA gets bonus, gets a job at other company thanks to having "saved company X amount of money" on resume, meanwhile the replacements have royally fucked the place up, shit is falling apart, the guys that knew WTF was going on bailed leaving only those that either didn't care or were barely functioning to hold down the fort which is falling around their knees, but the MBA has already made his bucks and moved on so why should he care?
THIS is why I run my little shop now and deal with mostly SOHOs, SMBs and home users. Sure its feast or famine and the pay ain't as nice but I don't have a bleeding ulcer and look like a corpse from being called into these places only to find a clusterfuck. the stress was getting me so bad at having to deal with the messes that my nephews actually staged an intervention, they said "We don't need the money, we need you healthy. We done lost mom and dad, we can't lose you too" and that woke me the fuck up. But sadly as we saw by that million dollar fine what SHOULD happen in these large corps and what DOES happen? Usually as far apart as my butt is to Pluto.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.