Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

4 major organizations breached in the past week? Is this some sort of coordinated attack?

It seems everyone and their grandmother has had their information in some way exposed to the internet. The time of pseudo-anonymity is over.



Even assuming that were true, I would disagree with attributing most of a successful breach to a wider attack at large. A successful breach on Change Healthcare occurred because their software development practice is garbage.

They have difficulty hiring talent because their talent acquisition process is broken and directed from guys in Nashville who have no clue how to handle developers on the West Coast. Big dependence on manual QA from teams in overseas contractors with no automation, and for developers on that side, there's no transfer of information when the code turns into spaghetti. Code review is weak and mostly for show. Single-account passwords for use in SFTP and outdated protocols. All logic goes into SQL stored procedures when it's completely unnecessary and none of the database developers know how to wrangle it anymore because someone decided all business logic should be in stored procedures (job security?). All software planning and business meetings happen as Waterfall with elaborate Unified Modeling Language but pretends to be Agile so obviously there is ritualistic Scrum, even though it doesn't fit the process that actually happens on a day-to-day basis.

When it comes to software, Change Healthcare cares about optics and most processes are for show, not actual effect, and especially when it comes to security.

https://news.ycombinator.com/item?id=40132012


Change Healthcare was breached in late February. They suddenly pulled themselves offline and we had to migrate to a new clearinghouse over a weekend.

The NYT didn’t write about it for two or three weeks, which was crazy because they process medical claims data for over 100m Americans.

There’s a lot of information in claims.


This is not recent news. News from June


It is new news - that they (finally) started notifying customers. Five months after notifying regulators and the stock market (February/March in fact, not June).

The true extent of the harm (to customers, not to the company or its stock) only becomes apparent when individual customers check their SSNs, logins, claims, identity theft, credit reports. That's not the way it should be, but is the way it currently is in the US.


It is recent news. The breach was in April. Insurers started notifying THEIR customers that they were in that breach because they irresponsibly fed everyone’s private data to that random third party, who has clearly committed malpractice in handling highly sensitive patient information like diagnoses and test results.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: