[HN Gopher] 4M Coloradans notified their medical data was expose...
       ___________________________________________________________________
        
       4M Coloradans notified their medical data was exposed in MOVEit
       incident
        
       Author : LinuxBender
       Score  : 16 points
       Date   : 2023-08-15 20:51 UTC (2 hours ago)
        
 (HTM) web link (www.scmagazine.com)
 (TXT) w3m dump (www.scmagazine.com)
        
       | karaterobot wrote:
       | > These files contained the following information: full names,
       | Social Security numbers, Medicaid ID numbers, Medicare ID
       | numbers, dates of birth, home addresses and other contact
       | information, demographic or income information, clinical and
       | medical information, and health insurance information.
       | 
       | Was this information not at least encrypted? I have zero doubt
       | that, as a business associate for a covered entity, Maximus will
       | be held responsible for all 4 million of those HIPAA violations,
       | and will not only fix their controls, but speedily pay the fines.
        
       | adolph wrote:
       | Here is a better article on the subject.
       | 
       | https://securityaffairs.com/149498/data-breach/colorado-hcpf...
       | 
       | It is related to the CVE's of last May/June. Not encrypting PII
       | at rest is malpractice. At the same time, not enough is being
       | done to de-risk exposure, which for any person is just a matter
       | of when not if.
       | 
       |  _The vulnerability is a SQL injection vulnerability, it can be
       | exploited by an unauthenticated attacker to gain unauthorized
       | access to MOVEit Transfer's database._
       | 
       | Its the year 2023 and "Bobby Tables" is still at it...
       | 
       | https://xkcd.com/327/
        
       ___________________________________________________________________
       (page generated 2023-08-15 23:01 UTC)